diff --git a/.lgtm.yml b/.lgtm.yml
deleted file mode 100644
index 0c45e75a6b3fbeca8be445a58ea59184d68d0ca6..0000000000000000000000000000000000000000
--- a/.lgtm.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-path_classifiers:
- library:
- - frontend/src/assets/private
-queries:
- -
- exclude: js/missing-token-validation
diff --git a/.travis.yml b/.travis.yml
index 5d2206da8a7215bfa08e45b9f0c7f792a62ca163..f57746421c128ec9ecb11a87b306e4f0395e2306 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -24,9 +24,6 @@ after_success:
- "./node_modules/.bin/lcov-result-merger 'build/reports/coverage/**/lcov.info' 'build/reports/coverage/lcov_merged.info'"
- node_version=$(node -v); if [ ${node_version:1:2} = 10 ]; then ./node_modules/.bin/codeclimate-test-reporter < ./build/reports/coverage/lcov_merged.info; else echo "Skipping Codeclimate analysis on $node_version"; fi
notifications:
- email:
- - secure: ADLqaNm7lR8sgCkSz7eWtWdm8zZ9OsbkcQAi2nm7hQPWAkTWPfr9qeOBh39Z3PZvkgDdlUpNZc/uPlcEGEILznJRF3HlQjWrWksNNtY3xaRc01B4uXlDbODjttb6v9mOqkwUqRfQLeerOqNynNSkT129+mz4FANn0+oucZ3EuQc=
- - secure: HhhSoqY87yd8Hkt+cfXk9XXDJeWViYQoPq8f7SJofkwSWtxfOS9GNbOUehZJDqjBMARoGi3SJBImRbisnwfMcEhKpSZs2S4Osdwk2Ayy0h8V/O+qHhiEuJq1mPbAWrYNGQerz16Ec4SbX6hPnAEle2SUwjbPUnfRRCROsJqfm0o=
webhooks:
urls:
- secure: QZ3/2h7hThg527PX1z7kTTRGL5jEbTTHRbetYHt8Gzgdhvtruq4cjxMQZdUcmxKlncAhoB976iFl/Ja9EpExgrXnt/Tj0Aft6JDc7g8y0kuD/SiQpFT7d46R7vOTJeFHyMzfQN9M/h81DXrG+VO5OPGR/QYNa39kMzkTc86tt1E=
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index d0682f86033679e8ea8c9cd8f8edf1b086199543..ee43b1601ac15753bb7d9157691db7d86c94d673 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -2,11 +2,18 @@
## Our Pledge
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our
+project and our community a harassment-free experience for everyone,
+regardless of age, body size, disability, ethnicity, sex
+characteristics, gender identity and expression, level of experience,
+education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
## Our Standards
-Examples of behavior that contributes to creating a positive environment include:
+Examples of behavior that contributes to creating a positive environment
+include:
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
@@ -16,31 +23,60 @@ Examples of behavior that contributes to creating a positive environment include
Examples of unacceptable behavior by participants include:
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
+* The use of sexualized language or imagery and unwelcome sexual
+ attention or advances
+* Trolling, insulting/derogatory comments, and personal or political
+ attacks
* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
+* Publishing others' private information, such as a physical or
+ electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
## Our Responsibilities
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+Project maintainers are responsible for clarifying the standards of
+acceptable behavior and are expected to take appropriate and fair
+corrective action in response to any instances of unacceptable behavior.
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+Project maintainers have the right and responsibility to remove, edit,
+or reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, or to ban
+temporarily or permanently any contributor for other behaviors that they
+deem inappropriate, threatening, offensive, or harmful.
## Scope
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+This Code of Conduct applies both within project spaces and in public
+spaces when an individual is representing the project or its community.
+Examples of representing a project or community include using an
+official project e-mail address, posting via an official social media
+account, or acting as an appointed representative at an online or
+offline event. Representation of a project may be further defined and
+clarified by project maintainers.
## Enforcement
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at bjoern.kimminich@owasp.org. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may
+be reported by contacting the project team at
+<bjoern.kimminich@owasp.org>. All complaints will be reviewed and
+investigated and will result in a response that is deemed necessary and
+appropriate to the circumstances. The project team is obligated to
+maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted
+separately.
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+Project maintainers who do not follow or enforce the Code of Conduct in
+good faith may face temporary or permanent repercussions as determined
+by other members of the project's leadership.
## Attribution
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the
+[Contributor Covenant][homepage], version 1.4, available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
diff --git a/Dockerfile b/Dockerfile
index d779943467654533d72df1c4fce3775789a7529e..a258396783a14670ef24722fc20b210e8e62d7ce 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,7 @@ LABEL maintainer="Bjoern Kimminich <bjoern.kimminich@owasp.org>" \
org.opencontainers.image.vendor="Open Web Application Security Project" \
org.opencontainers.image.documentation="http://help.owasp-juice.shop" \
org.opencontainers.image.licenses="MIT" \
- org.opencontainers.image.version="8.1.1" \
+ org.opencontainers.image.version="8.2.0" \
org.opencontainers.image.url="http://owasp-juice.shop" \
org.opencontainers.image.source="https://github.com/bkimminich/juice-shop" \
org.opencontainers.image.revision=$VCS_REF \
diff --git a/HALL_OF_FAME.md b/HALL_OF_FAME.md
index 6c87f9e60e12dd810eb2ac3f2cc99a5a5ca4fdda..837ec55139f215515eb18adc51759628a9b8ecbf 100644
--- a/HALL_OF_FAME.md
+++ b/HALL_OF_FAME.md
@@ -3,26 +3,28 @@
## GitHub Contributors
Based on [GitHub](https://github.com/bkimminich/juice-shop) commits on
-`master` as of Wed, 15 Mar 2018
+`master` as of Wed, 05 Dec 2018
-- [m4l1c3](https://github.com/m4l1c3) aka `m4l1c3`
+- [Aashish Singh](https://github.com/Aashish683) aka `Aashish683`
- [Shoeb Patel](https://github.com/CaptainFreak) aka `CaptainFreak`
+- [m4l1c3](https://github.com/m4l1c3) aka `m4l1c3`
- [Josh Grossman](https://github.com/tghosth) aka `tghosth`
- [Madhur Wadhwa](https://github.com/madhurw7) aka `madhurw7`
- [Omer Levi Hevroni](https://github.com/omerlh) aka `omerlh`
-- [Jln Wntr](https://github.com/JlnWntr) aka `JlnWntr`
-- [Aashish Singh](https://github.com/Aashish683) aka `Aashish683`
- [Greg Guthe](https://github.com/g-k) aka `g-k`
+- [Jln Wntr](https://github.com/JlnWntr) aka `JlnWntr`
+- [Simon Basset](https://github.com/simbas) aka `simbas`
+- [Shivam Luthra](https://github.com/shivamluthra) aka `shivamluthra`
+- [Ingo Bente](https://github.com/ingben) aka `ingben`
+- [Yuvraj](https://github.com/evalsocket) aka `evalsocket`
- [Viktor Lindström](https://github.com/ViktorLindstrm) aka
`ViktorLindstrm`
-- [Ingo Bente](https://github.com/ingben) aka `ingben`
- [Aaron Edwards](https://github.com/aaron-m-edwards) aka
`aaron-m-edwards`
-- [Yuvraj](https://github.com/evalsocket) aka `evalsocket`
-- [Gorka Vicente](https://github.com/gorkavicente) aka `gorkavicente`
-- [Dinis Cruz](https://github.com/DinisCruz) aka `DinisCruz`
+- [Jet Anderson](https://github.com/thatsjet) aka `thatsjet`
+- [Zander Mackie](https://github.com/Zandar) aka `Zandar`
+- [Artemiy Knipe](https://github.com/awflwafl) aka `awflwafl`
- [Jason Haley](https://github.com/JasonHaley) aka `JasonHaley`
-- [Simon Basset](https://github.com/simbas) aka `simbas`
- [Ken Friis Larsen](https://github.com/kfl) aka `kfl`
- [Simon De Lang](https://github.com/simondel) aka `simondel`
- [battletux](https://github.com/battletux) aka `battletux`
@@ -38,6 +40,8 @@ Based on [GitHub](https://github.com/bkimminich/juice-shop) commits on
- [Stephen O'Brien](https://github.com/wayofthepie) aka `wayofthepie`
- [Johanna](https://github.com/johanna-a) aka `johanna-a`
- [Alvaro Viebrantz](https://github.com/alvarowolfx) aka `alvarowolfx`
+- [Gorka Vicente](https://github.com/gorkavicente) aka `gorkavicente`
+- [Dinis Cruz](https://github.com/DinisCruz) aka `DinisCruz`
## Translators
@@ -45,9 +49,11 @@ Based on [CrowdIn](https://crowdin.com/project/owasp-juice-shop)
translations and commits to `app/i18n`. Grouped by language as of Fri,
13 Apr 2018 on `develop`.
-- :uae: :tunisia: Oussama Bouthouri
-- :brazil: sergio.kubota, Estevam Arantes
-- :cn: Coink, rToxic
+- :azerbaijan: Shahin Farzaliyev
+- :united_arab_emirates: :tunisia: Oussama Bouthouri
+- :brazil: sergio.kubota, Estevam Arantes, Richardson Lima
+- :bulgaria: Stella Dineva
+- :cn: Coink, rToxic, Forbidden
- :czech_republic: Martin Hartl, stejkenzie
- :denmark: Allan Kimmer Jensen, owangen, Rasmus Bidstrup
- :estonia: bmoritz, janesmae, Egert Aia, spruur, rakzcs
@@ -62,7 +68,8 @@ translations and commits to `app/i18n`. Grouped by language as of Fri,
Febri Ramadlan, Rick Daalhuizen, Syahrol
- :israel: AviD, Omer Levi Hevroni
- :it: vientspam, Claudio Snidero
-- :jp: ninoseki, nilfigo
+- :jp: ninoseki, nilfigo, Riotaro Okada, Michiya Tominaga
+- :kr: sjroh
- :myanmar: thinbashane
- :netherlands: Bart Decker, Daan Sprenkels, Manu B, rachidbm,
vientspam, Wout Huygens, Rick Daalhuizen
@@ -70,11 +77,11 @@ translations and commits to `app/i18n`. Grouped by language as of Fri,
- :poland: Idomin Ninja, Andrew Pio, niemyskaa
- :portugal: Alvaro Viebrantz, Estevam Arantes
- :romania: Mircea Ulmeanu, orjen, timexlord
-- :ru: fieldhill13
+- :ru: fieldhill13, talisainen
- :es: alopezhu, CarlCampbell, Carlos Allendes, Ezequiel Andino,
- mateomartinez, soledad aro, Gorka Vicente
+ mateomartinez, soledad aro, Gorka Vicente, Daniel Paniagua
- :sweden: Anders Lindberg, atteism, cello-anders, Klas Fahlberg,
- landinl, Mattias Persson, Pär Swedberg
+ landinl, Mattias Persson, Pär Swedberg, Tomas Rosenqvist
- :tr: Ender Çulha
## Special Thanks
@@ -84,5 +91,7 @@ translations and commits to `app/i18n`. Grouped by language as of Fri,
[@psiinon](https://github.com/psiinon)
* Revised OWASP Juice Shop and Juice Shop CTF logo artworks by Emily
Gundry (courtesy of [@SecureState](https://github.com/SecureState))
+* Wallpaper artworks by Mike Branscum (courtesy of [@daylightstudio](https://github.com/daylightstudio))
* [Pwning OWASP Juice Shop](https://leanpub.com/juice-shop) cover
artwork by [Patch Kroll](https://99designs.de/profiles/3099878)
+* [Banner](https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop/banners) and [flyer](https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop/flyers) artwork by [logicainfo](https://99designs.de/profiles/logicainfo)
diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md
index c4ff59204a6b770b45dc6403945d6a2c35c0093e..8d29226b130bd321710e844b33e2ebed87d6a57f 100644
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@@ -1,23 +1,21 @@
# Troubleshooting [](https://gitter.im/bkimminich/juice-shop)
-## Node.js / NPM / Bower
+## Node.js / NPM
- After changing to a different Node.js version it is a good idea to
delete `npm_modules` and re-install all dependencies from scratch with
`npm install`
-- If you are experiencing
- [Error 128](https://github.com/bower/bower/issues/50) from some GitHub
- repos during `bower install` execution, run `git config --global
- url."https://".insteadOf git://` and try `npm install` again
-- If during `npm install` the `sqlite3` no binaries can be downloaded
- for your system, the setup falls back to building from source with
- `node-gyp`. Check the
+- If during `npm install` the `sqlite3` or `libxmljs` binaries cannot be
+ downloaded for your system, the setup falls back to building from
+ source with `node-gyp`. Check the
[`node-gyp` installation instructions](https://github.com/nodejs/node-gyp#installation)
for additional tools you might need to install (e.g. Python 2.7, GCC,
Visual C++ Build Tools etc.)
-- If `npm install` fails on Ubuntu (e.g. while installing PhantomJS) you
- might have to install a recent version of Node.js and try again.
-- If `npm install` runs into a `Unexpected end of JSON input` error you might need to clean your NPM cache with `npm cache clean --force` and then try again
+- If `npm install` fails on Ubuntu you might have to install a recent
+ version of Node.js and try again.
+- If `npm install` runs into a `Unexpected end of JSON input` error you
+ might need to clean your NPM cache with `npm cache clean --force` and
+ then try again
## Docker
@@ -38,14 +36,13 @@
OAuth related challenge!** If you want to manually make the OAuth
integration work to get the full user experience, follow these steps:
1. Add your server URL to variable `authorizedRedirectURIs` in
- `/app/js/controllers/LoginController.js` using your URL for both
- the property name and value.
- 2. Setup OAuth in Google
+ `/frontend/src/app/login/login.component.ts` using your URL for
+ both the property name and value.
+ 2. Setup your own OAuth binding in Google
https://console.developers.google.com/apis/library by clicking
_Credentials_ and afterwards _Create credentials_.
- 3. Update the `clientId` variable in
- `/app/js/controllers/LoginController.js` to use your new OAuth
- client id from Google.
+ 3. Update the `clientId` variable in `login.component.ts` to use your
+ new OAuth client id from Google.
4. Re-deploy your server. You will now have the option to login with
Google on the login page.
@@ -57,6 +54,6 @@
## Miscellaneous
- You may find it easier to find vulnerabilities using a pen test tool.
- I strongly recommend
+ We strongly recommend
[Zed Attack Proxy](https://code.google.com/p/zaproxy/) which is open
source and very powerful, yet beginner friendly.
