Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Challenge 42] Spring boot actuator hiding api key #1107

Merged
merged 13 commits into from
Dec 12, 2023
Merged

[Challenge 42] Spring boot actuator hiding api key #1107

merged 13 commits into from
Dec 12, 2023

Conversation

nwolniak
Copy link
Contributor

@nwolniak nwolniak commented Dec 5, 2023
edited by commjoen
Loading

What kind of changes does this PR include?

  • Fixes or refactors
  • A new challenge
  • Additional documentation
  • Something else

Description

This PR add new challenge based on hiding API key in Spring Boot Actuator audit events.

Relations

Closes #815

References

Checklist:

  • All the contributions made are solely the work of me and my co-authors
  • I tested the changes in this PR (if applicable)
  • I added unit tests to ensure my change works (when change in Java or on front-end code)
  • I added UI tests to ensure my UI changes work (when change in the overall UI, not needed if just adding a challenge)
  • The PR passes pre-commit hooks and automated tests

commjoen
commjoen approved these changes Dec 6, 2023
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love it! Thank you so much! We are only in the middle of merging a large refactor. Can we hold merging this PR until the refactor is done? Happy to adjust the result and ensure your commits are part of it.

@commjoen
Copy link
Collaborator

commjoen commented Dec 6, 2023

The refactor is completed. Do you want us to adapt your pr to the new code-base? Or would you like to give it a try yourself @nwolniak ?

@nwolniak
Copy link
Contributor Author

nwolniak commented Dec 6, 2023

The refactor is completed. Do you want us to adapt your pr to the new code-base? Or would you like to give it a try yourself @nwolniak ?

@commjoen the PR is refactorized as for now

@commjoen
Copy link
Collaborator

commjoen commented Dec 6, 2023

@nwolniak regarding the issue with compiling: is the lombok processor turned on in the IDE?

@nwolniak
Copy link
Contributor Author

nwolniak commented Dec 6, 2023

@nwolniak regarding the issue with compiling: is the lombok processor turned on in the IDE?

@commjoen I have changed java version linked by maven and just didnt restart IDE, so everything is fine

bendehaan
bendehaan reviewed Dec 7, 2023
View reviewed changes
Copy link
Collaborator

@bendehaan bendehaan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! Some minor nits in the text.

src/main/resources/explanations/challenge42.adoc Outdated Show resolved Hide resolved
src/main/resources/explanations/challenge42_reason.adoc Outdated Show resolved Hide resolved
commjoen and others added 2 commits December 12, 2023 05:10
@commjoen @bendehaan
Apply suggestions from code review
a763945 
Co-authored-by: Ben de Haan <53901866+bendehaan@users.noreply.github.com>
@commjoen
Merge branch 'master' into challenge-spring-boot-actuator
da6e1a3
@commjoen commjoen merged commit a264397 into OWASP:master Dec 12, 2023
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bendehaan bendehaan bendehaan left review comments

@commjoen commjoen commjoen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Spring Boot Actuator challenge hiding an api key in the audit events
3 participants
@nwolniak @commjoen @bendehaan