From a749a5f47de4ef8545bc0a1b8f4636ac03c33865 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 15 Dec 2023 12:27:04 +0100 Subject: [PATCH 01/28] Prework for #719 --- pom.xml | 5 ++++ .../kubernetes/MetaDataChallenge.java | 30 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java diff --git a/pom.xml b/pom.xml index 54e3611a5..da07382a0 100644 --- a/pom.xml +++ b/pom.xml @@ -278,6 +278,11 @@ 1.9.0 test + + org.springframework.vault + spring-vault-core + 3.1.0-SNAPSHOT + diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java new file mode 100644 index 000000000..85f942eec --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -0,0 +1,30 @@ +package org.owasp.wrongsecrets.challenges.kubernetes; + +import com.google.common.base.Strings; +import org.owasp.wrongsecrets.challenges.Challenge; +import org.owasp.wrongsecrets.challenges.Spoiler; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.core.*; + +public class MetaDataChallenge implements Challenge { + + @Override + public Spoiler spoiler() { + return new Spoiler(getAnswer()); + } + + @Override + public boolean answerCorrect(String answer) { + return !Strings.isNullOrEmpty(answer) && answer.equals(getAnswer()); + } + + private String getAnswer() { + VaultOperations operations = new VaultTemplate(new VaultEndpoint()); + VaultKeyValueOperations keyValueOperations = + operations.opsForKeyValue( + "wrongSecret", VaultKeyValueOperationsSupport.KeyValueBackend.KV_2); + // todo conitnue with + // https://docs.spring.io/spring-vault/reference/vault/vault-secret-engines.html#vault.core.backends.kv2 and the example for the rest! + return ""; + } +} From 1926c79acdd8d0ebfda4dcf10231758388b0fa6c Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 17 Dec 2023 07:29:15 +0100 Subject: [PATCH 02/28] Updated dep version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index da07382a0..8f3079976 100644 --- a/pom.xml +++ b/pom.xml @@ -281,7 +281,7 @@ org.springframework.vault spring-vault-core - 3.1.0-SNAPSHOT + 3.1.0 From 6936a7814fd3062d1ec951b14f4493d38fba287b Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 17 Dec 2023 08:23:53 +0100 Subject: [PATCH 03/28] building out basics for challenge 43 --- scripts/install-vault.sh | 7 ++++- .../kubernetes/MetaDataChallenge.java | 31 ++++++------------- .../resources/explanations/challenge44.adoc | 7 +++++ .../explanations/challenge44_hint.adoc | 3 ++ .../explanations/challenge44_reason.adoc | 3 ++ .../wrong-secrets-configuration.yaml | 14 +++++++++ .../kubernetes/Challenge43Test.java | 3 ++ 7 files changed, 46 insertions(+), 22 deletions(-) create mode 100644 src/main/resources/explanations/challenge44.adoc create mode 100644 src/main/resources/explanations/challenge44_hint.adoc create mode 100644 src/main/resources/explanations/challenge44_reason.adoc create mode 100644 src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java diff --git a/scripts/install-vault.sh b/scripts/install-vault.sh index 186b8614b..1c1e2bf14 100644 --- a/scripts/install-vault.sh +++ b/scripts/install-vault.sh @@ -49,11 +49,13 @@ kubectl exec vault-0 -n vault -- vault secrets enable -path=secret kv-v2 echo "Putting a secret in" kubectl exec vault-0 -n vault -- vault kv put secret/secret-challenge vaultpassword.password="$(openssl rand -base64 16)" +echo "Oepsi metadata" +kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret wrongsecret -custom-metadata=secret="$(openssl rand -base64 16)" + echo "Enable k8s auth" kubectl exec vault-0 -n vault -- vault auth enable kubernetes echo "Writing k8s auth config" - kubectl exec vault-0 -n vault -- /bin/sh -c 'vault write auth/kubernetes/config \ token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \ @@ -64,6 +66,9 @@ kubectl exec vault-0 -n vault -- /bin/sh -c 'vault policy write secret-challenge path "secret/data/secret-challenge" { capabilities = ["read"] } +path "secret/metadata/wrongsecret" { + capabilities = ["read", "list" ] +} path "secret/data/application" { capabilities = ["read"] } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index 85f942eec..dd7ff5b7c 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -1,30 +1,19 @@ package org.owasp.wrongsecrets.challenges.kubernetes; -import com.google.common.base.Strings; -import org.owasp.wrongsecrets.challenges.Challenge; -import org.owasp.wrongsecrets.challenges.Spoiler; +import java.util.Objects; +import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.vault.client.VaultEndpoint; import org.springframework.vault.core.*; +import org.springframework.vault.support.Versioned; -public class MetaDataChallenge implements Challenge { +public class MetaDataChallenge extends FixedAnswerChallenge { - @Override - public Spoiler spoiler() { - return new Spoiler(getAnswer()); - } - - @Override - public boolean answerCorrect(String answer) { - return !Strings.isNullOrEmpty(answer) && answer.equals(getAnswer()); - } - - private String getAnswer() { + public String getAnswer() { VaultOperations operations = new VaultTemplate(new VaultEndpoint()); - VaultKeyValueOperations keyValueOperations = - operations.opsForKeyValue( - "wrongSecret", VaultKeyValueOperationsSupport.KeyValueBackend.KV_2); - // todo conitnue with - // https://docs.spring.io/spring-vault/reference/vault/vault-secret-engines.html#vault.core.backends.kv2 and the example for the rest! - return ""; + VaultVersionedKeyValueOperations versionedOperations = + operations.opsForVersionedKeyValue("wrongsecret"); + Versioned versioned = versionedOperations.get("metadatafun", String.class); + assert versioned != null; + return Objects.requireNonNull(versioned.getMetadata()).getCustomMetadata().get("secret"); } } diff --git a/src/main/resources/explanations/challenge44.adoc b/src/main/resources/explanations/challenge44.adoc new file mode 100644 index 000000000..2f8140acc --- /dev/null +++ b/src/main/resources/explanations/challenge44.adoc @@ -0,0 +1,7 @@ +=== Vault Metadata Challenge + +Secrets management systems now often have metadata support for their secrets! This is awesome, as it allows you to further enrich the secret with contextual data so it becomes easier to remember what the secret was about. + +But what if you put confidential/secret information into a secret by mistake? + +A developer has put some secret metadata to a `wrongsecret` in Vault. Can you find it? diff --git a/src/main/resources/explanations/challenge44_hint.adoc b/src/main/resources/explanations/challenge44_hint.adoc new file mode 100644 index 000000000..ba8ca2ce6 --- /dev/null +++ b/src/main/resources/explanations/challenge44_hint.adoc @@ -0,0 +1,3 @@ +This challenge can be solved using the following steps: + +1. TBD diff --git a/src/main/resources/explanations/challenge44_reason.adoc b/src/main/resources/explanations/challenge44_reason.adoc new file mode 100644 index 000000000..62ded168f --- /dev/null +++ b/src/main/resources/explanations/challenge44_reason.adoc @@ -0,0 +1,3 @@ +*TODO* + + diff --git a/src/main/resources/wrong-secrets-configuration.yaml b/src/main/resources/wrong-secrets-configuration.yaml index 368bbb105..a023ce900 100644 --- a/src/main/resources/wrong-secrets-configuration.yaml +++ b/src/main/resources/wrong-secrets-configuration.yaml @@ -697,3 +697,17 @@ configurations: category: *logging ctf: enabled: true + + - name: Challenge 44 + short-name: "challenge-44" + sources: + - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.MetaDataChallenge" + explanation: "explanations/Challenge44.adoc" + hint: "explanations/challenge44_hint.adoc" + reason: "explanations/challenge44_reason.adoc" + environments: [ *gcp, *aws, *azure, *k8s_vault ] + difficulty: *expert + category: *vault + ctf: + enabled: true + missing_environment: "explanations/missing_vault.adoc" diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java new file mode 100644 index 000000000..2f732f00f --- /dev/null +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java @@ -0,0 +1,3 @@ +package org.owasp.wrongsecrets.challenges.kubernetes; + +public class Challenge43Test {} From fe35f81d0a3cd24d20c271358e82da2f5b9d5597 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 17 Dec 2023 08:57:02 +0100 Subject: [PATCH 04/28] building out basics for challenge 44 --- .../kubernetes/MetaDataChallenge.java | 37 ++++++++++++++++--- ...llenge43Test.java => Challenge44Test.java} | 2 +- 2 files changed, 32 insertions(+), 7 deletions(-) rename src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/{Challenge43Test.java => Challenge44Test.java} (63%) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index dd7ff5b7c..5ba992ad5 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -1,19 +1,44 @@ package org.owasp.wrongsecrets.challenges.kubernetes; +import com.google.common.base.Strings; import java.util.Objects; +import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; import org.springframework.vault.client.VaultEndpoint; import org.springframework.vault.core.*; import org.springframework.vault.support.Versioned; +/** + * This challenge is about having a metadata of secrets stored in a misconfigured Hashicorp Vault. + */ +@Component +@Slf4j public class MetaDataChallenge extends FixedAnswerChallenge { + private final String vaultPasswordString; + + public MetaDataChallenge(@Value("${vaultpassword}") String vaultPasswordString) { + this.vaultPasswordString = vaultPasswordString; + } + public String getAnswer() { - VaultOperations operations = new VaultTemplate(new VaultEndpoint()); - VaultVersionedKeyValueOperations versionedOperations = - operations.opsForVersionedKeyValue("wrongsecret"); - Versioned versioned = versionedOperations.get("metadatafun", String.class); - assert versioned != null; - return Objects.requireNonNull(versioned.getMetadata()).getCustomMetadata().get("secret"); + try { + VaultOperations operations = new VaultTemplate(new VaultEndpoint()); + VaultVersionedKeyValueOperations versionedOperations = + operations.opsForVersionedKeyValue("wrongsecret"); + Versioned versioned = versionedOperations.get("metadatafun", String.class); + assert versioned != null; + String metadata = + Objects.requireNonNull(versioned.getMetadata()).getCustomMetadata().get("secret"); + if (Strings.isNullOrEmpty(metadata)) { + return vaultPasswordString; + } + return metadata; + } catch (Exception e) { + log.warn("Exception during exection of challenge44", e); + return vaultPasswordString; + } } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java similarity index 63% rename from src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java rename to src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 2f732f00f..519d5ae6f 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge43Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -1,3 +1,3 @@ package org.owasp.wrongsecrets.challenges.kubernetes; -public class Challenge43Test {} +public class Challenge44Test {} From ca62d407f9cf329dbbc0c158dda3770d6a44aa61 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 19 Dec 2023 17:17:26 +0100 Subject: [PATCH 05/28] feat: add Vault test container --- pom.xml | 20 ++++++++++ .../kubernetes/Challenge44Test.java | 40 ++++++++++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8f3079976..eba9070be 100644 --- a/pom.xml +++ b/pom.xml @@ -77,6 +77,12 @@ pom import + + org.testcontainers + testcontainers-bom + ${testcontainers.version} + + com.google.cloud spring-cloud-gcp-dependencies @@ -148,6 +154,20 @@ ${spring-security.version} test + + org.testcontainers + vault + test + + + org.testcontainers + junit-jupiter + + + org.testcontainers + testcontainers + test + org.springframework.boot spring-boot-starter-web diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 519d5ae6f..0a609b39a 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -1,3 +1,41 @@ package org.owasp.wrongsecrets.challenges.kubernetes; -public class Challenge44Test {} +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.testcontainers.containers.Container.ExecResult; +import org.testcontainers.junit.jupiter.Container; +import org.testcontainers.junit.jupiter.Testcontainers; +import org.testcontainers.vault.VaultContainer; + +@Testcontainers +public class Challenge44Test { + private static final String VAULT_TOKEN = "my-token"; + + @Container + public static VaultContainer vaultContainer = + new VaultContainer<>("hashicorp/vault:1.13") + .withVaultToken(VAULT_TOKEN) + .withInitCommand("secrets enable transit"); + + @Test + public void readFirstSecretPathWithCli() throws Exception { + var putResult = + vaultContainer.execInContainer( + "vault", + "kv", + "metadata", + "put", + "-mount=secret", + "-custom-metadata=foo=bar", + "my-secret"); + + assertThat(putResult.getStdout()) + .contains("Success! Data written to: secret/metadata/my-secret"); + + ExecResult readResult = + vaultContainer.execInContainer( + "vault", "kv", "metadata", "get", "-mount=secret", "my-secret"); + assertThat(readResult.getStdout()).contains("foo:bar"); + } +} From ba1a88b74e27e8e0c1f15648ffa1c2ca5dc8ad0a Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 30 Dec 2023 08:54:40 +0100 Subject: [PATCH 06/28] fix spotbug --- .../kubernetes/MetaDataChallenge.java | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index 5ba992ad5..44efcc2b5 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -1,7 +1,6 @@ package org.owasp.wrongsecrets.challenges.kubernetes; import com.google.common.base.Strings; -import java.util.Objects; import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; @@ -29,16 +28,16 @@ public String getAnswer() { VaultVersionedKeyValueOperations versionedOperations = operations.opsForVersionedKeyValue("wrongsecret"); Versioned versioned = versionedOperations.get("metadatafun", String.class); - assert versioned != null; - String metadata = - Objects.requireNonNull(versioned.getMetadata()).getCustomMetadata().get("secret"); - if (Strings.isNullOrEmpty(metadata)) { - return vaultPasswordString; + if (versioned != null && versioned.getMetadata() != null) { + String metadata = versioned.getMetadata().getCustomMetadata().get("secret"); + if (Strings.isNullOrEmpty(metadata)) { + return vaultPasswordString; + } + return metadata; } - return metadata; } catch (Exception e) { - log.warn("Exception during exection of challenge44", e); - return vaultPasswordString; + log.warn("Exception during execution of challenge44", e); } + return vaultPasswordString; } } From 25fb6041da02bd6a5580d992dd2946bbb4796d2c Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 30 Dec 2023 09:19:54 +0100 Subject: [PATCH 07/28] Add first texts --- scripts/install-vault.sh | 3 ++- .../explanations/challenge44_hint.adoc | 21 ++++++++++++++++++- .../explanations/challenge44_reason.adoc | 7 +++++-- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/scripts/install-vault.sh b/scripts/install-vault.sh index 1c1e2bf14..ea13e1c43 100644 --- a/scripts/install-vault.sh +++ b/scripts/install-vault.sh @@ -50,7 +50,8 @@ echo "Putting a secret in" kubectl exec vault-0 -n vault -- vault kv put secret/secret-challenge vaultpassword.password="$(openssl rand -base64 16)" echo "Oepsi metadata" -kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret wrongsecret -custom-metadata=secret="$(openssl rand -base64 16)" +kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret vaultpassword.password="$(openssl rand -base64 16)" +kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret -custom-metadata=secret="$(openssl rand -base64 16)" wrongsecret echo "Enable k8s auth" kubectl exec vault-0 -n vault -- vault auth enable kubernetes diff --git a/src/main/resources/explanations/challenge44_hint.adoc b/src/main/resources/explanations/challenge44_hint.adoc index ba8ca2ce6..402f6d94c 100644 --- a/src/main/resources/explanations/challenge44_hint.adoc +++ b/src/main/resources/explanations/challenge44_hint.adoc @@ -1,3 +1,22 @@ This challenge can be solved using the following steps: -1. TBD +1. Find the secret with the commandline +- use `kubectl exec vault-0 -n vault -- vault kv metadata get -mount=secret wrongsecret` take a look at the metadata: do you see a map with a `secret`? that's the value you need to enter + + +2. Find the Secret in Vault using the logged root token: +- When you setup the K8s environment, the script tells you the value of the root token as below: + + Key Value + --- ----- + token s.Jqka4lSy8ayQw2LFsvyAgnTI + token_accessor HEr9RYa3OcZNDOHeFRXIMYCV + token_duration ∞ + token_renewable false + token_policies ["root"] + identity_policies [] + policies ["root"] + + +- Use the token to login into Vault exposed at port 8200 +- Take a look around: can you find the location of the secret in the secrets overview? diff --git a/src/main/resources/explanations/challenge44_reason.adoc b/src/main/resources/explanations/challenge44_reason.adoc index 62ded168f..632b7ed19 100644 --- a/src/main/resources/explanations/challenge44_reason.adoc +++ b/src/main/resources/explanations/challenge44_reason.adoc @@ -1,3 +1,6 @@ -*TODO* +*Why putting sensitive data as metadata is a bad idea* - +Sometimes people reason that less sensitive data should be stored as metadata of an actual secret. Think of for instance having a username to be less sensitive as a password, but is it? +In many of these cases these secrets are equally important and should get equal protection as the secret (e.g. the password) itself. + +Very often we don't want to give read access to secrets to our employees, but we do want to give read access to metadata instead. If any secret is then stored in the metadata, that secret is then compromised internally. From 23fa0332ea792c6062494f9d6539fb766a710e21 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 30 Dec 2023 09:26:58 +0100 Subject: [PATCH 08/28] Extend first test and see issue --- .../challenges/kubernetes/Challenge44Test.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 0a609b39a..41f0f7515 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -27,15 +27,17 @@ public void readFirstSecretPathWithCli() throws Exception { "metadata", "put", "-mount=secret", - "-custom-metadata=foo=bar", - "my-secret"); + "-custom-metadata=secret=test", + "wrongsecret"); assertThat(putResult.getStdout()) - .contains("Success! Data written to: secret/metadata/my-secret"); + .contains("Success! Data written to: secret/metadata/wrongsecret"); ExecResult readResult = vaultContainer.execInContainer( - "vault", "kv", "metadata", "get", "-mount=secret", "my-secret"); - assertThat(readResult.getStdout()).contains("foo:bar"); + "vault", "kv", "metadata", "get", "-mount=secret", "wrongsecret"); + assertThat(readResult.getStdout()).contains("test"); + var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7"); + assertThat(metadataChallenge.spoiler().solution()).isNotEqualTo("ACTUAL_ANSWER_CHALLENGE7"); } } From 8a66b9a4355abbf437dca72d1ee2c81155fb1a32 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 6 Jan 2024 11:43:22 +0100 Subject: [PATCH 09/28] Route vault container test properly --- .../kubernetes/MetaDataChallenge.java | 20 +++++++++++++++++-- .../kubernetes/Challenge44Test.java | 4 +++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index 44efcc2b5..cc5f95c3f 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -17,14 +17,23 @@ public class MetaDataChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; + private final String vaultUri; - public MetaDataChallenge(@Value("${vaultpassword}") String vaultPasswordString) { + private VaultEndpoint vaultEndpoint; + + public MetaDataChallenge( + @Value("${vaultpassword}") String vaultPasswordString, + @Value("${spring.cloud.vault.uri}") String vaultUri) { this.vaultPasswordString = vaultPasswordString; + this.vaultUri = vaultUri; } public String getAnswer() { try { - VaultOperations operations = new VaultTemplate(new VaultEndpoint()); + if (vaultEndpoint == null) { + vaultEndpoint = initializeVaultEndPoint(); + } + VaultOperations operations = new VaultTemplate(vaultEndpoint); VaultVersionedKeyValueOperations versionedOperations = operations.opsForVersionedKeyValue("wrongsecret"); Versioned versioned = versionedOperations.get("metadatafun", String.class); @@ -40,4 +49,11 @@ public String getAnswer() { } return vaultPasswordString; } + + private VaultEndpoint initializeVaultEndPoint() { + if (Strings.isNullOrEmpty(vaultUri)) { + return new VaultEndpoint(); + } + return VaultEndpoint.from(vaultUri); + } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 41f0f7515..806a40a29 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -36,8 +36,10 @@ public void readFirstSecretPathWithCli() throws Exception { ExecResult readResult = vaultContainer.execInContainer( "vault", "kv", "metadata", "get", "-mount=secret", "wrongsecret"); + + String address = vaultContainer.getHttpHostAddress(); assertThat(readResult.getStdout()).contains("test"); - var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7"); + var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7", address); assertThat(metadataChallenge.spoiler().solution()).isNotEqualTo("ACTUAL_ANSWER_CHALLENGE7"); } } From 15f463c953fee8668e5caf06cea008dfa56281ba Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 6 Jan 2024 13:08:50 +0100 Subject: [PATCH 10/28] Fixed test --- .../kubernetes/MetaDataChallenge.java | 33 +++++++++++++++---- .../resources/explanations/challenge44.adoc | 2 ++ .../kubernetes/Challenge44Test.java | 15 +++++++-- 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index cc5f95c3f..e7b354cbe 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -1,10 +1,12 @@ package org.owasp.wrongsecrets.challenges.kubernetes; import com.google.common.base.Strings; +import java.util.Map; import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import org.springframework.vault.authentication.TokenAuthentication; import org.springframework.vault.client.VaultEndpoint; import org.springframework.vault.core.