From 767b331575ea87f2eec14a91bba52e6bbe7d9947 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Mon, 31 Jan 2022 22:40:15 +0100 Subject: [PATCH 01/34] #44 front end JavaScript library with key obfuscated --- js/index.js | 5 +++++ js/package.json | 17 +++++++++++++++++ pom.xml | 13 +++++++++++++ src/main/resources/templates/index.html | 4 ++++ 4 files changed, 39 insertions(+) create mode 100644 js/index.js create mode 100644 js/package.json diff --git a/js/index.js b/js/index.js new file mode 100644 index 0000000000..c0559899a1 --- /dev/null +++ b/js/index.js @@ -0,0 +1,5 @@ +function test (){ + var passwordPrefix = '5' + 3; + var password = passwordPrefix + 'pass' + 1 + 1; + console.log('Secret is: ', password); +} diff --git a/js/package.json b/js/package.json new file mode 100644 index 0000000000..5536e16f8d --- /dev/null +++ b/js/package.json @@ -0,0 +1,17 @@ +{ + "name": "wrongsecrets", + "version": "1.3.1", + "description": "Examples with how to not use secrets", + "main": "index.js", + "scripts": { + "build": "./node_modules/.bin/javascript-obfuscator index.js --output ../src/main/resources/js/index.js" + }, + "keywords": [ + "secrets" + ], + "author": "", + "license": "MIT", + "devDependencies": { + "javascript-obfuscator": "^3.1.0" + } +} diff --git a/pom.xml b/pom.xml index 1a8ac550f1..5f191c1b53 100644 --- a/pom.xml +++ b/pom.xml @@ -244,6 +244,19 @@ + + org.codehaus.mojo + exec-maven-plugin + 3.0.0 + + ./js/node_modules/.bin/javascript-obfuscator + + ./js/index.js + --output + ./src/main/resources/static/js/index.js + + + diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index cd0256cc5f..ea08677dc7 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -15,5 +15,9 @@ + + From f1a35d81201188d12d7736173f4aaeda5bafc42c Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Tue, 1 Feb 2022 20:44:48 +0100 Subject: [PATCH 02/34] #44 front end JavaScript library with key obfuscated --- js/index.js | 4 ++-- pom.xml | 10 +++++++++- src/main/resources/templates/index.html | 3 ++- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/js/index.js b/js/index.js index c0559899a1..9d9396f423 100644 --- a/js/index.js +++ b/js/index.js @@ -1,5 +1,5 @@ -function test (){ +function secret (){ var passwordPrefix = '5' + 3; var password = passwordPrefix + 'pass' + 1 + 1; - console.log('Secret is: ', password); + return password } diff --git a/pom.xml b/pom.xml index 5f191c1b53..f2a977e7eb 100644 --- a/pom.xml +++ b/pom.xml @@ -248,12 +248,20 @@ org.codehaus.mojo exec-maven-plugin 3.0.0 + + + generate-resources + + exec + + + ./js/node_modules/.bin/javascript-obfuscator ./js/index.js --output - ./src/main/resources/static/js/index.js + ./target/classes/static/js/index.js diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index ea08677dc7..6160c76249 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -17,7 +17,8 @@ From f9384540856a2900762adb974219dea48da39af3 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Tue, 1 Feb 2022 21:34:46 +0100 Subject: [PATCH 03/34] #44 front end JavaScript library with key obfuscated --- .gitignore | 4 + js/package-lock.json | 2133 ++++++++++++++++++++++++++++++++++++++++++ js/package.json | 2 +- pom.xml | 41 +- 4 files changed, 2173 insertions(+), 7 deletions(-) create mode 100644 js/package-lock.json diff --git a/.gitignore b/.gitignore index 5acbfa5899..056e3149ec 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,7 @@ azure/k8s/pod-id.yml # Challenge 12 ;-) .github/scripts/yourkey.txt + +# Node JS +js/node/ +js/node_modules/ diff --git a/js/package-lock.json b/js/package-lock.json new file mode 100644 index 0000000000..0a31420a1b --- /dev/null +++ b/js/package-lock.json @@ -0,0 +1,2133 @@ +{ + "name": "wrongsecrets", + "version": "1.3.1", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "wrongsecrets", + "version": "1.3.1", + "license": "MIT", + "devDependencies": { + "javascript-obfuscator": "^3.1.0" + } + }, + "node_modules/@javascript-obfuscator/escodegen": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@javascript-obfuscator/escodegen/-/escodegen-2.3.0.tgz", + "integrity": "sha512-QVXwMIKqYMl3KwtTirYIA6gOCiJ0ZDtptXqAv/8KWLG9uQU2fZqTVy7a/A5RvcoZhbDoFfveTxuGxJ5ibzQtkw==", + "dev": true, + "dependencies": { + "@javascript-obfuscator/estraverse": "^5.3.0", + "esprima": "^4.0.1", + "esutils": "^2.0.2", + "optionator": "^0.8.1" + }, + "engines": { + "node": ">=6.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/@javascript-obfuscator/estraverse": { + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@javascript-obfuscator/estraverse/-/estraverse-5.4.0.tgz", + "integrity": "sha512-CZFX7UZVN9VopGbjTx4UXaXsi9ewoM1buL0kY7j1ftYdSs7p2spv9opxFjHlQ/QGTgh4UqufYqJJ0WKLml7b6w==", + "dev": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/@nuxtjs/opencollective": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@nuxtjs/opencollective/-/opencollective-0.3.2.tgz", + "integrity": "sha512-um0xL3fO7Mf4fDxcqx9KryrB7zgRM5JSlvGN5AGkP6JLM5XEKyjeAiPbNxdXVXQ16isuAhYpvP88NgL2BGd6aA==", + "dev": true, + "dependencies": { + "chalk": "^4.1.0", + "consola": "^2.15.0", + "node-fetch": "^2.6.1" + }, + "bin": { + "opencollective": "bin/opencollective.js" + }, + "engines": { + "node": ">=8.0.0", + "npm": ">=5.0.0" + } + }, + "node_modules/@types/minimatch": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz", + "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==", + "dev": true + }, + "node_modules/acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/array-differ": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-3.0.0.tgz", + "integrity": "sha512-THtfYS6KtME/yIAhKjZ2ul7XI96lQGHRputJQHO80LAWQnuGP4iCIN8vdMRboGbIEYBwU33q8Tch1os2+X0kMg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/arrify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz", + "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/assert": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/assert/-/assert-2.0.0.tgz", + "integrity": "sha512-se5Cd+js9dXJnu6Ag2JFc00t+HmHOen+8Q+L7O9zI0PqQXr20uk2J0XQqMxZEeo5U50o8Nvmmx7dZrl+Ufr35A==", + "dev": true, + "dependencies": { + "es6-object-assign": "^1.1.0", + "is-nan": "^1.2.1", + "object-is": "^1.0.1", + "util": "^0.12.0" + } + }, + "node_modules/available-typed-arrays": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz", + "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dev": true + }, + "node_modules/call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chance": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/chance/-/chance-1.1.8.tgz", + "integrity": "sha512-v7fi5Hj2VbR6dJEGRWLmJBA83LJMS47pkAbmROFxHWd9qmE1esHRZW8Clf1Fhzr3rjxnNZVCjOEv/ivFxeIMtg==", + "dev": true + }, + "node_modules/char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/charenc": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/charenc/-/charenc-0.0.2.tgz", + "integrity": "sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc=", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/class-validator": { + "version": "0.13.2", + "resolved": "https://registry.npmjs.org/class-validator/-/class-validator-0.13.2.tgz", + "integrity": "sha512-yBUcQy07FPlGzUjoLuUfIOXzgynnQPPruyK1Ge2B74k9ROwnle1E+NxLWnUv5OLU8hA/qL5leAE9XnXq3byaBw==", + "dev": true, + "dependencies": { + "libphonenumber-js": "^1.9.43", + "validator": "^13.7.0" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "node_modules/commander": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", + "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "dev": true, + "engines": { + "node": "^12.20.0 || >=14" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "node_modules/consola": { + "version": "2.15.3", + "resolved": "https://registry.npmjs.org/consola/-/consola-2.15.3.tgz", + "integrity": "sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw==", + "dev": true + }, + "node_modules/crypt": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/crypt/-/crypt-0.0.2.tgz", + "integrity": "sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs=", + "dev": true, + "engines": { + "node": "*" + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true + }, + "node_modules/define-properties": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", + "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "dev": true, + "dependencies": { + "object-keys": "^1.0.12" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-abstract": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.19.1.tgz", + "integrity": "sha512-2vJ6tjA/UfqLm2MPs7jxVybLoB8i1t1Jd9R3kISld20sIxPcTbLuggQOUxeWeAvIUkduv/CfMjuh4WmiXr2v9w==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "es-to-primitive": "^1.2.1", + "function-bind": "^1.1.1", + "get-intrinsic": "^1.1.1", + "get-symbol-description": "^1.0.0", + "has": "^1.0.3", + "has-symbols": "^1.0.2", + "internal-slot": "^1.0.3", + "is-callable": "^1.2.4", + "is-negative-zero": "^2.0.1", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.1", + "is-string": "^1.0.7", + "is-weakref": "^1.0.1", + "object-inspect": "^1.11.0", + "object-keys": "^1.1.1", + "object.assign": "^4.1.2", + "string.prototype.trimend": "^1.0.4", + "string.prototype.trimstart": "^1.0.4", + "unbox-primitive": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dev": true, + "dependencies": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es6-object-assign": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/es6-object-assign/-/es6-object-assign-1.1.0.tgz", + "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=", + "dev": true + }, + "node_modules/eslint-scope": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.0.tgz", + "integrity": "sha512-aWwkhnS0qAXqNOgKOK0dJ2nvzEbhEvpy8OlJ9kZ0FeZnA6zpjv1/Vei+puGFFX7zkPCkHHXb7IDX3A+7yPrRWg==", + "dev": true, + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.2.0.tgz", + "integrity": "sha512-IOzT0X126zn7ALX0dwFiUQEdsfzrm4+ISsQS8nukaJXwEyYKRSnEIIDULYg1mCtGp7UUXgfGl7BIolXREQK+XQ==", + "dev": true, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true, + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", + "dev": true + }, + "node_modules/foreach": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz", + "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=", + "dev": true + }, + "node_modules/function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, + "node_modules/get-intrinsic": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz", + "integrity": "sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-symbol-description": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", + "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.1" + }, + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/has-bigints": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", + "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/has-symbols": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz", + "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "dev": true, + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "node_modules/internal-slot": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.3.tgz", + "integrity": "sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==", + "dev": true, + "dependencies": { + "get-intrinsic": "^1.1.0", + "has": "^1.0.3", + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/inversify": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/inversify/-/inversify-6.0.1.tgz", + "integrity": "sha512-B3ex30927698TJENHR++8FfEaJGqoWOgI6ZY5Ht/nLUsFCwHn6akbwtnUAPCgUepAnTpe2qHxhDNjoKLyz6rgQ==", + "dev": true + }, + "node_modules/is-arguments": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", + "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "dev": true, + "dependencies": { + "has-bigints": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true + }, + "node_modules/is-callable": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.4.tgz", + "integrity": "sha512-nsuwtxZfMX67Oryl9LCQ+upnC0Z0BgpwntpS89m1H/TLF0zNfzfLMV/9Wa/6MZsj0acpEjAO0KF1xT6ZdLl95w==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-date-object": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "dev": true, + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-generator-function": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", + "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", + "dev": true, + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-nan": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/is-nan/-/is-nan-1.3.2.tgz", + "integrity": "sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.0", + "define-properties": "^1.1.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-negative-zero": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==", + "dev": true, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-number-object": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.6.tgz", + "integrity": "sha512-bEVOqiRcvo3zO1+G2lVMy+gkkEm9Yh7cDMRusKKu5ZJKPUYSJwICTKZrNKHA2EbSP0Tu0+6B/emsYNHZyn6K8g==", + "dev": true, + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-regex": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-shared-array-buffer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.1.tgz", + "integrity": "sha512-IU0NmyknYZN0rChcKhRO1X8LYz5Isj/Fsqh8NJOSf+N/hCOTwy29F32Ik7a+QszE63IdvmwdTPDd6cZ5pg4cwA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "dev": true, + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-symbol": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dev": true, + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-typed-array": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.8.tgz", + "integrity": "sha512-HqH41TNZq2fgtGT8WHVFVJhBVGuY3AnP3Q36K8JKXUxSxRgk/d+7NjmwG2vo2mYmXK8UYZKu0qH8bVP5gEisjA==", + "dev": true, + "dependencies": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "es-abstract": "^1.18.5", + "foreach": "^2.0.5", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/javascript-obfuscator": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/javascript-obfuscator/-/javascript-obfuscator-3.1.0.tgz", + "integrity": "sha512-rbv0lx4Zj4LQIE720eqbrh+9PmvUXJWXoQQC5bxqaQfV6WwBZTJlhNnfZFyEHPtdJpmgKfUgW0BB5lera2Msmw==", + "dev": true, + "hasInstallScript": true, + "dependencies": { + "@javascript-obfuscator/escodegen": "2.3.0", + "@javascript-obfuscator/estraverse": "5.4.0", + "@nuxtjs/opencollective": "0.3.2", + "acorn": "8.7.0", + "assert": "2.0.0", + "chalk": "4.1.2", + "chance": "1.1.8", + "class-validator": "0.13.2", + "commander": "9.0.0", + "eslint-scope": "7.1.0", + "eslint-visitor-keys": "3.2.0", + "fast-deep-equal": "3.1.3", + "inversify": "6.0.1", + "js-string-escape": "1.0.1", + "md5": "2.3.0", + "mkdirp": "1.0.4", + "multimatch": "5.0.0", + "process": "0.11.10", + "reflect-metadata": "0.1.13", + "source-map-support": "0.5.21", + "string-template": "1.0.0", + "stringz": "2.1.0", + "tslib": "2.3.1" + }, + "bin": { + "javascript-obfuscator": "bin/javascript-obfuscator" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/javascript-obfuscator" + } + }, + "node_modules/js-string-escape": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/js-string-escape/-/js-string-escape-1.0.1.tgz", + "integrity": "sha1-4mJbrbwNZ8dTPp7cEGjFh65BN+8=", + "dev": true, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=", + "dev": true, + "dependencies": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/libphonenumber-js": { + "version": "1.9.46", + "resolved": "https://registry.npmjs.org/libphonenumber-js/-/libphonenumber-js-1.9.46.tgz", + "integrity": "sha512-QqTX4UVsGy24njtCgLRspiKpxfRniRBZE/P+d0vQXuYWQ+hwDS6X0ouo0O/SRyf7bhhMCE71b6vAvLMtY5PfEw==", + "dev": true + }, + "node_modules/md5": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/md5/-/md5-2.3.0.tgz", + "integrity": "sha512-T1GITYmFaKuO91vxyoQMFETst+O71VUPEU3ze5GNzDm0OWdP8v1ziTaAEPUr/3kLsY3Sftgz242A1SetQiDL7g==", + "dev": true, + "dependencies": { + "charenc": "0.0.2", + "crypt": "0.0.2", + "is-buffer": "~1.1.6" + } + }, + "node_modules/minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "dev": true, + "bin": { + "mkdirp": "bin/cmd.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/multimatch": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/multimatch/-/multimatch-5.0.0.tgz", + "integrity": "sha512-ypMKuglUrZUD99Tk2bUQ+xNQj43lPEfAeX2o9cTteAmShXy2VHDJpuwu1o0xqoKCt9jLVAvwyFKdLTPXKAfJyA==", + "dev": true, + "dependencies": { + "@types/minimatch": "^3.0.3", + "array-differ": "^3.0.0", + "array-union": "^2.1.0", + "arrify": "^2.0.1", + "minimatch": "^3.0.4" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/node-fetch": { + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "dev": true, + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/object-inspect": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.0.tgz", + "integrity": "sha512-Ho2z80bVIvJloH+YzRmpZVQe87+qASmBUKZDWgx9cu+KDrX2ZDH/3tMy+gXbZETVGs2M8YdxObOh7XAtim9Y0g==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-is": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz", + "integrity": "sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "dev": true, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.assign": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz", + "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.0", + "define-properties": "^1.1.3", + "has-symbols": "^1.0.1", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dev": true, + "dependencies": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", + "dev": true, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/process": { + "version": "0.11.10", + "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", + "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=", + "dev": true, + "engines": { + "node": ">= 0.6.0" + } + }, + "node_modules/reflect-metadata": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.1.13.tgz", + "integrity": "sha512-Ts1Y/anZELhSsjMcU605fU9RE4Oi3p5ORujwbIKXfWa+0Zxs510Qrmrce5/Jowq3cHSZSJqBjypxmHarc+vEWg==", + "dev": true + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/string-template": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/string-template/-/string-template-1.0.0.tgz", + "integrity": "sha1-np8iM9wA8hhxjsN5oopWc+zKi5Y=", + "dev": true + }, + "node_modules/string.prototype.trimend": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", + "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/string.prototype.trimstart": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", + "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "dev": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/stringz": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/stringz/-/stringz-2.1.0.tgz", + "integrity": "sha512-KlywLT+MZ+v0IRepfMxRtnSvDCMc3nR1qqCs3m/qIbSOWkNZYT8XHQA31rS3TnKp0c5xjZu3M4GY/2aRKSi/6A==", + "dev": true, + "dependencies": { + "char-regex": "^1.0.2" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=", + "dev": true + }, + "node_modules/tslib": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", + "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==", + "dev": true + }, + "node_modules/type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=", + "dev": true, + "dependencies": { + "prelude-ls": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/unbox-primitive": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", + "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "dev": true, + "dependencies": { + "function-bind": "^1.1.1", + "has-bigints": "^1.0.1", + "has-symbols": "^1.0.2", + "which-boxed-primitive": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/util": { + "version": "0.12.4", + "resolved": "https://registry.npmjs.org/util/-/util-0.12.4.tgz", + "integrity": "sha512-bxZ9qtSlGUWSOy9Qa9Xgk11kSslpuZwaxCg4sNIDj6FLucDab2JxnHwyNTCpHMtK1MjoQiWQ6DiUMZYbSrO+Sw==", + "dev": true, + "dependencies": { + "inherits": "^2.0.3", + "is-arguments": "^1.0.4", + "is-generator-function": "^1.0.7", + "is-typed-array": "^1.1.3", + "safe-buffer": "^5.1.2", + "which-typed-array": "^1.1.2" + } + }, + "node_modules/validator": { + "version": "13.7.0", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz", + "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==", + "dev": true, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=", + "dev": true + }, + "node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", + "dev": true, + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, + "node_modules/which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dev": true, + "dependencies": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/which-typed-array": { + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.7.tgz", + "integrity": "sha512-vjxaB4nfDqwKI0ws7wZpxIlde1XrLX5uB0ZjpfshgmapJMD7jJWhZI+yToJTqaFByF0eNBcYxbjmCzoRP7CfEw==", + "dev": true, + "dependencies": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "es-abstract": "^1.18.5", + "foreach": "^2.0.5", + "has-tostringtag": "^1.0.0", + "is-typed-array": "^1.1.