Merge pull request #2202 from OWASP/fix-challenge56

commjoen · web-flow · commit bf9f250800a4 · 2025-08-23T21:22:29.000+02:00
Bugfix for challenge55
diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history
@@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb
 git rebase -i main
 git rebase -i master
 git stash
-export tempPassword="v0tWSb+olcLP1nis+D/+N1hre+tMKsrWP9vIK/9yMns="
+export tempPassword="ActciVa30zz3eQHCIr4iZfw94ASoBgIsx8pxpK+Z5ic="
 mvn run tempPassword
 k6
 npx k6
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM bellsoft/liberica-openjre-debian:23.0.2-9-cds AS builder
 WORKDIR /builder
 
-ARG argBasedVersion="1.12.3"
+ARG argBasedVersion="1.12.4"
 
 COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar application.jar
 RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted
@@ -19,7 +19,7 @@ ENV AZURE_KEY_VAULT_ENABLED=false
 ENV SPRINGDOC_UI=false
 ENV SPRINGDOC_DOC=false
 ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
-
+ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc"
 RUN echo "2vars"
 RUN echo "$ARG_BASED_PASSWORD"
 RUN echo "$argBasedPassword"
diff --git a/Dockerfile.web b/Dockerfile.web
@@ -1,5 +1,5 @@
-FROM jeroenwillemsen/wrongsecrets:1.12.3-no-vault
-ARG argBasedVersion="1.12.3-no-vault"
+FROM jeroenwillemsen/wrongsecrets:1.12.4-no-vault
+ARG argBasedVersion="1.12.4-no-vault"
 ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp"
 ARG CTF_ENABLED=false
 ARG HINTS_ENABLED=true
@@ -32,6 +32,7 @@ ENV default_aws_value_challenge_9=$CHALLENGE_9_VALUE
 ENV default_aws_value_challenge_10=$CHALLENGE_10_VALUE
 ENV default_aws_value_challenge_11=$CHALLENGE_11_VALUE
 ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh"
+ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc"
 COPY .github/scripts/ /var/helpers
 COPY src/test/resources/alibabacreds.kdbx /var/helpers
 COPY src/test/resources/RSAprivatekey.pem /var/helpers
diff --git a/aws/go.mod b/aws/go.mod
@@ -9,7 +9,6 @@ require github.com/gruntwork-io/terratest v0.50.0
 require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/apparentlymart/go-textseg/v16 v16.0.0 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
diff --git a/aws/go.sum b/aws/go.sum
@@ -2,7 +2,6 @@ github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7l
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
-github.com/apparentlymart/go-textseg/v16 v16.0.0/go.mod h1:wCrfQB/AReGqD1ECqVHhhsq7BV2AxUhnirsBLInYHvE=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -27,12 +26,8 @@ github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhE
 github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
 github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
 github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos=
-github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
 github.com/hashicorp/hcl/v2 v2.24.0 h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE=
 github.com/hashicorp/hcl/v2 v2.24.0/go.mod h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM=
-github.com/hashicorp/terraform-json v0.25.0 h1:rmNqc/CIfcWawGiwXmRuiXJKEiJu1ntGoxseG1hLhoQ=
-github.com/hashicorp/terraform-json v0.25.0/go.mod h1:sMKS8fiRDX4rVlR6EJUMudg1WcanxCMoWwTLkgZP/vc=
 github.com/hashicorp/terraform-json v0.26.0 h1:+BnJavhRH+oyNWPnfzrfQwVWCZBFMvjdiH2Vi38Udz4=
 github.com/hashicorp/terraform-json v0.26.0/go.mod h1:eyWCeC3nrZamyrKLFnrvwpc3LQPIJsx8hWHQ/nu2/v4=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -58,63 +53,32 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tmccombs/hcl2json v0.6.7 h1:RYKTs4kd/gzRsEiv7J3M2WQ7TYRYZVc+0H0pZdERkxA=
 github.com/tmccombs/hcl2json v0.6.7/go.mod h1:lJgBOOGDpbhjvdG2dLaWsqB4KBzul2HytfDTS3H465o=
-github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
-github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.13 h1:ar98gWrjf4H1ev05fYP/o29PDZw9DrI3niHtnEqyuXA=
 github.com/ulikunitz/xz v0.5.13/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/zclconf/go-cty v1.16.3 h1:osr++gw2T61A8KVYHoQiFbFd1Lh3JOCXc/jFLJXKTxk=
-github.com/zclconf/go-cty v1.16.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty v1.16.4 h1:QGXaag7/7dCzb+odlGrgr+YmYZFaOCMW6DEpS+UD1eE=
 github.com/zclconf/go-cty v1.16.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
-golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
 golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
-golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
-golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
-golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
-golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ=
 golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
-golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
-golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
 golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
-golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
-golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
-golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
 golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
-golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
-golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
-golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
-golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.12.3-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.12.4-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]
diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -61,7 +61,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "azure-wrongsecrets-vault"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.12.3-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.12.4-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]
diff --git a/docs/VERSION_MANAGEMENT.md b/docs/VERSION_MANAGEMENT.md
@@ -12,9 +12,9 @@ The project maintains version consistency between:
 ## Version Schema
 
 ```
-pom.xml version:        1.12.3-SNAPSHOT
-Dockerfile version:     1.12.3
-Dockerfile.web version: 1.12.3-no-vault
+pom.xml version:        1.12.4-SNAPSHOT
+Dockerfile version:     1.12.4
+Dockerfile.web version: 1.12.4-no-vault
 ```
 
 ## Automated Solutions
diff --git a/fly.toml b/fly.toml
@@ -8,7 +8,7 @@ app = "wrongsecrets"
 primary_region = "ams"
 
 [build]
-  image = "docker.io/jeroenwillemsen/wrongsecrets:1.12.3-no-vault"
+  image = "docker.io/jeroenwillemsen/wrongsecrets:1.12.4-no-vault"
 
 [env]
   K8S_ENV = "Fly(Docker)"
diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -58,7 +58,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.12.3-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.12.4-k8s-vault
           imagePullPolicy: IfNotPresent
           name: secret-challenge
           command: ["/bin/sh"]
diff --git a/js/index.js b/js/index.js
@@ -1,5 +1,5 @@
 
  function secret() {
- var password = "LDVYdcM=" + 9 + "uAsf" + 6 + "LPM=" + 2 + "Vhi3" + 7;
+ var password = "HLYP4Ns=" + 9 + "+zc+" + 6 + "3+M=" + 2 + "A2+n" + 7;
  return password;
  }
diff --git a/k8s/challenge53/secret-challenge53-sidecar.yml b/k8s/challenge53/secret-challenge53-sidecar.yml
@@ -21,7 +21,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-      - image: jeroenwillemsen/wrongsecrets-challenge53:1.12.3
+      - image: jeroenwillemsen/wrongsecrets-challenge53:1.12.4
         name: secret-challenge-53
         imagePullPolicy: IfNotPresent
         resources:
@@ -45,7 +45,7 @@ spec:
         command: ["/bin/sh", "-c"]
         args:
           - cp /home/wrongsecrets/* /shared-data/ && exec /home/wrongsecrets/start-on-arch.sh
-      - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.12.3
+      - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.12.4
         name: sidecar
         imagePullPolicy: IfNotPresent
         command: ["/bin/sh", "-c", "while true; do ls /shared-data; sleep 10; done"]
diff --git a/k8s/challenge53/secret-challenge53.yml b/k8s/challenge53/secret-challenge53.yml
@@ -21,7 +21,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-      - image: jeroenwillemsen/wrongsecrets-challenge53:1.12.3
+      - image: jeroenwillemsen/wrongsecrets-challenge53:1.12.4
         name: secret-challenge-53
         imagePullPolicy: IfNotPresent
         resources:
diff --git a/okteto/k8s/secret-challenge-ctf-deployment.yml b/okteto/k8s/secret-challenge-ctf-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.12.3-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.12.4-no-vault
           name: secret-challenge-ctf
           imagePullPolicy: IfNotPresent
           securityContext:
diff --git a/okteto/k8s/secret-challenge-deployment.yml b/okteto/k8s/secret-challenge-deployment.yml
@@ -28,7 +28,7 @@ spec:
         runAsGroup: 2000
         fsGroup: 2000
       containers:
-        - image: jeroenwillemsen/wrongsecrets:1.12.3-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.12.4-no-vault
           name: secret-challenge
           imagePullPolicy: IfNotPresent
           securityContext:
diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 
   <groupId>org.owasp</groupId>
   <artifactId>wrongsecrets</artifactId>
-  <version>1.12.3-SNAPSHOT</version>
+  <version>1.12.4-SNAPSHOT</version>
 