*; import org.springframework.vault.support.Versioned; @@ -18,25 +20,26 @@ public class MetaDataChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; private final String vaultUri; + private final String vaultAuthMethod; private VaultEndpoint vaultEndpoint; public MetaDataChallenge( @Value("${vaultpassword}") String vaultPasswordString, - @Value("${spring.cloud.vault.uri}") String vaultUri) { + @Value("${spring.cloud.vault.uri}") String vaultUri, + @Value("${spring.cloud.vault.authentication}") String vaultAuthMethod) { this.vaultPasswordString = vaultPasswordString; this.vaultUri = vaultUri; + this.vaultAuthMethod = vaultAuthMethod; } public String getAnswer() { try { - if (vaultEndpoint == null) { - vaultEndpoint = initializeVaultEndPoint(); - } - VaultOperations operations = new VaultTemplate(vaultEndpoint); + + VaultOperations operations = getVaultTemplate(); VaultVersionedKeyValueOperations versionedOperations = - operations.opsForVersionedKeyValue("wrongsecret"); - Versioned versioned = versionedOperations.get("metadatafun", String.class); + operations.opsForVersionedKeyValue("secret"); + Versioned> versioned = versionedOperations.get("wrongsecret"); if (versioned != null && versioned.getMetadata() != null) { String metadata = versioned.getMetadata().getCustomMetadata().get("secret"); if (Strings.isNullOrEmpty(metadata)) { @@ -50,6 +53,22 @@ public String getAnswer() { return vaultPasswordString; } + /** + * gets the vault template for the operation: either autowired for kubernetes, or using the token + * for the unit tests. + * + * @return authenticated VaultTemplate + */ + private VaultTemplate getVaultTemplate() { + if (vaultEndpoint == null) { + vaultEndpoint = initializeVaultEndPoint(); + } + if (Strings.isNullOrEmpty(vaultAuthMethod) || "KUBERNETES".equals(vaultAuthMethod)) { + return new VaultTemplate(vaultEndpoint); + } + return new VaultTemplate(vaultEndpoint, new TokenAuthentication(vaultAuthMethod)); + } + private VaultEndpoint initializeVaultEndPoint() { if (Strings.isNullOrEmpty(vaultUri)) { return new VaultEndpoint(); diff --git a/src/main/resources/explanations/challenge44.adoc b/src/main/resources/explanations/challenge44.adoc index 2f8140acc..864c61a6f 100644 --- a/src/main/resources/explanations/challenge44.adoc +++ b/src/main/resources/explanations/challenge44.adoc @@ -5,3 +5,5 @@ Secrets management systems now often have metadata support for their secrets! Th But what if you put confidential/secret information into a secret by mistake? A developer has put some secret metadata to a `wrongsecret` in Vault. Can you find it? + +Tip: take a look at the policies when vault is installed, you can see that the application is only allowed to use the metadata ;-). diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 806a40a29..61738a182 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -20,6 +20,15 @@ public class Challenge44Test { @Test public void readFirstSecretPathWithCli() throws Exception { + var putSecretResult = + vaultContainer.execInContainer( + "vault", + "kv", + "put", + "secret/wrongsecret", + "vaultpassword.password='$(openssl rand -base64 16)'"); + assertThat(putSecretResult.getStdout()).contains("secret/data/wrongsecret"); + var putResult = vaultContainer.execInContainer( "vault", @@ -36,10 +45,10 @@ public void readFirstSecretPathWithCli() throws Exception { ExecResult readResult = vaultContainer.execInContainer( "vault", "kv", "metadata", "get", "-mount=secret", "wrongsecret"); - + assertThat(readResult.getStdout()).contains("map[secret:test]"); String address = vaultContainer.getHttpHostAddress(); assertThat(readResult.getStdout()).contains("test"); - var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7", address); - assertThat(metadataChallenge.spoiler().solution()).isNotEqualTo("ACTUAL_ANSWER_CHALLENGE7"); + var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7", address, VAULT_TOKEN); + assertThat(metadataChallenge.spoiler().solution()).isEqualTo("test"); } } From 62d1c04afe9fdb3820c925a89b2f2c86f82e4d94 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 6 Jan 2024 13:17:00 +0100 Subject: [PATCH 11/28] added next challenge --- .../kubernetes/VaultSubKeyChallenge.java | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java new file mode 100644 index 000000000..36164e9d5 --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java @@ -0,0 +1,80 @@ +package org.owasp.wrongsecrets.challenges.kubernetes; + +import com.google.common.base.Strings; +import java.util.Map; +import java.util.Objects; +import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; +import org.springframework.vault.authentication.TokenAuthentication; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.core.VaultOperations; +import org.springframework.vault.core.VaultTemplate; +import org.springframework.vault.core.VaultVersionedKeyValueOperations; +import org.springframework.vault.support.Versioned; + +@Component +@Slf4j +public class VaultSubKeyChallenge extends FixedAnswerChallenge { + + private final String vaultPasswordString; + private final String vaultUri; + private final String vaultAuthMethod; + + private VaultEndpoint vaultEndpoint; + + public VaultSubKeyChallenge( + @Value("${vaultpassword}") String vaultPasswordString, + @Value("${spring.cloud.vault.uri}") String vaultUri, + @Value("${spring.cloud.vault.authentication}") String vaultAuthMethod) { + this.vaultPasswordString = vaultPasswordString; + this.vaultUri = vaultUri; + this.vaultAuthMethod = vaultAuthMethod; + } + + /** + * gets the vault template for the operation: either autowired for kubernetes, or using the token + * for the unit tests. + * + * @return authenticated VaultTemplate + */ + private VaultTemplate getVaultTemplate() { + if (vaultEndpoint == null) { + vaultEndpoint = initializeVaultEndPoint(); + } + if (Strings.isNullOrEmpty(vaultAuthMethod) || "KUBERNETES".equals(vaultAuthMethod)) { + return new VaultTemplate(vaultEndpoint); + } + return new VaultTemplate(vaultEndpoint, new TokenAuthentication(vaultAuthMethod)); + } + + private VaultEndpoint initializeVaultEndPoint() { + if (Strings.isNullOrEmpty(vaultUri)) { + return new VaultEndpoint(); + } + return VaultEndpoint.from(vaultUri); + } + + @Override + public String getAnswer() { + try { + VaultOperations operations = getVaultTemplate(); + VaultVersionedKeyValueOperations versionedOperations = + operations.opsForVersionedKeyValue("secret"); + Versioned> versioned = versionedOperations.get("wrongsecret1"); + if (versioned != null) { + String s = Objects.requireNonNull(versioned.getData()).keySet().stream().findFirst().get(); + if (Strings.isNullOrEmpty(s)) { + return vaultPasswordString; + } + return s; + } + + // todo: implement the subkey retrieval here! + } catch (Exception e) { + log.warn("Exception during execution of challenge45", e); + } + return vaultPasswordString; + } +} From 31fdc9c5572f63f124ca2445e17946e6e4958bb0 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 7 Jan 2024 21:07:38 +0100 Subject: [PATCH 12/28] added first integration parameters --- .../challenges/kubernetes/MetaDataChallenge.java | 15 +++++++++++---- src/main/resources/application.properties | 3 +++ .../challenges/kubernetes/Challenge44Test.java | 8 +++++++- ...sControllerWithPresetKubernetesValuesTest.java | 3 ++- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index e7b354cbe..c2b414147 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -5,6 +5,7 @@ import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; +import org.springframework.cloud.vault.config.VaultProperties; import org.springframework.stereotype.Component; import org.springframework.vault.authentication.TokenAuthentication; import org.springframework.vault.client.VaultEndpoint; @@ -20,17 +21,21 @@ public class MetaDataChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; private final String vaultUri; - private final String vaultAuthMethod; + private final VaultProperties.AuthenticationMethod vaultAuthMethod; + private final String authToken; private VaultEndpoint vaultEndpoint; public MetaDataChallenge( @Value("${vaultpassword}") String vaultPasswordString, @Value("${spring.cloud.vault.uri}") String vaultUri, - @Value("${spring.cloud.vault.authentication}") String vaultAuthMethod) { + @Value("${spring.cloud.vault.authentication}") + VaultProperties.AuthenticationMethod vaultAuthMethod, + @Value("${vaulttoken") final String authToken) { this.vaultPasswordString = vaultPasswordString; this.vaultUri = vaultUri; this.vaultAuthMethod = vaultAuthMethod; + this.authToken = authToken; } public String getAnswer() { @@ -63,10 +68,12 @@ private VaultTemplate getVaultTemplate() { if (vaultEndpoint == null) { vaultEndpoint = initializeVaultEndPoint(); } - if (Strings.isNullOrEmpty(vaultAuthMethod) || "KUBERNETES".equals(vaultAuthMethod)) { + if (Strings.isNullOrEmpty(vaultAuthMethod.toString()) + || VaultProperties.AuthenticationMethod.KUBERNETES.equals(vaultAuthMethod)) { return new VaultTemplate(vaultEndpoint); } - return new VaultTemplate(vaultEndpoint, new TokenAuthentication(vaultAuthMethod)); + // assume VaultProperties.AuthenticationMethod.TOKEN + return new VaultTemplate(vaultEndpoint, new TokenAuthentication(authToken)); } private VaultEndpoint initializeVaultEndPoint() { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 305cd57a8..d14ac513b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -12,6 +12,9 @@ CHALLENGE33=if_you_see_this_please_use_k8s ARG_BASED_PASSWORD=if_you_see_this_please_use_docker_instead DOCKER_ENV_PASSWORD=if_you_see_this_please_use_docker_instead vaultpassword=if_you_see_this_please_use_K8S_and_Vault +spring.cloud.vault.uri=if_you_see_this_please_use_K8S_and_Vault +spring.cloud.vault.authentication=NONE +vaulttoken="NONE" default_aws_value=if_you_see_this_please_use_AWS_Setup default_aws_value_challenge_9=if_you_see_this_please_use_AWS_Setup default_aws_value_challenge_10=if_you_see_this_please_use_AWS_Setup diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 61738a182..4a8174ded 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -3,6 +3,7 @@ import static org.assertj.core.api.Assertions.assertThat; import org.junit.jupiter.api.Test; +import org.springframework.cloud.vault.config.VaultProperties; import org.testcontainers.containers.Container.ExecResult; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; @@ -48,7 +49,12 @@ public void readFirstSecretPathWithCli() throws Exception { assertThat(readResult.getStdout()).contains("map[secret:test]"); String address = vaultContainer.getHttpHostAddress(); assertThat(readResult.getStdout()).contains("test"); - var metadataChallenge = new MetaDataChallenge("ACTUAL_ANSWER_CHALLENGE7", address, VAULT_TOKEN); + var metadataChallenge = + new MetaDataChallenge( + "ACTUAL_ANSWER_CHALLENGE7", + address, + VaultProperties.AuthenticationMethod.TOKEN, + VAULT_TOKEN); assertThat(metadataChallenge.spoiler().solution()).isEqualTo("test"); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java index f0ada3c76..69295c683 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java @@ -53,7 +53,8 @@ void shouldNotShowDisabledChallengeAnywhere() throws Exception { if (shortname.contains("7") || shortname.contains("9") || shortname.contains("10") - || shortname.contains("11")) { + || shortname.contains("11") + || shortname.contains("43")) { continue; } mvc.perform(get("/challenge/%s".formatted(challenge.name().shortName()))) From ed3f70de815531e22acbd2f16c95ff1e27923f08 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 7 Jan 2024 21:08:44 +0100 Subject: [PATCH 13/28] remove duplicate dep definition --- pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pom.xml b/pom.xml index bfa9f4f07..67be41a22 100644 --- a/pom.xml +++ b/pom.xml @@ -129,11 +129,6 @@ org.springframework.boot spring-boot-starter - - org.testcontainers - testcontainers - test - org.springframework.boot spring-boot-starter-actuator From 164ea86171bfe60ddc86707bd90f3635b61cf971 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 7 Jan 2024 22:51:06 +0100 Subject: [PATCH 14/28] added challenge45 setup --- scripts/install-vault.sh | 6 +++ .../kubernetes/MetaDataChallenge.java | 18 ++++++--- .../kubernetes/VaultSubKeyChallenge.java | 35 ++++++++++------ .../resources/explanations/challenge45.adoc | 3 ++ .../explanations/challenge45_hint.adoc | 22 ++++++++++ .../explanations/challenge45_reason.adoc | 6 +++ .../wrong-secrets-configuration.yaml | 14 +++++++ .../kubernetes/Challenge45Test.java | 40 +++++++++++++++++++ ...trollerWithPresetKubernetesValuesTest.java | 3 +- 9 files changed, 128 insertions(+), 19 deletions(-) create mode 100644 src/main/resources/explanations/challenge45.adoc create mode 100644 src/main/resources/explanations/challenge45_hint.adoc create mode 100644 src/main/resources/explanations/challenge45_reason.adoc create mode 100644 src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java diff --git a/scripts/install-vault.sh b/scripts/install-vault.sh index ea13e1c43..1e89befa1 100644 --- a/scripts/install-vault.sh +++ b/scripts/install-vault.sh @@ -49,6 +49,9 @@ kubectl exec vault-0 -n vault -- vault secrets enable -path=secret kv-v2 echo "Putting a secret in" kubectl exec vault-0 -n vault -- vault kv put secret/secret-challenge vaultpassword.password="$(openssl rand -base64 16)" +echo "Putting a subkey issue in" +kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret aaaauser."$(openssl rand -base64 8)"="$(openssl rand -base64 16)" + echo "Oepsi metadata" kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret vaultpassword.password="$(openssl rand -base64 16)" kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret -custom-metadata=secret="$(openssl rand -base64 16)" wrongsecret @@ -70,6 +73,9 @@ path "secret/data/secret-challenge" { path "secret/metadata/wrongsecret" { capabilities = ["read", "list" ] } +path "secret/subkeys/wrongsecret" { + capabilities = ["read", "list" ] +} path "secret/data/application" { capabilities = ["read"] } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index c2b414147..b15b9d31b 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -40,17 +40,25 @@ public MetaDataChallenge( public String getAnswer() { try { - + if (vaultAuthMethod == null + || vaultAuthMethod.equals(VaultProperties.AuthenticationMethod.NONE)) { + log.warn("Vault not setup for challenge 44"); + return vaultPasswordString; + } VaultOperations operations = getVaultTemplate(); VaultVersionedKeyValueOperations versionedOperations = operations.opsForVersionedKeyValue("secret"); Versioned> versioned = versionedOperations.get("wrongsecret"); - if (versioned != null && versioned.getMetadata() != null) { - String metadata = versioned.getMetadata().getCustomMetadata().get("secret"); - if (Strings.isNullOrEmpty(metadata)) { + if (versioned == null || versioned.getMetadata() == null) { + return vaultPasswordString; + } + var customMetadata = versioned.getMetadata().getCustomMetadata(); + if (!customMetadata.isEmpty()) { + String customMedataSecret = customMetadata.get("secret"); + if (Strings.isNullOrEmpty(customMedataSecret)) { return vaultPasswordString; } - return metadata; + return customMedataSecret; } } catch (Exception e) { log.warn("Exception during execution of challenge44", e); diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java index 36164e9d5..36501b792 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java @@ -2,10 +2,11 @@ import com.google.common.base.Strings; import java.util.Map; -import java.util.Objects; +import java.util.Optional; import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; +import org.springframework.cloud.vault.config.VaultProperties; import org.springframework.stereotype.Component; import org.springframework.vault.authentication.TokenAuthentication; import org.springframework.vault.client.VaultEndpoint; @@ -20,17 +21,21 @@ public class VaultSubKeyChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; private final String vaultUri; - private final String vaultAuthMethod; + private final VaultProperties.AuthenticationMethod vaultAuthMethod; + private final String authToken; private VaultEndpoint vaultEndpoint; public VaultSubKeyChallenge( @Value("${vaultpassword}") String vaultPasswordString, @Value("${spring.cloud.vault.uri}") String vaultUri, - @Value("${spring.cloud.vault.authentication}") String vaultAuthMethod) { + @Value("${spring.cloud.vault.authentication}") + VaultProperties.AuthenticationMethod vaultAuthMethod, + @Value("${vaulttoken") final String authToken) { this.vaultPasswordString = vaultPasswordString; this.vaultUri = vaultUri; this.vaultAuthMethod = vaultAuthMethod; + this.authToken = authToken; } /** @@ -43,10 +48,12 @@ private VaultTemplate getVaultTemplate() { if (vaultEndpoint == null) { vaultEndpoint = initializeVaultEndPoint(); } - if (Strings.isNullOrEmpty(vaultAuthMethod) || "KUBERNETES".equals(vaultAuthMethod)) { + if (Strings.isNullOrEmpty(vaultAuthMethod.toString()) + || VaultProperties.AuthenticationMethod.KUBERNETES.equals(vaultAuthMethod)) { return new VaultTemplate(vaultEndpoint); } - return new VaultTemplate(vaultEndpoint, new TokenAuthentication(vaultAuthMethod)); + // assume VaultProperties.AuthenticationMethod.TOKEN + return new VaultTemplate(vaultEndpoint, new TokenAuthentication(authToken)); } private VaultEndpoint initializeVaultEndPoint() { @@ -59,19 +66,21 @@ private VaultEndpoint initializeVaultEndPoint() { @Override public String getAnswer() { try { + if (vaultAuthMethod == null + || vaultAuthMethod.equals(VaultProperties.AuthenticationMethod.NONE)) { + log.warn("Vault not setup for challenge 45"); + return vaultPasswordString; + } VaultOperations operations = getVaultTemplate(); VaultVersionedKeyValueOperations versionedOperations = operations.opsForVersionedKeyValue("secret"); - Versioned> versioned = versionedOperations.get("wrongsecret1"); - if (versioned != null) { - String s = Objects.requireNonNull(versioned.getData()).keySet().stream().findFirst().get(); - if (Strings.isNullOrEmpty(s)) { - return vaultPasswordString; - } - return s; + Versioned> versioned = versionedOperations.get("wrongsecret"); + if (versioned == null) { + return vaultPasswordString; } + Optional first = versioned.getRequiredData().keySet().stream().findFirst(); + return first.orElse(vaultPasswordString); - // todo: implement the subkey retrieval here! } catch (Exception e) { log.warn("Exception during execution of challenge45", e); } diff --git a/src/main/resources/explanations/challenge45.adoc b/src/main/resources/explanations/challenge45.adoc new file mode 100644 index 000000000..cb8f80cd8 --- /dev/null +++ b/src/main/resources/explanations/challenge45.adoc @@ -0,0 +1,3 @@ +=== Vault subkey challenge + +TBD diff --git a/src/main/resources/explanations/challenge45_hint.adoc b/src/main/resources/explanations/challenge45_hint.adoc new file mode 100644 index 000000000..c6f7ff625 --- /dev/null +++ b/src/main/resources/explanations/challenge45_hint.adoc @@ -0,0 +1,22 @@ +This challenge can be solved using the following steps: + +1. Find the secret with the commandline +- + + +2. Find the Secret in Vault using the logged root token: +- When you setup the K8s environment, the script tells you the value of the root token as below: + + Key Value + --- ----- + token s.Jqka4lSy8ayQw2LFsvyAgnTI + token_accessor HEr9RYa3OcZNDOHeFRXIMYCV + token_duration ∞ + token_renewable false + token_policies ["root"] + identity_policies [] + policies ["root"] + + +- Use the token to login into Vault exposed at port 8200 +- Take a look around: can you find the location of the secret in the secrets overview? diff --git a/src/main/resources/explanations/challenge45_reason.adoc b/src/main/resources/explanations/challenge45_reason.adoc new file mode 100644 index 000000000..45acf41d4 --- /dev/null +++ b/src/main/resources/explanations/challenge45_reason.adoc @@ -0,0 +1,6 @@ +*Why putting sensitive data as keys is a bad idea* + +Sometimes people reason that less sensitive data should be stored as a subkey of the actual secret. That way both a username and a password for instance can be combined in a single entry. +In many of these cases these secrets are equally important and should get equal protection as the secret (e.g. the password) itself. And in the case of Vault, you can have access to a subkey (E.g. the username), but not the secret value itself (e.g. the password), which would already leak the username. + +Very often we don't want to give read access to secrets to our employees, but we do want to give read access to subkeys instead. If any secret is then stored in the subkeys, that secret is then compromised internally. diff --git a/src/main/resources/wrong-secrets-configuration.yaml b/src/main/resources/wrong-secrets-configuration.yaml index 7ccf768c5..851d2b15d 100644 --- a/src/main/resources/wrong-secrets-configuration.yaml +++ b/src/main/resources/wrong-secrets-configuration.yaml @@ -724,3 +724,17 @@ configurations: ctf: enabled: true missing_environment: "explanations/missing_vault.adoc" + + - name: Challenge 45 + short-name: "challenge-45" + sources: + - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.VaultSubKeyChallenge" + explanation: "explanations/Challenge45.adoc" + hint: "explanations/challenge45_hint.adoc" + reason: "explanations/challenge45_reason.adoc" + environments: [ *gcp, *aws, *azure, *k8s_vault ] + difficulty: *expert + category: *vault + ctf: + enabled: true + missing_environment: "explanations/missing_vault.adoc" diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java new file mode 100644 index 000000000..e293a5379 --- /dev/null +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java @@ -0,0 +1,40 @@ +package org.owasp.wrongsecrets.challenges.kubernetes; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.junit.jupiter.api.Test; +import org.springframework.cloud.vault.config.VaultProperties; +import org.testcontainers.junit.jupiter.Container; +import org.testcontainers.junit.jupiter.Testcontainers; +import org.testcontainers.vault.VaultContainer; + +@Testcontainers +public class Challenge45Test { + private static final String VAULT_TOKEN = "my-token"; + + @Container + public static VaultContainer vaultContainer = + new VaultContainer<>("hashicorp/vault:1.13") + .withVaultToken(VAULT_TOKEN) + .withInitCommand("secrets enable transit"); + + @Test + public void readFirstSecretPathWithCli() throws Exception { + var putSecretResult = + vaultContainer.execInContainer( + "vault", + "kv", + "put", + "secret/wrongsecret", + "aaasecret.password='$(openssl rand -base64 16)'"); + assertThat(putSecretResult.getStdout()).contains("secret/data/wrongsecret"); + String address = vaultContainer.getHttpHostAddress(); + var subkeyChallenge = + new VaultSubKeyChallenge( + "ACTUAL_ANSWER_CHALLENGE7", + address, + VaultProperties.AuthenticationMethod.TOKEN, + VAULT_TOKEN); + assertThat(subkeyChallenge.spoiler().solution()).isEqualTo("aaasecret.password"); + } +} diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java index 69295c683..6cb2af2ea 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java @@ -54,7 +54,8 @@ void shouldNotShowDisabledChallengeAnywhere() throws Exception { || shortname.contains("9") || shortname.contains("10") || shortname.contains("11") - || shortname.contains("43")) { + || shortname.contains("43") + || shortname.contains("44")) { continue; } mvc.perform(get("/challenge/%s".formatted(challenge.name().shortName()))) From 2e9cd5859ec90cc0b3cb8720294ea404ae9d2f9c Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 00:15:34 +0100 Subject: [PATCH 15/28] fix for spotbugs --- .../challenges/kubernetes/MetaDataChallenge.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index b15b9d31b..e87f38cd7 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -49,10 +49,14 @@ public String getAnswer() { VaultVersionedKeyValueOperations versionedOperations = operations.opsForVersionedKeyValue("secret"); Versioned> versioned = versionedOperations.get("wrongsecret"); - if (versioned == null || versioned.getMetadata() == null) { + if (versioned == null) { return vaultPasswordString; } - var customMetadata = versioned.getMetadata().getCustomMetadata(); + var metadata = versioned.getMetadata(); + if (metadata == null) { + return vaultPasswordString; + } + var customMetadata = metadata.getCustomMetadata(); if (!customMetadata.isEmpty()) { String customMedataSecret = customMetadata.get("secret"); if (Strings.isNullOrEmpty(customMedataSecret)) { From bfed6c7d8c80c55b447a79381247a5c8395de6fe Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 04:03:06 +0100 Subject: [PATCH 16/28] Fix final tests and configs --- src/main/resources/explanations/challenge45.adoc | 3 ++- src/main/resources/wrong-secrets-configuration.yaml | 4 ++-- .../ChallengesControllerWithPresetKubernetesValuesTest.java | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/resources/explanations/challenge45.adoc b/src/main/resources/explanations/challenge45.adoc index cb8f80cd8..3bfeae3da 100644 --- a/src/main/resources/explanations/challenge45.adoc +++ b/src/main/resources/explanations/challenge45.adoc @@ -1,3 +1,4 @@ === Vault subkey challenge -TBD +Sometimes, all you want to do, is having that concise entry in your secrets management system. So what about storing your usnerame and password in the same entry? +We tried doing that, but got into a new problem! Because with Hashicorp Vault you can setup policies to allow access to a subkey (Which is the key to the value of your secret). Can you find the very random username we setup in this challenge? diff --git a/src/main/resources/wrong-secrets-configuration.yaml b/src/main/resources/wrong-secrets-configuration.yaml index 851d2b15d..a13b1393c 100644 --- a/src/main/resources/wrong-secrets-configuration.yaml +++ b/src/main/resources/wrong-secrets-configuration.yaml @@ -715,7 +715,7 @@ configurations: short-name: "challenge-44" sources: - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.MetaDataChallenge" - explanation: "explanations/Challenge44.adoc" + explanation: "explanations/challenge44.adoc" hint: "explanations/challenge44_hint.adoc" reason: "explanations/challenge44_reason.adoc" environments: [ *gcp, *aws, *azure, *k8s_vault ] @@ -729,7 +729,7 @@ configurations: short-name: "challenge-45" sources: - class-name: "org.owasp.wrongsecrets.challenges.kubernetes.VaultSubKeyChallenge" - explanation: "explanations/Challenge45.adoc" + explanation: "explanations/challenge45.adoc" hint: "explanations/challenge45_hint.adoc" reason: "explanations/challenge45_reason.adoc" environments: [ *gcp, *aws, *azure, *k8s_vault ] diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java index 6cb2af2ea..62e036bcd 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/ChallengesControllerWithPresetKubernetesValuesTest.java @@ -54,8 +54,8 @@ void shouldNotShowDisabledChallengeAnywhere() throws Exception { || shortname.contains("9") || shortname.contains("10") || shortname.contains("11") - || shortname.contains("43") - || shortname.contains("44")) { + || shortname.contains("44") + || shortname.contains("45")) { continue; } mvc.perform(get("/challenge/%s".formatted(challenge.name().shortName()))) From 6d0bddbb547e0021196342a70a16b91f14b12987 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 08:01:38 +0100 Subject: [PATCH 17/28] first steps for k8s setup --- k8s-vault-minkube-start.sh | 13 +++++++++++++ k8s/secret-challenge-vault-deployment.yml | 2 +- scripts/install-vault.sh | 1 - 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/k8s-vault-minkube-start.sh b/k8s-vault-minkube-start.sh index 43bb3de50..a97efccc2 100755 --- a/k8s-vault-minkube-start.sh +++ b/k8s-vault-minkube-start.sh @@ -81,6 +81,13 @@ kubectl exec vault-0 -n vault -- vault secrets enable -path=secret kv-v2 echo "Putting a secret in" kubectl exec vault-0 -n vault -- vault kv put secret/secret-challenge vaultpassword.password="$(openssl rand -base64 16)" +echo "Putting a subkey issue in" +kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret aaaauser."