Conversation Log

===============

User: can you create an agentic plan in ./cursor/rules/project-specification.mdc which covers the current application in terms of docker, etc.?

Assistant: Created a comprehensive agentic plan covering Docker, deployment, and infrastructure in project-specification.mdc.

User: please do not do any security considerations: this is a vulnerable app for testing

Assistant: Removed the security considerations section from the agentic plan.

User: What tests are we still missing?

Assistant: Provided an analysis of missing/weak test areas and how to identify them.

User: can you make this part of the project-specifications todo?

Assistant: Added a TODO section for test coverage improvements to project-specification.mdc.

User: Can you create challenge 56 in the docker package which is to find a secret in the project-specification? Put the secret as an example instruction in the project-specification. Next, add tests to make sure it works.

Assistant: Created Challenge56, added the secret to project-specification.mdc, and wrote tests.

User: can you run teh tests? (./mvnw test)

Assistant: Attempted to run tests, but the process was interrupted before completion.

User: We still need to add the documentation for challenge56: can you do so in resources/explanations?

Assistant: Added challenge56.adoc, challenge56_hint.adoc, and challenge56_reason.adoc.

User: can you add to challenge56docs that this one is purely generated with AI and therefore is very typically different?

Assistant: Added a note to challenge56.adoc stating it was generated by AI and is different from other challenges.

User: @wrong-secrets-configuration.yaml can you add an entry for challenge56?

Assistant: Added Challenge56 to wrong-secrets-configuration.yaml with all required fields.

User: can you add instructions to the @project-specification.mdc to speed up challenge creation in the future?

Assistant: Added a step-by-step guide for fast challenge creation to project-specification.mdc.

User: can you store our conversation next to it in cursor/rules as a text file?

Assistant: (this file)

## Instructions: How to Quickly Add a New Challenge

To speed up challenge creation, follow these steps:

1. **Create the Challenge Class**

- Add a new Java class in the appropriate package (e.g., `org.owasp.wrongsecrets.challenges.docker`).

- Implement the `Challenge` interface or extend `FixedAnswerChallenge` as needed.

2. **Write Documentation**

- Add three files in `src/main/resources/explanations/`:

- `challengeXX.adoc` (main description)

- `challengeXX_hint.adoc` (hint for users)

- `challengeXX_reason.adoc` (explanation of the challenge's relevance)

3. **Add Unit Tests**

- Create a test class in `src/test/java/org/owasp/wrongsecrets/challenges/docker/` (or the relevant package).

- Cover correct, incorrect, and edge cases.

4. **Register the Challenge**

- Add an entry to `src/main/resources/wrong-secrets-configuration.yaml` under `challenges:`

- Set the class name, explanation, hint, reason, environments, difficulty, category, and CTF status.

5. **(Optional) Add UI Snippet**

- If your challenge needs a custom UI, add a snippet in `src/main/resources/templates/challenges/` and reference it in the configuration.

6. **Test Everything**

- Run `./mvnw test` to ensure all tests pass.

- Start the app and verify the challenge appears and works as expected.

---

**Tip:** Use the most recent challenge as a template for new ones to save time and ensure consistency.

- name: Challenge 56

short-name: "challenge-56"

sources:

- class-name: "org.owasp.wrongsecrets.challenges.docker.Challenge56"

explanation: "explanations/challenge56.adoc"

hint: "explanations/challenge56_hint.adoc"

reason: "explanations/challenge56_reason.adoc"

environments: *all_envs

difficulty: *easy

category: [*doc, *ai]

ctf:

enabled: true