diff --git a/config/7ms.yml b/config/7ms.yml
index 3b5823fd44ac09fc874377c5e6df69c8df3cb757..38960a2288fd7b299d4312faf11e668ef8e8d24b 100644
--- a/config/7ms.yml
+++ b/config/7ms.yml
@@ -8,6 +8,7 @@ application:
twitterUrl: 'https://twitter.com/7MinSec'
facebookUrl: null
slackUrl: 'https://7ms.us/slack'
+ pressKitUrl: null
planetOverlayMap: 'https://static1.squarespace.com/static/59505bc2414fb538a0532c76/t/599e266aebbd1a759716569b/1503536748248/logo+2.png'
planetName: 'Mad Billy-7'
recyclePage:
diff --git a/config/bodgeit.yml b/config/bodgeit.yml
index 5515c40a7163fd0bc6a2e86622046fe892985459..b235a49608b9037ceac8caffda36245e351383be 100644
--- a/config/bodgeit.yml
+++ b/config/bodgeit.yml
@@ -8,6 +8,7 @@ application:
twitterUrl: null
facebookUrl: null
slackUrl: null
+ pressKitUrl: null
planetOverlayMap: 'http://www.userlogos.org/files/logos/inductiveload/Google%20Code.png'
planetName: Bodgiton VI
recyclePage:
diff --git a/config/default.yml b/config/default.yml
index 076296bf343b4c3c9c2b649112a399395e156929..022d45b3a3501ec6e2fe77d04c973044b94eaee3 100644
--- a/config/default.yml
+++ b/config/default.yml
@@ -4,7 +4,7 @@ application:
domain: juice-sh.op
name: 'OWASP Juice Shop'
logo: JuiceShop_Logo.png
- favicon: favicon_v2.ico
+ favicon: favicon_js.ico
numberOfRandomFakeUsers: 0
showChallengeSolvedNotifications: true
showChallengeHints: true
@@ -14,6 +14,7 @@ application:
twitterUrl: 'https://twitter.com/owasp_juiceshop'
facebookUrl: 'https://www.facebook.com/owasp.juiceshop'
slackUrl: 'http://owaspslack.com'
+ pressKitUrl: 'https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop'
planetOverlayMap: orangemap2k.jpg
planetName: Orangeuze
recyclePage:
diff --git a/config/fbctf.yml b/config/fbctf.yml
index 848dec6c213868267ec00191bb21b7ecd5394e53..cf0b820d7d761d3129d19d1fafba9d0959280bc8 100644
--- a/config/fbctf.yml
+++ b/config/fbctf.yml
@@ -227,4 +227,6 @@ ctf:
loginAmyChallenge:
name: Andorra
code: AD
-
+ resetPasswordBjoernOwaspChallenge:
+ name: Kazakhstan
+ code: KZ
diff --git a/config/mozilla.yml b/config/mozilla.yml
index 6b192865454bae7608b461fe9fb56930ed612b75..361c5e0f09c272f70c13ec4699aa43da288e908f 100644
--- a/config/mozilla.yml
+++ b/config/mozilla.yml
@@ -10,6 +10,7 @@ application:
twitterUrl: 'https://twitter.com/mozcloudsec'
facebookUrl: null
slackUrl: null
+ pressKitUrl: 'https://blog.mozilla.org/press/kits'
recyclePage:
topProductimage: Gear-200155340.jpg
bottomProductimage: Gear-200155753.jpg
diff --git a/config/sickshop.yml b/config/sickshop.yml
index ea72b2540bab662c6da16b49af6a8e46fa2cc49f..237f56d61ee5ce46721483f49ad464ac2dfab4a3 100644
--- a/config/sickshop.yml
+++ b/config/sickshop.yml
@@ -9,6 +9,7 @@ application:
twitterUrl: null
facebookUrl: null
slackUrl: null
+ pressKitUrl: null
recyclePage:
topProductImage: david-benjamin-Hammer.png
bottomProductImage: Headache.png
diff --git a/data/datacreator.js b/data/datacreator.js
index d305ce915e4e29708b29186afcd0570f21bbd9cd..ad87cfdb9e616fd959a0609bc21482d673a8ea72 100644
--- a/data/datacreator.js
+++ b/data/datacreator.js
@@ -74,13 +74,14 @@ async function createUsers () {
const users = await loadStaticData('users')
await Promise.all(
- users.map(async ({ email, password, customDomain, key, isAdmin }) => {
+ users.map(async ({ email, password, customDomain, key, isAdmin, profileImage }) => {
try {
const completeEmail = customDomain ? email : `${email}@${config.get('application.domain')}`
const user = await models.User.create({
email: completeEmail,
password,
- isAdmin
+ isAdmin,
+ profileImage: profileImage || 'default.svg'
})
datacache.users[key] = user
} catch (err) {
@@ -346,10 +347,6 @@ function createSecurityAnswers () {
SecurityQuestionId: 10,
UserId: 3,
answer: 'Stop\'n\'Drop' // http://futurama.wikia.com/wiki/Suicide_booth
- }, {
- SecurityQuestionId: 9,
- UserId: 4,
- answer: 'West-2082' // http://www.alte-postleitzahlen.de/uetersen
}, {
SecurityQuestionId: 7,
UserId: 5,
@@ -378,6 +375,14 @@ function createSecurityAnswers () {
SecurityQuestionId: 8,
UserId: 11,
answer: 'Dr. Dr. Dr. Dr. Zoidberg'
+ }, {
+ SecurityQuestionId: 9,
+ UserId: 12,
+ answer: 'West-2082' // http://www.alte-postleitzahlen.de/uetersen
+ }, {
+ SecurityQuestionId: 7,
+ UserId: 13,
+ answer: 'Zaya'
}]
return Promise.all(
diff --git a/data/static/challenges.yml b/data/static/challenges.yml
index e69d6395a6ae1b91f7f41dfd4f536bef42bcfa59..d608a9bca6e63498af5c9493b0af74f82bb9fb70 100644
--- a/data/static/challenges.yml
+++ b/data/static/challenges.yml
@@ -257,10 +257,10 @@
-
name: 'Login Bjoern'
category: 'Broken Authentication'
- description: 'Log in with Bjoern''s user account <i>without</i> previously changing his password, applying SQL Injection, or hacking his Google account.'
+ description: 'Log in with Bjoern''s Gmail account <i>without</i> previously changing his password, applying SQL Injection, or hacking his Google account.'
difficulty: 4
hint: 'The security flaw behind this challenge is 100% Juice Shop''s fault and 0% Google''s.'
- hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#log-in-with-bjoerns-user-account'
+ hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#log-in-with-bjoerns-gmail-account'
key: oauthUserPasswordChallenge
-
name: 'Login CISO'
@@ -319,12 +319,12 @@
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/security-misconfiguration.html#reset-mortys-password-via-the-forgot-password-mechanism'
key: resetPasswordMortyChallenge
-
- name: 'Reset Bjoern''s Password'
+ name: 'Reset Bjoern''s Password Tier 2'
category: 'Broken Authentication'
- description: 'Reset Bjoern''s password via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
+ description: 'Reset the password of Bjoern''s internal account via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
difficulty: 5
hint: 'Nothing a little bit of Facebook stalking couldn''t reveal. Might involve a historical twist.'
- hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-bjoerns-password-via-the-forgot-password-mechanism'
+ hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-the-password-of-bjoerns-internal-account-via-the-forgot-password-mechanism'
key: resetPasswordBjoernChallenge
-
name: 'NoSQL Injection Tier 1'
@@ -591,3 +591,11 @@
hint: 'This challenge will make you go after a needle in a haystack.'
hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/sensitive-data-exposure.html#log-in-with-amys-original-user-credentials'
key: loginAmyChallenge
+-
+ name: 'Reset Bjoern''s Password Tier 1'
+ category: 'Broken Authentication'
+ description: 'Reset the password of Bjoern''s OWASP account via the <a href="/#/forgot-password">Forgot Password</a> mechanism with <i>the original answer</i> to his security question.'
+ difficulty: 3
+ hint: 'He might have spoilered it on at least one occasion where a camera was running. Maybe elsewhere as well.'
+ hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#reset-the-password-of-bjoerns-owasp-account-via-the-forgot-password-mechanism'
+ key: resetPasswordBjoernOwaspChallenge
diff --git a/data/static/users.yml b/data/static/users.yml
index 1fde68f476d2bc801f13365ed2a0ebaf96f7a071..237da2be348e92fb8f52f9b646b83974752824f0 100644
--- a/data/static/users.yml
+++ b/data/static/users.yml
@@ -17,7 +17,7 @@
email: bjoern.kimminich@googlemail.com
password: 'bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg=='
customDomain: true
- key: bjoern
+ key: bjoernGoogle
isAdmin: true
-
email: ciso
@@ -54,4 +54,15 @@
password: 'K1f.....................'
