Merge pull request #2113 from OWASP/fix-java-deprecations

Fix java deprecations and update to vault 1.19

Author: commjoen

k8s-vault-minikube-start.sh

@@ -47,7 +47,7 @@ else
    helm repo add hashicorp https://helm.releases.hashicorp.com
 fi
 kubectl create ns vault
-helm upgrade --install vault hashicorp/vault --version 0.29.1 --namespace vault --values k8s/helm-vault-values.yml
+helm upgrade --install vault hashicorp/vault --version 0.30.0 --namespace vault --values k8s/helm-vault-values.yml
 
 isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running)
 while [[ $isvaultrunning != *"vault-0"* ]]; do echo "waiting for Vault1" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done

renovate.json

@@ -95,17 +95,6 @@
             ],
             "depNameTemplate": "node",
             "datasourceTemplate": "node-version"
-        },
-        {
-            "customType": "regex",
-            "description": "Track jeroenwillemsen/wrongsecrets images in K8s manifests",
-            "fileMatch": ["(^|/)k8s/.+\\.ya?ml$", "(^|/)[^/]*\\.ya?ml$"],
-            "matchStrings": [
-                "image:\\s*['\"]?jeroenwillemsen/wrongsecrets:(?<currentValue>[^'\"\\s]+)['\"]?",
-                "image:\\s*['\"]?jeroenwillemsen/wrongsecrets-challenge53:(?<currentValue>[^'\"\\s]+)['\"]?"
-            ],
-            "depNameTemplate": "jeroenwillemsen/wrongsecrets",
-            "datasourceTemplate": "docker"
         }
     ],
     "packageRules": [

scripts/install-vault.sh

@@ -7,7 +7,7 @@ else
   helm repo update hashicorp
 fi
 
-helm upgrade --install vault hashicorp/vault --version 0.29.1 --namespace vault --values ../k8s/helm-vault-values.yml --create-namespace
+helm upgrade --install vault hashicorp/vault --version 0.30.0 --namespace vault --values ../k8s/helm-vault-values.yml --create-namespace
 
 isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running)
 while [[ $isvaultrunning != *"vault-0"* ]]; do echo "waiting for Vault0" && sleep 2 && isvaultrunning=$(kubectl get pods -n vault --field-selector=status.phase=Running); done

src/main/java/org/owasp/wrongsecrets/SecurityConfig.java

@@ -76,7 +76,7 @@ public boolean matches(HttpServletRequest request) {
                 && request.getHeader("x-forwarded-proto") != null;
           }
         };
-    http.requiresChannel(channel -> channel.requestMatchers(requestMatcher).requiresSecure())
+    http.redirectToHttps(channel -> channel.requestMatchers(requestMatcher))
         .portMapper(configurer -> configurer.portMapper(portMapper));
   }
 }

src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge44Test.java

@@ -4,6 +4,7 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.cloud.vault.config.VaultProperties;
+import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.vault.authentication.TokenAuthentication;
 import org.springframework.vault.client.VaultEndpoint;
 import org.springframework.vault.core.VaultTemplate;
@@ -12,13 +13,15 @@
 import org.testcontainers.junit.jupiter.Testcontainers;
 import org.testcontainers.vault.VaultContainer;
 
+@DirtiesContext
 @Testcontainers
 public class Challenge44Test {
   private static final String VAULT_TOKEN = "my-token";
 
+  @SuppressWarnings("resource")
   @Container
   public static VaultContainer<?> vaultContainer =
-      new VaultContainer<>("hashicorp/vault:1.13")
+      new VaultContainer<>("hashicorp/vault:1.19")
           .withVaultToken(VAULT_TOKEN)
           .withInitCommand("secrets enable transit");
 

src/test/java/org/owasp/wrongsecrets/challenges/kubernetes/Challenge45Test.java

@@ -15,9 +15,10 @@
 public class Challenge45Test {
   private static final String VAULT_TOKEN = "my-token";
 
+  @SuppressWarnings("resource")
   @Container
   public static VaultContainer<?> vaultContainer =
-      new VaultContainer<>("hashicorp/vault:1.13")
+      new VaultContainer<>("hashicorp/vault:1.19")
           .withVaultToken(VAULT_TOKEN)
           .withInitCommand("secrets enable transit");
 

src/test/java/org/owasp/wrongsecrets/ctftests/ChallengesControllerCTFClientModeTest.java

@@ -91,13 +91,6 @@ void shouldStillDissableTestsIfNotPreconfigured() throws Exception {
     testForCloudCluster("/challenge/challenge-11");
   }
 
-  private void testForVault(String url) throws Exception {
-    mvc.perform(get(url).contentType(MediaType.APPLICATION_FORM_URLENCODED).with(csrf()))
-        .andExpect(status().isOk())
-        .andExpect(
-            content().string(containsString("We are running outside a K8s cluster with Vault")));
-  }
-
   private void testK8sChallenge(String url) throws Exception {
     mvc.perform(get(url).contentType(MediaType.APPLICATION_FORM_URLENCODED).with(csrf()))
         .andExpect(status().isOk())