   <name>OWASP WrongSecrets</name>
   <description>Examples with how to not use secrets</description>
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge56.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge56.java
@@ -22,8 +22,7 @@ public class Challenge56 implements Challenge {
   private final String projectSpecPath;
   private String actualSecret;
 
-  public Challenge56(
-      @Value("${projectspecpath:/var/helpers/project-specification.mdc}") String projectSpecPath) {
+  public Challenge56(@Value("${PROJECTSPECPATH}") String projectSpecPath) {
     this.projectSpecPath = projectSpecPath;
   }
 
@@ -34,7 +33,9 @@ public Spoiler spoiler() {
 
   @Override
   public boolean answerCorrect(String answer) {
-    return !Strings.isNullOrEmpty(answer) && getActualSecret().equals(answer.trim());
+    return !Strings.isNullOrEmpty(answer)
+        && !Strings.isNullOrEmpty(getActualSecret())
+        && getActualSecret().contains(answer);
   }
 
   @SuppressFBWarnings(
@@ -47,19 +48,22 @@ private String getActualSecret() {
         String content = Files.readString(filePath, StandardCharsets.UTF_8);
         // Look for the line with the secret
         for (String line : content.split("\n")) {
-          if (line.trim().startsWith("**secret-challenge-56:")) {
+          if (line.trim().startsWith("- Example API key for testing: ")) {
             actualSecret = line.split(":", 2)[1].trim();
             break;
           }
         }
         if (Strings.isNullOrEmpty(actualSecret)) {
+          log.warn("Exception during file reading for Challenge56: empty");
           return FILE_MOUNT_ERROR;
         }
       } catch (Exception e) {
         log.warn("Exception during file reading for Challenge56", e);
         return FILE_MOUNT_ERROR;
       }
     }
+
+    log.info("secret is: " + actualSecret);
     return actualSecret;
   }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -81,6 +81,7 @@ management.health.readinessState.enabled=true
 management.endpoints.web.exposure.include=auditevents,info,health
 chalenge_docker_mount_secret=/var/run/secrets2
 BASTIONHOSTPATH=.ssh
+PROJECTSPECPATH=./cursor/rules/project-specification.mdc
 #---
 spring.config.activate.on-profile=kubernetes-vault
 wrongsecretvalue=wrongsecret
@@ -98,6 +99,7 @@ spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubern
 spring.config.activate.on-profile=local
 challengedockermtpath=./
 BASTIONHOSTPATH=.ssh
+PROJECTSPECPATH=./cursor/rules/project-specification.mdc
 asciidoctor.enabled=true
 #---
 spring.config.activate.on-profile=local-vault
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge56Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge56Test.java
@@ -23,7 +23,7 @@ void solveChallenge56WithoutFile(@TempDir Path dir) {
   @Test
   void solveChallenge56WithFile(@TempDir Path dir) throws Exception {
     var testFile = new File(dir.toFile(), "project-specification.mdc");
-    var secretLine = "**secret-challenge-56: S3cr3tInPr0j3ctSp3c";
+    var secretLine = "blabla\n- Example API key for testing: S3cr3tInPr0j3ctSp3c";
     Files.writeString(testFile.toPath(), "Some intro text\n" + secretLine + "\nSome outro text\n");
 
     var challenge = new Challenge56(testFile.getAbsolutePath());
@@ -34,7 +34,7 @@ void solveChallenge56WithFile(@TempDir Path dir) throws Exception {
   @Test
   void spoilShouldReturnCorrectAnswer(@TempDir Path dir) throws IOException {
     var testFile = new File(dir.toFile(), "project-specification.mdc");
-    var secretLine = "**secret-challenge-56: S3cr3tInPr0j3ctSp3c";
+    var secretLine = "blabla\n- Example API key for testing: S3cr3tInPr0j3ctSp3c";
     Files.writeString(testFile.toPath(), secretLine + "\n");
 
     var challenge = new Challenge56(testFile.getAbsolutePath());