key: amy
isAdmin: false
-
\ No newline at end of file
+-
+ email: bjoern
+ password: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase'
+ key: bjoern
+ isAdmin: true
+-
+ email: bjoern.kimminich@owasp.org
+ password: 'kitten lesser pooch karate buffoon indoors'
+ customDomain: true
+ key: bjoernOwasp
+ isAdmin: true
+ profileImage: '13.jpg'
diff --git a/frontend/package.json b/frontend/package.json
index 04628706c02da8c9e6f6eecad14d22aab576fcd4..bc8ca8401ab33ff0e740826cbd35dd63379f91ca 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
{
"name": "frontend",
- "version": "8.1.1",
+ "version": "8.2.0",
"scripts": {
"ng": "ng",
"start": "ng serve",
diff --git a/frontend/src/app/about/about.component.html b/frontend/src/app/about/about.component.html
index 616084656f9fb76cf07f7b18b99ca1895220c71f..8f8a5191e92ae3b5c94179ea2b08e2d2881dd6c1 100644
--- a/frontend/src/app/about/about.component.html
+++ b/frontend/src/app/about/about.component.html
@@ -33,6 +33,7 @@
<a *ngIf="twitterUrl" [href]="twitterUrl" target="_blank" rel="noopener noreferrer"><button mat-raised-button color="accent"><i class="fab fa-twitter fa-lg"></i> Twitter</button></a>
<a *ngIf="facebookUrl" [href]="facebookUrl" target="_blank" rel="noopener noreferrer"><button mat-raised-button color="accent"><i class="fab fa-facebook fa-lg"></i> Facebook</button></a>
<a *ngIf="slackUrl" [href]="slackUrl" target="_blank" rel="noopener noreferrer"><button mat-raised-button color="accent"><i class="fab fa-slack fa-lg"></i> Slack</button></a>
+ <a *ngIf="pressKitUrl" [href]="pressKitUrl" target="_blank" rel="noopener noreferrer"><button mat-raised-button color="accent"><i class="far fa-newspaper fa-lg"></i> Press Kit</button></a>
</div>
</div>
diff --git a/frontend/src/app/about/about.component.ts b/frontend/src/app/about/about.component.ts
index a9c5262d8fac3f82503a988caeda530133a22924..98b037c42b601fb3816f76fa7eb12151acbfe3f7 100644
--- a/frontend/src/app/about/about.component.ts
+++ b/frontend/src/app/about/about.component.ts
@@ -5,8 +5,9 @@ import { FeedbackService } from '../Services/feedback.service'
import { IImage } from 'ng-simple-slideshow'
import { library, dom } from '@fortawesome/fontawesome-svg-core'
import { faFacebook, faTwitter, faSlack } from '@fortawesome/free-brands-svg-icons'
+import { faNewspaper } from '@fortawesome/free-regular-svg-icons'
-library.add(faFacebook, faTwitter, faSlack)
+library.add(faFacebook, faTwitter, faSlack, faNewspaper)
dom.watch()
@Component({
@@ -19,6 +20,7 @@ export class AboutComponent implements OnInit {
public twitterUrl = null
public facebookUrl = null
public slackUrl = null
+ public pressKitUrl = null
public slideshowDataSource: IImage[] = []
private images = [
@@ -46,6 +48,9 @@ export class AboutComponent implements OnInit {
if (config.application.slackUrl !== null) {
this.slackUrl = config.application.slackUrl
}
+ if (config.application.pressKitUrl !== null) {
+ this.pressKitUrl = config.application.pressKitUrl
+ }
}
},(err) => console.log(err))
}
diff --git a/frontend/src/app/navbar/languages.ts b/frontend/src/app/navbar/languages.ts
index e1163fc18cf6a4bb846344b767012b50f25d1d47..9f6aa3862ce6e26cf2f05595ee82477d1385f687 100644
--- a/frontend/src/app/navbar/languages.ts
+++ b/frontend/src/app/navbar/languages.ts
@@ -2,6 +2,7 @@ export const languages = [
{ key: 'en', icons: [ 'gb', 'us' ], lang: 'English' },
{ key: 'ar_SA', icons: [ 'ae', 'tn' ], lang: 'عربى' },
{ key: 'az_AZ', icons: [ 'az' ], lang: 'Azərbaycanca', isFlask: true },
+ { key: 'bg_BG', icons: [ 'bg' ], lang: 'български (език)' },
{ key: 'cs_CZ', icons: [ 'cz' ], lang: 'Česky', isFlask: true },
{ key: 'da_DK', icons: [ 'dk' ], lang: 'Dansk', isFlask: true },
{ key: 'de_DE', icons: [ 'de' ], lang: 'Deutsch' },
@@ -17,6 +18,7 @@ export const languages = [
{ key: 'id_ID', icons: [ 'id' ], lang: 'Bahasa Indonesia' },
{ key: 'it_IT', icons: [ 'it' ], lang: 'Italiano' },
{ key: 'ja_JP', icons: [ 'jp' ], lang: '日本の', isFlask: true },
+ { key: 'ko_KR', icons: [ 'kr' ], lang: '영어' },
{ key: 'lt_LT', icons: [ 'lt' ], lang: 'Lietuviešu', isFlask: true },
{ key: 'lv_LV', icons: [ 'lv' ], lang: 'Latvijas', isFlask: true },
{ key: 'my_MM', icons: [ 'mm' ], lang: 'ျမန္မာ', isFlask: true },
diff --git a/frontend/src/assets/i18n/bg_BG.json b/frontend/src/assets/i18n/bg_BG.json
new file mode 100644
index 0000000000000000000000000000000000000000..3db3b391429929a7e62c889a8183b3574c65998e
--- /dev/null
+++ b/frontend/src/assets/i18n/bg_BG.json
@@ -0,0 +1,161 @@
+{
+ "LANGUAGE": "Aнглийски",
+ "NAV_SEARCH": "Търсене",
+ "SEARCH_PLACEHOLDER": "Търсене...",
+ "NAV_COMPLAIN": "Оплакване?",
+ "TITLE_LOGIN": "Вход",
+ "MANDATORY_EMAIL": "Моля, попълнете валиден е-мейл адрес.",
+ "MANDATORY_PASSWORD": "Моля, въведете парола.",
+ "LABEL_EMAIL": "И-мейл",
+ "LABEL_PASSWORD": "Парола",
+ "BTN_LOGIN": "Вход",
+ "BTN_GOOGLE_LOGIN": "Вписване с Google",
+ "REMEMBER_ME": "Запомни ме",
+ "NO_CUSTOMER": "Все още не сте клиент?",
+ "TITLE_REGISTRATION": "Регистрация",
+ "INVALID_EMAIL": "Предоставеният и-мейл адрес е невалиден.",
+ "MANDATORY_PASSWORD_REPEAT": "Моля, повторете вашата парола.",
+ "INVALID_PASSWORD_LENGTH": "Паролата трябва да бъде поне {{length}} символа.",
+ "LABEL_PASSWORD_REPEAT": "Повторете паролата",
+ "BTN_REGISTER": "Регистрация",
+ "TITLE_LOGOUT": "Изход",
+ "CONFIRM_LOGGED_OUT": "Излязохте от системата.",
+ "TITLE_CONTACT": "Свържете се с нас",
+ "MANDATORY_COMMENT": "Моля, въведете име коментар.",
+ "INVALID_COMMENT_LENGTH": "Коментарът трябва да бъде поне {{length}} знака.",
+ "MANDATORY_RATING": "Моля, въведете оценка.",
+ "MANDATORY_CAPTCHA": "Моля, въведете CAPTCHA, за да докажете, че сте човек.",
+ "LABEL_AUTHOR": "Автор",
