-
-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Challenge52_#297_Issue #1750
base: master
Are you sure you want to change the base?
Challenge52_#297_Issue #1750
Conversation
"Bad Encryption Practices" To address this issue in the repository for Challenge52, review the code to identify and resolve instances of bad encryption practices. Specifically, the challenge focuses on the use of hardcoded encryption keys and ciphertext within the Java code located in src/main/java/org/owasp/wrongsecrets/challenges/docker/challenge52. Ensure that best practices for secure encryption are applied, avoiding hardcoded secrets in the codebase.
Hi @Manvendra200125 , thank you for your PR! can you maybe submit the .dockerignore in a separate PR please? That’s something we can easily add. The challenge code & texts might need some more work which I would like to review separately. |
some basic changes
Hello, I would like to add that I am joining this. Could you please specify any changes that may be needed or identify any problems I might have made? |
**/secrets.dev.yaml | ||
**/values.dev.yaml | ||
LICENSE | ||
README.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have you tested building out a container using this .dockerignore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah
<<<<<<< HEAD | ||
======= | ||
Challenge52Test { | ||
|
||
} | ||
>>>>>>> 42db351e9a0a187e934fd9326c782d0ab9b1acbd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<<<<<<< HEAD | |
======= | |
Challenge52Test { | |
} | |
>>>>>>> 42db351e9a0a187e934fd9326c782d0ab9b1acbd |
HAve you run the tests? I am not sure if this is going to work this way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i checked again it is working .
|
||
@Slf4j | ||
@Component | ||
public class Challenge52 extends FixedAnswerChallenge { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tried running hte code? because i don't think the code below will run
Hello @Btourss and @Manvendra200125 I am a little bit confused: |
Think about what makes this type of encryption insecure. What would happen if someone could read the code? The key to solving this challenge lies in understanding that the encryption key is hardcoded in the Java code. | ||
|
||
To solve this challenge, you might try to access the encrypted secret and decrypt it using the hardcoded key. Look closely at the challenge code to find both the encrypted secret and the key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please check the other hints within the project? The hint should have the actual solution steps to solve the challenge.
"Bad Encryption Practices"
To address this issue in the repository for Challenge52, review the code to identify and resolve instances of bad encryption practices. Specifically, the challenge focuses on the use of hardcoded encryption keys and ciphertext within the Java code located in src/main/java/org/owasp/wrongsecrets/challenges/docker/challenge52. Ensure that best practices for secure encryption are applied, avoiding hardcoded secrets in the codebase.
What kind of changes does this PR include?
Description
Relations
References
Checklist: