Spring Boot Actuator challenge hiding an api key in the audit events

[commjoen]

This challenge is about how to not use the spring boot actuator, by hiding an API key in the audit events:

• Add an AuditEventRepository
• Add an APIkey received event at AuditEventRepository which is randomly generated
• enable management.endpoints.web.exposure.include=auditevents in application.properties
• Create a challenge using the secret at this endpoint and explain why you need to be careful with Actuator configurations

[PavanButke]

I would like to work. Request to assign to me.

[commjoen]

Hi @PavanButke ! It’s all yours! Feel free to contact us on slack when you have any questions.

[PavanButke]

Thanks joen! Connecting on slack. Just wanted a link of doc for contributors.

[commjoen]

That would be https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md

[PavanButke]

I'm facing few errors while set up of code on local..because of which I'm unable to contribute.
Request if anyone can help me in Set Up.
Thanks!

[commjoen]

Hi @PavanButke, what issue are you facing?

[PavanButke]

Hi,
While setting up in STS.

I can see
===> this tag was giving error

exec

generate-resources

getting these error at Multiple markers at this line

• Failed to execute mojo org.codehaus.mojo:tidy-maven-plugin:1.2.0:check {execution: validate} (org.codehaus.mojo:tidy-maven-plugin:1.2.0:check:validate:validate
• was giving following error... I tried commentong it then, in that case application was unable to run

Log:
Description Resource Path Location Type
Failed to execute mojo org.codehaus.mojo:exec-maven-plugin:3.1.0:exec {execution: default} (org.codehaus.mojo:exec-maven-plugin:3.1.0:exec:default:generate-resources)

org.eclipse.core.runtime.CoreException: Failed to execute mojo org.codehaus.mojo:exec-maven-plugin:3.1.0:exec {execution: default}
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeMojo(MavenExecutionContext.java:340)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.lambda$0(MavenExecutionContext.java:291)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:394)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:275)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:290)
at org.eclipse.m2e.core.project.configurator.MojoExecutionBuildParticipant.build(MojoExecutionBuildParticipant.java:57)
at org.eclipse.m2e.core.internal.builder.MavenBuilderImpl.lambda$1(MavenBuilderImpl.java:139)
at java.base/java.util.LinkedHashMap