$(openssl rand -base64 8)"="$(openssl rand -base64 16)" + +echo "Oepsi metadata" +kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret -custom-metadata=secret="$(openssl rand -base64 16)" wrongsecret + + echo "Enable k8s auth" kubectl exec vault-0 -n vault -- vault auth enable kubernetes @@ -96,6 +103,12 @@ kubectl exec vault-0 -n vault -- /bin/sh -c 'vault policy write secret-challenge path "secret/data/secret-challenge" { capabilities = ["read"] } +path "secret/metadata/wrongsecret" { + capabilities = ["read", "list" ] +} +path "secret/subkeys/wrongsecret" { + capabilities = ["read", "list" ] +} path "secret/data/application" { capabilities = ["read"] } diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index dfb3ecd6c..3f97e0fb7 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:1.8.0-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/scripts/install-vault.sh b/scripts/install-vault.sh index 1e89befa1..9c752de36 100644 --- a/scripts/install-vault.sh +++ b/scripts/install-vault.sh @@ -53,7 +53,6 @@ echo "Putting a subkey issue in" kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret aaaauser."$(openssl rand -base64 8)"="$(openssl rand -base64 16)" echo "Oepsi metadata" -kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret vaultpassword.password="$(openssl rand -base64 16)" kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret -custom-metadata=secret="$(openssl rand -base64 16)" wrongsecret echo "Enable k8s auth" From 853e63ac3a7801b2831f30d5158ab76a49fcf739 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 13:19:06 +0100 Subject: [PATCH 18/28] Update POM file with new version: challenge45-2 --- .github/scripts/.bash_history | 2 +- .../kubernetes/MetaDataChallenge.java | 51 +--- .../challenges/kubernetes/VaultConfig.java | 49 +++ .../kubernetes/VaultSubKeyChallenge.java | 53 +--- src/main/resources/application.properties | 7 +- src/main/resources/templates/about.html | 283 +++++++++--------- .../kubernetes/Challenge44Test.java | 9 +- .../kubernetes/Challenge45Test.java | 8 +- 8 files changed, 228 insertions(+), 234 deletions(-) create mode 100644 src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index 1b5018d24..424e18069 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="+Z/y6yT2roEAQix+X34x8hHzX+MA9cV0i8Me/Q3CuXc=" +export tempPassword="xtS+1quya5d0PbHiSlN4dVCwuqj9K3qAccJf64E1gL0=" mvn run tempPassword k6 npx k6 diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java index e87f38cd7..7df8b9297 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/MetaDataChallenge.java @@ -6,9 +6,8 @@ import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; -import org.springframework.vault.authentication.TokenAuthentication; -import org.springframework.vault.client.VaultEndpoint; import org.springframework.vault.core.*; import org.springframework.vault.support.Versioned; @@ -20,34 +19,29 @@ public class MetaDataChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; - private final String vaultUri; - private final VaultProperties.AuthenticationMethod vaultAuthMethod; - private final String authToken; + private final VaultTemplate vaultTemplate; - private VaultEndpoint vaultEndpoint; + private final VaultProperties.AuthenticationMethod authenticationMethod; public MetaDataChallenge( @Value("${vaultpassword}") String vaultPasswordString, - @Value("${spring.cloud.vault.uri}") String vaultUri, + @Nullable VaultTemplate vaultTemplate, @Value("${spring.cloud.vault.authentication}") - VaultProperties.AuthenticationMethod vaultAuthMethod, - @Value("${vaulttoken") final String authToken) { + VaultProperties.AuthenticationMethod vaultAuthmethod) { this.vaultPasswordString = vaultPasswordString; - this.vaultUri = vaultUri; - this.vaultAuthMethod = vaultAuthMethod; - this.authToken = authToken; + this.vaultTemplate = vaultTemplate; + this.authenticationMethod = vaultAuthmethod; } public String getAnswer() { try { - if (vaultAuthMethod == null - || vaultAuthMethod.equals(VaultProperties.AuthenticationMethod.NONE)) { + if (VaultProperties.AuthenticationMethod.NONE.equals(authenticationMethod) + || vaultTemplate == null) { log.warn("Vault not setup for challenge 44"); return vaultPasswordString; } - VaultOperations operations = getVaultTemplate(); VaultVersionedKeyValueOperations versionedOperations = - operations.opsForVersionedKeyValue("secret"); + vaultTemplate.opsForVersionedKeyValue("secret"); Versioned> versioned = versionedOperations.get("wrongsecret"); if (versioned == null) { return vaultPasswordString; @@ -69,29 +63,4 @@ public String getAnswer() { } return vaultPasswordString; } - - /** - * gets the vault template for the operation: either autowired for kubernetes, or using the token - * for the unit tests. - * - * @return authenticated VaultTemplate - */ - private VaultTemplate getVaultTemplate() { - if (vaultEndpoint == null) { - vaultEndpoint = initializeVaultEndPoint(); - } - if (Strings.isNullOrEmpty(vaultAuthMethod.toString()) - || VaultProperties.AuthenticationMethod.KUBERNETES.equals(vaultAuthMethod)) { - return new VaultTemplate(vaultEndpoint); - } - // assume VaultProperties.AuthenticationMethod.TOKEN - return new VaultTemplate(vaultEndpoint, new TokenAuthentication(authToken)); - } - - private VaultEndpoint initializeVaultEndPoint() { - if (Strings.isNullOrEmpty(vaultUri)) { - return new VaultEndpoint(); - } - return VaultEndpoint.from(vaultUri); - } } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java new file mode 100644 index 000000000..aa99ec1aa --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java @@ -0,0 +1,49 @@ +package org.owasp.wrongsecrets.challenges.kubernetes; + +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.context.annotation.Configuration; +import org.springframework.vault.authentication.*; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.config.AbstractVaultConfiguration; + +@Configuration +public class VaultConfig extends AbstractVaultConfiguration { + + @Value("${spring.cloud.vault.uri}") + private String vaultAddress; + + @Value("${spring.cloud.vault.role}") + private String role; + + @Value("${spring.cloud.vault.kubernetes-path}") + private String tokenPath; + + @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") + private String tokenFile; + + @Value("${spring.cloud.vault.authentication}") + private VaultProperties.AuthenticationMethod authenticationMethod; + + @Override + public @NotNull VaultEndpoint vaultEndpoint() { + return VaultEndpoint.from(vaultAddress); + } + + @Override + public @NotNull ClientAuthentication clientAuthentication() { + if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { + KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); + KubernetesAuthenticationOptions options = + new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() + .role(role) + .path(tokenPath) + .jwtSupplier(jwtSupplier) + .build(); + return new KubernetesAuthentication(options, super.restOperations()); + } else { + return new TokenAuthentication("empty"); + } + } +} diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java index 36501b792..72b1b5fd1 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultSubKeyChallenge.java @@ -1,16 +1,13 @@ package org.owasp.wrongsecrets.challenges.kubernetes; -import com.google.common.base.Strings; import java.util.Map; import java.util.Optional; import lombok.extern.slf4j.Slf4j; import org.owasp.wrongsecrets.challenges.FixedAnswerChallenge; import org.springframework.beans.factory.annotation.Value; import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; -import org.springframework.vault.authentication.TokenAuthentication; -import org.springframework.vault.client.VaultEndpoint; -import org.springframework.vault.core.VaultOperations; import org.springframework.vault.core.VaultTemplate; import org.springframework.vault.core.VaultVersionedKeyValueOperations; import org.springframework.vault.support.Versioned; @@ -20,60 +17,30 @@ public class VaultSubKeyChallenge extends FixedAnswerChallenge { private final String vaultPasswordString; - private final String vaultUri; - private final VaultProperties.AuthenticationMethod vaultAuthMethod; - private final String authToken; + private final VaultTemplate vaultTemplate; - private VaultEndpoint vaultEndpoint; + private final VaultProperties.AuthenticationMethod authenticationMethod; public VaultSubKeyChallenge( @Value("${vaultpassword}") String vaultPasswordString, - @Value("${spring.cloud.vault.uri}") String vaultUri, + @Nullable VaultTemplate vaultTemplate, @Value("${spring.cloud.vault.authentication}") - VaultProperties.AuthenticationMethod vaultAuthMethod, - @Value("${vaulttoken") final String authToken) { + VaultProperties.AuthenticationMethod vaultAuthmethod) { this.vaultPasswordString = vaultPasswordString; - this.vaultUri = vaultUri; - this.vaultAuthMethod = vaultAuthMethod; - this.authToken = authToken; - } - - /** - * gets the vault template for the operation: either autowired for kubernetes, or using the token - * for the unit tests. - * - * @return authenticated VaultTemplate - */ - private VaultTemplate getVaultTemplate() { - if (vaultEndpoint == null) { - vaultEndpoint = initializeVaultEndPoint(); - } - if (Strings.isNullOrEmpty(vaultAuthMethod.toString()) - || VaultProperties.AuthenticationMethod.KUBERNETES.equals(vaultAuthMethod)) { - return new VaultTemplate(vaultEndpoint); - } - // assume VaultProperties.AuthenticationMethod.TOKEN - return new VaultTemplate(vaultEndpoint, new TokenAuthentication(authToken)); - } - - private VaultEndpoint initializeVaultEndPoint() { - if (Strings.isNullOrEmpty(vaultUri)) { - return new VaultEndpoint(); - } - return VaultEndpoint.from(vaultUri); + this.vaultTemplate = vaultTemplate; + this.authenticationMethod = vaultAuthmethod; } @Override public String getAnswer() { try { - if (vaultAuthMethod == null - || vaultAuthMethod.equals(VaultProperties.AuthenticationMethod.NONE)) { + if (VaultProperties.AuthenticationMethod.NONE.equals(authenticationMethod) + || vaultTemplate == null) { log.warn("Vault not setup for challenge 45"); return vaultPasswordString; } - VaultOperations operations = getVaultTemplate(); VaultVersionedKeyValueOperations versionedOperations = - operations.opsForVersionedKeyValue("secret"); + vaultTemplate.opsForVersionedKeyValue("secret"); Versioned> versioned = versionedOperations.get("wrongsecret"); if (versioned == null) { return vaultPasswordString; diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d14ac513b..c724a76ba 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -12,9 +12,12 @@ CHALLENGE33=if_you_see_this_please_use_k8s ARG_BASED_PASSWORD=if_you_see_this_please_use_docker_instead DOCKER_ENV_PASSWORD=if_you_see_this_please_use_docker_instead vaultpassword=if_you_see_this_please_use_K8S_and_Vault -spring.cloud.vault.uri=if_you_see_this_please_use_K8S_and_Vault +spring.cloud.vault.uri=https://tobediefined.org spring.cloud.vault.authentication=NONE -vaulttoken="NONE" +spring.cloud.vault.role=none +spring.cloud.vault.kubernetes-path=none +spring.cloud.vault.scheme=https://tobediefined.org +spring.cloud.vault.kubernetes.service-account-token-file="none" default_aws_value=if_you_see_this_please_use_AWS_Setup default_aws_value_challenge_9=if_you_see_this_please_use_AWS_Setup default_aws_value_challenge_10=if_you_see_this_please_use_AWS_Setup diff --git a/src/main/resources/templates/about.html b/src/main/resources/templates/about.html index 9c926aa5d..a3e32690c 100644 --- a/src/main/resources/templates/about.html +++ b/src/main/resources/templates/about.html @@ -35,21 +35,21 @@ The list below is generated with `mvn license:add-third-party`
    -
  • Lists of 350 third-party dependencies.
    • -
  • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.11 - http://logback.qos.ch/logback-classic)
    • -
  • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.11 - http://logback.qos.ch/logback-core)
    • -
  • (The MIT License (MIT)) Microsoft Azure Java Core Library (com.azure:azure-core:1.44.1 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Microsoft Azure Java Core AMQP Library (com.azure:azure-core-amqp:2.8.11 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Microsoft Azure Netty HTTP Client Library (com.azure:azure-core-http-netty:1.13.9 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Microsoft Azure Management Java Core Library (com.azure:azure-core-management:1.11.7 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Microsoft Azure client library for Identity (com.azure:azure-identity:1.10.4 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • Lists of 351 third-party dependencies.
    • +
  • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.14 - http://logback.qos.ch/logback-classic)
    • +
  • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.14 - http://logback.qos.ch/logback-core)
    • +
  • (The MIT License (MIT)) Microsoft Azure Java Core Library (com.azure:azure-core:1.45.1 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • (The MIT License (MIT)) Microsoft Azure Java Core AMQP Library (com.azure:azure-core-amqp:2.8.14 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • (The MIT License (MIT)) Microsoft Azure Netty HTTP Client Library (com.azure:azure-core-http-netty:1.13.11 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • (The MIT License (MIT)) Microsoft Azure Management Java Core Library (com.azure:azure-core-management:1.11.9 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • (The MIT License (MIT)) Microsoft Azure client library for Identity (com.azure:azure-identity:1.11.1 - https://github.com/Azure/azure-sdk-for-java)
  • (The MIT License (MIT)) Microsoft Azure Java JSON Library (com.azure:azure-json:1.1.0 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Microsoft Azure client library for KeyVault Secrets (com.azure:azure-security-keyvault-secrets:4.7.1 - https://github.com/Azure/azure-sdk-for-java)
    • -
  • (The MIT License (MIT)) Spring Cloud Azure AutoConfigure (com.azure.spring:spring-cloud-azure-autoconfigure:5.7.0 - https://microsoft.github.io/spring-cloud-azure)
    • -
  • (The MIT License (MIT)) Spring Cloud Azure Core (com.azure.spring:spring-cloud-azure-core:5.7.0 - https://microsoft.github.io/spring-cloud-azure)
    • -
  • (The MIT License (MIT)) Spring Cloud Azure Service (com.azure.spring:spring-cloud-azure-service:5.7.0 - https://microsoft.github.io/spring-cloud-azure)
    • -
  • (The MIT License (MIT)) Spring Cloud Azure Starter (com.azure.spring:spring-cloud-azure-starter:5.7.0 - https://microsoft.github.io/spring-cloud-azure)
    • -
  • (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.7.0 - https://microsoft.github.io/spring-cloud-azure)
    • +
  • (The MIT License (MIT)) Microsoft Azure client library for KeyVault Secrets (com.azure:azure-security-keyvault-secrets:4.7.3 - https://github.com/Azure/azure-sdk-for-java)
    • +
  • (The MIT License (MIT)) Spring Cloud Azure AutoConfigure (com.azure.spring:spring-cloud-azure-autoconfigure:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
    • +
  • (The MIT License (MIT)) Spring Cloud Azure Core (com.azure.spring:spring-cloud-azure-core:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
    • +
  • (The MIT License (MIT)) Spring Cloud Azure Service (com.azure.spring:spring-cloud-azure-service:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
    • +
  • (The MIT License (MIT)) Spring Cloud Azure Starter (com.azure.spring:spring-cloud-azure-starter:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
    • +
  • (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
  • (Apache License, Version 2.0) jcommander (com.beust:jcommander:1.82 - https://jcommander.org)
  • (The Apache Software License, Version 2.0) Simple XML (safe) (com.carrotsearch.thirdparty:simple-xml-safe:2.7.1 - https://github.com/dweiss/simplexml)
  • (3-Clause BSD License) MinLog (com.esotericsoftware:minlog:1.3.1 - https://github.com/EsotericSoftware/minlog)
    • @@ -66,52 +66,51 @@
  • (The Apache Software License, Version 2.0) Jackson module: Blackbird (com.fasterxml.jackson.module:jackson-module-blackbird:2.15.3 - https://github.com/FasterXML/jackson-modules-base)
  • (The Apache Software License, Version 2.0) Jackson-module-parameter-names (com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
  • (The Apache License, Version 2.0) Woodstox (com.fasterxml.woodstox:woodstox-core:6.5.1 - https://github.com/FasterXML/woodstox)
    • -
  • (The Apache Software License, Version 2.0) jffi (com.github.jnr:jffi:1.3.10 - http://github.com/jnr/jffi)
    • +
  • (GNU Lesser General Public License version 3) (The Apache Software License, Version 2.0) jffi (com.github.jnr:jffi:1.3.12 - http://github.com/jnr/jffi)
  • (The Apache Software License, Version 2.0) jnr-a64asm (com.github.jnr:jnr-a64asm:1.0.0 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-a64asm)
  • (The Apache Software License, Version 2.0) jnr-constants (com.github.jnr:jnr-constants:0.10.4 - http://github.com/jnr/jnr-constants)
    • -
  • (The Apache Software License, Version 2.0) jnr-enxio (com.github.jnr:jnr-enxio:0.32.14 - http://github.com/jnr/jnr-enxio)
    • -
  • (The Apache Software License, Version 2.0) jnr-ffi (com.github.jnr:jnr-ffi:2.2.13 - http://github.com/jnr/jnr-ffi)
    • +
  • (The Apache Software License, Version 2.0) jnr-enxio (com.github.jnr:jnr-enxio:0.32.16 - http://github.com/jnr/jnr-enxio)
    • +
  • (The Apache Software License, Version 2.0) jnr-ffi (com.github.jnr:jnr-ffi:2.2.15 - http://github.com/jnr/jnr-ffi)
  • (The Apache Software License, Version 2.0) jnr-netdb (com.github.jnr:jnr-netdb:1.2.0 - http://github.com/jnr/jnr-netdb)
    • -
  • (Eclipse Public License - v 2.0) (GNU General Public License Version 2) (GNU Lesser General Public License Version 2.1) jnr-posix (com.github.jnr:jnr-posix:3.1.16 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
    • -
  • (The Apache Software License, Version 2.0) jnr-unixsocket (com.github.jnr:jnr-unixsocket:0.38.19 - http://github.com/jnr/jnr-unixsocket)
    • +
  • (Eclipse Public License - v 2.0) (GNU General Public License Version 2) (GNU Lesser General Public License Version 2.1) jnr-posix (com.github.jnr:jnr-posix:3.1.18 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
    • +
  • (The Apache Software License, Version 2.0) jnr-unixsocket (com.github.jnr:jnr-unixsocket:0.38.21 - http://github.com/jnr/jnr-unixsocket)
  • (MIT License) jnr-x86asm (com.github.jnr:jnr-x86asm:1.0.2 - http://github.com/jnr/jnr-x86asm)
  • (MIT) Package URL (com.github.package-url:packageurl-java:1.4.1 - https://github.com/package-url/packageurl-java)
    • -
  • (GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1) SpotBugs Annotations (com.github.spotbugs:spotbugs-annotations:4.8.2 - https://spotbugs.github.io/)
    • +
  • (GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1) SpotBugs Annotations (com.github.spotbugs:spotbugs-annotations:4.8.3 - https://spotbugs.github.io/)
  • (Apache License 2.0) compiler (com.github.spullara.mustache.java:compiler:0.9.6 - http://github.com/spullara/mustache.java)
  • (Apache License, Version 2.0) JCIP Annotations under Apache License (com.github.stephenc.jcip:jcip-annotations:1.0-1 - http://stephenc.github.com/jcip-annotations)
  • (Apache 2.0) Google Android Annotations Library (com.google.android:annotations:4.1.1.4 - http://source.android.com/)
    • -
  • (BSD-3-Clause) API Common (com.google.api:api-common:2.20.0 - https://github.com/googleapis/sdk-platform-java)
    • -
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (Core) (com.google.api:gax:2.37.0 - https://github.com/googleapis/sdk-platform-java)
    • -
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (gRPC) (com.google.api:gax-grpc:2.37.0 - https://github.com/googleapis/sdk-platform-java)
    • -
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (HTTP JSON) (com.google.api:gax-httpjson:2.37.0 - https://github.com/googleapis/sdk-platform-java)
    • -
  • (Apache-2.0) proto-google-cloud-secretmanager-v1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1:2.30.0 - https://github.com/googleapis/google-cloud-java)
    • -
  • (Apache-2.0) proto-google-cloud-secretmanager-v1beta1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1beta1:2.30.0 - https://github.com/googleapis/google-cloud-java)
    • -
  • (Apache-2.0) proto-google-common-protos (com.google.api.grpc:proto-google-common-protos:2.28.0 - https://github.com/googleapis/sdk-platform-java)
    • -
  • (Apache-2.0) proto-google-iam-v1 (com.google.api.grpc:proto-google-iam-v1:1.23.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (BSD-3-Clause) API Common (com.google.api:api-common:2.21.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (Core) (com.google.api:gax:2.38.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (gRPC) (com.google.api:gax-grpc:2.38.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (HTTP JSON) (com.google.api:gax-httpjson:2.38.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (Apache-2.0) proto-google-cloud-secretmanager-v1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1:2.31.0 - https://github.com/googleapis/google-cloud-java)
    • +
  • (Apache-2.0) proto-google-cloud-secretmanager-v1beta1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1beta1:2.31.0 - https://github.com/googleapis/google-cloud-java)
    • +
  • (Apache-2.0) proto-google-common-protos (com.google.api.grpc:proto-google-common-protos:2.29.0 - https://github.com/googleapis/sdk-platform-java)
    • +
  • (Apache-2.0) proto-google-iam-v1 (com.google.api.grpc:proto-google-iam-v1:1.24.0 - https://github.com/googleapis/sdk-platform-java)
  • (BSD New license) Google Auth Library for Java - Credentials (com.google.auth:google-auth-library-credentials:1.20.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-credentials)
  • (BSD New license) Google Auth Library for Java - OAuth2 HTTP (com.google.auth:google-auth-library-oauth2-http:1.20.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-oauth2-http)
