Merge branch 'juice-shop:master' into master

.codeclimate.yml

@@ -1,26 +1,28 @@
-engines:
-  eslint:
-    enabled: true
-  csslint:
-    enabled: true
+version: "2"
+plugins:
   fixme:
     enabled: true
-ratings:
-  paths:
-    - '**.ts'
-    - '**.js'
-    - '**.css'
-    - '**.scss'
+  duplication:
+    enabled: true
 checks:
+  file-lines:
+    config:
+      threshold: 300
+  method-lines:
+    config:
+      threshold: 30
   method-complexity:
     config:
       threshold: 7
   similar-code:
     enabled: false
   identical-code:
     enabled: false
-exclude_paths:
-  - 'data/datacreator.js'
-  - 'frontend/src/assets/private/**/*'
-  - 'Gruntfile.js'
+exclude_patterns:
   - '**/*conf.js'
+  - 'Gruntfile.js'
+  - 'data/datacreator.ts'
+  - 'frontend/src/hacking-instructor/**/*.ts'
+  - 'frontend/src/assets/private/*.js'
+  - 'lib/logger.ts'
+  - 'data/static/codefixes/**'

.dependabot/config.yml

@@ -0,0 +1,31 @@
+version: 1
+update_configs:
+  - package_manager: "javascript"
+    directory: "/"
+    update_schedule: "live"
+    target_branch: "develop"
+    default_reviewers:
+      - "bkimminich"
+    default_labels:
+      - "dependencies"
+    ignored_updates:
+      - match:
+          dependency_name: "express-jwt"
+          version_requirement: "0.1.3"
+      - match:
+          dependency_name: "sanitize-html"
+          version_requirement: "1.4.2"
+      - match:
+          dependency_name: "unzipper"
+          version_requirement: "0.9.15"
+      - match:
+          dependency_name: "jsonwebtoken"
+          version_requirement: "0.4.0"
+  - package_manager: "javascript"
+    directory: "/frontend"
+    update_schedule: "live"
+    target_branch: "develop"
+    default_reviewers:
+      - "bkimminich"
+    default_labels:
+      - "dependencies"

.devcontainer.json

@@ -0,0 +1,14 @@
+{
+    "extensions": [
+        "eg2.vscode-npm-script",
+        "angular.ng-template",
+        "dbaeumer.vscode-eslint",
+        "stylelint.vscode-stylelint"
+    ],
+    "settings": {
+        "eslint.workingDirectories": [
+            { "mode": "auto" }
+        ]
+    },
+    "postCreateCommand": "export NG_CLI_ANALYTICS=ci && npm i -g @angular/cli && npm install"
+}

.dockerignore

@@ -1,9 +1,15 @@
 .git/
+monitoring/
 node_modules/
 screenshots/
 test/
-build/
+build/reports/
 dist/
 vagrant/
+logs/
+Dockerfile
+.npmrc
+
+# Pattern is *not covered* by node_modules/ above no matter what IntelliJ says!
 frontend/node_modules/
-Dockerfile
+frontend/dist/

.eslintrc.js

@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2014-2022 Bjoern Kimminich & the OWASP Juice Shop contributors.
+ * SPDX-License-Identifier: MIT
+ */
+
+module.exports = {
+  extends: 'standard-with-typescript',
+  env: {
+    browser: true,
+    node: true,
+    jasmine: true,
+    mocha: true,
+    jest: true
+  },
+  globals: {
+    Atomics: 'readonly',
+    SharedArrayBuffer: 'readonly'
+  },
+  parserOptions: {
+    ecmaVersion: 2018,
+    project: './tsconfig.json'
+  },
+  ignorePatterns: [
+    'app/private/**',
+    'vagrant/**',
+    'frontend/**',
+    'data/static/codefixes/**',
+    'dist/**'
+  ],
+  overrides: [
+    {
+      files: ['**/*.ts'],
+      parser: '@typescript-eslint/parser',
+      rules: {
+        'no-void': 'off', // conflicting with recommendation from @typescript-eslint/no-floating-promises
+        // FIXME warnings below this line need to be checked and fixed. Line end comments below are number of findings per rule on 02.05.2022
+        '@typescript-eslint/no-misused-promises': 'off', // 1
+        '@typescript-eslint/explicit-function-return-type': 'off', // 197
+        '@typescript-eslint/restrict-plus-operands': 'off', // 250
+        '@typescript-eslint/strict-boolean-expressions': 'off', // 337
+        '@typescript-eslint/restrict-template-expressions': 'off', // 395
+        '@typescript-eslint/no-var-requires': 'off' // 509
+      }
+    }
+  ]
+}

.github/CODEOWNERS

@@ -0,0 +1 @@
+/vagrant/                           @wurstbrot

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+custom: https://sponsor.owasp-juice.shop
+github: OWASP

