Use Java 23 syntax: replace .get(0) with .getFirst() and enhance Challenge59

Co-authored-by: commjoen <[email protected]>

Author: Copilot

src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java

@@ -109,7 +109,7 @@ private String documentation(Function<ChallengeSource, String> extractor) {
       return challengeDefinition.source(runtimeEnvironment).map(extractor).orElse("");
     } else {
       // We cannot run the challenge but showing documentation should still be possible
-      return extractor.apply(challengeDefinition.sources().get(0));
+      return extractor.apply(challengeDefinition.sources().getFirst());
     }
   }
 

src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java

@@ -97,7 +97,7 @@ public String spoiler(@PathVariable("short-name") String shortName, Model model)
       Supplier<Spoiler> spoilerFromRandomChallenge =
           () -> {
             var challengeDefinition = findByShortName(shortName);
-            return challenges.getChallenge(challengeDefinition).get(0).spoiler();
+            return challenges.getChallenge(challengeDefinition).getFirst().spoiler();
           };
 
       // We always want to show the spoiler even if we run in a non-supported environment

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java

@@ -45,13 +45,13 @@ public String getAnswer() {
 
     try (InputStream inputStream = Files.newInputStream(Paths.get(filePath))) {
       database = SimpleDatabase.load(creds, inputStream);
-      return database.findEntries("alibaba").get(0).getPassword();
+      return database.findEntries("alibaba").getFirst().getPassword();
     } catch (Exception | Error e) {
       log.error("Exception or Error with Challenge 14", e);
       try (InputStream inputStream =
           Files.newInputStream(Paths.get("src/test/resources/alibabacreds.kdbx"))) {
         database = SimpleDatabase.load(creds, inputStream);
-        return database.findEntries("alibaba").get(0).getPassword();
+        return database.findEntries("alibaba").getFirst().getPassword();
       } catch (Exception | Error e2) {
         log.error("Exception or Error with Challenge 14 second time", e2);
         return defaultKeepassValue;

src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge59.java

@@ -30,7 +30,7 @@ private String getTelegramSecret() {
     // that can be accessed using the bot token below
 
     // Hardcoded bot token (intentionally vulnerable for educational purposes)
-    String botToken = getBotToken();
+    var botToken = getBotToken();
 
     // For this challenge, the secret is what you would find in the Telegram channel
     // Bot: @WrongsecretsBot
@@ -41,10 +41,8 @@ private String getTelegramSecret() {
   private String getBotToken() {
     // Double-encoded bot token to make it slightly more challenging
     // but still discoverable through code inspection
-    return new String(
-        Base64.decode(
-            new String(
-                Base64.decode("T0RFek1qZzJOalkwTXpwQlFVaEtiWFphY1haMlRUbGtTVEp5ZEVKUGRTMHRWMDFhZVUxR1ZHWklUbTg1U1E9PQo="), UTF_8)),
-        UTF_8);
+    var encodedToken = "T0RFek1qZzJOalkwTXpwQlFVaEtiWFphY1haMlRUbGtTVEp5ZEVKUGRTMHRWMDFhZVUxR1ZHWklUbTg1U1E9PQo=";
+    var firstDecode = new String(Base64.decode(encodedToken), UTF_8);
+    return new String(Base64.decode(firstDecode), UTF_8);
   }
 }