streichsbaer

Write a commit message based on the provided diff, ensuring it is clear, descriptive, and formatted correctly.

• Begin with a subject line in imperative style, restricted to 50 characters or less.
• Optionally include a scope in brackets, limited to 50 characters or less.
• Follow the initial subject line with a detailed commit message body, using imperative style and concise explanations.
• Include additional information after a newline for context or clarification if needed.
• Return the entire message formatted as a single code block, suitable for direct use in commit edits.

Steps

streichsbaer

bundles:
  - php
  - general
report:
  pullRequest:
    findings: "onAllFiles"
    comment: true

streichsbaer

Loading scanner...
Processing application in /Users/at/src/github.com/OWASP/railsgoat
Processing gems...
[Notice] Detected Rails 5 application
Processing configuration...
[Notice] Escaping HTML by default
Parsing files...
Processing initializers...
Processing libs...sed
Processing routes...

streichsbaer

# Prequisites: (Tested on Mac only)
# 1. Install openssl
# 2. Install python
# 3. Clone the trustkit repository 
# 4. cd into the trustkit repository and create the getPublicKeyHashes.sh file in there

if [ -z "$1" ]
  then
    echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443"
elif [ -z "$2" ]

streichsbaer

package net.continuumsecurity;

import net.continuumsecurity.Config;
import net.continuumsecurity.Credentials;
import net.continuumsecurity.UserPassCredentials;
import net.continuumsecurity.behaviour.ILogin;
import net.continuumsecurity.behaviour.ILogout;
import net.continuumsecurity.behaviour.INavigable;
import net.continuumsecurity.web.WebApplication;
import org.openqa.selenium.By;

streichsbaer

<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app>

    <!-- Base URL of the application to test -->
    <baseUrl>http://10.1.1.251:8080/WebGoat/</baseUrl>

    <!-- A Java class to hold the Selenium steps to test the application in depth. Optionally required for in-depth authn/z and session management testing. -->
    <class>net.continuumsecurity.WebGoatApplication</class>

    <sslyze>

streichsbaer

package net.continuumsecurity;

import net.continuumsecurity.Config;
import net.continuumsecurity.Credentials;
import net.continuumsecurity.UserPassCredentials;
import net.continuumsecurity.behaviour.ILogin;
import net.continuumsecurity.behaviour.ILogout;
import net.continuumsecurity.behaviour.INavigable;
import net.continuumsecurity.web.WebApplication;
import org.openqa.selenium.By;

streichsbaer

<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app>
  [...]
  <baseUrl>http://localhost:8080/WebGoat/</baseUrl>
  <class>net.continuumsecurity.WebGoatApplication</class>
  <defaultUsername>guest</defaultUsername>
  <defaultPassword>guest</defaultPassword>
  [...]
</web-app>

streichsbaer

wget https://s3.amazonaws.com/webgoat-war/webgoat-container-7.0.1-war-exec.jar
java -jar webgoat-container-7.0.1-war-exec.jar

streichsbaer

[..]
public class RopeyTasksApplication extends WebApplication implements ILogin,
        ILogout,INavigable {
[..]
    @Override
    public void openLoginPage() {
        driver.get(Config.getInstance().getBaseUrl() + "user/login");
        findAndWaitForElement(By.id("username"));
    }
    [..]