Skip to content

New Challenge - Vault Template Injection #1189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jan 17, 2024
Merged

New Challenge - Vault Template Injection #1189

merged 11 commits into from
Jan 17, 2024

Conversation

@nwolniak
Copy link
Contributor

@nwolniak nwolniak commented Jan 15, 2024
edited
Loading

What kind of changes does this PR include?

  • Fixes or refactors
  • A new challenge
  • Additional documentation
  • Something else

Description

Vault Template Injection in k8s vault environment.
Vault secrets from path 'secret/data/secret-challenge' are injected via vault template into secret-challenge-xxx pod.
Then the secrets are rendered at vault/secrets/challenge44 path in the pod.

k8s/secret-challenge-vault-deployment.yml file I couldn't manage to push new image but I have tested local test image.

Relations

Closes #814

References

Checklist:

  • All the contributions made are solely the work of me and my co-authors
  • I tested the changes in this PR (if applicable)
  • I added unit tests to ensure my change works (when change in Java or on front-end code)
  • I added UI tests to ensure my UI changes work (when change in the overall UI, not needed if just adding a challenge)
  • The PR passes pre-commit hooks and automated tests

@commjoen
Copy link
Collaborator

Thank you sir! Given we will merge #1147 tomorrow: can you rename yours to 46 please?

@nwolniak nwolniak force-pushed the command-injection-vault-template branch from ace2103 to cc623d8 Compare January 15, 2024 20:25
@nwolniak nwolniak force-pushed the command-injection-vault-template branch from 5520eb9 to 4669a57 Compare January 15, 2024 20:49
commjoen
commjoen requested changes Jan 16, 2024
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @nwolniak !
I really love your work here! Some changes to be done so we can separate this challenge further from challenge7
Looking forward to it!

@nbaars
Copy link
Collaborator

nbaars commented Jan 16, 2024

Hi @nwolniak, really nice challenge!

@commjoen
Copy link
Collaborator

Love your work! Hope to give it another review & testing round tomorrow!

commjoen
commjoen requested changes Jan 17, 2024
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test completed! (Apologies: I had to commit and create a container which shows that your work is 👍 ).
Can you apply the last requested changes please? Happy to merge after that1

commjoen
commjoen approved these changes Jan 17, 2024
View reviewed changes
Copy link
Collaborator

@commjoen commjoen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for this awesome challenge! Will merge it when tests are green :) .

@commjoen commjoen merged commit a25e703 into OWASP:master Jan 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nbaars nbaars nbaars left review comments

@commjoen commjoen commjoen approved these changes

@bendehaan bendehaan Awaiting requested review from bendehaan bendehaan is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Do a command injection via vault template

3 participants

@nwolniak @commjoen @nbaars