Open
Conversation
- EV-02: Remove hardcoded FLAG env var from Dockerfile (was exposing flag in source) - EV-04: Fix typo in challenge.json (learnpass -> learnpress)
The app was starting before MongoDB was ready to accept connections, causing mongoose connection timeouts and container crashes. Added healthcheck to mongo container and updated depends_on to use service_healthy condition. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
MongoDB 5.0+ requires AVX which is not available under QEMU emulation on Apple Silicon. Using mongo:4.4 and the legacy 'mongo' shell command for healthcheck instead of 'mongosh'. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use ${WORDPRESS_URL} environment variable instead of hardcoded localhost:8080
- Add healthcheck for WordPress container (waits for /tmp/wordpress_ready)
- Add healthcheck for MariaDB container
- WordPress now waits for DB to be healthy before starting setup
This fixes the issue where WordPress wasn't initialized when BoxPwnr
uses dynamic ports instead of the hardcoded 8080.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Original challenges had unverifiable flag format "alert: perform alert()". Added XSS verification bots that: - Visit user-provided URLs via /visit endpoint - Capture alert() dialogs using Puppeteer - Return flag when XSS successfully triggers alert() Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The XSS bot container takes time to build (chromium download). Added healthchecks to ensure: - Blog app is healthy before bot starts (depends_on condition) - Both services are healthy before the platform proceeds Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The healthcheck uses wget which wasn't installed in the Node.js slim image, causing the bot container to be marked unhealthy. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Allow host.docker.internal and 172.17.0.x URLs - Rewrite external URLs to internal Docker network URLs - Enables automated testing with BoxPwnr
- Allow host.docker.internal and 172.17.0.x URLs - Rewrite external URLs to internal Docker network URLs - Enables automated testing with BoxPwnr
The actual source files are in application/src/, not application/ which only contains Docker build files.
Same fix as EV-09 - actual source files are in application/src/, not application/ which only contains Docker build files.
EV-12: Add bot service for XSS verification, fix healthchecks EV-13: Add bot service for XSS verification, fix Laravel composer EV-14: Fix Debian Buster EOL apt sources EV-15: Fix openjdk:17-slim not found, add bot service, healthchecks EV-16: Add healthcheck for XWiki, fix port mapping Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added documentation for EV-12 to EV-16 fixes: - EV-12: XSS bot, healthchecks - EV-13: XSS bot, Laravel composer fix - EV-14: Debian Buster EOL apt sources fix - EV-15: openjdk image fix, XSS bot, healthchecks - EV-16: XWiki healthcheck, port mapping Updated existing entries for EV-03 (ARM compatibility) and EV-09/EV-10 (source path fixes). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.