+ "LABEL_COMMENT": "Коментар",
+ "LABEL_RATING": "Оценка",
+ "LABEL_CAPTCHA": "Какво",
+ "BTN_SUBMIT": "Въведи",
+ "TITLE_ABOUT": "За нас",
+ "SECTION_CORPORATE_HISTORY": "Корпоративна история & политика",
+ "SECTION_CUSTOMER_FEEDBACK": "Обратна връзка",
+ "SECTION_SOCIAL_MEDIA": "Следвайте ни в социалните мрежи",
+ "LINK_TERMS_OF_USE": "Вижте нашите скучни условия за ползване, ако се интересувате от такива тъпотии.",
+ "TITLE_ADMINISTRATION": "Администрация",
+ "SECTION_USER": "Регистрирани потребители",
+ "LABEL_USER": "Потребител",
+ "LABEL_CREATED_AT": "Създаден в",
+ "LABEL_UPDATED_AT": "Обновен в",
+ "BTN_CLOSE": "Затваряне",
+ "TITLE_SEARCH_RESULTS": "Резултати от търсенето",
+ "TITLE_ALL_PRODUCTS": "Вижте всички продукти",
+ "BASKET_ADD_SAME_PRODUCT": "Добавихте още един {{product}} в кошницата.",
+ "BASKET_ADD_PRODUCT": "Добавете {{product}} в кошницата.",
+ "LABEL_PRODUCT": "Продукт",
+ "LABEL_PRODUCT_ORDERED": "Поръчани продукти",
+ "LABEL_EXPECTED_DELIVERY": "Очаквана дата на доставка",
+ "LABEL_DAYS": "Дни",
+ "LABEL_NAME": "Име",
+ "LABEL_DESCRIPTION": "Описание",
+ "LABEL_PRICE": "Цена",
+ "LABEL_IMAGE": "Изображение",
+ "TITLE_BASKET": "Вашата кошница",
+ "LABEL_QUANTITY": "Количество",
+ "LABEL_TOTAL_PRICE": "Крайна цена",
+ "BTN_CHECKOUT": "Поръчай",
+ "BTN_CREDIT_CARD": "Кредитна карта",
+ "INVALID_COUPON_LENGTH": "Кодът на ваучера трябва да бъде най-малко {{length}} знака.",
+ "LABEL_COUPON": "Ваучер",
+ "FOLLOW_FOR_MONTHLY_COUPONS": "Искате ли ваучер? Следвайте ни на <a href='{{twitter}}' target='_blank'>Twitter</a> или <a href='{{facebook}}' target='_blank'>Facebook</a> за месечни купони и други спам!",
+ "BTN_REDEEM": "Използване",
+ "THANKS_FOR_SUPPORT": "Благодаря ви за подкрепа на {{juiceshop}}!",
+ "THANKS_FOR_SUPPORT_CUSTOMIZED": "Благодаря ви за подкрепата на open source project зад {{appname}}!",
+ "LABEL_PAYMENT": "Плащане",
+ "LABEL_MERCHANDISE": "Стоки",
+ "OFFICIAL_MERCHANDISE_STORES": "Официален магазини за {{juiceshop}} облекло, чаши и стикери!",
+ "OFFICIAL_MERCHANDISE_STORES_CUSTOMIZED": "Официален магазини за облекло, чаши и стикери на open source project зад {{appname}}!",
+ "DISCOUNT_APPLIED": "Вашата отстъпка от {{discount}}% ще бъде приложена по време на плащането.",
+ "TITLE_CHANGE_PASSWORD": "Промяна на паролата",
+ "MANDATORY_CURRENT_PASSWORD": "Моля въведете Вашата текуща парола.",
+ "MANDATORY_NEW_PASSWORD": "Моля въведете Вашата нова парола.",
+ "LABEL_CURRENT_PASSWORD": "Текуща парола",
+ "LABEL_NEW_PASSWORD": "Нова парола",
+ "LABEL_REPEAT_NEW_PASSWORD": "Повторете новата парола",
+ "BTN_CHANGE": "Промяна",
+ "TITLE_COMPLAIN": "Подаване на оплакване",
+ "MANDATORY_MESSAGE": "Моля, въведете текст.",
+ "INVALID_MESSAGE_LENGTH": "Коментарът трябва да бъде поне {{length}} знака.",
+ "INVALID_FILE_SIZE": "Файлът е твърде голям. Максимум {{size}} позволено.",
+ "INVALID_FILE_TYPE": "Забранен тип файл. Само {{type}} са позволени.",
+ "LABEL_CUSTOMER": "Клиент",
+ "LABEL_MESSAGE": "Съобщение",
+ "LABEL_INVOICE": "Фактура",
+ "TITLE_SCORE_BOARD": "Резултати",
+ "LABEL_DIFFICULTY": "Трудност",
+ "LABEL_1_STAR_DIFFICULTY": "Тривиално",
+ "LABEL_2_STAR_DIFFICULTY": "Лесно",
+ "LABEL_3_STAR_DIFFICULTY": "Средно",
+ "LABEL_4_STAR_DIFFICULTY": "Трудно",
+ "LABEL_5_STAR_DIFFICULTY": "Ужасно трудно",
+ "LABEL_6_STAR_DIFFICULTY": "Дяволски трудно",
+ "LABEL_CHALLENGES": "Предизвикателства",
+ "LABEL_STATUS": "Състояние",
+ "STATUS_UNSOLVED": "Нерешени",
+ "STATUS_SOLVED": "Решени",
+ "STATUS_UNAVAILABLE": "недостъпно",
+ "CALL_FOR_CONTRIBUTIONS": "Имате идея за ново предизвикателство? Намерили сте уязвимост, която не е посочена тук? Уведомете ни чрез <a href='http://gitter.im/bkimminich/juice-shop'><i class='fab fa-gitter'></i>Gitter.im</a> community чат или чрез отваряне на <a href='https://github.com/bkimminich/juice-shop/issues'><i class='fab fa-github'></i>GitHub</a> уязвимост!",
+ "CHALLENGE_SOLVED": "Успешно решихте предизвикателство: {{challenge}}",
+ "INVALID_CONTINUE_CODE": "Невалиден код.",
+ "CONFIRM_LOGGED_IN_VIA_OAUTH2": "Влезнахте чрез OAuth 2.0 доставчик.",
+ "HOME_LINK_MESSAGE": "Ако не сте автоматично пренасочени, моля натиснете тук: {{home}}",
+ "TITLE_BITCOIN_ADDRESS": "Биткойн адрес",
+ "TITLE_DASH_ADDRESS": "Dash адрес",
+ "TITLE_ETHER_ADDRESS": "Етер адрес",
+ "NOTIFICATION_RESEND_INSTRUCTIONS": "Натиснете, за да повторите нотификацията, съдържаща кода на решение за това предизвикателство.",
+ "COPY_TO_CLIPBOARD": "Копирай в клипборда",
+ "COPY_SUCCESS": "Копирано!",
+ "NAV_RECYCLE": "Кошче",
+ "TITLE_RECYCLE": "Извикай кошче",
+ "LABEL_REQUESTOR": "Заявител",
+ "LABEL_RECYCLE_QUANTITY": "Количество",
+ "LABEL_DELIVERY_ADDRESS": "Адрес за доставка",
+ "LABEL_PICKUP_ADDRESS": "Адрес за взимане",
+ "INVALID_ADDRESS_LENGTH": "Адресът трябва да бъде поне {{length}} знака.",
+ "INVALID_QUANTITY": "Количеството трябва да бъде {{range}} литра.",
+ "MANDATORY_ADDRESS": "Моля, попълнете адрес.",
+ "MANDATORY_QUANTITY": "Моля, въведете количество.",
+ "IN_LITERS_PLACEHOLDER": "... в литри",
+ "REQUEST_PICKUP": "Моля получете на адреса по-горе вместо изпращане на кошче.",
+ "LABEL_PICKUP_DATE": "Дата на взимане",
+ "SECTION_RECYCLING": "Заявки за рециклиране",
+ "LABEL_ADDRESS": "Адрес",
+ "SECTION_PRESS_JUICE_RESPONSIBLY": "Вие спасявате дървета. Ние спестяваме пари. Всички печелим!",
+ "LABEL_SECURITY_QUESTION": "Таен въпрос",
+ "CANNOT_BE_CHANGED_LATER": "Не може да бъде променен по-късно!",
+ "MANDATORY_SECURITY_QUESTION": "Моля, изберете таен въпрос.",
+ "MANDATORY_SECURITY_ANSWER": "Моля, отговорете на тайния въпрос.",
+ "FORGOT_PASSWORD": "Забравили сте паролата си?",
+ "TITLE_FORGOT_PASSWORD": "Забравена парола",