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/word-wrap": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", + "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + } + }, + "dependencies": { + "@javascript-obfuscator/escodegen": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@javascript-obfuscator/escodegen/-/escodegen-2.3.0.tgz", + "integrity": "sha512-QVXwMIKqYMl3KwtTirYIA6gOCiJ0ZDtptXqAv/8KWLG9uQU2fZqTVy7a/A5RvcoZhbDoFfveTxuGxJ5ibzQtkw==", + "dev": true, + "requires": { + "@javascript-obfuscator/estraverse": "^5.3.0", + "esprima": "^4.0.1", + "esutils": "^2.0.2", + "optionator": "^0.8.1", + "source-map": "~0.6.1" + } + }, + "@javascript-obfuscator/estraverse": { + "version": "5.4.0", + "resolved": "https://registry.npmjs.org/@javascript-obfuscator/estraverse/-/estraverse-5.4.0.tgz", + "integrity": "sha512-CZFX7UZVN9VopGbjTx4UXaXsi9ewoM1buL0kY7j1ftYdSs7p2spv9opxFjHlQ/QGTgh4UqufYqJJ0WKLml7b6w==", + "dev": true + }, + "@nuxtjs/opencollective": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@nuxtjs/opencollective/-/opencollective-0.3.2.tgz", + "integrity": "sha512-um0xL3fO7Mf4fDxcqx9KryrB7zgRM5JSlvGN5AGkP6JLM5XEKyjeAiPbNxdXVXQ16isuAhYpvP88NgL2BGd6aA==", + "dev": true, + "requires": { + "chalk": "^4.1.0", + "consola": "^2.15.0", + "node-fetch": "^2.6.1" + } + }, + "@types/minimatch": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz", + "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==", + "dev": true + }, + "acorn": { + "version": "8.7.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz", + "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==", + "dev": true + }, + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "requires": { + "color-convert": "^2.0.1" + } + }, + "array-differ": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-3.0.0.tgz", + "integrity": "sha512-THtfYS6KtME/yIAhKjZ2ul7XI96lQGHRputJQHO80LAWQnuGP4iCIN8vdMRboGbIEYBwU33q8Tch1os2+X0kMg==", + "dev": true + }, + "array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true + }, + "arrify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz", + "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==", + "dev": true + }, + "assert": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/assert/-/assert-2.0.0.tgz", + "integrity": "sha512-se5Cd+js9dXJnu6Ag2JFc00t+HmHOen+8Q+L7O9zI0PqQXr20uk2J0XQqMxZEeo5U50o8Nvmmx7dZrl+Ufr35A==", + "dev": true, + "requires": { + "es6-object-assign": "^1.1.0", + "is-nan": "^1.2.1", + "object-is": "^1.0.1", + "util": "^0.12.0" + } + }, + "available-typed-arrays": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz", + "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dev": true + }, + "call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + } + }, + "chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + } + }, + "chance": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/chance/-/chance-1.1.8.tgz", + "integrity": "sha512-v7fi5Hj2VbR6dJEGRWLmJBA83LJMS47pkAbmROFxHWd9qmE1esHRZW8Clf1Fhzr3rjxnNZVCjOEv/ivFxeIMtg==", + "dev": true + }, + "char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "dev": true + }, + "charenc": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/charenc/-/charenc-0.0.2.tgz", + "integrity": "sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc=", + "dev": true + }, + "class-validator": { + "version": "0.13.2", + "resolved": "https://registry.npmjs.org/class-validator/-/class-validator-0.13.2.tgz", + "integrity": "sha512-yBUcQy07FPlGzUjoLuUfIOXzgynnQPPruyK1Ge2B74k9ROwnle1E+NxLWnUv5OLU8hA/qL5leAE9XnXq3byaBw==", + "dev": true, + "requires": { + "libphonenumber-js": "^1.9.43", + "validator": "^13.7.0" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true + }, + "commander": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", + "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "consola": { + "version": "2.15.3", + "resolved": "https://registry.npmjs.org/consola/-/consola-2.15.3.tgz", + "integrity": "sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw==", + "dev": true + }, + "crypt": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/crypt/-/crypt-0.0.2.tgz", + "integrity": "sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs=", + "dev": true + }, + "deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true + }, + "define-properties": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz", + "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==", + "dev": true, + "requires": { + "object-keys": "^1.0.12" + } + }, + "es-abstract": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.19.1.tgz", + "integrity": "sha512-2vJ6tjA/UfqLm2MPs7jxVybLoB8i1t1Jd9R3kISld20sIxPcTbLuggQOUxeWeAvIUkduv/CfMjuh4WmiXr2v9w==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "es-to-primitive": "^1.2.1", + "function-bind": "^1.1.1", + "get-intrinsic": "^1.1.1", + "get-symbol-description": "^1.0.0", + "has": "^1.0.3", + "has-symbols": "^1.0.2", + "internal-slot": "^1.0.3", + "is-callable": "^1.2.4", + "is-negative-zero": "^2.0.1", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.1", + "is-string": "^1.0.7", + "is-weakref": "^1.0.1", + "object-inspect": "^1.11.0", + "object-keys": "^1.1.1", + "object.assign": "^4.1.2", + "string.prototype.trimend": "^1.0.4", + "string.prototype.trimstart": "^1.0.4", + "unbox-primitive": "^1.0.1" + } + }, + "es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dev": true, + "requires": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + } + }, + "es6-object-assign": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/es6-object-assign/-/es6-object-assign-1.1.0.tgz", + "integrity": "sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw=", + "dev": true + }, + "eslint-scope": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.0.tgz", + "integrity": "sha512-aWwkhnS0qAXqNOgKOK0dJ2nvzEbhEvpy8OlJ9kZ0FeZnA6zpjv1/Vei+puGFFX7zkPCkHHXb7IDX3A+7yPrRWg==", + "dev": true, + "requires": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + } + }, + "eslint-visitor-keys": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.2.0.tgz", + "integrity": "sha512-IOzT0X126zn7ALX0dwFiUQEdsfzrm4+ISsQS8nukaJXwEyYKRSnEIIDULYg1mCtGp7UUXgfGl7BIolXREQK+XQ==", + "dev": true + }, + "esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true + }, + "esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "requires": { + "estraverse": "^5.2.0" + } + }, + "estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true + }, + "esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true + }, + "fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true + }, + "fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=", + "dev": true + }, + "foreach": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz", + "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=", + "dev": true + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, + "get-intrinsic": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz", + "integrity": "sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.1" + } + }, + "get-symbol-description": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", + "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.1" + } + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-bigints": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", + "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "dev": true + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true + }, + "has-symbols": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz", + "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==", + "dev": true + }, + "has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "dev": true, + "requires": { + "has-symbols": "^1.0.2" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "internal-slot": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.3.tgz", + "integrity": "sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==", + "dev": true, + "requires": { + "get-intrinsic": "^1.1.0", + "has": "^1.0.3", + "side-channel": "^1.0.4" + } + }, + "inversify": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/inversify/-/inversify-6.0.1.tgz", + "integrity": "sha512-B3ex30927698TJENHR++8FfEaJGqoWOgI6ZY5Ht/nLUsFCwHn6akbwtnUAPCgUepAnTpe2qHxhDNjoKLyz6rgQ==", + "dev": true + }, + "is-arguments": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", + "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, + "is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "dev": true, + "requires": { + "has-bigints": "^1.0.1" + } + }, + "is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, + "is-buffer": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==", + "dev": true + }, + "is-callable": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.4.tgz", + "integrity": "sha512-nsuwtxZfMX67Oryl9LCQ+upnC0Z0BgpwntpS89m1H/TLF0zNfzfLMV/9Wa/6MZsj0acpEjAO0KF1xT6ZdLl95w==", + "dev": true + }, + "is-date-object": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-generator-function": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", + "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-nan": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/is-nan/-/is-nan-1.3.2.tgz", + "integrity": "sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==", + "dev": true, + "requires": { + "call-bind": "^1.0.0", + "define-properties": "^1.1.3" + } + }, + "is-negative-zero": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==", + "dev": true + }, + "is-number-object": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.6.tgz", + "integrity": "sha512-bEVOqiRcvo3zO1+G2lVMy+gkkEm9Yh7cDMRusKKu5ZJKPUYSJwICTKZrNKHA2EbSP0Tu0+6B/emsYNHZyn6K8g==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-regex": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, + "is-shared-array-buffer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.1.tgz", + "integrity": "sha512-IU0NmyknYZN0rChcKhRO1X8LYz5Isj/Fsqh8NJOSf+N/hCOTwy29F32Ik7a+QszE63IdvmwdTPDd6cZ5pg4cwA==", + "dev": true + }, + "is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-symbol": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dev": true, + "requires": { + "has-symbols": "^1.0.2" + } + }, + "is-typed-array": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.8.tgz", + "integrity": "sha512-HqH41TNZq2fgtGT8WHVFVJhBVGuY3AnP3Q36K8JKXUxSxRgk/d+7NjmwG2vo2mYmXK8UYZKu0qH8bVP5gEisjA==", + "dev": true, + "requires": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "es-abstract": "^1.18.5", + "foreach": "^2.0.5", + "has-tostringtag": "^1.0.0" + } + }, + "is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "dev": true, + "requires": { + "call-bind": "^1.0.2" + } + }, + "javascript-obfuscator": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/javascript-obfuscator/-/javascript-obfuscator-3.1.0.tgz", + "integrity": "sha512-rbv0lx4Zj4LQIE720eqbrh+9PmvUXJWXoQQC5bxqaQfV6WwBZTJlhNnfZFyEHPtdJpmgKfUgW0BB5lera2Msmw==", + "dev": true, + "requires": { + "@javascript-obfuscator/escodegen": "2.3.0", + "@javascript-obfuscator/estraverse": "5.4.0", + "@nuxtjs/opencollective": "0.3.2", + "acorn": "8.7.0", + "assert": "2.0.0", + "chalk": "4.1.2", + "chance": "1.1.8", + "class-validator": "0.13.2", + "commander": "9.0.0", + "eslint-scope": "7.1.0", + "eslint-visitor-keys": "3.2.0", + "fast-deep-equal": "3.1.3", + "inversify": "6.0.1", + "js-string-escape": "1.0.1", + "md5": "2.3.0", + "mkdirp": "1.0.4", + "multimatch": "5.0.0", + "process": "0.11.10", + "reflect-metadata": "0.1.13", + "source-map-support": "0.5.21", + "string-template": "1.0.0", + "stringz": "2.1.0", + "tslib": "2.3.1" + } + }, + "js-string-escape": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/js-string-escape/-/js-string-escape-1.0.1.tgz", + "integrity": "sha1-4mJbrbwNZ8dTPp7cEGjFh65BN+8=", + "dev": true + }, + "levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=", + "dev": true, + "requires": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + } + }, + "libphonenumber-js": { + "version": "1.9.46", + "resolved": "https://registry.npmjs.org/libphonenumber-js/-/libphonenumber-js-1.9.46.tgz", + "integrity": "sha512-QqTX4UVsGy24njtCgLRspiKpxfRniRBZE/P+d0vQXuYWQ+hwDS6X0ouo0O/SRyf7bhhMCE71b6vAvLMtY5PfEw==", + "dev": true + }, + "md5": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/md5/-/md5-2.3.0.tgz", + "integrity": "sha512-T1GITYmFaKuO91vxyoQMFETst+O71VUPEU3ze5GNzDm0OWdP8v1ziTaAEPUr/3kLsY3Sftgz242A1SetQiDL7g==", + "dev": true, + "requires": { + "charenc": "0.0.2", + "crypt": "0.0.2", + "is-buffer": "~1.1.6" + } + }, + "minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "mkdirp": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", + "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", + "dev": true + }, + "multimatch": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/multimatch/-/multimatch-5.0.0.tgz", + "integrity": "sha512-ypMKuglUrZUD99Tk2bUQ+xNQj43lPEfAeX2o9cTteAmShXy2VHDJpuwu1o0xqoKCt9jLVAvwyFKdLTPXKAfJyA==", + "dev": true, + "requires": { + "@types/minimatch": "^3.0.3", + "array-differ": "^3.0.0", + "array-union": "^2.1.0", + "arrify": "^2.0.1", + "minimatch": "^3.0.4" + } + }, + "node-fetch": { + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "dev": true, + "requires": { + "whatwg-url": "^5.0.0" + } + }, + "object-inspect": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.0.tgz", + "integrity": "sha512-Ho2z80bVIvJloH+YzRmpZVQe87+qASmBUKZDWgx9cu+KDrX2ZDH/3tMy+gXbZETVGs2M8YdxObOh7XAtim9Y0g==", + "dev": true + }, + "object-is": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.5.tgz", + "integrity": "sha512-3cyDsyHgtmi7I7DfSSI2LDp6SK2lwvtbg0p0R1e0RvTqF5ceGx+K2dfSjm1bKDMVCFEDAQvy+o8c6a7VujOddw==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + } + }, + "object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "dev": true + }, + "object.assign": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz", + "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==", + "dev": true, + "requires": { + "call-bind": "^1.0.0", + "define-properties": "^1.1.3", + "has-symbols": "^1.0.1", + "object-keys": "^1.1.1" + } + }, + "optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dev": true, + "requires": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + } + }, + "prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=", + "dev": true + }, + "process": { + "version": "0.11.10", + "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", + "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=", + "dev": true + }, + "reflect-metadata": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.1.13.tgz", + "integrity": "sha512-Ts1Y/anZELhSsjMcU605fU9RE4Oi3p5ORujwbIKXfWa+0Zxs510Qrmrce5/Jowq3cHSZSJqBjypxmHarc+vEWg==", + "dev": true + }, + "safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dev": true + }, + "side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "dev": true, + "requires": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + } + }, + "source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true + }, + "source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "dev": true, + "requires": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "string-template": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/string-template/-/string-template-1.0.0.tgz", + "integrity": "sha1-np8iM9wA8hhxjsN5oopWc+zKi5Y=", + "dev": true + }, + "string.prototype.trimend": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", + "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + } + }, + "string.prototype.trimstart": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", + "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" + } + }, + "stringz": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/stringz/-/stringz-2.1.0.tgz", + "integrity": "sha512-KlywLT+MZ+v0IRepfMxRtnSvDCMc3nR1qqCs3m/qIbSOWkNZYT8XHQA31rS3TnKp0c5xjZu3M4GY/2aRKSi/6A==", + "dev": true, + "requires": { + "char-regex": "^1.0.2" + } + }, + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + }, + "tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=", + "dev": true + }, + "tslib": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", + "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==", + "dev": true + }, + "type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=", + "dev": true, + "requires": { + "prelude-ls": "~1.1.2" + } + }, + "unbox-primitive": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", + "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "has-bigints": "^1.0.1", + "has-symbols": "^1.0.2", + "which-boxed-primitive": "^1.0.2" + } + }, + "util": { + "version": "0.12.4", + "resolved": "https://registry.npmjs.org/util/-/util-0.12.4.tgz", + "integrity": "sha512-bxZ9qtSlGUWSOy9Qa9Xgk11kSslpuZwaxCg4sNIDj6FLucDab2JxnHwyNTCpHMtK1MjoQiWQ6DiUMZYbSrO+Sw==", + "dev": true, + "requires": { + "inherits": "^2.0.3", + "is-arguments": "^1.0.4", + "is-generator-function": "^1.0.7", + "is-typed-array": "^1.1.3", + "safe-buffer": "^5.1.2", + "which-typed-array": "^1.1.2" + } + }, + "validator": { + "version": "13.7.0", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz", + "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==", + "dev": true + }, + "webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=", + "dev": true + }, + "whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", + "dev": true, + "requires": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, + "which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dev": true, + "requires": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + } + }, + "which-typed-array": { + "version": "1.1.7", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.7.tgz", + "integrity": "sha512-vjxaB4nfDqwKI0ws7wZpxIlde1XrLX5uB0ZjpfshgmapJMD7jJWhZI+yToJTqaFByF0eNBcYxbjmCzoRP7CfEw==", + "dev": true, + "requires": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "es-abstract": "^1.18.5", + "foreach": "^2.0.5", + "has-tostringtag": "^1.0.0", + "is-typed-array": "^1.1.7" + } + }, + "word-wrap": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", + "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==", + "dev": true + } + } +} diff --git a/js/package.json b/js/package.json index 5536e16f8d..6e08e4febb 100644 --- a/js/package.json +++ b/js/package.json @@ -4,7 +4,7 @@ "description": "Examples with how to not use secrets", "main": "index.js", "scripts": { - "build": "./node_modules/.bin/javascript-obfuscator index.js --output ../src/main/resources/js/index.js" + "build": "./node_modules/.bin/javascript-obfuscator index.js --output ../target/classes/static/js/index.js" }, "keywords": [ "secrets" diff --git a/pom.xml b/pom.xml index f2a977e7eb..9bc03e709c 100644 --- a/pom.xml +++ b/pom.xml @@ -244,6 +244,35 @@ + + com.github.eirslett + frontend-maven-plugin + 1.12.1 + + + install node and npm + + install-node-and-npm + + generate-resources + + v16.13.2 + js + + + + npm install + + npm + + generate-resources + + install + js + + + + org.codehaus.mojo exec-maven-plugin @@ -257,12 +286,12 @@ - ./js/node_modules/.bin/javascript-obfuscator - - ./js/index.js - --output - ./target/classes/static/js/index.js - + ./js/node_modules/.bin/javascript-obfuscator + + ./js/index.js + --output + ./target/classes/static/js/index.js + From 775c4120776eef6c1e9cde40ac5f3b93ce469ad5 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Wed, 16 Mar 2022 22:28:22 +0100 Subject: [PATCH 04/34] #44 front end JavaScript library with key obfuscated --- .../resources/explanations/challenge15.adoc | 5 +++ src/main/resources/templates/index.html | 44 ++++++++++--------- 2 files changed, 29 insertions(+), 20 deletions(-) create mode 100644 src/main/resources/explanations/challenge15.adoc diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc new file mode 100644 index 0000000000..dbb2322415 --- /dev/null +++ b/src/main/resources/explanations/challenge15.adoc @@ -0,0 +1,5 @@ +=== JavaScript key obfuscated + +When we start new project usually we are focus on new festers implementation than on security aspect. In such situation it easy to store secret or credential in front-end code. + +What about looking for it in the Development Tools in browser? diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index 2ddf94fa20..5db9ef66a7 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -5,30 +5,34 @@ OWASP WrongSecrets - - - + + + -
-
- -
+
+
+ +
