Merge pull request #788 from OWASP/bugfixes

Fix for string checks for challenge 7, 13, and 14
OWASP · Apr 26, 2023 · 9941249 · 9941249
2 parents 3881676 + 63d4d25
commit 9941249
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge13.java
@@ -1,7 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import com.google.common.base.Strings;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.logging.log4j.util.Strings;
 import org.owasp.wrongsecrets.RuntimeEnvironment;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
@@ -58,10 +58,11 @@ protected boolean answerCorrect(String answer) {
         return isKeyCorrect(answer);
     }
 
-    @Override
+
     /**
      * {@inheritDoc}
      */
+    @Override
     public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
         return List.of(RuntimeEnvironment.Environment.DOCKER);
     }
@@ -90,7 +91,7 @@ public boolean isLimittedWhenOnlineHosted() {
     }
 
     private boolean isKeyCorrect(String base64EncodedKey) {
-        if (Strings.isEmpty(base64EncodedKey) || Strings.isEmpty(plainText) || Strings.isEmpty(cipherText)) {
+        if (Strings.isNullOrEmpty(base64EncodedKey) || Strings.isNullOrEmpty(plainText) || Strings.isNullOrEmpty(cipherText)) {
             //log.debug("Checking secret with values {}, {}, {}", base64EncodedKey, plainText, cipherText);
             return false;
         }

diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java
@@ -1,8 +1,8 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
+import com.google.common.base.Strings;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.logging.log4j.util.Strings;
 import org.linguafranca.pwdb.Database;
 import org.linguafranca.pwdb.kdbx.KdbxCreds;
 import org.linguafranca.pwdb.kdbx.simple.SimpleDatabase;
@@ -66,10 +66,11 @@ protected boolean answerCorrect(String answer) {
         return isanswerCorrectInKeeyPassx(answer);
     }
 
-    @Override
+
     /**
      * {@inheritDoc}
      */
+    @Override
     public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() {
         return List.of(RuntimeEnvironment.Environment.DOCKER);
     }
@@ -99,7 +100,7 @@ public boolean isLimittedWhenOnlineHosted() {
 
     @SuppressFBWarnings("PATH_TRAVERSAL_IN")
     private String findAnswer() {
-        if (Strings.isEmpty(keepassxPassword)) {
+        if (Strings.isNullOrEmpty(keepassxPassword)) {
             //log.debug("Checking secret with values {}", keepassxPassword);
             return defaultKeepassValue;
         }
@@ -117,7 +118,7 @@ private String findAnswer() {
     }
 
     private boolean isanswerCorrectInKeeyPassx(String answer) {
-        if (Strings.isEmpty(keepassxPassword) || Strings.isEmpty(answer)) {
+        if (Strings.isNullOrEmpty(keepassxPassword) || Strings.isNullOrEmpty(answer)) {
             //log.debug("Checking secret with values {}, {}", keepassxPassword, answer);
             return false;
         }