  • (Apache 2.0) AutoValue Annotations (com.google.auto.value:auto-value-annotations:1.10.4 - https://github.com/google/auto/tree/main/value)
    • -
  • (Apache-2.0) Google Cloud Secret Manager (com.google.cloud:google-cloud-secretmanager:2.30.0 - https://github.com/googleapis/google-cloud-java)
    • +
  • (Apache-2.0) Google Cloud Secret Manager (com.google.cloud:google-cloud-secretmanager:2.31.0 - https://github.com/googleapis/google-cloud-java)
  • (The Apache Software License, Version 2.0) FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
  • (Apache-2.0) Gson (com.google.code.gson:gson:2.10.1 - https://github.com/google/gson/gson)
    • -
  • (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.22.0 - https://errorprone.info/error_prone_annotations)
    • +
  • (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.23.0 - https://errorprone.info/error_prone_annotations)
  • (The Apache Software License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
    • -
  • (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:32.1.2-jre - https://github.com/google/guava)
    • +
  • (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:32.1.3-jre - https://github.com/google/guava)
  • (The Apache Software License, Version 2.0) Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
  • (The Apache Software License, Version 2.0) Google HTTP Client Library for Java (com.google.http-client:google-http-client:1.43.3 - https://github.com/googleapis/google-http-java-client/google-http-client)
  • (The Apache Software License, Version 2.0) GSON extensions to the Google HTTP Client Library for Java. (com.google.http-client:google-http-client-gson:1.43.3 - https://github.com/googleapis/google-http-java-client/google-http-client-gson)
  • (Apache License, Version 2.0) J2ObjC Annotations (com.google.j2objc:j2objc-annotations:2.8 - https://github.com/google/j2objc/)
    • -
  • (BSD-3-Clause) Protocol Buffers [Core] (com.google.protobuf:protobuf-java:3.24.4 - https://developers.google.com/protocol-buffers/protobuf-java/)
    • -
  • (BSD-3-Clause) Protocol Buffers [Util] (com.google.protobuf:protobuf-java-util:3.24.4 - https://developers.google.com/protocol-buffers/protobuf-java-util/)
    • +
  • (BSD-3-Clause) Protocol Buffers [Core] (com.google.protobuf:protobuf-java:3.25.1 - https://developers.google.com/protocol-buffers/protobuf-java/)
    • +
  • (BSD-3-Clause) Protocol Buffers [Util] (com.google.protobuf:protobuf-java-util:3.25.1 - https://developers.google.com/protocol-buffers/protobuf-java-util/)
  • (Go License) RE2/J (com.google.re2j:re2j:1.7 - http://github.com/google/re2j)
  • (EPL 1.0) (MPL 2.0) H2 Database Engine (com.h2database:h2:2.2.224 - https://h2database.com)
  • (The Apache Software License, Version 2.0) retirejs-core (com.h3xstream.retirejs:retirejs-core:3.0.4 - https://github.com/h3xstream/burp-retire-js/retirejs-core)
  • (Apache License Version 2.0) AhoCorasickDoubleArrayTrie (com.hankcs:aho-corasick-double-array-trie:1.2.3 - https://github.com/hankcs/AhoCorasickDoubleArrayTrie)
    • -
  • (The Apache Software License, Version 2.0) backport9 (com.headius:backport9:1.12 - http://nexus.sonatype.org/oss-repository-hosting.html/backport9)
    • -
  • (The Apache Software License, Version 2.0) invokebinder (com.headius:invokebinder:1.12 - http://maven.apache.org)
    • +
  • (The Apache Software License, Version 2.0) backport9 (com.headius:backport9:1.13 - http://nexus.sonatype.org/oss-repository-hosting.html/backport9)
    • +
  • (The Apache Software License, Version 2.0) invokebinder (com.headius:invokebinder:1.13 - http://maven.apache.org)
  • (The Apache Software License, Version 2.0) options (com.headius:options:1.6 - https://github.com/headius/options)
    • -
  • (BSD) JZlib (com.jcraft:jzlib:1.1.3 - http://www.jcraft.com/jzlib/)
    • -
  • (MIT License) msal4j (com.microsoft.azure:msal4j:1.13.9 - https://github.com/AzureAD/microsoft-authentication-library-for-java)
    • +
  • (MIT License) msal4j (com.microsoft.azure:msal4j:1.14.0 - https://github.com/AzureAD/microsoft-authentication-library-for-java)
  • (MIT License) msal4j-persistence-extension (com.microsoft.azure:msal4j-persistence-extension:1.2.0 - https://github.com/AzureAD/microsoft-authentication-extensions-for-java)
  • (The MIT License (MIT)) Extensions on Apache Proton-J library (com.microsoft.azure:qpid-proton-j-extensions:1.2.4 - https://github.com/Azure/qpid-proton-j-extensions)
  • (The MIT License) toml4j (com.moandjiezana.toml:toml4j:0.7.2 - http://moandjiezana.com/toml/toml4j)
    • @@ -130,53 +129,53 @@
  • (Apache-2.0) Apache Commons IO (commons-io:commons-io:2.14.0 - https://commons.apache.org/proper/commons-io/)
  • (The Apache Software License, Version 2.0) Apache Commons Logging (commons-logging:commons-logging:1.2 - http://commons.apache.org/proper/commons-logging/)
  • (Apache License, Version 2.0) Apache Commons Validator (commons-validator:commons-validator:1.7 - http://commons.apache.org/proper/commons-validator/)
    • -
  • (Apache 2.0) io.grpc:grpc-alts (io.grpc:grpc-alts:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-api (io.grpc:grpc-api:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-auth (io.grpc:grpc-auth:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-context (io.grpc:grpc-context:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-core (io.grpc:grpc-core:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-googleapis (io.grpc:grpc-googleapis:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-grpclb (io.grpc:grpc-grpclb:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-inprocess (io.grpc:grpc-inprocess:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-netty-shaded (io.grpc:grpc-netty-shaded:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-protobuf (io.grpc:grpc-protobuf:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-protobuf-lite (io.grpc:grpc-protobuf-lite:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-services (io.grpc:grpc-services:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-stub (io.grpc:grpc-stub:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-util (io.grpc:grpc-util:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (Apache 2.0) io.grpc:grpc-xds (io.grpc:grpc-xds:1.59.0 - https://github.com/grpc/grpc-java)
    • -
  • (The Apache Software License, Version 2.0) micrometer-commons (io.micrometer:micrometer-commons:1.12.0 - https://github.com/micrometer-metrics/micrometer)
    • -
  • (The Apache Software License, Version 2.0) micrometer-core (io.micrometer:micrometer-core:1.12.0 - https://github.com/micrometer-metrics/micrometer)
    • -
  • (The Apache Software License, Version 2.0) micrometer-jakarta9 (io.micrometer:micrometer-jakarta9:1.12.0 - https://github.com/micrometer-metrics/micrometer)
    • -
  • (The Apache Software License, Version 2.0) micrometer-observation (io.micrometer:micrometer-observation:1.12.0 - https://github.com/micrometer-metrics/micrometer)
    • -
  • (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.101.Final - https://netty.io/netty-buffer/)
    • -
  • (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.101.Final - https://netty.io/netty-codec/)
    • -
  • (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.101.Final - https://netty.io/netty-codec-dns/)
    • -
  • (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.101.Final - https://netty.io/netty-codec-http/)
    • -
  • (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.101.Final - https://netty.io/netty-codec-http2/)
    • -
  • (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.101.Final - https://netty.io/netty-codec-socks/)
    • -
  • (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.101.Final - https://netty.io/netty-common/)
    • -
  • (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.101.Final - https://netty.io/netty-handler/)
    • -
  • (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.101.Final - https://netty.io/netty-handler-proxy/)
    • -
  • (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.101.Final - https://netty.io/netty-resolver/)
    • -
  • (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.101.Final - https://netty.io/netty-resolver-dns/)
    • -
  • (Apache License, Version 2.0) Netty/Resolver/DNS/Classes/MacOS (io.netty:netty-resolver-dns-classes-macos:4.1.101.Final - https://netty.io/netty-resolver-dns-classes-macos/)
    • -
  • (Apache License, Version 2.0) Netty/Resolver/DNS/Native/MacOS (io.netty:netty-resolver-dns-native-macos:4.1.101.Final - https://netty.io/netty-resolver-dns-native-macos/)
    • +
  • (Apache 2.0) io.grpc:grpc-alts (io.grpc:grpc-alts:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-api (io.grpc:grpc-api:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-auth (io.grpc:grpc-auth:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-context (io.grpc:grpc-context:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-core (io.grpc:grpc-core:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-googleapis (io.grpc:grpc-googleapis:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-grpclb (io.grpc:grpc-grpclb:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-inprocess (io.grpc:grpc-inprocess:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-netty-shaded (io.grpc:grpc-netty-shaded:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-protobuf (io.grpc:grpc-protobuf:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-protobuf-lite (io.grpc:grpc-protobuf-lite:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-services (io.grpc:grpc-services:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-stub (io.grpc:grpc-stub:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-util (io.grpc:grpc-util:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (Apache 2.0) io.grpc:grpc-xds (io.grpc:grpc-xds:1.59.1 - https://github.com/grpc/grpc-java)
    • +
  • (The Apache Software License, Version 2.0) micrometer-commons (io.micrometer:micrometer-commons:1.12.1 - https://github.com/micrometer-metrics/micrometer)
    • +
  • (The Apache Software License, Version 2.0) micrometer-core (io.micrometer:micrometer-core:1.12.1 - https://github.com/micrometer-metrics/micrometer)
    • +
  • (The Apache Software License, Version 2.0) micrometer-jakarta9 (io.micrometer:micrometer-jakarta9:1.12.1 - https://github.com/micrometer-metrics/micrometer)
    • +
  • (The Apache Software License, Version 2.0) micrometer-observation (io.micrometer:micrometer-observation:1.12.1 - https://github.com/micrometer-metrics/micrometer)
    • +
  • (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.104.Final - https://netty.io/netty-buffer/)
    • +
  • (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.104.Final - https://netty.io/netty-codec/)
    • +
  • (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.104.Final - https://netty.io/netty-codec-dns/)
    • +
  • (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.104.Final - https://netty.io/netty-codec-http/)
    • +
  • (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.104.Final - https://netty.io/netty-codec-http2/)
    • +
  • (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.104.Final - https://netty.io/netty-codec-socks/)
    • +
  • (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.104.Final - https://netty.io/netty-common/)
    • +
  • (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.104.Final - https://netty.io/netty-handler/)
    • +
  • (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.104.Final - https://netty.io/netty-handler-proxy/)
    • +
  • (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.104.Final - https://netty.io/netty-resolver/)
    • +
  • (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.104.Final - https://netty.io/netty-resolver-dns/)
    • +
  • (Apache License, Version 2.0) Netty/Resolver/DNS/Classes/MacOS (io.netty:netty-resolver-dns-classes-macos:4.1.104.Final - https://netty.io/netty-resolver-dns-classes-macos/)
    • +
  • (Apache License, Version 2.0) Netty/Resolver/DNS/Native/MacOS (io.netty:netty-resolver-dns-native-macos:4.1.104.Final - https://netty.io/netty-resolver-dns-native-macos/)
  • (The Apache Software License, Version 2.0) Netty/TomcatNative [BoringSSL - Static] (io.netty:netty-tcnative-boringssl-static:2.0.61.Final - https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/)
  • (The Apache Software License, Version 2.0) Netty/TomcatNative [OpenSSL - Classes] (io.netty:netty-tcnative-classes:2.0.61.Final - https://github.com/netty/netty-tcnative/netty-tcnative-classes/)
    • -
  • (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.101.Final - https://netty.io/netty-transport/)
    • -
  • (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.101.Final - https://netty.io/netty-transport-classes-epoll/)
    • -
  • (Apache License, Version 2.0) Netty/Transport/Classes/KQueue (io.netty:netty-transport-classes-kqueue:4.1.101.Final - https://netty.io/netty-transport-classes-kqueue/)
    • -
  • (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.101.Final - https://netty.io/netty-transport-native-epoll/)
    • -
  • (Apache License, Version 2.0) Netty/Transport/Native/KQueue (io.netty:netty-transport-native-kqueue:4.1.101.Final - https://netty.io/netty-transport-native-kqueue/)
    • -
  • (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.101.Final - https://netty.io/netty-transport-native-unix-common/)
    • +
  • (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.104.Final - https://netty.io/netty-transport/)
    • +
  • (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.104.Final - https://netty.io/netty-transport-classes-epoll/)
    • +
  • (Apache License, Version 2.0) Netty/Transport/Classes/KQueue (io.netty:netty-transport-classes-kqueue:4.1.104.Final - https://netty.io/netty-transport-classes-kqueue/)
    • +
  • (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.104.Final - https://netty.io/netty-transport-native-epoll/)
    • +
  • (Apache License, Version 2.0) Netty/Transport/Native/KQueue (io.netty:netty-transport-native-kqueue:4.1.104.Final - https://netty.io/netty-transport-native-kqueue/)
    • +
  • (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.104.Final - https://netty.io/netty-transport-native-unix-common/)
  • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-api:0.31.1 - https://github.com/census-instrumentation/opencensus-java)
  • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-contrib-http-util:0.31.1 - https://github.com/census-instrumentation/opencensus-java)
  • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-proto:0.2.0 - https://github.com/census-instrumentation/opencensus-proto)
  • (Apache 2.0) perfmark:perfmark-api (io.perfmark:perfmark-api:0.26.0 - https://github.com/perfmark/perfmark)
    • -
  • (Apache License, Version 2.0) Non-Blocking Reactive Foundation for the JVM (io.projectreactor:reactor-core:3.6.0 - https://github.com/reactor/reactor-core)
    • -
  • (The Apache Software License, Version 2.0) Core functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-core:1.1.13 - https://github.com/reactor/reactor-netty)
    • -
  • (The Apache Software License, Version 2.0) HTTP functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-http:1.1.13 - https://github.com/reactor/reactor-netty)
    • +
  • (Apache License, Version 2.0) Non-Blocking Reactive Foundation for the JVM (io.projectreactor:reactor-core:3.6.1 - https://github.com/reactor/reactor-core)
    • +
  • (The Apache Software License, Version 2.0) Core functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-core:1.1.14 - https://github.com/reactor/reactor-netty)
    • +
  • (The Apache Software License, Version 2.0) HTTP functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-http:1.1.14 - https://github.com/reactor/reactor-netty)
  • (Apache License 2.0) swagger-annotations-jakarta (io.swagger.core.v3:swagger-annotations-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-annotations-jakarta)
  • (Apache License 2.0) swagger-core-jakarta (io.swagger.core.v3:swagger-core-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-core-jakarta)
  • (Apache License 2.0) swagger-models-jakarta (io.swagger.core.v3:swagger-models-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-models-jakarta)
    • @@ -190,7 +189,7 @@
  • (The Apache Software License, Version 2.0) javax.inject (javax.inject:javax.inject:1 - http://code.google.com/p/atinject/)
  • (CDDL 1.1) (GPL2 w/ CPE) javax.ws.rs-api (javax.ws.rs:javax.ws.rs-api:2.0.1 - http://jax-rs-spec.java.net)
  • (CDDL 1.1) (GPL2 w/ CPE) jaxb-api (javax.xml.bind:jaxb-api:2.3.1 - https://github.com/javaee/jaxb-spec/jaxb-api)
    • -
  • (Apache License, Version 2.0) Joda-Time (joda-time:joda-time:2.10.10 - https://www.joda.org/joda-time/)
    • +
  • (Apache License, Version 2.0) Joda-Time (joda-time:joda-time:2.12.5 - https://www.joda.org/joda-time/)
  • (Eclipse Public License 1.0) JUnit (junit:junit:4.13.2 - http://junit.org)
  • (The Apache Software License, Version 2.0) jitescript (me.qmx.jitescript:jitescript:0.4.1 - https://github.com/qmx/jitescript)
  • (Apache-2.0) (LGPL-2.1-or-later) Java Native Access (net.java.dev.jna:jna:5.13.0 - https://github.com/java-native-access/jna)
    • @@ -209,12 +208,12 @@
  • (Apache-2.0) Apache Commons Lang (org.apache.commons:commons-lang3:3.13.0 - https://commons.apache.org/proper/commons-lang/)
  • (Apache-2.0) Apache Commons Pool (org.apache.commons:commons-pool2:2.12.0 - https://commons.apache.org/proper/commons-pool/)
  • (Apache License, Version 2.0) Apache Commons Text (org.apache.commons:commons-text:1.10.0 - https://commons.apache.org/proper/commons-text)
    • -
  • (The Apache Software License, Version 2.0) Apache Groovy (org.apache.groovy:groovy:4.0.15 - https://groovy-lang.org)
    • +
  • (The Apache Software License, Version 2.0) Apache Groovy (org.apache.groovy:groovy:4.0.16 - https://groovy-lang.org)
  • (Apache License, Version 2.0) Apache HttpClient (org.apache.httpcomponents:httpclient:4.5.14 - http://hc.apache.org/httpcomponents-client-ga)
  • (Apache License, Version 2.0) Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.16 - http://hc.apache.org/httpcomponents-core-ga)
    • -
  • (Apache License, Version 2.0) Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.2.1 - https://hc.apache.org/httpcomponents-client-5.0.x/5.2.1/httpclient5/)
    • -
  • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/1.1 (org.apache.httpcomponents.core5:httpcore5:5.2.3 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.3/httpcore5/)
    • -
  • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/2 (org.apache.httpcomponents.core5:httpcore5-h2:5.2.3 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.3/httpcore5-h2/)
    • +
  • (Apache License, Version 2.0) Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.2.3 - https://hc.apache.org/httpcomponents-client-5.0.x/5.2.3/httpclient5/)
    • +
  • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/1.1 (org.apache.httpcomponents.core5:httpcore5:5.2.4 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.4/httpcore5/)
    • +
  • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/2 (org.apache.httpcomponents.core5:httpcore5-h2:5.2.4 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.4/httpcore5-h2/)
  • (Apache-2.0) Apache Log4j API (org.apache.logging.log4j:log4j-api:2.21.1 - https://logging.apache.org/log4j/2.x/log4j/log4j-api/)
  • (Apache-2.0) Apache Log4j to SLF4J Adapter (org.apache.logging.log4j:log4j-to-slf4j:2.21.1 - https://logging.apache.org/log4j/2.x/log4j/log4j-to-slf4j/)
  • (Apache License, Version 2.0) Lucene Common Analyzers (org.apache.lucene:lucene-analyzers-common:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-analyzers-common)
    • @@ -240,18 +239,18 @@
  • (Apache License, Version 2.0) Apache Maven Dependency Tree (org.apache.maven.shared:maven-dependency-tree:3.2.1 - https://maven.apache.org/shared/maven-dependency-tree/)
  • (Apache License, Version 2.0) Apache Maven Shared Utils (org.apache.maven.shared:maven-shared-utils:3.1.0 - https://maven.apache.org/shared/maven-shared-utils/)
  • (Apache License, Version 2.0) Proton-J (org.apache.qpid:proton-j:0.33.8 - https://qpid.apache.org/proton/proton-j)
    • -
  • (Apache License, Version 2.0) tomcat-embed-core (org.apache.tomcat.embed:tomcat-embed-core:10.1.16 - https://tomcat.apache.org/)
    • -
  • (Apache License, Version 2.0) tomcat-embed-el (org.apache.tomcat.embed:tomcat-embed-el:10.1.16 - https://tomcat.apache.org/)
    • -
  • (Apache License, Version 2.0) tomcat-embed-websocket (org.apache.tomcat.embed:tomcat-embed-websocket:10.1.16 - https://tomcat.apache.org/)
    • +
  • (Apache License, Version 2.0) tomcat-embed-core (org.apache.tomcat.embed:tomcat-embed-core:10.1.17 - https://tomcat.apache.org/)
    • +
  • (Apache License, Version 2.0) tomcat-embed-el (org.apache.tomcat.embed:tomcat-embed-el:10.1.17 - https://tomcat.apache.org/)
    • +
  • (Apache License, Version 2.0) tomcat-embed-websocket (org.apache.tomcat.embed:tomcat-embed-websocket:10.1.17 - https://tomcat.apache.org/)
  • (Apache License, Version 2.0) Apache Velocity - Engine (org.apache.velocity:velocity-engine-core:2.3 - http://velocity.apache.org/engine/devel/velocity-engine-core/)
    • -
  • (The Apache Software License, Version 2.0) asciidoctorj (org.asciidoctor:asciidoctorj:2.5.10 - https://github.com/asciidoctor/asciidoctorj)
    • -
  • (The Apache Software License, Version 2.0) asciidoctorj-api (org.asciidoctor:asciidoctorj-api:2.5.10 - https://github.com/asciidoctor/asciidoctorj)
    • +
  • (The Apache Software License, Version 2.0) asciidoctorj (org.asciidoctor:asciidoctorj:2.5.11 - https://github.com/asciidoctor/asciidoctorj)
    • +
  • (The Apache Software License, Version 2.0) asciidoctorj-api (org.asciidoctor:asciidoctorj-api:2.5.11 - https://github.com/asciidoctor/asciidoctorj)
  • (The Apache Software License, Version 2.0) attoparser (org.attoparser:attoparser:2.0.7.RELEASE - https://www.attoparser.org)
  • (Apache Software License, Version 1.1) (Bouncy Castle Licence) Bouncy Castle OpenPGP API (org.bouncycastle:bcpg-jdk18on:1.71 - https://www.bouncycastle.org/java.html)
  • (Bouncy Castle Licence) Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (org.bouncycastle:bcpkix-jdk18on:1.73 - https://www.bouncycastle.org/java.html)
  • (Bouncy Castle Licence) Bouncy Castle Provider (org.bouncycastle:bcprov-jdk18on:1.74 - https://www.bouncycastle.org/java.html)
  • (Bouncy Castle Licence) Bouncy Castle ASN.1 Extension and Utility APIs (org.bouncycastle:bcutil-jdk18on:1.73 - https://www.bouncycastle.org/java.html)
    • -
  • (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.39.0 - https://checkerframework.org/)
    • +
  • (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.40.0 - https://checkerframework.org/)
  • (MIT license) Animal Sniffer Annotations (org.codehaus.mojo:animal-sniffer-annotations:1.23 - https://www.mojohaus.org/animal-sniffer/animal-sniffer-annotations)
  • (The Apache Software License, Version 2.0) Plexus Classworlds (org.codehaus.plexus:plexus-classworlds:2.2.3 - http://plexus.codehaus.org/plexus-classworlds/)
  • (Apache License, Version 2.0) Plexus :: Component Annotations (org.codehaus.plexus:plexus-component-annotations:2.0.0 - http://codehaus-plexus.github.io/plexus-containers/plexus-component-annotations/)
    • @@ -272,12 +271,13 @@
  • (Apache License 2.0) (LGPL 2.1) (MPL 1.1) Javassist (org.javassist:javassist:3.29.0-GA - http://www.javassist.org/)
  • (The Apache Software License, Version 2.0) JetBrains Java Annotations (org.jetbrains:annotations:17.0.0 - https://github.com/JetBrains/java-annotations)
  • (EPL) Dirgra (org.jruby:dirgra:0.3 - https://github.com/jruby/dirgra)
    • -