- - - - - - + + + + + + From f930545356f9108f525b7431a720e4151948696f Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Mon, 21 Mar 2022 22:37:38 +0100 Subject: [PATCH 05/34] remove unused Java imports --- js/index.js | 5 +- .../challenges/docker/Challenge15.java | 53 +++++++++++++++++++ .../wrongsecrets/client/TokenController.java | 41 ++++++++++++++ src/main/resources/application.properties | 2 +- .../resources/explanations/challenge15.adoc | 5 +- .../explanations/challenge15_hint.adoc | 9 ++++ .../explanations/challenge15_reason.adoc | 4 ++ src/main/resources/templates/index.html | 12 ++--- 8 files changed, 119 insertions(+), 12 deletions(-) create mode 100644 src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java create mode 100644 src/main/java/org/owasp/wrongsecrets/client/TokenController.java create mode 100644 src/main/resources/explanations/challenge15_hint.adoc create mode 100644 src/main/resources/explanations/challenge15_reason.adoc diff --git a/js/index.js b/js/index.js index 9d9396f423..9326c73732 100644 --- a/js/index.js +++ b/js/index.js @@ -1,5 +1,4 @@ -function secret (){ - var passwordPrefix = '5' + 3; - var password = passwordPrefix + 'pass' + 1 + 1; +function secret() { + var password = 'wg2QIk2N' + 8 + 'YmTEd' + 3 + 'C/jnlkFGeIpdeGI+lKzK7rROePYU='; return password } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java new file mode 100644 index 0000000000..90d34e899d --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java @@ -0,0 +1,53 @@ +package org.owasp.wrongsecrets.challenges.docker; + + +import lombok.extern.slf4j.Slf4j; +import org.owasp.wrongsecrets.RuntimeEnvironment; +import org.owasp.wrongsecrets.ScoreCard; +import org.owasp.wrongsecrets.challenges.Challenge; +import org.owasp.wrongsecrets.challenges.Spoiler; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.core.annotation.Order; +import org.springframework.stereotype.Component; + +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.List; + +@Slf4j +@Component +@Order(15) +public class Challenge15 extends Challenge { + + private String dockerMountPath; + + public Challenge15(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) { + super(scoreCard); + this.dockerMountPath = dockerMountPath; + } + + @Override + public Spoiler spoiler() { + return new Spoiler(getActualData()); + } + + @Override + public boolean answerCorrect(String answer) { + log.info("challenge 15, actualdata: {}, answer: {}", getActualData(), answer); + return getActualData().equals(answer); + } + + @Override + public List supportedRuntimeEnvironments() { + return List.of(RuntimeEnvironment.Environment.DOCKER); + } + + private String getActualData() { + try { + return Files.readString(Paths.get(dockerMountPath, "yourkey.txt")); + } catch (Exception e) { + log.warn("Exception during file reading, defaulting to default without cloud environment", e); + return "if_you_see_this_please_use_docker_instead"; + } + } +} diff --git a/src/main/java/org/owasp/wrongsecrets/client/TokenController.java b/src/main/java/org/owasp/wrongsecrets/client/TokenController.java new file mode 100644 index 0000000000..107f99f631 --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/client/TokenController.java @@ -0,0 +1,41 @@ +package org.owasp.wrongsecrets.client; + +import com.fasterxml.jackson.annotation.JsonProperty; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; + +import java.util.UUID; + +@Controller +public class TokenController { + + @PostMapping(path = "/oauth/token", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE}) + public ResponseEntity clientCredentialToken(@RequestHeader(HttpHeaders.AUTHORIZATION) String authorization, + TokenRequest tokenRequest) { + if ("Basic am9objp3ZzJRSWsyTjhZbVRFZDNDL2pubGtGR2VJcGRlR0krbEt6SzdyUk9lUFlVPQ==".equals(authorization) + && "client_credentials".equals(tokenRequest.grant_type()) + && "user_info".equals(tokenRequest.scope())) { + return ResponseEntity.ok( + new TokenResponse(UUID.randomUUID().toString(), "bearer", 54321L, "user_info") + ); + } + return ResponseEntity.status(HttpStatus.UNAUTHORIZED) + .build(); + } + + public record TokenRequest(String grant_type, + String scope) { + } + + public record TokenResponse(@JsonProperty("access_token") String accessToken, + @JsonProperty("token_type") String tokenType, + @JsonProperty("expires_in") Long expiresIn, + String scope) { + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 2482b6bf55..7242b8b8e1 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -16,7 +16,7 @@ azure.keyvault.enabled=false azure.keyvault.uri=https://default.vault.localhost wrongsecret-3=if_you_see_this_please_use_Azure_Setup secretmountpath=/mnt/secrets-store -challengedockermtpath=/var/tmp/helpers +challengedockermtpath=/Users/mno/workspace/opensource/wrongsecrets AWS_REGION=if_you_see_this_please_use_AWS_Setup GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup K8S_ENV=DOCKER diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index dbb2322415..28d34c3164 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -1,5 +1,6 @@ -=== JavaScript key obfuscated +=== Docker COPY and WORKDIR -When we start new project usually we are focus on new festers implementation than on security aspect. In such situation it easy to store secret or credential in front-end code. +When we start new project usually we are focus on new festers implementation than on security aspect. +In such situation it easy to store secret or credential in front-end code. What about looking for it in the Development Tools in browser? diff --git a/src/main/resources/explanations/challenge15_hint.adoc b/src/main/resources/explanations/challenge15_hint.adoc new file mode 100644 index 0000000000..5b2af47d4c --- /dev/null +++ b/src/main/resources/explanations/challenge15_hint.adoc @@ -0,0 +1,9 @@ +You can solve this challenge by the following steps: + +1. Open main page in the browser +2. Open development tools: +- select Network tab +- find request with path `/oauth/token` +- find in the request `Authorization` header +- decode Base64 heder value after `Basic` +- the first part before `:` is user name and the second is password diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge15_reason.adoc new file mode 100644 index 0000000000..6a864267dc --- /dev/null +++ b/src/main/resources/explanations/challenge15_reason.adoc @@ -0,0 +1,4 @@ +*Why using Single Page Application or Mobile application to put secrets in is a bad idea* + +As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application. +Authorization Code Flow with Proof Key for Code Exchange (PKCE) diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index 5db9ef66a7..5ee3d2b885 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -26,12 +26,12 @@ From 0358336566132cb8c3d501b947a88f47721512fd Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Wed, 23 Mar 2022 21:46:25 +0100 Subject: [PATCH 06/34] #44 front end JavaScript library with key obfuscated --- js/index.js | 2 +- .../challenges/docker/Challenge15.java | 4 +- .../wrongsecrets/client/TokenController.java | 41 ------------- .../wrongsecrets/oauth/TokenController.java | 59 +++++++++++++++++++ .../resources/explanations/challenge15.adoc | 4 +- .../explanations/challenge15_hint.adoc | 8 +-- .../explanations/challenge15_reason.adoc | 2 +- src/main/resources/templates/index.html | 9 +-- .../challenges/docker/Challenge15Test.java | 53 +++++++++++++++++ 9 files changed, 127 insertions(+), 55 deletions(-) delete mode 100644 src/main/java/org/owasp/wrongsecrets/client/TokenController.java create mode 100644 src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java create mode 100644 src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java diff --git a/js/index.js b/js/index.js index 9326c73732..a6f4fd0bb0 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = 'wg2QIk2N' + 8 + 'YmTEd' + 3 + 'C/jnlkFGeIpdeGI+lKzK7rROePYU='; + var password = 'wg' + 2 + 'QIk' + 2 + 'N' + 8 + 'YmTEd' + 3 + 'C/jnlkFGeIpdeGI+lKzK' + 7 + 'rROePYU='; return password } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java index 90d34e899d..af137eccbc 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java @@ -19,7 +19,7 @@ @Order(15) public class Challenge15 extends Challenge { - private String dockerMountPath; + private final String dockerMountPath; public Challenge15(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) { super(scoreCard); @@ -42,7 +42,7 @@ public List supportedRuntimeEnvironments() { return List.of(RuntimeEnvironment.Environment.DOCKER); } - private String getActualData() { + public String getActualData() { try { return Files.readString(Paths.get(dockerMountPath, "yourkey.txt")); } catch (Exception e) { diff --git a/src/main/java/org/owasp/wrongsecrets/client/TokenController.java b/src/main/java/org/owasp/wrongsecrets/client/TokenController.java deleted file mode 100644 index 107f99f631..0000000000 --- a/src/main/java/org/owasp/wrongsecrets/client/TokenController.