+ "NOTIFICATION_SERVER_STARTED": "Сървърът е рестартиран",
+ "AUTO_RESTORED_PROGRESS": "Вашият hacking прогрес е възстановен автоматично.",
+ "AUTO_RESTORE_PROGRESS_FAILED": "Възстановяването на вашият hacking прогрес се провали: {{error}}",
+ "RESET_HACKING_PROGRESS": "Изтриете бисквитките да изчистите текущият hacking прогрес",
+ "RESTART_REQUIRED": "Трябва да ръчно да рестартирате приложението да започнете отначало!",
+ "LABEL_EDIT_REVIEW": "Редактиране на отзив",
+ "LABEL_REVIEW": "Отзив",
+ "LABEL_REVIEWS": "Отзиви",
+ "LABEL_ADD_REVIEW_FOR_PRODUCT": "Добавяне на отзив за този продукт",
+ "LABEL_NO_REVIEWS": "В момента няма потребителски итзиви",
+ "TITLE_TOKENSALE": "Разпродажба на token",
+ "SECTION_ICO": "Първоначалното монетно предлагане за <strong><i class='fab fa-bitcoin'></i> {{juicycoin}}</strong>",
+ "ICO_FAQ": "Често задавани въпроси за нашите ICO",
+ "SECTION_WHITEPAPER": "Whitepaper",
+ "WHITEPAPER_REFERENCES": "Вместо да преоткривме квадратни монети ние ви насочваме към съществуващите брилянтни Whitepapers!",
+ "SECTION_SALES_PITCH": "Убедително ICO търговско представяне",
+ "GIVE_US_ALL_YOUR_MONEY": "Дайте ни всичките си пари!",
+ "ICO_FAQ_QUESTION": "Мога ли наистина да забогатея с <strong><i class='fab fa-bitcoin'></i> {{juicycoin}}</strong>?",
+ "ICO_FAQ_ANSWER": "Ама разбира се, че може! Ние никога не бихме ви излъгали!",
+ "TITLE_TRACK_ORDERS": "Проследяване на поръчка.",
+ "LABEL_ORDER_ID": "Номер на поръчката",
+ "BTN_TRACK": "Проследяване",
+ "LAST_LOGIN_IP": "IP адрес на последното влизане",
+ "BTN_EDIT": "Редакция",
+ "INVALID_DATE": "Моля, изберете валидна дата.",
+ "SECURITY_ANSWER_PLACEHOLDER": "Отговор на тайния въпрос",
+ "MANDATORY_ORDER_ID": "Моля, попълнете номер на поръчката.",
+ "BTN_SHOW_SOLVED": "Покажи решените"
+}
\ No newline at end of file
diff --git a/frontend/src/assets/i18n/ko_KR.json b/frontend/src/assets/i18n/ko_KR.json
new file mode 100644
index 0000000000000000000000000000000000000000..84cf569c37f3245ff3f155dcb111ee448ebf337c
--- /dev/null
+++ b/frontend/src/assets/i18n/ko_KR.json
@@ -0,0 +1,161 @@
+{
+ "LANGUAGE": "영어",
+ "NAV_SEARCH": "검색",
+ "SEARCH_PLACEHOLDER": "검색...",
+ "NAV_COMPLAIN": "문제 제기",
+ "TITLE_LOGIN": "로그인",
+ "MANDATORY_EMAIL": "이메일 주소를 입력하세요.",
+ "MANDATORY_PASSWORD": "비밀번호를 입력하세요.",
+ "LABEL_EMAIL": "이메일",
+ "LABEL_PASSWORD": "비밀 번호",
+ "BTN_LOGIN": "로그인",
+ "BTN_GOOGLE_LOGIN": "Google 계정으로 로그인",
+ "REMEMBER_ME": "아이디/암호 저장",
+ "NO_CUSTOMER": "아직 고객이 아니십니까?",
+ "TITLE_REGISTRATION": "사용자 등록",
+ "INVALID_EMAIL": "이메일 주소가 유효하지 않습니다.",
+ "MANDATORY_PASSWORD_REPEAT": "비밀번호를 다시 입력하세요.",
+ "INVALID_PASSWORD_LENGTH": "비밀번호는 반드시 {{length}} 자 이상이어야 합니다.",
+ "LABEL_PASSWORD_REPEAT": "비밀번호 재확인",
+ "BTN_REGISTER": "등록하기",
+ "TITLE_LOGOUT": "로그아웃",
+ "CONFIRM_LOGGED_OUT": "로그아웃 되었습니다.",
+ "TITLE_CONTACT": "문의하기",
+ "MANDATORY_COMMENT": "댓글을 입력하세요.",
+ "INVALID_COMMENT_LENGTH": "댓글 길이는 {{length}} 자 이어야 합니다.",
+ "MANDATORY_RATING": "평점을 입력하세요.",
+ "MANDATORY_CAPTCHA": "진짜 사용자임을 증명하기 위하여 CAPTCHA를 풀어주세요.",
+ "LABEL_AUTHOR": "제작자",
+ "LABEL_COMMENT": "댓글",
+ "LABEL_RATING": "평점",
+ "LABEL_CAPTCHA": "정답은",
+ "BTN_SUBMIT": "확인",
+ "TITLE_ABOUT": "회사 소개",
+ "SECTION_CORPORATE_HISTORY": "기업 연혁 & 정책",
+ "SECTION_CUSTOMER_FEEDBACK": "고객의 소리",
+ "SECTION_SOCIAL_MEDIA": "SNS를 통해 팔로우해주세요",
+ "LINK_TERMS_OF_USE": "만약 지루한 것에 관심이 있다면, 우리의 따분한 이용약관을 확인해보세요.",
+ "TITLE_ADMINISTRATION": "관리",
+ "SECTION_USER": "등록된 사용자",
+ "LABEL_USER": "사용자",
+ "LABEL_CREATED_AT": "생성 일자",
+ "LABEL_UPDATED_AT": "변경 일자",
+ "BTN_CLOSE": "닫기",
+ "TITLE_SEARCH_RESULTS": "검색 결과",
+ "TITLE_ALL_PRODUCTS": "모든 제품",
+ "BASKET_ADD_SAME_PRODUCT": "장바구니에 {{product}}이/가 또 추가되었습니다.",
+ "BASKET_ADD_PRODUCT": "장바구니에 {{Product}}을/를 추가하였습니다.",
+ "LABEL_PRODUCT": "제품",
+ "LABEL_PRODUCT_ORDERED": "주문한 제품",
+ "LABEL_EXPECTED_DELIVERY": "배송 예정 일자",
+ "LABEL_DAYS": "일",
+ "LABEL_NAME": "이름",
+ "LABEL_DESCRIPTION": "설명",
+ "LABEL_PRICE": "가격",
+ "LABEL_IMAGE": "사진",
+ "TITLE_BASKET": "장바구니",
+ "LABEL_QUANTITY": "수량",
+ "LABEL_TOTAL_PRICE": "총 판매 가격",
+ "BTN_CHECKOUT": "주문하기",
+ "BTN_CREDIT_CARD": "신용카드",
+ "INVALID_COUPON_LENGTH": "쿠폰 코드는 반드시 {{length}}자 이어야 합니다.",
+ "LABEL_COUPON": "쿠폰",
+ "FOLLOW_FOR_MONTHLY_COUPONS": "쿠폰 코드가 필요하신가요? 월간 쿠폰과 다른 스팸 메일들을 위해서 <a href='{{twitter}}' target='_blank'>Twitter</a>나 <a href='{{facebook}}' target='_blank'>Facebook</a>에서 팔로우 해주세요.",
+ "BTN_REDEEM": "교환하기",
+ "THANKS_FOR_SUPPORT": "{{juiceshop}} 지원해주셔서 감사합니다!",
+ "THANKS_FOR_SUPPORT_CUSTOMIZED": "{{appname}}와/과 함께하는 오픈소스 프로젝트를 지원해주셔서 감사합니다!",
+ "LABEL_PAYMENT": "결제",
+ "LABEL_MERCHANDISE": "제품",
+ "OFFICIAL_MERCHANDISE_STORES": "{{juiceshop}} 옷, 머그잔 그리고 스티커를 공식 스토어에서 만나보세요!",
+ "OFFICIAL_MERCHANDISE_STORES_CUSTOMIZED": "{{appname}}와/과 함께하는 오픈소스 프로젝트의 옷, 머그잔 그리고 스티커를 공식 스토어에서 만나보세요!",
+ "DISCOUNT_APPLIED": "결제시 {{discount}}%의 할인률이 적용됩니다.",
+ "TITLE_CHANGE_PASSWORD": "비밀번호 변경",
+ "MANDATORY_CURRENT_PASSWORD": "현재 비밀번호를 입력하세요.",
+ "MANDATORY_NEW_PASSWORD": "새 비밀번호를 입력하세요.",
+ "LABEL_CURRENT_PASSWORD": "현재 비밀번호",
+ "LABEL_NEW_PASSWORD": "새 비밀번호",
+ "LABEL_REPEAT_NEW_PASSWORD": "새 비밀번호 재확인",
+ "BTN_CHANGE": "변경",
+ "TITLE_COMPLAIN": "문제 제기",
+ "MANDATORY_MESSAGE": "텍스트를 입력하세요.",
+ "INVALID_MESSAGE_LENGTH": "텍스트 길이는 반드시 {{length}}자 이어야 합니다.",
+ "INVALID_FILE_SIZE": "파일이 너무 큽니다. 최대 {{size}}까지 가능합니다.",
+ "INVALID_FILE_TYPE": "금지된 파일 형식입니다. 반드시 {{type}} 형식 이어야 합니다.",
+ "LABEL_CUSTOMER": "고객",
+ "LABEL_MESSAGE": "메세지",
+ "LABEL_INVOICE": "청구서",
+ "TITLE_SCORE_BOARD": "점수판",
+ "LABEL_DIFFICULTY": "난이도",
+ "LABEL_1_STAR_DIFFICULTY": "매우 쉬움",
+ "LABEL_2_STAR_DIFFICULTY": "쉬움",
+ "LABEL_3_STAR_DIFFICULTY": "보통",
+ "LABEL_4_STAR_DIFFICULTY": "어려움",
+ "LABEL_5_STAR_DIFFICULTY": "매우 어려움",
+ "LABEL_6_STAR_DIFFICULTY": "머리 터짐",
