Update POM file with new version: heroku-tst-5

commjoen · commjoen · commit 92f77cebb9a6 · 2022-04-03T22:59:55.000+02:00
diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh
@@ -54,7 +54,7 @@ openssl rand -base64 32 | tr -d '\n' > yourkey.txt
 #echo "</settings>"
 
 echo "Building and updating pom.xml file so we can use it in our docker"
-cd ../.. && mvn clean && mvn --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && mvn install -DskipTests
+cd ../.. && mvn clean && mvn --batch-mode release:update-versions -DdevelopmentVersion=${tag}-SNAPSHOT && mvn install
 git add pom.xml
 git commit -am "Update POM file with new version: ${tag}"
 cd .github/scripts && git push
diff --git a/Dockerfile.web b/Dockerfile.web
@@ -1,4 +1,4 @@
-FROM jeroenwillemsen/wrongsecrets:heroku-tst-4-no-vault
+FROM jeroenwillemsen/wrongsecrets:heroku-tst-5-no-vault
 
 ARG argBasedVersion="1.3.10"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
diff --git a/pom.xml b/pom.xml
@@ -9,7 +9,7 @@
     </parent>
     <groupId>org.owasp</groupId>
     <artifactId>wrongsecrets</artifactId>
-    <version>heroku-tst-4-SNAPSHOT</version>
+    <version>heroku-tst-5-SNAPSHOT</version>
     <name>OWASP WrongSecrets</name>
     <description>Examples with how to not use secrets</description>
     <url>https://owasp.org/www-project-wrongsecrets/</url>
diff --git a/src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java b/src/main/java/org/owasp/wrongsecrets/HerokuWebSecurityConfig.java
@@ -8,7 +8,7 @@
 
 @Configuration
 @EnableWebSecurity(debug = true)
-@Order(0)
+@Order(1)
 public class HerokuWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
diff --git a/src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java b/src/main/java/org/owasp/wrongsecrets/canaries/TokenCallbackSecurityConfiguration.java
@@ -8,12 +8,11 @@
 
 @Configuration
 @EnableWebSecurity(debug = true)
-@Order(1)
+@Order(0)
 public class TokenCallbackSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests().requestMatchers(r -> r.getRequestURL().toString().contains("canaries")).permitAll()
-            .and().requestMatcher(r -> r.getRequestURL().toString().contains("canaries")).csrf().disable().httpBasic().disable().sessionManagement().disable();
+        http.requestMatcher(r -> r.getRequestURL().toString().contains("canaries")).csrf().disable();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM jeroenwillemsen/wrongsecrets:heroku-tst-4-no-vault`
	`1`	`+FROM jeroenwillemsen/wrongsecrets:heroku-tst-5-no-vault`
`2`	`2`
`3`	`3`	`ARG argBasedVersion="1.3.10"`
`4`	`4`	`ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"`
Original file line number	Diff line number	Diff line change
`@@ -8,12 +8,11 @@`
`8`	`8`
`9`	`9`	`@Configuration`
`10`	`10`	`@EnableWebSecurity(debug = true)`
`11`		`-@Order(1)`
	`11`	`+@Order(0)`
`12`	`12`	`public class TokenCallbackSecurityConfiguration extends WebSecurityConfigurerAdapter {`
`13`	`13`
`14`	`14`	`@Override`
`15`	`15`	`protected void configure(HttpSecurity http) throws Exception {`
`16`		`- http.authorizeRequests().requestMatchers(r -> r.getRequestURL().toString().contains("canaries")).permitAll()`
`17`		`- .and().requestMatcher(r -> r.getRequestURL().toString().contains("canaries")).csrf().disable().httpBasic().disable().sessionManagement().disable();`
	`16`	`+ http.requestMatcher(r -> r.getRequestURL().toString().contains("canaries")).csrf().disable();`
`18`	`17`	`}`
`19`	`18`	`}`