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,63 @@
+---
+name: "\U0001F41BBug report"
+about: Report a bug in OWASP Juice Shop
+title: '[🐛] '
+labels: bug
+assignees: ''
+
+---
+
+<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
+
+To expedite issue processing please search open and closed issues before submitting a new one.
+Existing issues often contain information about workarounds, resolution, or progress updates.
+
+Please also make sure to check the official [Troubleshooting guide](https://pwning.owasp-juice.shop/appendix/troubleshooting.html) before opening a bug report.
+
+🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
+
+# :bug: Bug report
+
+## Description
+
+<!-- ✍️-->
+A clear and concise description of the problem...
+
+
+### Is this a regression?
+
+<!-- Did this behavior use to work in the previous version? -->
+<!-- ✍️-->
+Yes, the previous version in which this bug was not present was: `x.y.z`
+
+
+## :microscope: Minimal Reproduction
+
+<!-- ✍️Simple steps to reproduce this bug.
+
+Issues that don't have enough info and can't be reproduced will be labeled with "missing information" and closed shortly afterwards.
+-->
+
+
+## :fire: Exception or Error
+
+<pre><code>
+<!-- If the issue is accompanied by an exception or an error, please share your log below: -->
+<!-- ✍️-->
+
+</code></pre>
+
+
+## :deciduous_tree: Your Environment
+
+<pre><code>
+<!-- run `node -v && npm -v` and paste output below -->
+<!-- ✍️-->
+
+</code></pre>
+
+
+### Additional Information
+
+<!-- ✍️Is this a browser specific issue? If so, please specify the browser and version. -->
+<!-- ✍️Do any of these matter: operating system, Docker environment, cloud environment, ...? If so, please mention it below. -->

.github/ISSUE_TEMPLATE/challenge-idea.md

@@ -0,0 +1,43 @@
+---
+name: "⭐Challenge idea"
+about: Idea for a new hacking challenge in OWASP Juice Shop
+title: '[⭐] '
+labels: challenge
+assignees: ''
+
+---
+
+<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
+
+To expedite issue processing please search open and closed issues before submitting a new one.
+Existing issues often contain information about workarounds, resolution, or progress updates.
+
+🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
+
+# :star: Challenge idea
+
+### Description
+
+<!-- ✍️--> A clear and concise description of the new hacking challenge and why the Juice Shop needs it...
+
+### Underlying vulnerability/ies
+
+<!-- ✍️--> Security vulnerabilities or design flaws this challenge will be based on. Optimally include CWE, OWASP or similar references.
+
+### Expected difficulty
+
+<!-- Do you already have an idea about the expected difficulty of the challenge? -->
+<!-- ✍️ -->
+
+| :heavy_check_mark: / :x: | Difficulty                           |
+|:------------------------:|:-------------------------------------|
+|     :grey_question:      | :star:                               |
+|     :grey_question:      | :star::star:                         |
+|     :grey_question:      | :star::star::star:                   |
+|     :grey_question:      | :star::star::star::star:             |
+|     :grey_question:      | :star::star::star::star::star:       |
+|     :grey_question:      | :star::star::star::star::star::star: |
+
+### Possible attack flow
+
+<!-- ✍️--> Have you considered how the challenge could be exploited by the attacker?

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,4 @@
+contact_links:
+  - name: ❓Support request
+    url: https://gitter.im/bkimminich/juice-shop
+    about: Questions and requests for support

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,31 @@
+---
+name: "\U0001F680Feature request"
+about: Suggest a feature for OWASP Juice Shop
+title: '[🚀] '
+labels: feature
+assignees: ''
+
+---
+
+<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
+
+To expedite issue processing please search open and closed issues before submitting a new one.
+Existing issues often contain information about workarounds, resolution, or progress updates.
+
+🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
+
+# :rocket: Feature request
+
+### Description
+
+<!-- ✍️--> A clear and concise description of the problem or missing capability...
+
+
+### Solution ideas
+
+<!-- ✍️--> If you have a solution in mind, please describe it.
+
+
+### Possible alternatives
+
+<!-- ✍️--> Have you considered any alternative solutions or workarounds?

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,23 @@
+<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
+
+You can expedite processing of your PR by using this template to provide context
+and additional information. Before actually opening a PR please make sure that it
+does NOT fall into any of the following categories
+
+🚫 Spam PRs (accidental or intentional) - see https://pwning.owasp-juice.shop/part3/contribution.html#handling-of-spam-prs for more information 
+
+🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged
+if all other typos in the same file are also fixed with the same PR
+
+🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
+
+### Description
+
+<!-- ✍️-->
+A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context.
+
+Resolved or fixed issue: <!-- ✍️ Add GitHub issue number in format `#0000` or `none` -->
+
+### Affirmation
+
+- [ ] My code follows the [CONTRIBUTING.md](https://github.com/juice-shop/juice-shop/blob/master/CONTRIBUTING.md) guidelines