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Main Maven Artifact (org.jruby:jruby:9.4.2.0 - https://github.com/jruby/jruby/jruby-artifacts/jruby)
    • -
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Base (org.jruby:jruby-base:9.4.2.0 - https://github.com/jruby/jruby/jruby-base)
    • +
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Main Maven Artifact (org.jruby:jruby:9.4.5.0 - https://github.com/jruby/jruby/jruby-artifacts/jruby)
    • +
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Base (org.jruby:jruby-base:9.4.5.0 - https://github.com/jruby/jruby/jruby-base)
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Complete (org.jruby:jruby-complete:9.4.5.0 - https://github.com/jruby/jruby/jruby-artifacts/jruby-complete)
    • -
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Lib Setup (org.jruby:jruby-stdlib:9.4.2.0 - https://github.com/jruby/jruby/jruby-stdlib)
    • +
  • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Lib Setup (org.jruby:jruby-stdlib:9.4.5.0 - https://github.com/jruby/jruby/jruby-stdlib)
    • +
  • (BSD) JZlib (org.jruby:jzlib:1.1.5 - http://www.jcraft.com/jzlib/)
  • (MIT License) JCodings (org.jruby.jcodings:jcodings:1.0.58 - http://nexus.sonatype.org/oss-repository-hosting.html/jcodings)
    • -
  • (MIT License) Joni (org.jruby.joni:joni:2.1.48 - http://nexus.sonatype.org/oss-repository-hosting.html/joni)
    • +
  • (MIT License) Joni (org.jruby.joni:joni:2.2.1 - http://nexus.sonatype.org/oss-repository-hosting.html/joni)
  • (The MIT License) jsoup Java HTML Parser (org.jsoup:jsoup:1.15.4 - https://jsoup.org/)
  • (Public Domain, per Creative Commons CC0) LatencyUtils (org.latencyutils:LatencyUtils:2.0.3 - http://latencyutils.github.io/LatencyUtils/)
  • (Apache License, Version 2.0) KeePassJava2 :: All (org.linguafranca.pwdb:KeePassJava2:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2)
    • @@ -316,36 +316,37 @@
  • (The Apache License, Version 2.0) springdoc-openapi-starter-common (org.springdoc:springdoc-openapi-starter-common:2.3.0 - https://springdoc.org/springdoc-openapi-starter-common/)
  • (The Apache License, Version 2.0) springdoc-openapi-starter-webmvc-api (org.springdoc:springdoc-openapi-starter-webmvc-api:2.3.0 - https://springdoc.org/springdoc-openapi-starter-webmvc-api/)
  • (The Apache License, Version 2.0) springdoc-openapi-starter-webmvc-ui (org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0 - https://springdoc.org/springdoc-openapi-starter-webmvc-ui/)
    • -
  • (Apache License, Version 2.0) Spring AOP (org.springframework:spring-aop:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Beans (org.springframework:spring-beans:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Context (org.springframework:spring-context:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Core (org.springframework:spring-core:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Expression Language (SpEL) (org.springframework:spring-expression:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Commons Logging Bridge (org.springframework:spring-jcl:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Web (org.springframework:spring-web:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) Spring Web MVC (org.springframework:spring-webmvc:6.1.1 - https://github.com/spring-projects/spring-framework)
    • -
  • (Apache License, Version 2.0) spring-boot (org.springframework.boot:spring-boot:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-actuator (org.springframework.boot:spring-boot-actuator:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-actuator-autoconfigure (org.springframework.boot:spring-boot-actuator-autoconfigure:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-autoconfigure (org.springframework.boot:spring-boot-autoconfigure:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter (org.springframework.boot:spring-boot-starter:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-actuator (org.springframework.boot:spring-boot-starter-actuator:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-json (org.springframework.boot:spring-boot-starter-json:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-logging (org.springframework.boot:spring-boot-starter-logging:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.2.0 - https://spring.io/projects/spring-boot)
    • -
  • (Apache License, Version 2.0) spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.2.0 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) Spring AOP (org.springframework:spring-aop:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Beans (org.springframework:spring-beans:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Context (org.springframework:spring-context:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Core (org.springframework:spring-core:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Expression Language (SpEL) (org.springframework:spring-expression:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Commons Logging Bridge (org.springframework:spring-jcl:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Web (org.springframework:spring-web:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) Spring Web MVC (org.springframework:spring-webmvc:6.1.2 - https://github.com/spring-projects/spring-framework)
    • +
  • (Apache License, Version 2.0) spring-boot (org.springframework.boot:spring-boot:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-actuator (org.springframework.boot:spring-boot-actuator:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-actuator-autoconfigure (org.springframework.boot:spring-boot-actuator-autoconfigure:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-autoconfigure (org.springframework.boot:spring-boot-autoconfigure:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter (org.springframework.boot:spring-boot-starter:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-actuator (org.springframework.boot:spring-boot-starter-actuator:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-json (org.springframework.boot:spring-boot-starter-json:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-logging (org.springframework.boot:spring-boot-starter-logging:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.2.1 - https://spring.io/projects/spring-boot)
    • +
  • (Apache License, Version 2.0) spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.2.1 - https://spring.io/projects/spring-boot)
  • (Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.1.0 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)
  • (Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.1.0 - https://projects.spring.io/spring-cloud/spring-cloud-context/)
  • (Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.1.0 - https://projects.spring.io/spring-cloud)
  • (Apache License, Version 2.0) Spring Cloud Starter Vault Config (org.springframework.cloud:spring-cloud-starter-vault-config:4.1.0 - https://cloud.spring.io/spring-cloud-vault/)
  • (Apache License, Version 2.0) Spring Cloud Vault Configuration Integration (org.springframework.cloud:spring-cloud-vault-config:4.1.0 - https://spring.io/spring-cloud/spring-cloud-vault-parent/spring-cloud-vault-config)
    • -
  • (Apache License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:6.2.0 - https://spring.io/projects/spring-security)
    • -
  • (Apache License, Version 2.0) spring-security-core (org.springframework.security:spring-security-core:6.2.0 - https://spring.io/projects/spring-security)
    • -
  • (Apache License, Version 2.0) spring-security-crypto (org.springframework.security:spring-security-crypto:6.2.0 - https://spring.io/projects/spring-security)
    • +
  • (Apache License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:6.2.1 - https://spring.io/projects/spring-security)
    • +
  • (Apache License, Version 2.0) spring-security-core (org.springframework.security:spring-security-core:6.2.1 - https://spring.io/projects/spring-security)
    • +
  • (Apache License, Version 2.0) spring-security-crypto (org.springframework.security:spring-security-crypto:6.2.1 - https://spring.io/projects/spring-security)
  • (Apache 2.0) spring-security-rsa (org.springframework.security:spring-security-rsa:1.1.1 - http://github.com/spring-projects/spring-security-oauth)
    • -
  • (Apache License, Version 2.0) spring-security-web (org.springframework.security:spring-security-web:6.2.0 - https://spring.io/projects/spring-security)
    • +
  • (Apache License, Version 2.0) spring-security-web (org.springframework.security:spring-security-web:6.2.1 - https://spring.io/projects/spring-security)
  • (Apache License, Version 2.0) Spring Vault Core (org.springframework.vault:spring-vault-core:3.1.0 - https://projects.spring.io/spring-vault/spring-vault-core/)
    • +
  • (MIT) Testcontainers :: JUnit Jupiter Extension (org.testcontainers:junit-jupiter:1.19.3 - https://java.testcontainers.org)
  • (BSD-3-Clause) ThreeTen backport (org.threeten:threetenbp:1.6.8 - https://www.threeten.org/threetenbp)
  • (The Apache Software License, Version 2.0) thymeleaf (org.thymeleaf:thymeleaf:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf)
  • (The Apache Software License, Version 2.0) thymeleaf-spring6 (org.thymeleaf:thymeleaf-spring6:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-spring6)
    • @@ -359,31 +360,31 @@
  • (BSD 2-Clause) github-buttons (org.webjars.npm:github-buttons:2.14.1 - https://www.webjars.org)
  • (Common Public 1.0) pecoff4j (org.whitesource:pecoff4j:0.0.2.1 - https://github.com/whitesource/pecoff4j-maven)
  • (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.2 - https://bitbucket.org/snakeyaml/snakeyaml)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Annotations (software.amazon.awssdk:annotations:2.21.42 - https://aws.amazon.com/sdkforjava/core/annotations)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Apache (software.amazon.awssdk:apache-client:2.21.42 - https://aws.amazon.com/sdkforjava/http-clients/apache-client)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Auth (software.amazon.awssdk:auth:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: AWS Core (software.amazon.awssdk:aws-core:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Json Protocol (software.amazon.awssdk:aws-json-protocol:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Query Protocol (software.amazon.awssdk:aws-query-protocol:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Checksums (software.amazon.awssdk:checksums:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Checksums SPI (software.amazon.awssdk:checksums-spi:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Endpoints SPI (software.amazon.awssdk:endpoints-spi:2.21.42 - https://aws.amazon.com/sdkforjava/core/endpoints-spi)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth (software.amazon.awssdk:http-auth:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth AWS (software.amazon.awssdk:http-auth-aws:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth SPI (software.amazon.awssdk:http-auth-spi:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Client Interface (software.amazon.awssdk:http-client-spi:2.21.42 - https://aws.amazon.com/sdkforjava/http-client-spi)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Identity SPI (software.amazon.awssdk:identity-spi:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Json Utils (software.amazon.awssdk:json-utils:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Metrics SPI (software.amazon.awssdk:metrics-spi:2.21.42 - https://aws.amazon.com/sdkforjava/core/metrics-spi)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O (software.amazon.awssdk:netty-nio-client:2.21.42 - https://aws.amazon.com/sdkforjava/http-clients/netty-nio-client)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Profiles (software.amazon.awssdk:profiles:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Protocol Core (software.amazon.awssdk:protocol-core:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Regions (software.amazon.awssdk:regions:2.21.42 - https://aws.amazon.com/sdkforjava/core/regions)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: SDK Core (software.amazon.awssdk:sdk-core:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS Simple Systems Management (SSM) (software.amazon.awssdk:ssm:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS STS (software.amazon.awssdk:sts:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Third Party :: Jackson-core (software.amazon.awssdk:third-party-jackson-core:2.21.42 - https://aws.amazon.com/sdkforjava)
    • -
  • (Apache License, Version 2.0) AWS Java SDK :: Utilities (software.amazon.awssdk:utils:2.21.42 - https://aws.amazon.com/sdkforjava/utils)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Annotations (software.amazon.awssdk:annotations:2.22.9 - https://aws.amazon.com/sdkforjava/core/annotations)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Apache (software.amazon.awssdk:apache-client:2.22.9 - https://aws.amazon.com/sdkforjava/http-clients/apache-client)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Auth (software.amazon.awssdk:auth:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: AWS Core (software.amazon.awssdk:aws-core:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Json Protocol (software.amazon.awssdk:aws-json-protocol:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Query Protocol (software.amazon.awssdk:aws-query-protocol:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Checksums (software.amazon.awssdk:checksums:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Checksums SPI (software.amazon.awssdk:checksums-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Endpoints SPI (software.amazon.awssdk:endpoints-spi:2.22.9 - https://aws.amazon.com/sdkforjava/core/endpoints-spi)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth (software.amazon.awssdk:http-auth:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth AWS (software.amazon.awssdk:http-auth-aws:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth SPI (software.amazon.awssdk:http-auth-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Client Interface (software.amazon.awssdk:http-client-spi:2.22.9 - https://aws.amazon.com/sdkforjava/http-client-spi)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Identity SPI (software.amazon.awssdk:identity-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Json Utils (software.amazon.awssdk:json-utils:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Metrics SPI (software.amazon.awssdk:metrics-spi:2.22.9 - https://aws.amazon.com/sdkforjava/core/metrics-spi)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O (software.amazon.awssdk:netty-nio-client:2.22.9 - https://aws.amazon.com/sdkforjava/http-clients/netty-nio-client)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Profiles (software.amazon.awssdk:profiles:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Protocol Core (software.amazon.awssdk:protocol-core:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Regions (software.amazon.awssdk:regions:2.22.9 - https://aws.amazon.com/sdkforjava/core/regions)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: SDK Core (software.amazon.awssdk:sdk-core:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS Simple Systems Management (SSM) (software.amazon.awssdk:ssm:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS STS (software.amazon.awssdk:sts:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Third Party :: Jackson-core (software.amazon.awssdk:third-party-jackson-core:2.22.9 - https://aws.amazon.com/sdkforjava)
    • +
  • (Apache License, Version 2.0) AWS Java SDK :: Utilities (software.amazon.awssdk:utils:2.22.9 - https://aws.amazon.com/sdkforjava/utils)
  • (Apache License, Version 2.0) AWS Event Stream (software.amazon.eventstream:eventstream:1.0.1 - https://github.com/awslabs/aws-eventstream-java)
  • (Apache-2.0) CPE Parser (us.springett:cpe-parser:2.0.2 - https://github.com/stevespringett/CPE-Parser)
    • diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java index 4a8174ded..3a217dbd0 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java @@ -4,6 +4,9 @@ import org.junit.jupiter.api.Test; import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.vault.authentication.TokenAuthentication; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.core.VaultTemplate; import org.testcontainers.containers.Container.ExecResult; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; @@ -49,12 +52,12 @@ public void readFirstSecretPathWithCli() throws Exception { assertThat(readResult.getStdout()).contains("map[secret:test]"); String address = vaultContainer.getHttpHostAddress(); assertThat(readResult.getStdout()).contains("test"); + var metadataChallenge = new MetaDataChallenge( "ACTUAL_ANSWER_CHALLENGE7", - address, - VaultProperties.AuthenticationMethod.TOKEN, - VAULT_TOKEN); + new VaultTemplate(VaultEndpoint.from(address), new TokenAuthentication(VAULT_TOKEN)), + VaultProperties.AuthenticationMethod.TOKEN); assertThat(metadataChallenge.spoiler().solution()).isEqualTo("test"); } } diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java index e293a5379..916664e58 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java @@ -4,6 +4,9 @@ import org.junit.jupiter.api.Test; import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.vault.authentication.TokenAuthentication; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.core.VaultTemplate; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; import org.testcontainers.vault.VaultContainer; @@ -32,9 +35,8 @@ public void readFirstSecretPathWithCli() throws Exception { var subkeyChallenge = new VaultSubKeyChallenge( "ACTUAL_ANSWER_CHALLENGE7", - address, - VaultProperties.AuthenticationMethod.TOKEN, - VAULT_TOKEN); + new VaultTemplate(VaultEndpoint.from(address), new TokenAuthentication(VAULT_TOKEN)), + VaultProperties.AuthenticationMethod.TOKEN); assertThat(subkeyChallenge.spoiler().solution()).isEqualTo("aaasecret.password"); } } From 41a0749f725e398632c11c5a294dd32f41561fd3 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 13:54:28 +0100 Subject: [PATCH 19/28] Update POM file with new version: challenge45-3 --- .github/scripts/.bash_history | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- .../challenges/kubernetes/VaultConfig.java | 98 +++++++++---------- 3 files changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index 424e18069..fa543d3f5 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="xtS+1quya5d0PbHiSlN4dVCwuqj9K3qAccJf64E1gL0=" +export tempPassword="4yyPKlGcT67NTkguipOhoePSx6izBM632LUfs1e+Sr8=" mvn run tempPassword k6 npx k6 diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index 3f97e0fb7..57bef1cd9 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:challenge45-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-2-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java index aa99ec1aa..53832a472 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java @@ -1,49 +1,49 @@ -package org.owasp.wrongsecrets.challenges.kubernetes; - -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.cloud.vault.config.VaultProperties; -import org.springframework.context.annotation.Configuration; -import org.springframework.vault.authentication.*; -import org.springframework.vault.client.VaultEndpoint; -import org.springframework.vault.config.AbstractVaultConfiguration; - -@Configuration -public class VaultConfig extends AbstractVaultConfiguration { - - @Value("${spring.cloud.vault.uri}") - private String vaultAddress; - - @Value("${spring.cloud.vault.role}") - private String role; - - @Value("${spring.cloud.vault.kubernetes-path}") - private String tokenPath; - - @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") - private String tokenFile; - - @Value("${spring.cloud.vault.authentication}") - private VaultProperties.AuthenticationMethod authenticationMethod; - - @Override - public @NotNull VaultEndpoint vaultEndpoint() { - return VaultEndpoint.from(vaultAddress); - } - - @Override - public @NotNull ClientAuthentication clientAuthentication() { - if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { - KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); - KubernetesAuthenticationOptions options = - new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() - .role(role) - .path(tokenPath) - .jwtSupplier(jwtSupplier) - .build(); - return new KubernetesAuthentication(options, super.restOperations()); - } else { - return new TokenAuthentication("empty"); - } - } -} +// package org.owasp.wrongsecrets.challenges.kubernetes; +// +// import org.jetbrains.annotations.NotNull; +// import org.springframework.beans.factory.annotation.Value; +// import org.springframework.cloud.vault.config.VaultProperties; +// import org.springframework.context.annotation.Configuration; +// import org.springframework.vault.authentication.*; +// import org.springframework.vault.client.VaultEndpoint; +// import org.springframework.vault.config.AbstractVaultConfiguration; +// +// @Configuration +// public class VaultConfig extends AbstractVaultConfiguration { +// +// @Value("${spring.cloud.vault.uri}") +// private String vaultAddress; +// +// @Value("${spring.cloud.vault.role}") +// private String role; +// +// @Value("${spring.cloud.vault.kubernetes-path}") +// private String tokenPath; +// +// @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") +// private String tokenFile; +// +// @Value("${spring.cloud.vault.authentication}") +// private VaultProperties.AuthenticationMethod authenticationMethod; +// +// @Override +// public @NotNull VaultEndpoint vaultEndpoint() { +// return VaultEndpoint.from(vaultAddress); +// } +// +// @Override +// public @NotNull ClientAuthentication clientAuthentication() { +// if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { +// KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); +// KubernetesAuthenticationOptions options = +// new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() +// .role(role) +// .path(tokenPath) +// .jwtSupplier(jwtSupplier) +// .build(); +// return new KubernetesAuthentication(options, super.restOperations()); +// } else { +// return new TokenAuthentication("empty"); +// } +// } +// } From b5d42bbd0b3234646ab2b7f8e8880bd52a9c4d80 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 14:11:00 +0100 Subject: [PATCH 20/28] Update POM file with new version: challenge45-4 --- .github/scripts/.bash_history | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index fa543d3f5..5943bc70f 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="4yyPKlGcT67NTkguipOhoePSx6izBM632LUfs1e+Sr8=" +export tempPassword="h60dFQus8E81UBZ+Zfx50zScdndQ3UmZwGtEk6V98CQ=" mvn run tempPassword k6 npx k6 diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index 57bef1cd9..7e718743b 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:challenge45-2-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-4-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: From ad634177ed223df43225c3b7136d817e660efccf Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 14:54:35 +0100 Subject: [PATCH 21/28] Update POM file with new version: challenge45-5 --- .github/scripts/.bash_history | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- .../challenges/kubernetes/VaultConfig.java | 100 +++++++++--------- 3 files changed, 53 insertions(+), 51 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index 5943bc70f..e36aaf179 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="h60dFQus8E81UBZ+Zfx50zScdndQ3UmZwGtEk6V98CQ=" +export tempPassword="fHfBlSdobAoWdWrl44fFIyeQ/0wYGO2ZQmvssnOjBqs=" mvn run tempPassword k6 npx k6 diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index 7e718743b..e36d7be1b 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:challenge45-4-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-5-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java index 53832a472..5a2ed3cb2 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java @@ -1,49 +1,51 @@ -// package org.owasp.wrongsecrets.challenges.kubernetes; -// -// import org.jetbrains.annotations.NotNull; -// import org.springframework.beans.factory.annotation.Value; -// import org.springframework.cloud.vault.config.VaultProperties; -// import org.springframework.context.annotation.Configuration; -// import org.springframework.vault.authentication.