+ "LABEL_CHALLENGES": "도전 과제",
+ "LABEL_STATUS": "상태",
+ "STATUS_UNSOLVED": "미해결",
+ "STATUS_SOLVED": "해결",
+ "STATUS_UNAVAILABLE": "사용 불가",
+ "CALL_FOR_CONTRIBUTIONS": "새로운 도전 과제 아이디어가 있으신가요? 여기에 등록되지 않은 취약점을 찾으셨나요? <a href='http://gitter.im/bkimminich/juice-shop'><i class='fab fa-gitter'></i>Gitter.im</a> 커뮤니티 채팅이나 <a href='https://github.com/bkimminich/juice-shop/issues'><i class='fab fa-github'></i>GitHub</a>에 티켓을 만들어주세요!",
+ "CHALLENGE_SOLVED": "성공적으로 도전과제를 풀었습니다: {{challenge}}",
+ "INVALID_CONTINUE_CODE": "잘못된 코드입니다.",
+ "CONFIRM_LOGGED_IN_VIA_OAUTH2": "OAuth 2.0를 통해 로그인 되었습니다.",
+ "HOME_LINK_MESSAGE": "자동으로 이동하지 않을시, 링크를 클릭해주세요: {{home}}",
+ "TITLE_BITCOIN_ADDRESS": "Bitcoin 주소",
+ "TITLE_DASH_ADDRESS": "Dash 주소",
+ "TITLE_ETHER_ADDRESS": "이더리움 주소",
+ "NOTIFICATION_RESEND_INSTRUCTIONS": "이 도전과제의 정답 코드가 담긴 알림이 반복되길 원하시면 클릭하세요.",
+ "COPY_TO_CLIPBOARD": "클립보드에 복사",
+ "COPY_SUCCESS": "복사 완료!",
+ "NAV_RECYCLE": "재활용",
+ "TITLE_RECYCLE": "재활용 신청",
+ "LABEL_REQUESTOR": "요청자",
+ "LABEL_RECYCLE_QUANTITY": "수량",
+ "LABEL_DELIVERY_ADDRESS": "배송지 주소",
+ "LABEL_PICKUP_ADDRESS": "수령지 주소",
+ "INVALID_ADDRESS_LENGTH": "주소 길이는 반드시 {{length}}자 이어야 합니다.",
+ "INVALID_QUANTITY": "수량은 반드시 {{range}} 리터여야 합니다.",
+ "MANDATORY_ADDRESS": "정확한 주소를 입력하세요.",
+ "MANDATORY_QUANTITY": "수량을 입력하세요.",
+ "IN_LITERS_PLACEHOLDER": "리터",
+ "REQUEST_PICKUP": "재활용 박스로 보내는 대신 위의 주소에서 수령하세요.",
+ "LABEL_PICKUP_DATE": "픽업 일자",
+ "SECTION_RECYCLING": "재활용 요청",
+ "LABEL_ADDRESS": "주소",
+ "SECTION_PRESS_JUICE_RESPONSIBLY": "당신은 나무를 사랑해주세요. 우리는 비용을 절감할 수 있어요. 윈-윈!",
+ "LABEL_SECURITY_QUESTION": "보안 질문",
+ "CANNOT_BE_CHANGED_LATER": "나중에 변경할 수 있습니다.",
+ "MANDATORY_SECURITY_QUESTION": "보안 질문을 설정하세요.",
+ "MANDATORY_SECURITY_ANSWER": "보안 질분에 대한 답변을 작성하세요.",
+ "FORGOT_PASSWORD": "비밀번호를 잊어버리셨나요?",
+ "TITLE_FORGOT_PASSWORD": "비밀번호 찾기",
+ "NOTIFICATION_SERVER_STARTED": "서버가 재시작 되었습니다",
+ "AUTO_RESTORED_PROGRESS": "이전 해킹 진행 기록은 자동으로 복구되었습니다.",
+ "AUTO_RESTORE_PROGRESS_FAILED": "이전 해킹 진행 기록 복구에 실패하였습니다: {{error}}",
+ "RESET_HACKING_PROGRESS": "쿠키를 삭제하면 해킹 진행 기록을 초기화 할 수 있습니다",
+ "RESTART_REQUIRED": "다시 시작하려면 어플리케이션을 수동으로 재시작해야 합니다.",
+ "LABEL_EDIT_REVIEW": "상품평 수정",
+ "LABEL_REVIEW": "상품평",
+ "LABEL_REVIEWS": "상품평",
+ "LABEL_ADD_REVIEW_FOR_PRODUCT": "이 제품에 대한 리뷰 추가하기",
+ "LABEL_NO_REVIEWS": "리뷰가 없습니다.",
+ "TITLE_TOKENSALE": "Token Sale",
+ "SECTION_ICO": "Initial Coin Offering for <strong><i class='fab fa-bitcoin'></i> {{juicycoin}}</strong>",
+ "ICO_FAQ": "ICO에 관한 FAQ",
+ "SECTION_WHITEPAPER": "Whitepaper",
+ "WHITEPAPER_REFERENCES": "Instead of reinventing the square coin, we just refer to existing brilliant whitepapers!",
+ "SECTION_SALES_PITCH": "Convincing ICO Sales Pitch",
+ "GIVE_US_ALL_YOUR_MONEY": "Give us all your money.",
+ "ICO_FAQ_QUESTION": "<i class='fab fa-bitcoin'>{{juicycoin}}</strong>으로 내가 정말 부자가 될 수 있을까?",
+ "ICO_FAQ_ANSWER": "당연히 될 수 있어요! 우리는 거짓말 안해요!",
+ "TITLE_TRACK_ORDERS": "주문 추적",
+ "LABEL_ORDER_ID": "주문 번호",
+ "BTN_TRACK": "추적",
+ "LAST_LOGIN_IP": "마지막으로 로그인한 IP",
+ "BTN_EDIT": "수정",
+ "INVALID_DATE": "유효한 날짜를 입력하세요.",
+ "SECURITY_ANSWER_PLACEHOLDER": "보안 질문에 대답해주세요.",
+ "MANDATORY_ORDER_ID": "주문 번호를 제공해주세요.",
+ "BTN_SHOW_SOLVED": "해결된 과제 표시"
+}
\ No newline at end of file
diff --git a/frontend/src/assets/public/favicon_v2.ico b/frontend/src/assets/public/favicon_js.ico
similarity index 100%
rename from frontend/src/assets/public/favicon_v2.ico
rename to frontend/src/assets/public/favicon_js.ico
diff --git a/frontend/src/assets/public/images/uploads/13.jpg b/frontend/src/assets/public/images/uploads/13.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..8f1e40ce70f1047b3ece9e15b85a0ac65d5bf293
Binary files /dev/null and b/frontend/src/assets/public/images/uploads/13.jpg differ
diff --git a/package.json b/package.json
index e7ca7d08f7ace4e4644f17c7c838401118f7455f..59d405a4053d0293f61ab4b4ec03005f32259dc0 100644
--- a/package.json
+++ b/package.json
@@ -1,29 +1,31 @@
{
"name": "juice-shop",
- "version": "8.1.1",
+ "version": "8.2.0",
"description": "An intentionally insecure JavaScript Web Application",
"homepage": "http://owasp-juice.shop",
"author": "Björn Kimminich <bjoern.kimminich@owasp.org> (https://www.owasp.org/index.php/User:Bjoern_Kimminich)",
"contributors": [
"Björn Kimminich",
+ "Aashish Singh",
"Jannik Hollenbach",
- "Timo Pagel",
- "m4l1c3",
"Shoeb Patel",
+ "m4l1c3",
+ "Timo Pagel",
"Josh Grossman",
"Madhur Wadhwa",
"Omer Levi Hevroni",
- "Jln Wntr",
- "Aashish Singh",
"Greg Guthe",
- "Viktor Lindström",
+ "Jln Wntr",
+ "Simon Basset",
+ "Shivam Luthra",
"Ingo Bente",
- "Aaron Edwards",
"Yuvraj",
- "Gorka Vicente",
- "Dinis Cruz",
+ "Viktor Lindström",
+ "Aaron Edwards",
+ "Jet Anderson",
+ "Zandar Mackie",
+ "Artemiy Knipe",
"Jason Haley",
- "Simon Basset",
"Ken Friis Larsen",
"Simon de Lang",
"battletux",
@@ -36,7 +38,9 @@
"Joe Butler",
"Stephen O'Brien",
"Johanna",
- "Alvaro Viebrantz"
+ "Alvaro Viebrantz",
+ "Gorka Vicente",
+ "Dinis Cruz"
],
"private": true,
"keywords": [
@@ -56,7 +60,7 @@
"body-parser": "~1.18.3",
"clarinet": "~0.12.0",
"colors": "~1.3.2",
- "concurrently": "~3.6.1",
+ "concurrently": "~4.1.0",
"config": "~2.0.0",
"cookie-parser": "~1.4",
"cors": "~2.8.5",
@@ -95,8 +99,8 @@
"semver": "~5.6.0",
"sequelize": "~4.41.0",
"serve-index": "~1.9",
- "socket.io": "~2.1.1",
- "sqlite3": "~4.0.3",
+ "socket.io": "~2.2.0",
+ "sqlite3": "~4.0.4",
"swagger-ui-express": "~4.0.1",
"unzipper": "0.8.12",
"z85": "~0.0"
@@ -116,10 +120,10 @@
"mocha": "~5.2",
"nyc": "~13.0.1",
"protractor": "~5.4.1",
- "shelljs": "~0.8.2",
+ "shelljs": "~0.8.3",
"sinon": "~6.3.5",
"sinon-chai": "~3.2",
- "socket.io-client": "~2.1.1",
+ "socket.io-client": "~2.2.0",
"standard": "~12.0.1"