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.owasp.wrongsecrets.client; - -import com.fasterxml.jackson.annotation.JsonProperty; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestHeader; - -import java.util.UUID; - -@Controller -public class TokenController { - - @PostMapping(path = "/oauth/token", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE}) - public ResponseEntity clientCredentialToken(@RequestHeader(HttpHeaders.AUTHORIZATION) String authorization, - TokenRequest tokenRequest) { - if ("Basic am9objp3ZzJRSWsyTjhZbVRFZDNDL2pubGtGR2VJcGRlR0krbEt6SzdyUk9lUFlVPQ==".equals(authorization) - && "client_credentials".equals(tokenRequest.grant_type()) - && "user_info".equals(tokenRequest.scope())) { - return ResponseEntity.ok( - new TokenResponse(UUID.randomUUID().toString(), "bearer", 54321L, "user_info") - ); - } - return ResponseEntity.status(HttpStatus.UNAUTHORIZED) - .build(); - } - - public record TokenRequest(String grant_type, - String scope) { - } - - public record TokenResponse(@JsonProperty("access_token") String accessToken, - @JsonProperty("token_type") String tokenType, - @JsonProperty("expires_in") Long expiresIn, - String scope) { - } -} diff --git a/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java b/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java new file mode 100644 index 0000000000..c9bcbcd456 --- /dev/null +++ b/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java @@ -0,0 +1,59 @@ +package org.owasp.wrongsecrets.oauth; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; + +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.UUID; + +@Slf4j +@Controller +public class TokenController { + + private final String dockerMountPath; + + public TokenController(@Value("${challengedockermtpath}") String dockerMountPath) { + this.dockerMountPath = dockerMountPath; + } + + + @PostMapping(path = "/token", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE}) + public ResponseEntity clientCredentialToken(TokenRequest tokenRequest) { + if ("client_credentials".equals(tokenRequest.grant_type()) + && "WRONGSECRET_CLIENT_ID".equals(tokenRequest.client_id()) + && getActualData().equals(tokenRequest.client_secret())) { + return ResponseEntity.ok( + new TokenResponse(UUID.randomUUID().toString(), "bearer", 54321L, "user_info") + ); + } + return ResponseEntity.status(HttpStatus.UNAUTHORIZED) + .build(); + } + + public record TokenRequest(String grant_type, + String client_id, + String client_secret) { + } + + public record TokenResponse(@JsonProperty("access_token") String accessToken, + @JsonProperty("token_type") String tokenType, + @JsonProperty("expires_in") Long expiresIn, + String scope) { + } + + public String getActualData() { + try { + return Files.readString(Paths.get(dockerMountPath, "yourkey.txt")); + } catch (Exception e) { + log.warn("Exception during file reading, defaulting to default without cloud environment", e); + return "if_you_see_this_please_use_docker_instead"; + } + } +} diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index 28d34c3164..3383715395 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -1,6 +1,8 @@ === Docker COPY and WORKDIR When we start new project usually we are focus on new festers implementation than on security aspect. -In such situation it easy to store secret or credential in front-end code. +Sometimes Single Page Application or mobile application need to access information for themself rather then on behalf of a user. +For this purpose OAuth provides the `client_credentials` flow to get access token. +In such situation it easy to store client secrets in front-end or mobile application code. What about looking for it in the Development Tools in browser? diff --git a/src/main/resources/explanations/challenge15_hint.adoc b/src/main/resources/explanations/challenge15_hint.adoc index 5b2af47d4c..ec12b5f993 100644 --- a/src/main/resources/explanations/challenge15_hint.adoc +++ b/src/main/resources/explanations/challenge15_hint.adoc @@ -1,9 +1,7 @@ You can solve this challenge by the following steps: -1. Open main page in the browser +1. Open main page in the Chrome browser 2. Open development tools: - select Network tab -- find request with path `/oauth/token` -- find in the request `Authorization` header -- decode Base64 heder value after `Basic` -- the first part before `:` is user name and the second is password +- find request with path `/token` +- find in the request body `client_secret` diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge15_reason.adoc index 6a864267dc..6a36c12468 100644 --- a/src/main/resources/explanations/challenge15_reason.adoc +++ b/src/main/resources/explanations/challenge15_reason.adoc @@ -1,4 +1,4 @@ -*Why using Single Page Application or Mobile application to put secrets in is a bad idea* +*Why using Single Page Application or Mobile application to put client secret in is a bad idea* As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application. Authorization Code Flow with Proof Key for Code Exchange (PKCE) diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index 5ee3d2b885..53518399ab 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -28,10 +28,11 @@ diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java new file mode 100644 index 0000000000..a3603601bb --- /dev/null +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java @@ -0,0 +1,53 @@ +package org.owasp.wrongsecrets.challenges.docker; + +import org.assertj.core.api.Assertions; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.api.io.TempDir; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; +import org.owasp.wrongsecrets.ScoreCard; +import org.owasp.wrongsecrets.challenges.Spoiler; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; + +@ExtendWith(MockitoExtension.class) +class Challenge15Test { + + @Mock + private ScoreCard scoreCard; + + @Test + void solveChallenge15WithoutFile(@TempDir Path dir) { + var challenge = new Challenge15(scoreCard, dir.toString()); + + Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); + Assertions.assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")).isTrue(); + } + + @Test + void solveChallenge15WithMNTFile(@TempDir Path dir) throws Exception { + var testFile = new File(dir.toFile(), "yourkey.txt"); + var secret = "secretvalueWitFile"; + Files.writeString(testFile.toPath(), secret); + + var challenge = new Challenge15(scoreCard, dir.toString()); + + Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isTrue(); + } + + @Test + void spoilShouldReturnCorrectAnswer(@TempDir Path dir) throws IOException { + var testFile = new File(dir.toFile(), "yourkey.txt"); + var secret = "secretvalueWitFile"; + Files.writeString(testFile.toPath(), secret); + + var challenge = new Challenge15(scoreCard, dir.toString()); + + Assertions.assertThat(challenge.spoiler()).isEqualTo(new Spoiler("secretvalueWitFile")); + } + +} From ff94b7eacfaf3fc868134c45328515a8a502b9a1 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Wed, 23 Mar 2022 22:06:30 +0100 Subject: [PATCH 07/34] #44 front end JavaScript library with key obfuscated --- src/main/resources/explanations/challenge15.adoc | 6 +++--- src/main/resources/explanations/challenge15_reason.adoc | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index 3383715395..49a2354863 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -1,8 +1,8 @@ === Docker COPY and WORKDIR -When we start new project usually we are focus on new festers implementation than on security aspect. -Sometimes Single Page Application or mobile application need to access information for themself rather then on behalf of a user. +When we start new project usually we are focus on new feature implementation than on security aspect. +Sometimes Single Page Application or mobile application need to access information for themselves rather than on behalf of a user. For this purpose OAuth provides the `client_credentials` flow to get access token. -In such situation it easy to store client secrets in front-end or mobile application code. +In such situation it's easy to store client secrets in front-end or mobile application code. What about looking for it in the Development Tools in browser? diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge15_reason.adoc index 6a36c12468..5b1aeebeb7 100644 --- a/src/main/resources/explanations/challenge15_reason.adoc +++ b/src/main/resources/explanations/challenge15_reason.adoc @@ -1,4 +1,4 @@ -*Why using Single Page Application or Mobile application to put client secret in is a bad idea* +*Why using Single-Page Application or Mobile application to put client secret in is a bad idea* As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application. -Authorization Code Flow with Proof Key for Code Exchange (PKCE) +To prevent such situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used. From 6f192d63981b79cdea6618ecc9c6ed5253b5fefe Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Wed, 23 Mar 2022 22:17:02 +0100 Subject: [PATCH 08/34] #44 front end JavaScript library with key obfuscated --- src/main/resources/explanations/challenge15.adoc | 10 +++++----- src/main/resources/explanations/challenge15_hint.adoc | 2 +- .../resources/explanations/challenge15_reason.adoc | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge15.adoc index 49a2354863..ca1eb020a1 100644 --- a/src/main/resources/explanations/challenge15.adoc +++ b/src/main/resources/explanations/challenge15.adoc @@ -1,8 +1,8 @@ === Docker COPY and WORKDIR -When we start new project usually we are focus on new feature implementation than on security aspect. -Sometimes Single Page Application or mobile application need to access information for themselves rather than on behalf of a user. -For this purpose OAuth provides the `client_credentials` flow to get access token. -In such situation it's easy to store client secrets in front-end or mobile application code. +When we start a new project usually we are focused on new feature implementation than on the security aspect. +Sometimes Single-Page apps or mobile apps need to access information for themselves rather than on behalf of a user. +For this purpose, OAuth provides the `client_credentials` flow to get access token. +In such a situation, it's easy to store client secrets in front-end or mobile application code. -What about looking for it in the Development Tools in browser? +What about looking for it in the Development Tools in the browser? diff --git a/src/main/resources/explanations/challenge15_hint.adoc b/src/main/resources/explanations/challenge15_hint.adoc index ec12b5f993..315c657c20 100644 --- a/src/main/resources/explanations/challenge15_hint.adoc +++ b/src/main/resources/explanations/challenge15_hint.adoc @@ -1,6 +1,6 @@ You can solve this challenge by the following steps: -1. Open main page in the Chrome browser +1. Open the main page in the Chrome browser 2. Open development tools: - select Network tab - find request with path `/token` diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge15_reason.adoc index 5b1aeebeb7..e23a3af909 100644 --- a/src/main/resources/explanations/challenge15_reason.adoc +++ b/src/main/resources/explanations/challenge15_reason.adoc @@ -1,4 +1,4 @@ -*Why using Single-Page Application or Mobile application to put client secret in is a bad idea* +*Why using Single-Page apps or Mobile apps to put client secret in is a bad idea* -As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application. -To prevent such situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used. +As you can tell by now, you can easily detect any secret that is stored within a Single-Page app or mobile app. +To prevent such a situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used. From 8f5625c29368e18ad5968e09c373fbeffa71efa9 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Wed, 23 Mar 2022 22:27:26 +0100 Subject: [PATCH 09/34] #44 front end JavaScript library with key obfuscated --- src/main/resources/templates/index.html | 50 ++++++++++++------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index 53518399ab..b16e5f7e72 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -5,35 +5,35 @@ OWASP WrongSecrets - - - + + + -