*; -// import org.springframework.vault.client.VaultEndpoint; -// import org.springframework.vault.config.AbstractVaultConfiguration; -// -// @Configuration -// public class VaultConfig extends AbstractVaultConfiguration { -// -// @Value("${spring.cloud.vault.uri}") -// private String vaultAddress; -// -// @Value("${spring.cloud.vault.role}") -// private String role; -// -// @Value("${spring.cloud.vault.kubernetes-path}") -// private String tokenPath; -// -// @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") -// private String tokenFile; -// -// @Value("${spring.cloud.vault.authentication}") -// private VaultProperties.AuthenticationMethod authenticationMethod; -// -// @Override -// public @NotNull VaultEndpoint vaultEndpoint() { -// return VaultEndpoint.from(vaultAddress); -// } -// -// @Override -// public @NotNull ClientAuthentication clientAuthentication() { -// if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { -// KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); -// KubernetesAuthenticationOptions options = -// new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() -// .role(role) -// .path(tokenPath) -// .jwtSupplier(jwtSupplier) -// .build(); -// return new KubernetesAuthentication(options, super.restOperations()); -// } else { -// return new TokenAuthentication("empty"); -// } -// } -// } +package org.owasp.wrongsecrets.challenges.kubernetes; + +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.cloud.vault.config.VaultProperties; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.vault.authentication.*; +import org.springframework.vault.client.VaultEndpoint; +import org.springframework.vault.config.AbstractVaultConfiguration; + +@Configuration +@Primary +public class VaultConfig extends AbstractVaultConfiguration { + + @Value("${spring.cloud.vault.uri}") + private String vaultAddress; + + @Value("${spring.cloud.vault.role}") + private String role; + + @Value("${spring.cloud.vault.kubernetes-path}") + private String tokenPath; + + @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") + private String tokenFile; + + @Value("${spring.cloud.vault.authentication}") + private VaultProperties.AuthenticationMethod authenticationMethod; + + @Override + public @NotNull VaultEndpoint vaultEndpoint() { + return VaultEndpoint.from(vaultAddress); + } + + @Override + public @NotNull ClientAuthentication clientAuthentication() { + if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { + KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); + KubernetesAuthenticationOptions options = + new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() + .role(role) + .path(tokenPath) + .jwtSupplier(jwtSupplier) + .build(); + return new KubernetesAuthentication(options, super.restOperations()); + } else { + return new TokenAuthentication("empty"); + } + } +} From 17f44ad8f09e97ef52560eb3eb7721fbbfcdb0e4 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Mon, 8 Jan 2024 18:15:09 +0100 Subject: [PATCH 22/28] Apply suggestions from code review Co-authored-by: Ben de Haan <53901866+bendehaan@users.noreply.github.com> --- src/main/resources/explanations/challenge44.adoc | 6 +++--- src/main/resources/explanations/challenge44_reason.adoc | 6 +++--- src/main/resources/explanations/challenge45.adoc | 4 ++-- src/main/resources/explanations/challenge45_reason.adoc | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/main/resources/explanations/challenge44.adoc b/src/main/resources/explanations/challenge44.adoc index 864c61a6f..e2aa38447 100644 --- a/src/main/resources/explanations/challenge44.adoc +++ b/src/main/resources/explanations/challenge44.adoc @@ -1,9 +1,9 @@ === Vault Metadata Challenge -Secrets management systems now often have metadata support for their secrets! This is awesome, as it allows you to further enrich the secret with contextual data so it becomes easier to remember what the secret was about. +Secrets management systems now often have metadata support for their secrets! This is awesome, as it allows you to enrich the secret with contextual data further, making it easier to remember the secret. But what if you put confidential/secret information into a secret by mistake? -A developer has put some secret metadata to a `wrongsecret` in Vault. Can you find it? +A developer has put secret metadata on a `wrongsecret` in Vault. Can you find it? -Tip: take a look at the policies when vault is installed, you can see that the application is only allowed to use the metadata ;-). +Tip: take a look at the policies when vault is installed; you can see that the application is only allowed to use the metadata ;-). diff --git a/src/main/resources/explanations/challenge44_reason.adoc b/src/main/resources/explanations/challenge44_reason.adoc index 632b7ed19..fce2d123c 100644 --- a/src/main/resources/explanations/challenge44_reason.adoc +++ b/src/main/resources/explanations/challenge44_reason.adoc @@ -1,6 +1,6 @@ *Why putting sensitive data as metadata is a bad idea* -Sometimes people reason that less sensitive data should be stored as metadata of an actual secret. Think of for instance having a username to be less sensitive as a password, but is it? -In many of these cases these secrets are equally important and should get equal protection as the secret (e.g. the password) itself. +Sometimes, people reason that less sensitive data should be stored as secret metadata. Think of, for instance, a username - less sensitive than a password, or is it? +In many of these cases, these are equally important and should get equal protection as the secret (e.g. the password) itself. -Very often we don't want to give read access to secrets to our employees, but we do want to give read access to metadata instead. If any secret is then stored in the metadata, that secret is then compromised internally. +We often don't want to give read access to secrets to our employees, but we do want to give read access to metadata instead. If any secret is stored in the metadata, that secret is then compromised internally. diff --git a/src/main/resources/explanations/challenge45.adoc b/src/main/resources/explanations/challenge45.adoc index 3bfeae3da..cc491aff3 100644 --- a/src/main/resources/explanations/challenge45.adoc +++ b/src/main/resources/explanations/challenge45.adoc @@ -1,4 +1,4 @@ === Vault subkey challenge -Sometimes, all you want to do, is having that concise entry in your secrets management system. So what about storing your usnerame and password in the same entry? -We tried doing that, but got into a new problem! Because with Hashicorp Vault you can setup policies to allow access to a subkey (Which is the key to the value of your secret). Can you find the very random username we setup in this challenge? +Sometimes, all you want to do is have that concise entry in your secrets management system. So, what about storing your username and password in the same entry? +We tried doing that but got into a new problem! With Hashicorp Vault, you can set up policies to allow access to a subkey (Which is the key to the value of your secret). Can you find the very random username we set up for this challenge? diff --git a/src/main/resources/explanations/challenge45_reason.adoc b/src/main/resources/explanations/challenge45_reason.adoc index 45acf41d4..ff5e1924e 100644 --- a/src/main/resources/explanations/challenge45_reason.adoc +++ b/src/main/resources/explanations/challenge45_reason.adoc @@ -1,6 +1,6 @@ *Why putting sensitive data as keys is a bad idea* -Sometimes people reason that less sensitive data should be stored as a subkey of the actual secret. That way both a username and a password for instance can be combined in a single entry. -In many of these cases these secrets are equally important and should get equal protection as the secret (e.g. the password) itself. And in the case of Vault, you can have access to a subkey (E.g. the username), but not the secret value itself (e.g. the password), which would already leak the username. +Sometimes, people reason that less sensitive data should be stored as a subkey of the actual secret. That way, both a username and a password, for instance, can be combined in a single entry. +In many cases, these secrets are equally important and should get equal protection as the secret (e.g. the password) itself. And in Vault's case, you can access a subkey (E.g., the username), but not the secret value itself (e.g., the password), which would already leak the username. -Very often we don't want to give read access to secrets to our employees, but we do want to give read access to subkeys instead. If any secret is then stored in the subkeys, that secret is then compromised internally. +We often don't want to give read access to secrets to our employees, but we do want to provide read access to subkeys instead. If any secret is stored in the subkeys, that secret is then compromised internally. From 527dddbafeb7df07460a2cf0327109f5fe25b127 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 13 Jan 2024 10:21:33 +0100 Subject: [PATCH 23/28] attempt to fix bena issue --- .github/scripts/.bash_history | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- .../challenges/kubernetes/VaultConfig.java | 2 +- src/main/resources/templates/about.html | 352 ------------------ 4 files changed, 3 insertions(+), 355 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index e36aaf179..d7b48e674 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="fHfBlSdobAoWdWrl44fFIyeQ/0wYGO2ZQmvssnOjBqs=" +export tempPassword="aljZYEVyPIvp4jbbgySqodMa/n65PLMySlo6gjwYoIU=" mvn run tempPassword k6 npx k6 diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index e36d7be1b..6f5e13883 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:challenge45-5-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-6-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java index 5a2ed3cb2..a9a613b38 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java @@ -43,7 +43,7 @@ public class VaultConfig extends AbstractVaultConfiguration { .path(tokenPath) .jwtSupplier(jwtSupplier) .build(); - return new KubernetesAuthentication(options, super.restOperations()); + return new KubernetesAuthentication(options, restOperations()); } else { return new TokenAuthentication("empty"); } diff --git a/src/main/resources/templates/about.html b/src/main/resources/templates/about.html index a3e32690c..c9d5c1f2d 100644 --- a/src/main/resources/templates/about.html +++ b/src/main/resources/templates/about.html @@ -35,358 +35,6 @@ The list below is generated with `mvn license:add-third-party`
      -
    • Lists of 351 third-party dependencies.
      • -
    • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.14 - http://logback.qos.ch/logback-classic)
      • -
    • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.14 - http://logback.qos.ch/logback-core)
      • -
    • (The MIT License (MIT)) Microsoft Azure Java Core Library (com.azure:azure-core:1.45.1 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure Java Core AMQP Library (com.azure:azure-core-amqp:2.8.14 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure Netty HTTP Client Library (com.azure:azure-core-http-netty:1.13.11 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure Management Java Core Library (com.azure:azure-core-management:1.11.9 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure client library for Identity (com.azure:azure-identity:1.11.1 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure Java JSON Library (com.azure:azure-json:1.1.0 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Microsoft Azure client library for KeyVault Secrets (com.azure:azure-security-keyvault-secrets:4.7.3 - https://github.com/Azure/azure-sdk-for-java)
      • -
    • (The MIT License (MIT)) Spring Cloud Azure AutoConfigure (com.azure.spring:spring-cloud-azure-autoconfigure:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
      • -
    • (The MIT License (MIT)) Spring Cloud Azure Core (com.azure.spring:spring-cloud-azure-core:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
      • -
    • (The MIT License (MIT)) Spring Cloud Azure Service (com.azure.spring:spring-cloud-azure-service:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
      • -
    • (The MIT License (MIT)) Spring Cloud Azure Starter (com.azure.spring:spring-cloud-azure-starter:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
      • -
    • (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.8.0 - https://microsoft.github.io/spring-cloud-azure)
      • -
    • (Apache License, Version 2.0) jcommander (com.beust:jcommander:1.82 - https://jcommander.org)
      • -
    • (The Apache Software License, Version 2.0) Simple XML (safe) (com.carrotsearch.thirdparty:simple-xml-safe:2.7.1 - https://github.com/dweiss/simplexml)
      • -
    • (3-Clause BSD License) MinLog (com.esotericsoftware:minlog:1.3.1 - https://github.com/EsotericSoftware/minlog)
      • -
    • (Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.7.0 - https://github.com/ethlo/itu)
      • -
    • (The Apache Software License, Version 2.0) aalto-xml (com.fasterxml:aalto-xml:1.3.2 - https://github.com/FasterXML/aalto-xml)
      • -
    • (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.15.3 - https://github.com/FasterXML/jackson)
      • -
    • (The Apache Software License, Version 2.0) Jackson-core (com.fasterxml.jackson.core:jackson-core:2.15.3 - https://github.com/FasterXML/jackson-core)
      • -
    • (The Apache Software License, Version 2.0) jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.15.3 - https://github.com/FasterXML/jackson)
      • -
    • (The Apache Software License, Version 2.0) Jackson-dataformat-XML (com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.15.3 - https://github.com/FasterXML/jackson-dataformat-xml)
      • -
    • (The Apache Software License, Version 2.0) Jackson-dataformat-YAML (com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.15.3 - https://github.com/FasterXML/jackson-dataformats-text)
      • -
    • (The Apache Software License, Version 2.0) Jackson datatype: jdk8 (com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8)
      • -
    • (The Apache Software License, Version 2.0) Jackson datatype: JSR310 (com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310)
      • -
    • (The Apache Software License, Version 2.0) Jackson module: Afterburner (com.fasterxml.jackson.module:jackson-module-afterburner:2.15.3 - https://github.com/FasterXML/jackson-modules-base)
      • -
    • (The Apache Software License, Version 2.0) Jackson module: Blackbird (com.fasterxml.jackson.module:jackson-module-blackbird:2.15.3 - https://github.com/FasterXML/jackson-modules-base)
      • -
    • (The Apache Software License, Version 2.0) Jackson-module-parameter-names (com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.3 - https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names)
      • -
    • (The Apache License, Version 2.0) Woodstox (com.fasterxml.woodstox:woodstox-core:6.5.1 - https://github.com/FasterXML/woodstox)
      • -
    • (GNU Lesser General Public License version 3) (The Apache Software License, Version 2.0) jffi (com.github.jnr:jffi:1.3.12 - http://github.com/jnr/jffi)
      • -
    • (The Apache Software License, Version 2.0) jnr-a64asm (com.github.jnr:jnr-a64asm:1.0.0 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-a64asm)
      • -
    • (The Apache Software License, Version 2.0) jnr-constants (com.github.jnr:jnr-constants:0.10.4 - http://github.com/jnr/jnr-constants)
      • -
    • (The Apache Software License, Version 2.0) jnr-enxio (com.github.jnr:jnr-enxio:0.32.16 - http://github.com/jnr/jnr-enxio)
      • -
    • (The Apache Software License, Version 2.0) jnr-ffi (com.github.jnr:jnr-ffi:2.2.15 - http://github.com/jnr/jnr-ffi)
      • -
    • (The Apache Software License, Version 2.0) jnr-netdb (com.github.jnr:jnr-netdb:1.2.0 - http://github.com/jnr/jnr-netdb)
      • -
    • (Eclipse Public License - v 2.0) (GNU General Public License Version 2) (GNU Lesser General Public License Version 2.1) jnr-posix (com.github.jnr:jnr-posix:3.1.18 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
      • -
    • (The Apache Software License, Version 2.0) jnr-unixsocket (com.github.jnr:jnr-unixsocket:0.38.21 - http://github.com/jnr/jnr-unixsocket)
      • -
    • (MIT License) jnr-x86asm (com.github.jnr:jnr-x86asm:1.0.2 - http://github.com/jnr/jnr-x86asm)
      • -
    • (MIT) Package URL (com.github.package-url:packageurl-java:1.4.1 - https://github.com/package-url/packageurl-java)
      • -
    • (GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1) SpotBugs Annotations (com.github.spotbugs:spotbugs-annotations:4.8.3 - https://spotbugs.github.io/)
      • -
    • (Apache License 2.0) compiler (com.github.spullara.mustache.java:compiler:0.9.6 - http://github.com/spullara/mustache.java)
      • -
    • (Apache License, Version 2.0) JCIP Annotations under Apache License (com.github.stephenc.jcip:jcip-annotations:1.0-1 - http://stephenc.github.com/jcip-annotations)
      • -
    • (Apache 2.0) Google Android Annotations Library (com.google.android:annotations:4.1.1.4 - http://source.android.com/)
      • -
    • (BSD-3-Clause) API Common (com.google.api:api-common:2.21.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (Core) (com.google.api:gax:2.38.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (gRPC) (com.google.api:gax-grpc:2.38.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (BSD-3-Clause) GAX (Google Api eXtensions) for Java (HTTP JSON) (com.google.api:gax-httpjson:2.38.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (Apache-2.0) proto-google-cloud-secretmanager-v1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1:2.31.0 - https://github.com/googleapis/google-cloud-java)
      • -
    • (Apache-2.0) proto-google-cloud-secretmanager-v1beta1 (com.google.api.grpc:proto-google-cloud-secretmanager-v1beta1:2.31.0 - https://github.com/googleapis/google-cloud-java)
      • -
    • (Apache-2.0) proto-google-common-protos (com.google.api.grpc:proto-google-common-protos:2.29.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (Apache-2.0) proto-google-iam-v1 (com.google.api.grpc:proto-google-iam-v1:1.24.0 - https://github.com/googleapis/sdk-platform-java)
      • -
    • (BSD New license) Google Auth Library for Java - Credentials (com.google.auth:google-auth-library-credentials:1.20.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-credentials)
      • -
    • (BSD New license) Google Auth Library for Java - OAuth2 HTTP (com.google.auth:google-auth-library-oauth2-http:1.20.0 - https://github.com/googleapis/google-auth-library-java/google-auth-library-oauth2-http)
      • -
    • (Apache 2.0) AutoValue Annotations (com.google.auto.value:auto-value-annotations:1.10.4 - https://github.com/google/auto/tree/main/value)
      • -
    • (Apache-2.0) Google Cloud Secret Manager (com.google.cloud:google-cloud-secretmanager:2.31.0 - https://github.com/googleapis/google-cloud-java)
      • -
    • (The Apache Software License, Version 2.0) FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
      • -
    • (Apache-2.0) Gson (com.google.code.gson:gson:2.10.1 - https://github.com/google/gson/gson)
      • -
    • (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.23.0 - https://errorprone.info/error_prone_annotations)
      • -
    • (The Apache Software License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
      • -
    • (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:32.1.3-jre - https://github.com/google/guava)
      • -
    • (The Apache Software License, Version 2.0) Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
      • -
    • (The Apache Software License, Version 2.0) Google HTTP Client Library for Java (com.google.http-client:google-http-client:1.43.3 - https://github.com/googleapis/google-http-java-client/google-http-client)
      • -
    • (The Apache Software License, Version 2.0) GSON extensions to the Google HTTP Client Library for Java. (com.google.http-client:google-http-client-gson:1.43.3 - https://github.com/googleapis/google-http-java-client/google-http-client-gson)
      • -
    • (Apache License, Version 2.0) J2ObjC Annotations (com.google.j2objc:j2objc-annotations:2.8 - https://github.com/google/j2objc/)
      • -
    • (BSD-3-Clause) Protocol Buffers [Core] (com.google.protobuf:protobuf-java:3.25.1 - https://developers.google.com/protocol-buffers/protobuf-java/)
      • -
    • (BSD-3-Clause) Protocol Buffers [Util] (com.google.protobuf:protobuf-java-util:3.25.1 - https://developers.google.com/protocol-buffers/protobuf-java-util/)
      • -
    • (Go License) RE2/J (com.google.re2j:re2j:1.7 - http://github.com/google/re2j)
      • -
    • (EPL 1.0) (MPL 2.0) H2 Database Engine (com.h2database:h2:2.2.224 - https://h2database.com)
      • -
    • (The Apache Software License, Version 2.0) retirejs-core (com.h3xstream.retirejs:retirejs-core:3.0.4 - https://github.com/h3xstream/burp-retire-js/retirejs-core)
      • -
    • (Apache License Version 2.0) AhoCorasickDoubleArrayTrie (com.hankcs:aho-corasick-double-array-trie:1.2.3 - https://github.com/hankcs/AhoCorasickDoubleArrayTrie)
      • -
    • (The Apache Software License, Version 2.0) backport9 (com.headius:backport9:1.13 - http://nexus.sonatype.org/oss-repository-hosting.html/backport9)
      • -
    • (The Apache Software License, Version 2.0) invokebinder (com.headius:invokebinder:1.13 - http://maven.apache.org)
      • -
    • (The Apache Software License, Version 2.0) options (com.headius:options:1.6 - https://github.com/headius/options)
      • -
    • (MIT License) msal4j (com.microsoft.azure:msal4j:1.14.0 - https://github.com/AzureAD/microsoft-authentication-library-for-java)
      • -
    • (MIT License) msal4j-persistence-extension (com.microsoft.azure:msal4j-persistence-extension:1.2.0 - https://github.com/AzureAD/microsoft-authentication-extensions-for-java)
      • -
    • (The MIT License (MIT)) Extensions on Apache Proton-J library (com.microsoft.azure:qpid-proton-j-extensions:1.2.4 - https://github.com/Azure/qpid-proton-j-extensions)
      • -
    • (The MIT License) toml4j (com.moandjiezana.toml:toml4j:0.7.2 - http://moandjiezana.com/toml/toml4j)
      • -
    • (Apache License Version 2.0) JsonSchemaValidator (com.networknt:json-schema-validator:1.0.87 - https://github.com/networknt/json-schema-validator)
      • -
    • (The Apache Software License, Version 2.0) Nimbus Content Type (com.nimbusds:content-type:2.2 - https://bitbucket.org/connect2id/nimbus-content-type)
      • -
    • (The Apache Software License, Version 2.0) Nimbus LangTag (com.nimbusds:lang-tag:1.7 - https://bitbucket.org/connect2id/nimbus-language-tags)
      • -
    • (The Apache Software License, Version 2.0) Nimbus JOSE+JWT (com.nimbusds:nimbus-jose-jwt:9.30.2 - https://bitbucket.org/connect2id/nimbus-jose-jwt)
      • -
    • (Apache License, version 2.0) OAuth 2.0 SDK with OpenID Connect extensions (com.nimbusds:oauth2-oidc-sdk:10.7.1 - https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
      • -
    • (Eclipse Distribution License - v 1.0) Old JAXB Core (com.sun.xml.bind:jaxb-core:4.0.4 - https://eclipse-ee4j.github.io/jaxb-ri/)
      • -
    • (Eclipse Distribution License - v 1.0) Old JAXB Runtime (com.sun.xml.bind:jaxb-impl:4.0.4 - https://eclipse-ee4j.github.io/jaxb-ri/)
      • -