},
"repository": {
diff --git a/routes/resetPassword.js b/routes/resetPassword.js
index bf8f1f9bb538acd0a5437d468288281e00d803b3..cc22e16f6f2239d14be346181873f55537c81cbc 100644
--- a/routes/resetPassword.js
+++ b/routes/resetPassword.js
@@ -38,6 +38,9 @@ module.exports = function resetPassword () {
if (utils.notSolved(challenges.resetPasswordMortyChallenge) && user.id === users.morty.id && answer === '5N0wb41L') {
utils.solve(challenges.resetPasswordMortyChallenge)
}
+ if (utils.notSolved(challenges.resetPasswordBjoernOwaspChallenge) && user.id === users.bjoernOwasp.id && answer === 'Zaya') {
+ utils.solve(challenges.resetPasswordBjoernOwaspChallenge)
+ }
res.json({ user })
}).catch(error => {
next(error)
diff --git a/test/api/passwordApiSpec.js b/test/api/passwordApiSpec.js
index c4eeef35ec1d8479a708a38c4b1413d84d1fe513..a078f22cde840cbd21c71295137834ff38b64abc 100644
--- a/test/api/passwordApiSpec.js
+++ b/test/api/passwordApiSpec.js
@@ -38,8 +38,8 @@ describe('/rest/user/change-password', () => {
return frisby.post(REST_URL + '/user/login', {
headers: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
- password: 'bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg=='
+ email: 'bjoern@' + config.get('application.domain'),
+ password: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase'
}
})
.expect('status', 200)
@@ -125,14 +125,27 @@ describe('/rest/user/reset-password', () => {
.expect('status', 200)
})
- it('POST password reset for Bjoern with correct answer to his security question', () => {
+ it('POST password reset for Bjoern´s internal account with correct answer to his security question', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
+ email: 'bjoern@' + config.get('application.domain'),
answer: 'West-2082',
- new: 'bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg==',
- repeat: 'bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg=='
+ new: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase',
+ repeat: 'monkey summer birthday are all bad passwords but work just fine in a long passphrase'
+ }
+ })
+ .expect('status', 200)
+ })
+
+ it('POST password reset for Bjoern´s OWASP account with correct answer to his security question', () => {
+ return frisby.post(REST_URL + '/user/reset-password', {
+ headers: jsonHeader,
+ body: {
+ email: 'bjoern.kimminich@owasp.org',
+ answer: 'Zaya',
+ new: 'kitten lesser pooch karate buffoon indoors',
+ repeat: 'kitten lesser pooch karate buffoon indoors'
}
})
.expect('status', 200)
@@ -155,7 +168,7 @@ describe('/rest/user/reset-password', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
+ email: 'bjoern@' + config.get('application.domain'),
answer: '25436',
new: '12345',
repeat: '12345'
@@ -177,7 +190,7 @@ describe('/rest/user/reset-password', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
+ email: 'bjoern@' + config.get('application.domain'),
answer: 'W-2082',
repeat: '12345'
}
@@ -190,7 +203,7 @@ describe('/rest/user/reset-password', () => {
return frisby.post(REST_URL + '/user/reset-password', {
headers: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
+ email: 'bjoern@' + config.get('application.domain'),
answer: 'W-2082',
new: '12345',
repeat: '1234_'
@@ -219,7 +232,7 @@ describe('/rest/user/reset-password', () => {
return frisby.post(REST_URL + '/user/reset-password', {
header: jsonHeader,
body: {
- email: 'bjoern.kimminich@googlemail.com',
+ email: 'bjoern@' + config.get('application.domain'),
new: 'abcdef',
repeat: 'abcdef'
}
diff --git a/test/e2e/forgotPasswordSpec.js b/test/e2e/forgotPasswordSpec.js
index 92da6a62a977274ed4c9c1c1720d2a44911dc015..8a678ebcc3a5dc74070f2cd9ce93a96ab34b67e3 100644
--- a/test/e2e/forgotPasswordSpec.js
+++ b/test/e2e/forgotPasswordSpec.js
@@ -51,18 +51,35 @@ describe('/#/forgot-password', () => {
})
describe('as Bjoern', () => {
- it('should be able to reset password with his security answer', () => {
- email.sendKeys('bjoern.kimminich@googlemail.com')
- browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
- securityAnswer.sendKeys('West-2082')
- newPassword.sendKeys('bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg==')
- newPasswordRepeat.sendKeys('bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg==')
- resetButton.click()
+ describe('for his internal account', () => {
+ it('should be able to reset password with his security answer', () => {
+ email.sendKeys('bjoern@' + config.get('application.domain'))
+ browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
+ securityAnswer.sendKeys('West-2082')
+ newPassword.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
+ newPasswordRepeat.sendKeys('monkey summer birthday are all bad passwords but work just fine in a long passphrase')
+ resetButton.click()
- expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
+ expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
+ })
+
+ protractor.expect.challengeSolved({ challenge: 'Reset Bjoern\'s Password Tier 2' })
})
- protractor.expect.challengeSolved({ challenge: 'Reset Bjoern\'s Password' })
+ describe('for his OWASP account', () => {
+ it('should be able to reset password with his security answer', () => {
+ email.sendKeys('bjoern.kimminich@owasp.org')
+ browser.wait(EC.visibilityOf(securityAnswer), 1000, 'Security answer field did not become visible')
+ securityAnswer.sendKeys('Zaya')
+ newPassword.sendKeys('kitten lesser pooch karate buffoon indoors')
+ newPasswordRepeat.sendKeys('kitten lesser pooch karate buffoon indoors')
+ resetButton.click()
+
+ expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
+ })
+
+ protractor.expect.challengeSolved({ challenge: 'Reset Bjoern\'s Password Tier 1' })
+ })
})
describe('as Morty', () => {