-
- -
+
+
+ +
- - - - - - + + + + + + From a2859003bc866fd8f1e5d329e2b3d6ea7decd063 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Mon, 28 Mar 2022 21:49:13 +0200 Subject: [PATCH 10/34] #44 front end JavaScript library with key obfuscated - review --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 7242b8b8e1..2482b6bf55 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -16,7 +16,7 @@ azure.keyvault.enabled=false azure.keyvault.uri=https://default.vault.localhost wrongsecret-3=if_you_see_this_please_use_Azure_Setup secretmountpath=/mnt/secrets-store -challengedockermtpath=/Users/mno/workspace/opensource/wrongsecrets +challengedockermtpath=/var/tmp/helpers AWS_REGION=if_you_see_this_please_use_AWS_Setup GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup K8S_ENV=DOCKER From 7d76c30dd5e4de3a3090a6fb72da6d59ab8f3197 Mon Sep 17 00:00:00 2001 From: Marcin Date: Mon, 28 Mar 2022 23:06:34 +0200 Subject: [PATCH 11/34] #44 front end JavaScript library with key obfuscated - mvn clean package - fix for Windows --- pom.xml | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 96db23f8df..700a251c18 100644 --- a/pom.xml +++ b/pom.xml @@ -211,6 +211,32 @@ + + + + Windows + + + Windows + + + + .cmd + + + + unix + + + unix + + + + + + + + @@ -359,7 +385,8 @@ - ./js/node_modules/.bin/javascript-obfuscator + + ./js/node_modules/.bin/javascript-obfuscator${script.extension} ./js/index.js --output From a973b1a9e44949731c7e9ac5de44e3739c0314bd Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Mon, 28 Mar 2022 23:14:38 +0200 Subject: [PATCH 12/34] #44 front end JavaScript library with key obfuscated - mvn clean package - fix for Unix --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 700a251c18..92f3deb20b 100644 --- a/pom.xml +++ b/pom.xml @@ -232,7 +232,7 @@ - + From 1ec45431389994a8ecacef62cdcb0e3f15a0877a Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Thu, 31 Mar 2022 17:55:10 +0200 Subject: [PATCH 13/34] #44 front end JavaScript library with key obfuscated - rename challenge to 16 --- README.md | 1 + .../docker/{Challenge15.java => Challenge16.java} | 8 ++++---- .../explanations/{challenge15.adoc => challenge16.adoc} | 0 .../{challenge15_hint.adoc => challenge16_hint.adoc} | 0 .../{challenge15_reason.adoc => challenge16_reason.adoc} | 0 .../docker/{Challenge15Test.java => Challenge16Test.java} | 8 ++++---- 6 files changed, 9 insertions(+), 8 deletions(-) rename src/main/java/org/owasp/wrongsecrets/challenges/docker/{Challenge15.java => Challenge16.java} (88%) rename src/main/resources/explanations/{challenge15.adoc => challenge16.adoc} (100%) rename src/main/resources/explanations/{challenge15_hint.adoc => challenge16_hint.adoc} (100%) rename src/main/resources/explanations/{challenge15_reason.adoc => challenge16_reason.adoc} (100%) rename src/test/java/org/owasp/wrongsecrets/challenges/docker/{Challenge15Test.java => Challenge16Test.java} (87%) diff --git a/README.md b/README.md index aaf15e9989..e4d176bfd3 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ Now you can try to find the secrets by means of solving the challenge offered at - [localhost:8080/challenge/12](http://localhost:8080/challenge/12) - [localhost:8080/challenge/13](http://localhost:8080/challenge/13) - [localhost:8080/challenge/14](http://localhost:8080/challenge/14) +- [localhost:8080/challenge/16](http://localhost:8080/challenge/16) Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look better ;-). diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java similarity index 88% rename from src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java rename to src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java index af137eccbc..0121223c9f 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge15.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java @@ -16,12 +16,12 @@ @Slf4j @Component -@Order(15) -public class Challenge15 extends Challenge { +@Order(16) +public class Challenge16 extends Challenge { private final String dockerMountPath; - public Challenge15(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) { + public Challenge16(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) { super(scoreCard); this.dockerMountPath = dockerMountPath; } @@ -33,7 +33,7 @@ public Spoiler spoiler() { @Override public boolean answerCorrect(String answer) { - log.info("challenge 15, actualdata: {}, answer: {}", getActualData(), answer); + log.info("challenge 16, actualdata: {}, answer: {}", getActualData(), answer); return getActualData().equals(answer); } diff --git a/src/main/resources/explanations/challenge15.adoc b/src/main/resources/explanations/challenge16.adoc similarity index 100% rename from src/main/resources/explanations/challenge15.adoc rename to src/main/resources/explanations/challenge16.adoc diff --git a/src/main/resources/explanations/challenge15_hint.adoc b/src/main/resources/explanations/challenge16_hint.adoc similarity index 100% rename from src/main/resources/explanations/challenge15_hint.adoc rename to src/main/resources/explanations/challenge16_hint.adoc diff --git a/src/main/resources/explanations/challenge15_reason.adoc b/src/main/resources/explanations/challenge16_reason.adoc similarity index 100% rename from src/main/resources/explanations/challenge15_reason.adoc rename to src/main/resources/explanations/challenge16_reason.adoc diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java similarity index 87% rename from src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java rename to src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java index a3603601bb..a4f1cc0369 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge15Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java @@ -15,14 +15,14 @@ import java.nio.file.Path; @ExtendWith(MockitoExtension.class) -class Challenge15Test { +class Challenge16Test { @Mock private ScoreCard scoreCard; @Test void solveChallenge15WithoutFile(@TempDir Path dir) { - var challenge = new Challenge15(scoreCard, dir.toString()); + var challenge = new Challenge16(scoreCard, dir.toString()); Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); Assertions.assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")).isTrue(); @@ -34,7 +34,7 @@ void solveChallenge15WithMNTFile(@TempDir Path dir) throws Exception { var secret = "secretvalueWitFile"; Files.writeString(testFile.toPath(), secret); - var challenge = new Challenge15(scoreCard, dir.toString()); + var challenge = new Challenge16(scoreCard, dir.toString()); Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isTrue(); } @@ -45,7 +45,7 @@ void spoilShouldReturnCorrectAnswer(@TempDir Path dir) throws IOException { var secret = "secretvalueWitFile"; Files.writeString(testFile.toPath(), secret); - var challenge = new Challenge15(scoreCard, dir.toString()); + var challenge = new Challenge16(scoreCard, dir.toString()); Assertions.assertThat(challenge.spoiler()).isEqualTo(new Spoiler("secretvalueWitFile")); } From 7b7b540fea937a745bb6c7f90001272b22d89ed3 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:32:14 +0200 Subject: [PATCH 14/34] Update POM file with new version: 1.3.10 --- .github/scripts/docker-create-and-push.sh | 8 ++++++++ js/index.js | 8 ++++---- pom.xml | 4 ++-- .../org/owasp/wrongsecrets/oauth/TokenController.java | 3 +-- src/main/resources/application.properties | 2 +- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh index c6af0cdc20..9cc4e74451 100755 --- a/.github/scripts/docker-create-and-push.sh +++ b/.github/scripts/docker-create-and-push.sh @@ -41,6 +41,14 @@ echo "Start building assets required for container" echo "generating challenge 12-data" openssl rand -base64 32 | tr -d '\n' > yourkey.txt +echo "generating challenge 16-data" +SECENDKEYPART1=$(openssl rand -base64 5 | tr -d '\n') +SECENDKEYPART2=$(openssl rand -base64 3 | tr -d '\n') +SECENDKEYPART3=$(openssl rand -base64 2 | tr -d '\n') +SECENDKEYPART4=$(openssl rand -base64 3 | tr -d '\n') +echo -n "${SECENDKEYPART1}9${SECENDKEYPART2}6${SECENDKEYPART3}2${SECENDKEYPART4}7" > secondkey.txt +printf "function secret() { \n var password = \"$SECENDKEYPART1\" + 9 + \"$SECENDKEYPART2\" + 6 + \"$SECENDKEYPART3\" + 2 + \"$SECENDKEYPART4\" + 7;\n return password;\n }\n" > ../../js/index.js + # preps for #178: #echo "Building and publishing to maven central, did you set: a settings.xml file with:" #echo "" diff --git a/js/index.js b/js/index.js index a6f4fd0bb0..251e31bdab 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ -function secret() { - var password = 'wg' + 2 + 'QIk' + 2 + 'N' + 8 + 'YmTEd' + 3 + 'C/jnlkFGeIpdeGI+lKzK' + 7 + 'rROePYU='; - return password -} +function secret() { + var password = "jQNPAo4=" + 9 + "5/6A" + 6 + "0kQ=" + 2 + "pFbS" + 7; + return password; + } diff --git a/pom.xml b/pom.xml index 60b6d7dd7c..e255d2ead3 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ org.owasp wrongsecrets - 1.3.9-SNAPSHOT + 1.3.10 -SNAPSHOT OWASP WrongSecrets Examples with how to not use secrets https://owasp.org/www-project-wrongsecrets/ @@ -236,7 +236,7 @@ - + diff --git a/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java b/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java index c9bcbcd456..8e94facecd 100644 --- a/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java +++ b/src/main/java/org/owasp/wrongsecrets/oauth/TokenController.java @@ -23,7 +23,6 @@ public TokenController(@Value("${challengedockermtpath}") String dockerMountPath this.dockerMountPath = dockerMountPath; } - @PostMapping(path = "/token", consumes = {MediaType.APPLICATION_FORM_URLENCODED_VALUE}) public ResponseEntity clientCredentialToken(TokenRequest tokenRequest) { if ("client_credentials".equals(tokenRequest.grant_type()) @@ -50,7 +49,7 @@ public record TokenResponse(@JsonProperty("access_token") String accessToken, public String getActualData() { try { - return Files.readString(Paths.get(dockerMountPath, "yourkey.txt")); + return Files.readString(Paths.get(dockerMountPath, "secondkey.txt")); } catch (Exception e) { log.warn("Exception during file reading, defaulting to default without cloud environment", e); return "if_you_see_this_please_use_docker_instead"; diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8cc7dc7099..b7ba437ad5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -16,7 +16,7 @@ azure.keyvault.enabled=false azure.keyvault.uri=https://default.vault.localhost wrongsecret-3=if_you_see_this_please_use_Azure_Setup secretmountpath=/mnt/secrets-store -challengedockermtpath=/var/tmp/helpers +challengedockermtpath=/Users/mno/workspace/opensource/wrongsecrets AWS_REGION=if_you_see_this_please_use_AWS_Setup GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup K8S_ENV=DOCKER From 3ab60845e1ddb6311d394933b0075c5ad473b846 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:35:13 +0200 Subject: [PATCH 15/34] Update POM file with new version: 1.3.10 --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index 251e31bdab..c8365da952 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "jQNPAo4=" + 9 + "5/6A" + 6 + "0kQ=" + 2 + "pFbS" + 7; + var password = "rzA0yQs=" + 9 + "heb4" + 6 + "Zuw=" + 2 + "i+em" + 7; return password; } From 08a53d2c1765721d13d43d93ef35933bc3f366aa Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:51:55 +0200 Subject: [PATCH 16/34] Update POM file with new version: 1.3.10 --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index c8365da952..83700725e6 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "rzA0yQs=" + 9 + "heb4" + 6 + "Zuw=" + 2 + "i+em" + 7; + var password = "9CHQuzA=" + 9 + "cLpT" + 6 + "PdU=" + 2 + "cCHi" + 7; return password; } From 2cd53479f03be56958628ece056896e489f3ec9c Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:53:00 +0200 Subject: [PATCH 17/34] Update POM file with new version: ^C --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index 83700725e6..21e45d1b4a 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "9CHQuzA=" + 9 + "cLpT" + 6 + "PdU=" + 2 + "cCHi" + 7; + var password = "TkE9zbM=" + 9 + "zUwn" + 6 + "4WM=" + 2 + "ENmI" + 7; return password; } From 9c1761d5a110ad87e57f575bb91ace594e660a92 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:54:20 +0200 Subject: [PATCH 18/34] Update POM file with new version: ^C --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index 21e45d1b4a..270f0691de 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "TkE9zbM=" + 9 + "zUwn" + 6 + "4WM=" + 2 + "ENmI" + 7; + var password = "/xkBDD8=" + 9 + "cazD" + 6 + "TT4=" + 2 + "ijEI" + 7; return password; } From 2b571aeb6d9a7f41f93461b7e7f07e7c864688cb Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 11:59:47 +0200 Subject: [PATCH 19/34] Update POM file with new version: 1.3.10 --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index 270f0691de..ed6e5627e0 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "/xkBDD8=" + 9 + "cazD" + 6 + "TT4=" + 2 + "ijEI" + 7; + var password = "eYXGnCE=" + 9 + "7OqC" + 6 + "5vw=" + 2 + "GpKp" + 7; return password; } From 236f27f03870e78802ad37dd51e04f3399b15a0c Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 12:17:21 +0200 Subject: [PATCH 20/34] #44 front end JavaScript library with key obfuscated - rename challenge to 16 --- js/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/index.js b/js/index.js index ed6e5627e0..116c03daae 100644 --- a/js/index.js +++ b/js/index.js @@ -1,4 +1,4 @@ function secret() { - var password = "eYXGnCE=" + 9 + "7OqC" + 6 + "5vw=" + 2 + "GpKp" + 7; + var password = "if you see this please fix the JavaScript setup"; return password; } From 0613527d01c06d880261d398c90fb3ceca98cd26 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 12:19:18 +0200 Subject: [PATCH 21/34] #44 front end JavaScript library with key obfuscated - rename challenge to 16 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e255d2ead3..7fdd4737b2 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ org.owasp wrongsecrets - 1.3.10 -SNAPSHOT + 1.3.7-SNAPSHOT OWASP WrongSecrets Examples with how to not use secrets https://owasp.org/www-project-wrongsecrets/ From 85438d8253c5eafc5b1589b2ac8ec91b7f9e4012 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 12:57:23 +0200 Subject: [PATCH 22/34] #44 front end JavaScript library with key obfuscated - review --- js/index.js | 4 ---- .../owasp/wrongsecrets/challenges/docker/Challenge16.java | 2 +- .../wrongsecrets/challenges/docker/Challenge16Test.java | 8 ++++---- 3 files changed, 5 insertions(+), 9 deletions(-) delete mode 100644 js/index.js diff --git a/js/index.js b/js/index.js deleted file mode 100644 index 116c03daae..0000000000 --- a/js/index.js +++ /dev/null @@ -1,4 +0,0 @@ -function secret() { - var password = "if you see this please fix the JavaScript setup"; - return password; - } diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java index 0121223c9f..3465f0c8c9 100644 --- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java +++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge16.java @@ -44,7 +44,7 @@ public List supportedRuntimeEnvironments() { public String getActualData() { try { - return Files.readString(Paths.get(dockerMountPath, "yourkey.txt")); + return Files.readString(Paths.get(dockerMountPath, "secondkey.txt")); } catch (Exception e) { log.warn("Exception during file reading, defaulting to default without cloud environment", e); return "if_you_see_this_please_use_docker_instead"; diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java index a4f1cc0369..88583a1f4c 100644 --- a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java +++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge16Test.java @@ -21,7 +21,7 @@ class Challenge16Test { private ScoreCard scoreCard; @Test - void solveChallenge15WithoutFile(@TempDir Path dir) { + void solveChallenge16WithoutFile(@TempDir Path dir) { var challenge = new Challenge16(scoreCard, dir.toString()); Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse(); @@ -29,8 +29,8 @@ void solveChallenge15WithoutFile(@TempDir Path dir) { } @Test - void solveChallenge15WithMNTFile(@TempDir Path dir) throws Exception { - var testFile = new File(dir.toFile(), "yourkey.txt"); + void solveChallenge16WithMNTFile(@TempDir Path dir) throws Exception { + var testFile = new File(dir.toFile(), "secondkey.txt"); var secret = "secretvalueWitFile"; Files.writeString(testFile.toPath(), secret); @@ -41,7 +41,7 @@ void solveChallenge15WithMNTFile(@TempDir Path dir) throws Exception { @Test void spoilShouldReturnCorrectAnswer(@TempDir Path dir) throws IOException { - var testFile = new File(dir.toFile(), "yourkey.txt"); + var testFile = new File(dir.toFile(), "secondkey.txt"); var secret = "secretvalueWitFile"; Files.writeString(testFile.toPath(), secret); From bebef99c1a14d8493711a484ed5cc33c716a4097 Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 13:05:03 +0200 Subject: [PATCH 23/34] #44 front end JavaScript library with key obfuscated - review --- js/index.js | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 js/index.js diff --git a/js/index.js b/js/index.js new file mode 100644 index 0000000000..116c03daae --- /dev/null +++ b/js/index.js @@ -0,0 +1,4 @@ +function secret() { + var password = "if you see this please fix the JavaScript setup"; + return password; + } From 7072b91b8fb790f7c316445c98e388530689cbbd Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 13:09:03 +0200 Subject: [PATCH 24/34] #44 front end JavaScript library with key obfuscated - review --- .github/scripts/docker-create-and-push.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh index 9cc4e74451..dfc986a472 100755 --- a/.github/scripts/docker-create-and-push.sh +++ b/.github/scripts/docker-create-and-push.sh @@ -77,6 +77,9 @@ docker buildx build --platform linux/amd64,linux/arm64 -t jeroenwillemsen/wrongs docker buildx build --platform linux/amd64,linux/arm64 -t jeroenwillemsen/wrongsecrets:$tag-local-vault --build-arg "$buildarg" --build-arg "PORT=8081" --build-arg "argBasedVersion=$tag" --build-arg "spring_profile=local-vault" --push ./../../. docker buildx build --platform linux/amd64,linux/arm64 -t jeroenwillemsen/wrongsecrets:$tag-k8s-vault --build-arg "$buildarg" --build-arg "PORT=8081" --build-arg "argBasedVersion=$tag" --build-arg "spring_profile=kubernetes-vault" --push ./../../. +echo "restoring temporal change" +git restore js/index.js + echo "tagging version" git tag -a $tag -m "${message}" git push --tags From fbf3a0d21cccebc3d1a741be5bb4b5428be2e3ab Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Sat, 2 Apr 2022 13:18:17 +0200 Subject: [PATCH 25/34] #44 front end JavaScript library with key obfuscated - review --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b7ba437ad5..8cc7dc7099 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -16,7 +16,7 @@ azure.keyvault.enabled=false azure.keyvault.uri=https://default.vault.localhost wrongsecret-3=if_you_see_this_please_use_Azure_Setup secretmountpath=/mnt/secrets-store -challengedockermtpath=/Users/mno/workspace/opensource/wrongsecrets +challengedockermtpath=/var/tmp/helpers AWS_REGION=if_you_see_this_please_use_AWS_Setup GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup K8S_ENV=DOCKER From 0f9fe21bea53ef01a748f927399464d5ecf203ed Mon Sep 17 00:00:00 2001 From: Marcin Nowak Date: Mon, 4 Apr 2022 20:04:34 +0200 Subject: [PATCH 26/34] #44 front end JavaScript library with key obfuscated - review --- src/main/resources/explanations/challenge16_hint.adoc | 5 ++--- src/main/resources/templates/index.html | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/resources/explanations/challenge16_hint.adoc b/src/main/resources/explanations/challenge16_hint.adoc index 315c657c20..163dc8cc61 100644 --- a/src/main/resources/explanations/challenge16_hint.adoc +++ b/src/main/resources/explanations/challenge16_hint.adoc @@ -1,7 +1,6 @@ You can solve this challenge by the following steps: -1. Open the main page in the Chrome browser -2. Open development tools: +1. Open browser's development tools: - select Network tab - find request with path `/token` -- find in the request body `client_secret` +- find in the request body key `client_secret` diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html index b16e5f7e72..b25cfd7a62 100644 --- a/src/main/resources/templates/index.html +++ b/src/main/resources/templates/index.html @@ -24,8 +24,8 @@ }); - - + - - +