    • (Apache License 2.0) JSON library from Android SDK (com.vaadin.external.google:android-json:0.0.20131108.vaadin1 - http://developer.android.com/sdk)
      • -
    • (Apache License, Version 2.0) Apache Commons BeanUtils (commons-beanutils:commons-beanutils:1.9.4 - https://commons.apache.org/proper/commons-beanutils/)
      • -
    • (Apache-2.0) Apache Commons Codec (commons-codec:commons-codec:1.16.0 - https://commons.apache.org/proper/commons-codec/)
      • -
    • (Apache License, Version 2.0) Apache Commons Collections (commons-collections:commons-collections:3.2.2 - http://commons.apache.org/collections/)
      • -
    • (The Apache Software License, Version 2.0) Commons Digester (commons-digester:commons-digester:2.1 - http://commons.apache.org/digester/)
      • -
    • (Apache-2.0) Apache Commons IO (commons-io:commons-io:2.14.0 - https://commons.apache.org/proper/commons-io/)
      • -
    • (The Apache Software License, Version 2.0) Apache Commons Logging (commons-logging:commons-logging:1.2 - http://commons.apache.org/proper/commons-logging/)
      • -
    • (Apache License, Version 2.0) Apache Commons Validator (commons-validator:commons-validator:1.7 - http://commons.apache.org/proper/commons-validator/)
      • -
    • (Apache 2.0) io.grpc:grpc-alts (io.grpc:grpc-alts:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-api (io.grpc:grpc-api:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-auth (io.grpc:grpc-auth:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-context (io.grpc:grpc-context:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-core (io.grpc:grpc-core:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-googleapis (io.grpc:grpc-googleapis:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-grpclb (io.grpc:grpc-grpclb:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-inprocess (io.grpc:grpc-inprocess:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-netty-shaded (io.grpc:grpc-netty-shaded:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-protobuf (io.grpc:grpc-protobuf:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-protobuf-lite (io.grpc:grpc-protobuf-lite:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-services (io.grpc:grpc-services:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-stub (io.grpc:grpc-stub:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-util (io.grpc:grpc-util:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (Apache 2.0) io.grpc:grpc-xds (io.grpc:grpc-xds:1.59.1 - https://github.com/grpc/grpc-java)
      • -
    • (The Apache Software License, Version 2.0) micrometer-commons (io.micrometer:micrometer-commons:1.12.1 - https://github.com/micrometer-metrics/micrometer)
      • -
    • (The Apache Software License, Version 2.0) micrometer-core (io.micrometer:micrometer-core:1.12.1 - https://github.com/micrometer-metrics/micrometer)
      • -
    • (The Apache Software License, Version 2.0) micrometer-jakarta9 (io.micrometer:micrometer-jakarta9:1.12.1 - https://github.com/micrometer-metrics/micrometer)
      • -
    • (The Apache Software License, Version 2.0) micrometer-observation (io.micrometer:micrometer-observation:1.12.1 - https://github.com/micrometer-metrics/micrometer)
      • -
    • (Apache License, Version 2.0) Netty/Buffer (io.netty:netty-buffer:4.1.104.Final - https://netty.io/netty-buffer/)
      • -
    • (Apache License, Version 2.0) Netty/Codec (io.netty:netty-codec:4.1.104.Final - https://netty.io/netty-codec/)
      • -
    • (Apache License, Version 2.0) Netty/Codec/DNS (io.netty:netty-codec-dns:4.1.104.Final - https://netty.io/netty-codec-dns/)
      • -
    • (Apache License, Version 2.0) Netty/Codec/HTTP (io.netty:netty-codec-http:4.1.104.Final - https://netty.io/netty-codec-http/)
      • -
    • (Apache License, Version 2.0) Netty/Codec/HTTP2 (io.netty:netty-codec-http2:4.1.104.Final - https://netty.io/netty-codec-http2/)
      • -
    • (Apache License, Version 2.0) Netty/Codec/Socks (io.netty:netty-codec-socks:4.1.104.Final - https://netty.io/netty-codec-socks/)
      • -
    • (Apache License, Version 2.0) Netty/Common (io.netty:netty-common:4.1.104.Final - https://netty.io/netty-common/)
      • -
    • (Apache License, Version 2.0) Netty/Handler (io.netty:netty-handler:4.1.104.Final - https://netty.io/netty-handler/)
      • -
    • (Apache License, Version 2.0) Netty/Handler/Proxy (io.netty:netty-handler-proxy:4.1.104.Final - https://netty.io/netty-handler-proxy/)
      • -
    • (Apache License, Version 2.0) Netty/Resolver (io.netty:netty-resolver:4.1.104.Final - https://netty.io/netty-resolver/)
      • -
    • (Apache License, Version 2.0) Netty/Resolver/DNS (io.netty:netty-resolver-dns:4.1.104.Final - https://netty.io/netty-resolver-dns/)
      • -
    • (Apache License, Version 2.0) Netty/Resolver/DNS/Classes/MacOS (io.netty:netty-resolver-dns-classes-macos:4.1.104.Final - https://netty.io/netty-resolver-dns-classes-macos/)
      • -
    • (Apache License, Version 2.0) Netty/Resolver/DNS/Native/MacOS (io.netty:netty-resolver-dns-native-macos:4.1.104.Final - https://netty.io/netty-resolver-dns-native-macos/)
      • -
    • (The Apache Software License, Version 2.0) Netty/TomcatNative [BoringSSL - Static] (io.netty:netty-tcnative-boringssl-static:2.0.61.Final - https://github.com/netty/netty-tcnative/netty-tcnative-boringssl-static/)
      • -
    • (The Apache Software License, Version 2.0) Netty/TomcatNative [OpenSSL - Classes] (io.netty:netty-tcnative-classes:2.0.61.Final - https://github.com/netty/netty-tcnative/netty-tcnative-classes/)
      • -
    • (Apache License, Version 2.0) Netty/Transport (io.netty:netty-transport:4.1.104.Final - https://netty.io/netty-transport/)
      • -
    • (Apache License, Version 2.0) Netty/Transport/Classes/Epoll (io.netty:netty-transport-classes-epoll:4.1.104.Final - https://netty.io/netty-transport-classes-epoll/)
      • -
    • (Apache License, Version 2.0) Netty/Transport/Classes/KQueue (io.netty:netty-transport-classes-kqueue:4.1.104.Final - https://netty.io/netty-transport-classes-kqueue/)
      • -
    • (Apache License, Version 2.0) Netty/Transport/Native/Epoll (io.netty:netty-transport-native-epoll:4.1.104.Final - https://netty.io/netty-transport-native-epoll/)
      • -
    • (Apache License, Version 2.0) Netty/Transport/Native/KQueue (io.netty:netty-transport-native-kqueue:4.1.104.Final - https://netty.io/netty-transport-native-kqueue/)
      • -
    • (Apache License, Version 2.0) Netty/Transport/Native/Unix/Common (io.netty:netty-transport-native-unix-common:4.1.104.Final - https://netty.io/netty-transport-native-unix-common/)
      • -
    • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-api:0.31.1 - https://github.com/census-instrumentation/opencensus-java)
      • -
    • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-contrib-http-util:0.31.1 - https://github.com/census-instrumentation/opencensus-java)
      • -
    • (The Apache License, Version 2.0) OpenCensus (io.opencensus:opencensus-proto:0.2.0 - https://github.com/census-instrumentation/opencensus-proto)
      • -
    • (Apache 2.0) perfmark:perfmark-api (io.perfmark:perfmark-api:0.26.0 - https://github.com/perfmark/perfmark)
      • -
    • (Apache License, Version 2.0) Non-Blocking Reactive Foundation for the JVM (io.projectreactor:reactor-core:3.6.1 - https://github.com/reactor/reactor-core)
      • -
    • (The Apache Software License, Version 2.0) Core functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-core:1.1.14 - https://github.com/reactor/reactor-netty)
      • -
    • (The Apache Software License, Version 2.0) HTTP functionality for the Reactor Netty library (io.projectreactor.netty:reactor-netty-http:1.1.14 - https://github.com/reactor/reactor-netty)
      • -
    • (Apache License 2.0) swagger-annotations-jakarta (io.swagger.core.v3:swagger-annotations-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-annotations-jakarta)
      • -
    • (Apache License 2.0) swagger-core-jakarta (io.swagger.core.v3:swagger-core-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-core-jakarta)
      • -
    • (Apache License 2.0) swagger-models-jakarta (io.swagger.core.v3:swagger-models-jakarta:2.2.19 - https://github.com/swagger-api/swagger-core/modules/swagger-models-jakarta)
      • -
    • (EDL 1.0) Jakarta Activation API (jakarta.activation:jakarta.activation-api:2.1.2 - https://github.com/jakartaee/jaf-api)
      • -
    • (EPL 2.0) (GPL2 w/ CPE) Jakarta Annotations API (jakarta.annotation:jakarta.annotation-api:2.1.1 - https://projects.eclipse.org/projects/ee4j.ca)
      • -
    • (EPL 2.0) (GPL2 w/ CPE) jakarta.transaction API (jakarta.transaction:jakarta.transaction-api:2.0.1 - https://projects.eclipse.org/projects/ee4j.jta)
      • -
    • (Apache License 2.0) Jakarta Bean Validation API (jakarta.validation:jakarta.validation-api:3.0.2 - https://beanvalidation.org)
      • -
    • (Eclipse Distribution License - v 1.0) Jakarta XML Binding API (jakarta.xml.bind:jakarta.xml.bind-api:4.0.1 - https://github.com/eclipse-ee4j/jaxb-api/jakarta.xml.bind-api)
      • -
    • (CDDL/GPLv2+CE) JavaBeans Activation Framework API jar (javax.activation:javax.activation-api:1.2.0 - http://java.net/all/javax.activation-api/)
      • -
    • (CDDL + GPLv2 with classpath exception) javax.annotation API (javax.annotation:javax.annotation-api:1.3.2 - http://jcp.org/en/jsr/detail?id=250)
      • -
    • (The Apache Software License, Version 2.0) javax.inject (javax.inject:javax.inject:1 - http://code.google.com/p/atinject/)
      • -
    • (CDDL 1.1) (GPL2 w/ CPE) javax.ws.rs-api (javax.ws.rs:javax.ws.rs-api:2.0.1 - http://jax-rs-spec.java.net)
      • -
    • (CDDL 1.1) (GPL2 w/ CPE) jaxb-api (javax.xml.bind:jaxb-api:2.3.1 - https://github.com/javaee/jaxb-spec/jaxb-api)
      • -
    • (Apache License, Version 2.0) Joda-Time (joda-time:joda-time:2.12.5 - https://www.joda.org/joda-time/)
      • -
    • (Eclipse Public License 1.0) JUnit (junit:junit:4.13.2 - http://junit.org)
      • -
    • (The Apache Software License, Version 2.0) jitescript (me.qmx.jitescript:jitescript:0.4.1 - https://github.com/qmx/jitescript)
      • -
    • (Apache-2.0) (LGPL-2.1-or-later) Java Native Access (net.java.dev.jna:jna:5.13.0 - https://github.com/java-native-access/jna)
      • -
    • (Apache License v2.0) (LGPL, version 2.1) Java Native Access Platform (net.java.dev.jna:jna-platform:5.6.0 - https://github.com/java-native-access/jna)
      • -
    • (The Apache Software License, Version 2.0) ASM based accessors helper used by json-smart (net.minidev:accessors-smart:2.5.0 - https://urielch.github.io/)
      • -
    • (The Apache Software License, Version 2.0) JSON Small and Fast Parser (net.minidev:json-smart:2.5.0 - https://urielch.github.io/)
      • -
    • (The Apache Software License, Version 2.0) groovy-extensions (nz.net.ultraq.groovy:groovy-extensions:2.1.0 - https://github.com/ultraq/groovy-extensions/)
      • -
    • (The Apache Software License, Version 2.0) thymeleaf-expression-processor (nz.net.ultraq.thymeleaf:thymeleaf-expression-processor:3.2.0 - https://github.com/ultraq/thymeleaf-expression-processor/)
      • -
    • (The Apache Software License, Version 2.0) thymeleaf-layout-dialect (nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:3.3.0 - https://github.com/ultraq/thymeleaf-layout-dialect/)
      • -
    • (The Apache Software License, Version 2.0) OGNL - Object Graph Navigation Library (ognl:ognl:3.3.4 - https://github.com/jkuhnert/ognl/)
      • -
    • (Apache-2.0) jdiagnostics (org.anarres.jdiagnostics:jdiagnostics:1.0.7 - https://github.com/shevek/jdiagnostics)
      • -
    • (Apache License, Version 2.0) Apache Commons Collections (org.apache.commons:commons-collections4:4.4 - https://commons.apache.org/proper/commons-collections/)
      • -
    • (Apache-2.0) Apache Commons Compress (org.apache.commons:commons-compress:1.24.0 - https://commons.apache.org/proper/commons-compress/)
      • -
    • (Apache-2.0) Apache Commons DBCP (org.apache.commons:commons-dbcp2:2.10.0 - https://commons.apache.org/dbcp/)
      • -
    • (Apache License, Version 2.0) Apache Commons JCS :: Core (org.apache.commons:commons-jcs-core:2.2.1 - http://commons.apache.org/proper/commons-jcs/commons-jcs-core/)
      • -
    • (Apache-2.0) Apache Commons Lang (org.apache.commons:commons-lang3:3.13.0 - https://commons.apache.org/proper/commons-lang/)
      • -
    • (Apache-2.0) Apache Commons Pool (org.apache.commons:commons-pool2:2.12.0 - https://commons.apache.org/proper/commons-pool/)
      • -
    • (Apache License, Version 2.0) Apache Commons Text (org.apache.commons:commons-text:1.10.0 - https://commons.apache.org/proper/commons-text)
      • -
    • (The Apache Software License, Version 2.0) Apache Groovy (org.apache.groovy:groovy:4.0.16 - https://groovy-lang.org)
      • -
    • (Apache License, Version 2.0) Apache HttpClient (org.apache.httpcomponents:httpclient:4.5.14 - http://hc.apache.org/httpcomponents-client-ga)
      • -
    • (Apache License, Version 2.0) Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.16 - http://hc.apache.org/httpcomponents-core-ga)
      • -
    • (Apache License, Version 2.0) Apache HttpClient (org.apache.httpcomponents.client5:httpclient5:5.2.3 - https://hc.apache.org/httpcomponents-client-5.0.x/5.2.3/httpclient5/)
      • -
    • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/1.1 (org.apache.httpcomponents.core5:httpcore5:5.2.4 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.4/httpcore5/)
      • -
    • (Apache License, Version 2.0) Apache HttpComponents Core HTTP/2 (org.apache.httpcomponents.core5:httpcore5-h2:5.2.4 - https://hc.apache.org/httpcomponents-core-5.2.x/5.2.4/httpcore5-h2/)
      • -
    • (Apache-2.0) Apache Log4j API (org.apache.logging.log4j:log4j-api:2.21.1 - https://logging.apache.org/log4j/2.x/log4j/log4j-api/)
      • -
    • (Apache-2.0) Apache Log4j to SLF4J Adapter (org.apache.logging.log4j:log4j-to-slf4j:2.21.1 - https://logging.apache.org/log4j/2.x/log4j/log4j-to-slf4j/)
      • -
    • (Apache License, Version 2.0) Lucene Common Analyzers (org.apache.lucene:lucene-analyzers-common:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-analyzers-common)
      • -
    • (Apache License, Version 2.0) Lucene Core (org.apache.lucene:lucene-core:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-core)
      • -
    • (Apache License, Version 2.0) Lucene Queries (org.apache.lucene:lucene-queries:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-queries)
      • -
    • (Apache License, Version 2.0) Lucene QueryParsers (org.apache.lucene:lucene-queryparser:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-queryparser)
      • -
    • (Apache License, Version 2.0) Lucene Sandbox (org.apache.lucene:lucene-sandbox:8.11.2 - https://lucene.apache.org/lucene-parent/lucene-sandbox)
      • -
    • (The Apache Software License, Version 2.0) Maven Aether Provider (org.apache.maven:maven-aether-provider:3.0 - http://maven.apache.org/maven-aether-provider/)
      • -
    • (The Apache Software License, Version 2.0) Maven Artifact (org.apache.maven:maven-artifact:3.0 - http://maven.apache.org/maven-artifact/)
      • -
    • (The Apache Software License, Version 2.0) Maven Core (org.apache.maven:maven-core:3.0 - http://maven.apache.org/maven-core/)
      • -
    • (The Apache Software License, Version 2.0) Maven Model (org.apache.maven:maven-model:3.0 - http://maven.apache.org/maven-model/)
      • -
    • (The Apache Software License, Version 2.0) Maven Model Builder (org.apache.maven:maven-model-builder:3.0 - http://maven.apache.org/maven-model-builder/)
      • -
    • (The Apache Software License, Version 2.0) Maven Plugin API (org.apache.maven:maven-plugin-api:3.0 - http://maven.apache.org/maven-plugin-api/)
      • -
    • (The Apache Software License, Version 2.0) Maven Repository Metadata Model (org.apache.maven:maven-repository-metadata:3.0 - http://maven.apache.org/maven-repository-metadata/)
      • -
    • (The Apache Software License, Version 2.0) Maven Settings (org.apache.maven:maven-settings:3.0 - http://maven.apache.org/maven-settings/)
      • -
    • (The Apache Software License, Version 2.0) Maven Settings Builder (org.apache.maven:maven-settings-builder:3.0 - http://maven.apache.org/maven-settings-builder/)
      • -
    • (Apache License, Version 2.0) Doxia :: Logging API (org.apache.maven.doxia:doxia-logging-api:1.11.1 - https://maven.apache.org/doxia/doxia/doxia-logging-api/)
      • -
    • (Apache License, Version 2.0) Doxia :: Sink API (org.apache.maven.doxia:doxia-sink-api:1.11.1 - https://maven.apache.org/doxia/doxia/doxia-sink-api/)
      • -
    • (Apache License, Version 2.0) Apache Maven Reporting API (org.apache.maven.reporting:maven-reporting-api:3.1.1 - https://maven.apache.org/shared/maven-reporting-api/)
      • -
    • (Apache License, Version 2.0) Apache Maven File Management API (org.apache.maven.shared:file-management:3.1.0 - https://maven.apache.org/shared/file-management/)
      • -
    • (Apache License, Version 2.0) Apache Maven Artifact Transfer (org.apache.maven.shared:maven-artifact-transfer:0.13.1 - https://maven.apache.org/shared/maven-artifact-transfer/)
      • -
    • (Apache License, Version 2.0) Apache Maven Common Artifact Filters (org.apache.maven.shared:maven-common-artifact-filters:3.1.0 - https://maven.apache.org/shared/maven-common-artifact-filters/)
      • -
    • (Apache License, Version 2.0) Apache Maven Dependency Tree (org.apache.maven.shared:maven-dependency-tree:3.2.1 - https://maven.apache.org/shared/maven-dependency-tree/)
      • -
    • (Apache License, Version 2.0) Apache Maven Shared Utils (org.apache.maven.shared:maven-shared-utils:3.1.0 - https://maven.apache.org/shared/maven-shared-utils/)
      • -
    • (Apache License, Version 2.0) Proton-J (org.apache.qpid:proton-j:0.33.8 - https://qpid.apache.org/proton/proton-j)
      • -
    • (Apache License, Version 2.0) tomcat-embed-core (org.apache.tomcat.embed:tomcat-embed-core:10.1.17 - https://tomcat.apache.org/)
      • -
    • (Apache License, Version 2.0) tomcat-embed-el (org.apache.tomcat.embed:tomcat-embed-el:10.1.17 - https://tomcat.apache.org/)
      • -
    • (Apache License, Version 2.0) tomcat-embed-websocket (org.apache.tomcat.embed:tomcat-embed-websocket:10.1.17 - https://tomcat.apache.org/)
      • -
    • (Apache License, Version 2.0) Apache Velocity - Engine (org.apache.velocity:velocity-engine-core:2.3 - http://velocity.apache.org/engine/devel/velocity-engine-core/)
      • -
    • (The Apache Software License, Version 2.0) asciidoctorj (org.asciidoctor:asciidoctorj:2.5.11 - https://github.com/asciidoctor/asciidoctorj)
      • -
    • (The Apache Software License, Version 2.0) asciidoctorj-api (org.asciidoctor:asciidoctorj-api:2.5.11 - https://github.com/asciidoctor/asciidoctorj)
      • -
    • (The Apache Software License, Version 2.0) attoparser (org.attoparser:attoparser:2.0.7.RELEASE - https://www.attoparser.org)
      • -
    • (Apache Software License, Version 1.1) (Bouncy Castle Licence) Bouncy Castle OpenPGP API (org.bouncycastle:bcpg-jdk18on:1.71 - https://www.bouncycastle.org/java.html)
      • -
    • (Bouncy Castle Licence) Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (org.bouncycastle:bcpkix-jdk18on:1.73 - https://www.bouncycastle.org/java.html)
      • -
    • (Bouncy Castle Licence) Bouncy Castle Provider (org.bouncycastle:bcprov-jdk18on:1.74 - https://www.bouncycastle.org/java.html)
      • -
    • (Bouncy Castle Licence) Bouncy Castle ASN.1 Extension and Utility APIs (org.bouncycastle:bcutil-jdk18on:1.73 - https://www.bouncycastle.org/java.html)
      • -
    • (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.40.0 - https://checkerframework.org/)
      • -
    • (MIT license) Animal Sniffer Annotations (org.codehaus.mojo:animal-sniffer-annotations:1.23 - https://www.mojohaus.org/animal-sniffer/animal-sniffer-annotations)
      • -
    • (The Apache Software License, Version 2.0) Plexus Classworlds (org.codehaus.plexus:plexus-classworlds:2.2.3 - http://plexus.codehaus.org/plexus-classworlds/)
      • -
    • (Apache License, Version 2.0) Plexus :: Component Annotations (org.codehaus.plexus:plexus-component-annotations:2.0.0 - http://codehaus-plexus.github.io/plexus-containers/plexus-component-annotations/)
      • -
    • (The Apache Software License, Version 2.0) Plexus Interpolation API (org.codehaus.plexus:plexus-interpolation:1.14 - http://plexus.codehaus.org/plexus-components/plexus-interpolation)
      • -
    • (Apache License, Version 2.0) Plexus Common Utilities (org.codehaus.plexus:plexus-utils:3.5.1 - https://codehaus-plexus.github.io/plexus-utils/)
      • -
    • (The BSD License) Stax2 API (org.codehaus.woodstox:stax2-api:4.2.1 - http://github.com/FasterXML/stax2-api)
      • -
    • (Apache 2) org.conscrypt:conscrypt-openjdk-uber (org.conscrypt:conscrypt-openjdk-uber:2.5.2 - https://conscrypt.org/)
      • -
    • (Apache-2.0) CycloneDX Core (Java) (org.cyclonedx:cyclonedx-core-java:8.0.3 - https://github.com/CycloneDX/cyclonedx-core-java)
      • -
    • (Eclipse Public License, Version 1.0) Aether API (org.eclipse.aether:aether-api:1.0.0.v20140518 - http://www.eclipse.org/aether/aether-api/)
      • -
    • (Eclipse Public License, Version 1.0) Aether Utilities (org.eclipse.aether:aether-util:1.0.0.v20140518 - http://www.eclipse.org/aether/aether-util/)
      • -
    • (EDL 1.0) Angus Activation Registries (org.eclipse.angus:angus-activation:2.0.1 - https://github.com/eclipse-ee4j/angus-activation/angus-activation)
      • -
    • (Eclipse Public License - Version 2.0) Eclipse Packager :: Core (org.eclipse.packager:packager-core:0.19.0 - https://eclipse.org/packager/packager-core)
      • -
    • (Eclipse Public License - Version 2.0) Eclipse Packager :: RPM (org.eclipse.packager:packager-rpm:0.19.0 - https://eclipse.org/packager/packager-rpm)
      • -
    • (Dual license consisting of the CDDL v1.1 and GPL v2) JSR 374 (JSON Processing) Default Provider (org.glassfish:javax.json:1.1.4 - https://javaee.github.io/jsonp)
      • -
    • (BSD License 3) Hamcrest (org.hamcrest:hamcrest:2.2 - http://hamcrest.org/JavaHamcrest/)
      • -
    • (BSD License 3) Hamcrest Core (org.hamcrest:hamcrest-core:2.2 - http://hamcrest.org/JavaHamcrest/)
      • -
    • (BSD-2-Clause) (Public Domain, per Creative Commons CC0) HdrHistogram (org.hdrhistogram:HdrHistogram:2.1.12 - http://hdrhistogram.github.io/HdrHistogram/)
      • -
    • (Apache License 2.0) (LGPL 2.1) (MPL 1.1) Javassist (org.javassist:javassist:3.29.0-GA - http://www.javassist.org/)
      • -
    • (The Apache Software License, Version 2.0) JetBrains Java Annotations (org.jetbrains:annotations:17.0.0 - https://github.com/JetBrains/java-annotations)
      • -
    • (EPL) Dirgra (org.jruby:dirgra:0.3 - https://github.com/jruby/dirgra)
      • -
    • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Main Maven Artifact (org.jruby:jruby:9.4.5.0 - https://github.com/jruby/jruby/jruby-artifacts/jruby)
      • -
    • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Base (org.jruby:jruby-base:9.4.5.0 - https://github.com/jruby/jruby/jruby-base)
      • -
    • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Complete (org.jruby:jruby-complete:9.4.5.0 - https://github.com/jruby/jruby/jruby-artifacts/jruby-complete)
      • -
    • (EPL-2.0) (GPL-2.0) (LGPL-2.1) JRuby Lib Setup (org.jruby:jruby-stdlib:9.4.5.0 - https://github.com/jruby/jruby/jruby-stdlib)
      • -
    • (BSD) JZlib (org.jruby:jzlib:1.1.5 - http://www.jcraft.com/jzlib/)
      • -
    • (MIT License) JCodings (org.jruby.jcodings:jcodings:1.0.58 - http://nexus.sonatype.org/oss-repository-hosting.html/jcodings)
      • -
    • (MIT License) Joni (org.jruby.joni:joni:2.2.1 - http://nexus.sonatype.org/oss-repository-hosting.html/joni)
      • -
    • (The MIT License) jsoup Java HTML Parser (org.jsoup:jsoup:1.15.4 - https://jsoup.org/)
      • -
    • (Public Domain, per Creative Commons CC0) LatencyUtils (org.latencyutils:LatencyUtils:2.0.3 - http://latencyutils.github.io/LatencyUtils/)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: All (org.linguafranca.pwdb:KeePassJava2:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: DOM (org.linguafranca.pwdb:KeePassJava2-dom:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2-dom)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: JAXB (org.linguafranca.pwdb:KeePassJava2-jaxb:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2-jaxb)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: KDB (org.linguafranca.pwdb:KeePassJava2-kdb:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2-kdb)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: KDBX (org.linguafranca.pwdb:KeePassJava2-kdbx:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2-kdbx)
      • -
    • (Apache License, Version 2.0) KeePassJava2 :: Simple (org.linguafranca.pwdb:KeePassJava2-simple:2.2.1 - https://github.com/jorabin/KeePassJava2/KeePassJava2-simple)
      • -
    • (Apache License, Version 2.0) PWDB :: Database (org.linguafranca.pwdb:database:2.2.1 - https://github.com/jorabin/KeePassJava2/database)
      • -
    • (BSD-3-Clause) asm (org.ow2.asm:asm:9.2 - http://asm.ow2.io/)
      • -
    • (BSD-3-Clause) asm-analysis (org.ow2.asm:asm-analysis:9.2 - http://asm.ow2.io/)
      • -
    • (BSD-3-Clause) asm-commons (org.ow2.asm:asm-commons:9.2 - http://asm.ow2.io/)
      • -
    • (BSD-3-Clause) asm-tree (org.ow2.asm:asm-tree:9.2 - http://asm.ow2.io/)
      • -
    • (BSD-3-Clause) asm-util (org.ow2.asm:asm-util:9.2 - http://asm.ow2.io/)
      • -
    • (The Apache Software License, Version 2.0) Dependency-Check Core (org.owasp:dependency-check-core:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-core)
      • -
    • (The Apache Software License, Version 2.0) Dependency-Check Maven Plugin (org.owasp:dependency-check-maven:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-maven)
      • -
    • (The Apache Software License, Version 2.0) Dependency-Check Utils (org.owasp:dependency-check-utils:8.2.1 - https://github.com/jeremylong/DependencyCheck.git/dependency-check-utils)
      • -
    • (The MIT License) Project Lombok (org.projectlombok:lombok:1.18.30 - https://projectlombok.org)
      • -
    • (MIT-0) reactive-streams (org.reactivestreams:reactive-streams:1.0.4 - http://www.reactive-streams.org/)
      • -
    • (The MIT License) semver4j (org.semver4j:semver4j:4.3.0 - https://github.com/semver4j/semver4j)
      • -
    • (Apache License, Version 2.0) JCL 1.2 implemented over SLF4J (org.slf4j:jcl-over-slf4j:2.0.9 - http://www.slf4j.org)
      • -
    • (MIT License) JUL to SLF4J bridge (org.slf4j:jul-to-slf4j:2.0.9 - http://www.slf4j.org)
      • -
    • (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.9 - http://www.slf4j.org)
      • -
    • (The Apache Software License, Version 2.0) Aether :: API (org.sonatype.aether:aether-api:1.7 - http://aether.sonatype.org/aether-api/)
      • -
    • (The Apache Software License, Version 2.0) Aether :: Implementation (org.sonatype.aether:aether-impl:1.7 - http://aether.sonatype.org/aether-impl/)
      • -
    • (The Apache Software License, Version 2.0) Aether :: SPI (org.sonatype.aether:aether-spi:1.7 - http://aether.sonatype.org/aether-spi/)
      • -
    • (The Apache Software License, Version 2.0) Aether :: Utilities (org.sonatype.aether:aether-util:1.7 - http://aether.sonatype.org/aether-util/)
      • -
    • (ASL2) org.sonatype.goodies:package-url-java (org.sonatype.goodies:package-url-java:1.1.1 - https://sonatype.github.io/package-url-java/)
      • -
    • (ASL2) org.sonatype.ossindex:ossindex-service-api (org.sonatype.ossindex:ossindex-service-api:1.8.2 - https://sonatype.github.io/ossindex-public/ossindex-service-api/)
      • -
    • (ASL2) org.sonatype.ossindex:ossindex-service-client (org.sonatype.ossindex:ossindex-service-client:1.8.2 - https://sonatype.github.io/ossindex-public/ossindex-service-client/)
      • -
    • (Apache Public License 2.0) Plexus Cipher: encryption/decryption Component (org.sonatype.plexus:plexus-cipher:1.4 - http://spice.sonatype.org/plexus-cipher)
      • -
    • (Apache Public License 2.0) Plexus Security Dispatcher Component (org.sonatype.plexus:plexus-sec-dispatcher:1.4 - http://spice.sonatype.org/plexus-sec-dispatcher)
      • -
    • (The Apache Software License, Version 2.0) Sisu - Guice (org.sonatype.sisu:sisu-guice:2.1.7 - http://forge.sonatype.com/sisu-guice/)
      • -
    • (The Apache Software License, Version 2.0) Sisu - Inject (JSR330 bean support) (org.sonatype.sisu:sisu-inject-bean:1.4.2 - http://sisu.sonatype.org/sisu-inject/guice-bean/sisu-inject-bean/)
      • -
    • (The Apache Software License, Version 2.0) Sisu - Inject (Plexus bean support) (org.sonatype.sisu:sisu-inject-plexus:1.4.2 - http://sisu.sonatype.org/sisu-inject/guice-bean/guice-plexus/sisu-inject-plexus/)
      • -
    • (The Apache License, Version 2.0) springdoc-openapi-starter-common (org.springdoc:springdoc-openapi-starter-common:2.3.0 - https://springdoc.org/springdoc-openapi-starter-common/)
      • -
    • (The Apache License, Version 2.0) springdoc-openapi-starter-webmvc-api (org.springdoc:springdoc-openapi-starter-webmvc-api:2.3.0 - https://springdoc.org/springdoc-openapi-starter-webmvc-api/)
      • -
    • (The Apache License, Version 2.0) springdoc-openapi-starter-webmvc-ui (org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0 - https://springdoc.org/springdoc-openapi-starter-webmvc-ui/)
      • -
    • (Apache License, Version 2.0) Spring AOP (org.springframework:spring-aop:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Beans (org.springframework:spring-beans:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Context (org.springframework:spring-context:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Core (org.springframework:spring-core:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Expression Language (SpEL) (org.springframework:spring-expression:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Commons Logging Bridge (org.springframework:spring-jcl:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Web (org.springframework:spring-web:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) Spring Web MVC (org.springframework:spring-webmvc:6.1.2 - https://github.com/spring-projects/spring-framework)
      • -
    • (Apache License, Version 2.0) spring-boot (org.springframework.boot:spring-boot:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-actuator (org.springframework.boot:spring-boot-actuator:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-actuator-autoconfigure (org.springframework.boot:spring-boot-actuator-autoconfigure:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-autoconfigure (org.springframework.boot:spring-boot-autoconfigure:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter (org.springframework.boot:spring-boot-starter:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-actuator (org.springframework.boot:spring-boot-starter-actuator:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-json (org.springframework.boot:spring-boot-starter-json:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-logging (org.springframework.boot:spring-boot-starter-logging:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-thymeleaf (org.springframework.boot:spring-boot-starter-thymeleaf:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-tomcat (org.springframework.boot:spring-boot-starter-tomcat:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) spring-boot-starter-web (org.springframework.boot:spring-boot-starter-web:3.2.1 - https://spring.io/projects/spring-boot)
      • -
    • (Apache License, Version 2.0) Spring Cloud Commons (org.springframework.cloud:spring-cloud-commons:4.1.0 - https://projects.spring.io/spring-cloud/spring-cloud-commons/)
      • -
    • (Apache License, Version 2.0) Spring Cloud Context (org.springframework.cloud:spring-cloud-context:4.1.0 - https://projects.spring.io/spring-cloud/spring-cloud-context/)
      • -
    • (Apache License, Version 2.0) spring-cloud-starter (org.springframework.cloud:spring-cloud-starter:4.1.0 - https://projects.spring.io/spring-cloud)
      • -
    • (Apache License, Version 2.0) Spring Cloud Starter Vault Config (org.springframework.cloud:spring-cloud-starter-vault-config:4.1.0 - https://cloud.spring.io/spring-cloud-vault/)
      • -
    • (Apache License, Version 2.0) Spring Cloud Vault Configuration Integration (org.springframework.cloud:spring-cloud-vault-config:4.1.0 - https://spring.io/spring-cloud/spring-cloud-vault-parent/spring-cloud-vault-config)
      • -
    • (Apache License, Version 2.0) spring-security-config (org.springframework.security:spring-security-config:6.2.1 - https://spring.io/projects/spring-security)
      • -
    • (Apache License, Version 2.0) spring-security-core (org.springframework.security:spring-security-core:6.2.1 - https://spring.io/projects/spring-security)
      • -
    • (Apache License, Version 2.0) spring-security-crypto (org.springframework.security:spring-security-crypto:6.2.1 - https://spring.io/projects/spring-security)
      • -
    • (Apache 2.0) spring-security-rsa (org.springframework.security:spring-security-rsa:1.1.1 - http://github.com/spring-projects/spring-security-oauth)
      • -
    • (Apache License, Version 2.0) spring-security-web (org.springframework.security:spring-security-web:6.2.1 - https://spring.io/projects/spring-security)
      • -
    • (Apache License, Version 2.0) Spring Vault Core (org.springframework.vault:spring-vault-core:3.1.0 - https://projects.spring.io/spring-vault/spring-vault-core/)
      • -
    • (MIT) Testcontainers :: JUnit Jupiter Extension (org.testcontainers:junit-jupiter:1.19.3 - https://java.testcontainers.org)
      • -
    • (BSD-3-Clause) ThreeTen backport (org.threeten:threetenbp:1.6.8 - https://www.threeten.org/threetenbp)
      • -
    • (The Apache Software License, Version 2.0) thymeleaf (org.thymeleaf:thymeleaf:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf)
      • -
    • (The Apache Software License, Version 2.0) thymeleaf-spring6 (org.thymeleaf:thymeleaf-spring6:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-spring6)
      • -
    • (The Apache Software License, Version 2.0) thymeleaf-extras-springsecurity6 (org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-extras-springsecurity6)
      • -
    • (Public Domain) XZ for Java (org.tukaani:xz:1.9 - https://tukaani.org/xz/java.html)
      • -
    • (The Apache Software License, Version 2.0) unbescape (org.unbescape:unbescape:1.1.6.RELEASE - http://www.unbescape.org)
      • -
    • (Apache License, Version 2.0) Bootstrap (org.webjars:bootstrap:5.3.2 - http://webjars.org)
      • -
    • (MIT) DataTables (org.webjars:datatables:1.13.5 - http://webjars.org)
      • -
    • (MIT License) jquery (org.webjars:jquery:3.7.1 - http://webjars.org)
      • -
    • (Apache 2.0) Swagger UI (org.webjars:swagger-ui:5.10.3 - http://webjars.org)
      • -
    • (BSD 2-Clause) github-buttons (org.webjars.npm:github-buttons:2.14.1 - https://www.webjars.org)
      • -
    • (Common Public 1.0) pecoff4j (org.whitesource:pecoff4j:0.0.2.1 - https://github.com/whitesource/pecoff4j-maven)
      • -
    • (Apache License, Version 2.0) SnakeYAML (org.yaml:snakeyaml:2.2 - https://bitbucket.org/snakeyaml/snakeyaml)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Annotations (software.amazon.awssdk:annotations:2.22.9 - https://aws.amazon.com/sdkforjava/core/annotations)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Apache (software.amazon.awssdk:apache-client:2.22.9 - https://aws.amazon.com/sdkforjava/http-clients/apache-client)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Auth (software.amazon.awssdk:auth:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: AWS Core (software.amazon.awssdk:aws-core:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Json Protocol (software.amazon.awssdk:aws-json-protocol:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: AWS Query Protocol (software.amazon.awssdk:aws-query-protocol:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Checksums (software.amazon.awssdk:checksums:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Checksums SPI (software.amazon.awssdk:checksums-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Endpoints SPI (software.amazon.awssdk:endpoints-spi:2.22.9 - https://aws.amazon.com/sdkforjava/core/endpoints-spi)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth (software.amazon.awssdk:http-auth:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth AWS (software.amazon.awssdk:http-auth-aws:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Auth SPI (software.amazon.awssdk:http-auth-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Client Interface (software.amazon.awssdk:http-client-spi:2.22.9 - https://aws.amazon.com/sdkforjava/http-client-spi)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Identity SPI (software.amazon.awssdk:identity-spi:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Json Utils (software.amazon.awssdk:json-utils:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Metrics SPI (software.amazon.awssdk:metrics-spi:2.22.9 - https://aws.amazon.com/sdkforjava/core/metrics-spi)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: HTTP Clients :: Netty Non-Blocking I/O (software.amazon.awssdk:netty-nio-client:2.22.9 - https://aws.amazon.com/sdkforjava/http-clients/netty-nio-client)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Profiles (software.amazon.awssdk:profiles:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Core :: Protocols :: Protocol Core (software.amazon.awssdk:protocol-core:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Regions (software.amazon.awssdk:regions:2.22.9 - https://aws.amazon.com/sdkforjava/core/regions)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: SDK Core (software.amazon.awssdk:sdk-core:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS Simple Systems Management (SSM) (software.amazon.awssdk:ssm:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Services :: AWS STS (software.amazon.awssdk:sts:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Third Party :: Jackson-core (software.amazon.awssdk:third-party-jackson-core:2.22.9 - https://aws.amazon.com/sdkforjava)
      • -
    • (Apache License, Version 2.0) AWS Java SDK :: Utilities (software.amazon.awssdk:utils:2.22.9 - https://aws.amazon.com/sdkforjava/utils)
      • -
    • (Apache License, Version 2.0) AWS Event Stream (software.amazon.eventstream:eventstream:1.0.1 - https://github.com/awslabs/aws-eventstream-java)
      • -
    • (Apache-2.0) CPE Parser (us.springett:cpe-parser:2.0.2 - https://github.com/stevespringett/CPE-Parser)
    From 3eb52f8a9671a146d39d0ca3bca4f7b9494b9d62 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Sat, 13 Jan 2024 15:10:30 +0100 Subject: [PATCH 24/28] fix: remove VaultConfig The Vault configuration is automatically created through the properties set in the `application.properties`. It is not necessary to explicitly create a config class. --- .../challenges/kubernetes/VaultConfig.java | 51 ------------------- 1 file changed, 51 deletions(-) delete mode 100644 src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java b/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java deleted file mode 100644 index a9a613b38..000000000 --- a/src/main/java/org/owasp/wrongsecrets/challenges/kubernetes/VaultConfig.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.owasp.wrongsecrets.challenges.kubernetes; - -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.cloud.vault.config.VaultProperties; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Primary; -import org.springframework.vault.authentication.*; -import org.springframework.vault.client.VaultEndpoint; -import org.springframework.vault.config.AbstractVaultConfiguration; - -@Configuration -@Primary -public class VaultConfig extends AbstractVaultConfiguration { - - @Value("${spring.cloud.vault.uri}") - private String vaultAddress; - - @Value("${spring.cloud.vault.role}") - private String role; - - @Value("${spring.cloud.vault.kubernetes-path}") - private String tokenPath; - - @Value("${spring.cloud.vault.kubernetes.service-account-token-file}") - private String tokenFile; - - @Value("${spring.cloud.vault.authentication}") - private VaultProperties.AuthenticationMethod authenticationMethod; - - @Override - public @NotNull VaultEndpoint vaultEndpoint() { - return VaultEndpoint.from(vaultAddress); - } - - @Override - public @NotNull ClientAuthentication clientAuthentication() { - if (VaultProperties.AuthenticationMethod.KUBERNETES.equals(authenticationMethod)) { - KubernetesJwtSupplier jwtSupplier = new KubernetesServiceAccountTokenFile(tokenFile); - KubernetesAuthenticationOptions options = - new KubernetesAuthenticationOptions.KubernetesAuthenticationOptionsBuilder() - .role(role) - .path(tokenPath) - .jwtSupplier(jwtSupplier) - .build(); - return new KubernetesAuthentication(options, restOperations()); - } else { - return new TokenAuthentication("empty"); - } - } -} From f782b2d5c3c6f92aa627d62a7a1fb470539e1826 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 13 Jan 2024 21:04:59 +0100 Subject: [PATCH 25/28] Update POM file with new version: challenge45-7 --- .github/scripts/.bash_history | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- src/main/resources/templates/about.html | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index 5bb63833c..ede715c5d 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="XvAn9Kcj4XKXBFfkL0IBttcYp8GmZq7JuPjIjghfDZw=" +export tempPassword="T/8yzIOE0Xz3RIxjA2HMyncgmhUoZsHZLW6lQVj5yV4=" mvn run tempPassword k6 npx k6 diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index 6f5e13883..4e4e7b276 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -30,7 +30,7 @@ spec: runAsNonRoot: true serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:challenge45-6-k8s-vault + - image: jeroenwillemsen/wrongsecrets:challenge45-7-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge securityContext: diff --git a/src/main/resources/templates/about.html b/src/main/resources/templates/about.html index 1e5bac12d..a3e32690c 100644 --- a/src/main/resources/templates/about.html +++ b/src/main/resources/templates/about.html @@ -35,7 +35,7 @@ The list below is generated with `mvn license:add-third-party`
      -
    • Lists of 350 third-party dependencies.
      • +
    • Lists of 351 third-party dependencies.
    • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Classic Module (ch.qos.logback:logback-classic:1.4.14 - http://logback.qos.ch/logback-classic)
    • (Eclipse Public License - v 1.0) (GNU Lesser General Public License) Logback Core Module (ch.qos.logback:logback-core:1.4.14 - http://logback.qos.ch/logback-core)
    • (The MIT License (MIT)) Microsoft Azure Java Core Library (com.azure:azure-core:1.45.1 - https://github.com/Azure/azure-sdk-for-java)
      • @@ -346,6 +346,7 @@
    • (Apache 2.0) spring-security-rsa (org.springframework.security:spring-security-rsa:1.1.1 - http://github.com/spring-projects/spring-security-oauth)
    • (Apache License, Version 2.0) spring-security-web (org.springframework.security:spring-security-web:6.2.1 - https://spring.io/projects/spring-security)
    • (Apache License, Version 2.0) Spring Vault Core (org.springframework.vault:spring-vault-core:3.1.0 - https://projects.spring.io/spring-vault/spring-vault-core/)
      • +
    • (MIT) Testcontainers :: JUnit Jupiter Extension (org.testcontainers:junit-jupiter:1.19.3 - https://java.testcontainers.org)
    • (BSD-3-Clause) ThreeTen backport (org.threeten:threetenbp:1.6.8 - https://www.threeten.org/threetenbp)
    • (The Apache Software License, Version 2.0) thymeleaf (org.thymeleaf:thymeleaf:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf)
    • (The Apache Software License, Version 2.0) thymeleaf-spring6 (org.thymeleaf:thymeleaf-spring6:3.1.2.RELEASE - http://www.thymeleaf.org/thymeleaf-lib/thymeleaf-spring6)
      • From 7c1ee2626e39a070f30acbc7ca2357d599d0610d Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sat, 13 Jan 2024 21:40:16 +0100 Subject: [PATCH 26/28] audit log instructions --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59d882e79..6463b4a7a 100644 --- a/README.md +++ b/README.md @@ -429,7 +429,9 @@ If you want to dev without a Vault instance, use additionally the `without-vault ./mvnw spring-boot:run -Dspring-boot.run.profiles=local,without-vault ``` -Want to push a container? See `.github/scripts/docker-create-and-push.sh` for a script that generates and pushes all containers. Do not forget to rebuild the app before composing the container +Want to push a container? See `.github/scripts/docker-create-and-push.sh` for a script that generates and pushes all containers. Do not forget to rebuild the app before composing the container. + +Want to check why something in vault is not working in kubernetes? Do `kubectl exec vault-0 -n vault -- vault audit enable file file_path=stdout`. ### Dependency management From 0dcd518366d2466bd60fabf46a9960b189f9efe9 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Sun, 14 Jan 2024 09:42:33 +0100 Subject: [PATCH 27/28] Finalize vault setup and extra user --- k8s-vault-minkube-start.sh | 33 +++++++++++++++++-- scripts/install-vault.sh | 29 +++++++++++++++- .../explanations/challenge44_hint.adoc | 5 +++ .../explanations/challenge45_hint.adoc | 5 +++ 4 files changed, 68 insertions(+), 4 deletions(-) diff --git a/k8s-vault-minkube-start.sh b/k8s-vault-minkube-start.sh index a97efccc2..666a6f615 100755 --- a/k8s-vault-minkube-start.sh +++ b/k8s-vault-minkube-start.sh @@ -45,7 +45,7 @@ else helm repo add hashicorp https://helm.releases.hashicorp.com fi kubectl create ns vault -helm upgrade --install vault hashicorp/vault --version 0.23.0 --namespace vault --values k8s/helm-vault-values.yml +helm upgrade --install vault hashicorp/vault --version 0.27.0 --namespace vault --values k8s/helm-vault-values.yml isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running) while [[ $isvaultrunning != *"vault-0"* ]]; do echo "waiting for Vault1" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done @@ -87,17 +87,17 @@ kubectl exec vault-0 -n vault -- vault kv put secret/wrongsecret aaaauser."$(ope echo "Oepsi metadata" kubectl exec vault-0 -n vault -- vault kv metadata put -mount=secret -custom-metadata=secret="$(openssl rand -base64 16)" wrongsecret - echo "Enable k8s auth" kubectl exec vault-0 -n vault -- vault auth enable kubernetes echo "Writing k8s auth config" - kubectl exec vault-0 -n vault -- /bin/sh -c 'vault write auth/kubernetes/config \ token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" \ kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' +kubectl exec vault-0 -n vault -- vault audit enable file file_path=stdout + echo "Writing policy for secret-challenge" kubectl exec vault-0 -n vault -- /bin/sh -c 'vault policy write secret-challenge - < Date: Sun, 14 Jan 2024 09:44:28 +0100 Subject: [PATCH 28/28] Finalize vault setup and extra user --- src/main/resources/explanations/challenge45_hint.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/explanations/challenge45_hint.adoc b/src/main/resources/explanations/challenge45_hint.adoc index aee623d02..c4319dcde 100644 --- a/src/main/resources/explanations/challenge45_hint.adoc +++ b/src/main/resources/explanations/challenge45_hint.adoc @@ -1,7 +1,7 @@ This challenge can be solved using the following steps: 1. Find the secret with the commandline -- +- use `kubectl exec vault-0 -n vault -- vault kv get secret/wrongsecret` to find the data. 2. Find the Secret in Vault using the logged root token: