Merge branch 'develop' into database-locked

.github/CODEOWNERS

@@ -1 +1,2 @@
-/vagrant/   @wurstbrot
+/vagrant/                           @wurstbrot
+/.github/workflows/lint-fixer.yml   @J12934

.github/workflows/lint-fixer.yml

@@ -0,0 +1,32 @@
+name: "Let me lint:fix that for you"
+
+on: [push]
+
+jobs:
+  LMLFTFY:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out Git repository
+      uses: actions/checkout@v2
+    - name: 'Install Linter'
+      run: |
+        npm install --ignore-scripts
+        cd frontend
+        npm install --ignore-scripts
+    - name: 'Fix everything which can be fixed'
+      run: 'npm run lint:fix'
+    - uses: stefanzweifel/[email protected]
+      with:
+        commit_message: "Auto-fix linting issues"
+
+        # Optional name of the branch the commit should be pushed to
+        # Required if Action is used in Workflow listening to the `pull_request` event
+        branch: ${{ github.head_ref }}
+
+        # Optional git params
+        commit_options: '--signoff'
+
+        # Optional commit user and author settings
+        commit_user_name: JuiceShopBot
+        commit_user_email: [email protected]
+        commit_author: JuiceShopBot <[email protected]>

.github/workflows/rebase.yml

@@ -0,0 +1,26 @@
+name: Automatic Rebase
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  rebase:
+    name: Rebase
+    if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+        with:
+          fetch-depth: 0
+      - name: Automatic Rebase
+        uses: cirrus-actions/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # https://github.community/t5/GitHub-Actions/Workflow-is-failing-if-no-job-can-be-ran-due-to-condition/m-p/38186#M3250
+  always_job:
+    name: Always run job
+    runs-on: ubuntu-latest
+    steps:
+      - name: Always run
+        run: echo "This job is used to prevent the workflow to fail when all other jobs are skipped."

.travis.yml

@@ -92,7 +92,7 @@ jobs:
         - npm start &
         - ../../test/smoke/smoke-test.sh http://localhost:3000
     - stage: deploy
-      if: "(branch = master OR branch = develop) AND NOT type = pull_request"
+      if: "(branch = master OR branch = develop OR branch = facelift) AND NOT type = pull_request"
       os: linux
       node_js: 12
       install: skip
@@ -104,6 +104,7 @@ jobs:
           app:
             master: juice-shop
             develop: juice-shop-staging
+            facelift: juice-shop-experimental
           on:
             repo: bkimminich/juice-shop
 notifications:

Dockerfile

@@ -15,7 +15,7 @@ LABEL maintainer="Bjoern Kimminich <[email protected]>" \
     org.opencontainers.image.vendor="Open Web Application Security Project" \
     org.opencontainers.image.documentation="https://help.owasp-juice.shop" \
     org.opencontainers.image.licenses="MIT" \
-    org.opencontainers.image.version="10.0.0-SNAPSHOT" \
+    org.opencontainers.image.version="10.1.0-SNAPSHOT" \
     org.opencontainers.image.url="https://owasp-juice.shop" \
     org.opencontainers.image.source="https://github.com/bkimminich/juice-shop" \
     org.opencontainers.image.revision=$VCS_REF \

HALL_OF_FAME.md

@@ -10,73 +10,53 @@
 
 ## GitHub Contributors
 
-Based on [GitHub](https://github.com/bkimminich/juice-shop) commits on
-`master` as of Wed, 06 Nov 2019 (ordered by number of commits).
+As reported by [`gitstats`](http://gitstats.sourceforge.net/) analysis
+of `master` as of Sat, 29 Feb 2020.
 
-- [Aashish Singh](https://github.com/Aashish683) aka `Aashish683`
-- [Arpit Agrawal](https://github.com/agrawalarpit14) aka
-  `agrawalarpit14`
-- [Supratik Das](https://github.com/supra08) aka `supra08`
-- [Shoeb Patel](https://github.com/CaptainFreak) aka `CaptainFreak`
-- [Marc Rüttler](https://github.com/MarcRler) aka `MarcRler`
-- [Aaryan Budhiraja](https://github.com/aaryan01) aka `aaryan01`
-- [m4l1c3](https://github.com/m4l1c3) aka `m4l1c3`
-- [Josh Grossman](https://github.com/tghosth) aka `tghosth`
-- [Martin Rock-Evans](https://github.com/rockydevnet) aka `rockydevnet`
-- [Omer Levi Hevroni](https://github.com/omerlh) aka `omerlh`
-- [Alejandro Saenz](https://github.com/Whamo12) aka `Whamo12`
-- [Jorge Estigarribia](https://github.com/jorgestiga) aka `jorgestiga`
-- [Nathaniel McHugh](https://github.com/natmchugh) aka `natmchugh`
-- [Madhur Wadhwa](https://github.com/madhurw7) aka `madhurw7`
-- [Greg Guthe](https://github.com/g-k) aka `g-k`
-- [Jln Wntr](https://github.com/JlnWntr) aka `JlnWntr`
-- [Simon Basset](https://github.com/simbas) aka `simbas`
-- [Shivam Luthra](https://github.com/shivamluthra) aka `shivamluthra`
-- [Ingo Bente](https://github.com/ingben) aka `ingben`
-- [Yuvraj](https://github.com/evalsocket) aka `evalsocket`
-- [Devansh Batra](https://github.com/devanshbatra04) aka
-  `devanshbatra04`
-- [Aaron Edwards](https://github.com/aaron-m-edwards) aka
-  `aaron-m-edwards`
-- [Viktor Lindström](https://github.com/ViktorLindstrm) aka
-  `ViktorLindstrm`
-- [João Fonseca](https://github.com/Jpfonseca) aka `Jpfonseca`
-- [Andrew Stubbs](https://github.com/Andrew-Stubbs) aka `Andrew-Stubbs`
-- [abdelrhman magdy](https://github.com/AbdelrhmanMagdy) aka
-  `AbdelrhmanMagdy`
-- [Stephen O'Brien](https://github.com/wayofthepie) aka `wayofthepie`
-- [Jet Anderson](https://github.com/thatsjet) aka `thatsjet`
-- [Simon De Lang](https://github.com/simondel) aka `simondel`
-- [Priit Pääsukene](https://github.com/priitpaasukene) aka
-  `priitpaasukene`
-- [Manabu Niseki](https://github.com/ninoseki) aka `ninoseki`
-- [Roberto Abdelkader Martínez Pérez](https://github.com/nilp0inter) aka
-  `nilp0inter`
-- [Ken Friis Larsen](https://github.com/kfl) aka `kfl`
-- [Johanna](https://github.com/johanna-a) aka `johanna-a`
-- [jamiemcgregor](https://github.com/jamiemcgregor) aka `jamiemcgregor`
-- [Joe Butler](https://github.com/incognitjoe) aka `incognitjoe`
-- [Gorka Vicente](https://github.com/gorkavicente) aka `gorkavicente`
-- [Christian Kühn](https://github.com/cy4n) aka `cy4n`
-- [Chris Castle](https://github.com/crcastle) aka `crcastle`
-- [battletux](https://github.com/battletux) aka `battletux`
-- [Artemiy Knipe](https://github.com/awflwafl) aka `awflwafl`
-- [AviD](https://github.com/avidouglen) aka `avidouglen`
-- [Alvaro Viebrantz](https://github.com/alvarowolfx) aka `alvarowolfx`
-- [Achim Grimm](https://github.com/achimgrimm) aka `achimgrimm`
-- [Abhishek bundela](https://github.com/abhibundela) aka `abhibundela`
-- [Zander Mackie](https://github.com/Zandar) aka `Zandar`
-- [Stuart Winter-Tear](https://github.com/StuartWinterTear) aka
-  `StuartWinterTear`
-- [M4ttsson](https://github.com/M4ttsson) aka `M4ttsson`
-- [Jason Haley](https://github.com/JasonHaley) aka `JasonHaley`
-- [Dinis Cruz](https://github.com/DinisCruz) aka `DinisCruz`
+| Top 20 authors     | #Commits (%)  |
+|:-------------------|:--------------|
+| Björn Kimminich    | 7016 (56.48%) |
+| Bjoern Kimminich   | 3521 (28.34%) |
+| bjoern.kimminich   | 571 (4.60%)   |
+| Jannik Hollenbach  | 270 (2.17%)   |
+| Aashish683         | 217 (1.75%)   |
+| greenkeeper\[bot\] | 151 (1.22%)   |
+| agrawalarpit14     | 133 (1.07%)   |
+| MarcRler           | 127 (1.02%)   |
+| CaptainFreak       | 85 (0.68%)    |
+| Supratik Das       | 84 (0.68%)    |
+| aaryan10           | 22 (0.18%)    |
+| J12934             | 21 (0.17%)    |
+| m4l1c3             | 18 (0.14%)    |
+| Josh Grossman      | 15 (0.12%)    |
+| Aashish Singh      | 12 (0.10%)    |
+| Timo Pagel         | 11 (0.09%)    |
+| Scar26             | 10 (0.08%)    |
+| Martin Rock-Evans  | 10 (0.08%)    |
+| Alejandro Saenz    | 10 (0.08%)    |
+| omerlh             | 6 (0.05%)     |
+
+**Additional contributions by:** Marc O'Polo, Jorge Estigarribia,
+JamesCullum, madhurw7, Omer Levi Hevroni, Rick Daalhuizen, Nat McHugh,
+Mohit Sharma, Julian Winter, JuiceShopBot, João Fonseca, Greg Guthe,
+Arpit Agrawal, Aaryan Budhiraja, yuvraj, wurstbrot, tpagel, Simon
+Basset, Shivam Luthra, Roberto Abdelkader Martínez Pérez, Paulino
+Calderon, Ingo Bente, Devansh Batra, Andrew Stubbs, Abdelrhman Magdy,
+Aaron Edwards, whitesource-bolt-for-github\[bot\], root, ridhishjain,
+ninoseki, jamiemcgregor, battletux, Zander Mackie, ViktorLindstrm,
+Viktor Lindström, The Gitter Badger, Stuart Winter-Tear, Stephen OBrien,
+Simon de Lang, Priit Pääsukene, Nathaniel McHugh, Marc Rüttler,
+M4ttsson, Ken Friis Larsen, Johanna A, Joe Butler, Jet Anderson, Jason
+Haley, Jainendra Mandavi, Gorka Vicente, Dinis Cruz, Christian Kühn,
+Chris Castle, Bitdeli Chef, AviD, Artemiy Knipe | Артемий Кондатьев,
+Alvaro Viebrantz, Alec Brooks, Achim Grimm, Abhishek bundela
 
 ## Translators
 
 Based on [CrowdIn](https://crowdin.com/project/owasp-juice-shop)
-translations as of Wed, 06 Nov 2019 (ordered alphabetically).
+translations as of Fri, 28 Feb 2020 (ordered alphabetically).
 
+- Abdo Farwan aka `abdofarwan` (Arabic, Turkish)
 - adeyosemanputra (Indonesian)
 - Albert Camps aka `campsupc` (Catalan; Spanish)
 - Aleksandra Niemyska aka `niemyskaa` (Polish)
@@ -100,6 +80,8 @@ translations as of Wed, 06 Nov 2019 (ordered alphabetically).
 - Daniel Paniagua aka `danielgpm` (Spanish)
 - dav1ds (French)
 - Davis Freimanis aka `davisfreimanis` (Latvian)
+- Diego Andreé Porras Rivas aka `andree.rivas` (Spanish)
+- Dmitry aka `shipko` (Russian)
 - Egert Aia aka `aiaegert` (Estonian)
 - Ender Çulha aka `ecu` (Turkish)
 - Estevam Arantes aka `Es7evam` (Portuguese; Portuguese, Brazilian)
@@ -136,8 +118,10 @@ translations as of Wed, 06 Nov 2019 (ordered alphabetically).
 - nilfigo (Japanese)
 - OliverkeHU (Hungarian)
 - orjen (Romanian)
+- OrNol aka `TRNSLR` (Dutch)
 - Oussama Bouthouri aka `Boussama`/`oussama.bouthouri` (Arabic)
 - owangen (Norwegian; Danish)
+- Pablo Barrera aka `pablo.barrera` (Spanish)
 - Pär Svedberg aka `grebdevs` (Swedish)
 - r0n1am (Chinese Traditional, Hong Kong)
 - rachidbm (Dutch)
@@ -160,6 +144,7 @@ translations as of Wed, 06 Nov 2019 (ordered alphabetically).
 - thinbashane (Burmese)
 - timexlord (Romanian)
 - Tomas Rosenqvist aka `Muamaidbengt` (Swedish)
+- tongsonghua aka `yolylight` (Chinese Simplified)
 - vientspam (Dutch; Italian; French)
 - Wout Huygens aka `lenkadubois` (Dutch)
 - zvargun (Turkish)
@@ -180,6 +165,9 @@ translations as of Wed, 06 Nov 2019 (ordered alphabetically).
   and
   [flyer](https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop/flyers)
   artwork by [logicainfo](https://99designs.de/profiles/logicainfo)
+* Official
+  [OWASP Juice Shop Jingle](https://soundcloud.com/braimee/owasp-juice-shop-jingle)
+  written and performed by [Brian Johnson](https://github.com/braimee)
 
 ## Stargazers (over time)
 

README.md

@@ -1,4 +1,4 @@
-# ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_100px.png) OWASP Juice Shop [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) [![GitHub release](https://img.shields.io/github/release/bkimminich/juice-shop.svg)](https://github.com/bkimminich/juice-shop/releases/latest) [![Twitter Follow](https://img.shields.io/twitter/follow/owasp_juiceshop.svg?style=social&label=Follow)](https://twitter.com/owasp_juiceshop) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/owasp_juiceshop?style=social)](https://reddit.com/r/owasp_juiceshop)
+# ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_100px.png) OWASP Juice Shop [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Flagship_Projects) [![GitHub release](https://img.shields.io/github/release/bkimminich/juice-shop.svg)](https://github.com/bkimminich/juice-shop/releases/latest) [![Twitter Follow](https://img.shields.io/twitter/follow/owasp_juiceshop.svg?style=social&label=Follow)](https://twitter.com/owasp_juiceshop) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/owasp_juiceshop?style=social)](https://reddit.com/r/owasp_juiceshop)
 
 [![Build Status](https://travis-ci.org/bkimminich/juice-shop.svg?branch=master)](https://travis-ci.org/bkimminich/juice-shop)
 [![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/bkimminich/juice-shop.svg)](https://cloud.docker.com/repository/docker/bkimminich/juice-shop/builds)
@@ -90,8 +90,10 @@ overview please visit the official project page:
 [![Docker Automated build](https://img.shields.io/docker/automated/bkimminich/juice-shop.svg)](https://registry.hub.docker.com/u/bkimminich/juice-shop/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/bkimminich/juice-shop.svg)](https://registry.hub.docker.com/u/bkimminich/juice-shop/)
 ![Docker Stars](https://img.shields.io/docker/stars/bkimminich/juice-shop.svg)
-[![](https://images.microbadger.com/badges/image/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop "Get your own image badge on microbadger.com")
-[![](https://images.microbadger.com/badges/version/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop "Get your own version badge on microbadger.com")
+[![](https://images.microbadger.com/badges/image/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop
+"Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop
+"Get your own version badge on microbadger.com")
 
 1. Install [Docker](https://www.docker.com)
 2. Run `docker pull bkimminich/juice-shop`
@@ -146,6 +148,26 @@ docker run -d -p 80:3000 bkimminich/juice-shop
 4. Your container will be available at `http://<dns name
    label>.<location name>.azurecontainer.io:3000`
 
+### Google Compute Engine Instance
+
+1. Login to the Google Cloud Console and
+   [open Cloud Shell](https://console.cloud.google.com/home/dashboard?cloudshell=true).
+2. Launch a new GCE instance based on the juice-shop container. Take
+   note of the `EXTERNAL_IP` provided in the output.
+
+```
+gcloud compute instances create-with-container owasp-juice-shop-app --container-image bkimminich/juice-shop
+```
+
+3. Create a firewall rule that allows inbound traffic to port 3000
+
+```
+gcloud compute firewall-rules create juice-rule --allow tcp:3000
+```
+
+4. Your container is now running and available at
+   `http://<EXTERNAL_IP>:3000/`
+
 ## Node.js version compatibility
 
 ![GitHub package.json dynamic](https://img.shields.io/github/package-json/cpu/bkimminich/juice-shop)
@@ -164,6 +186,11 @@ images and packaged distributions are offered accordingly.
 | 10.x     | :heavy_check_mark:   | [![Windows](docs/win32.png)](https://github.com/bkimminich/juice-shop/releases/latest) [![Linux](docs/linux.png)](https://github.com/bkimminich/juice-shop/releases/latest) [![MacOS](docs/darwin.png)](https://github.com/bkimminich/juice-shop/releases/latest) |                                                                                              |
 | <10.x    | :x:                  |                                                                                                                                                                                                                                                                   |                                                                                              |
 
+Juice Shop is automatically tested _only on the latest `.x` minor
+version_ of each node.js version mentioned above! There is no guarantee
+that older minor node.js releases will always work with Juice Shop!
+Please make sure you stay up to date with your chosen version.
+
 ## Demo
 
 Feel free to have a look at the latest version of OWASP Juice Shop:
@@ -208,7 +235,7 @@ questions!**
 
 ## Documentation
 
-### Pwning OWASP Juice Shop [![Write Goodreads Review](https://img.shields.io/badge/goodreads-write%20review-47129532.svg)](https://www.goodreads.com/review/edit/47129532)
+### Pwning OWASP Juice Shop [![Write Goodreads Review](https://img.shields.io/badge/goodreads-write%20review-47129532.svg)](https://www.goodreads.com/review/edit/47129532)
 
 This is the official companion guide to the OWASP Juice Shop. It will
 give you a complete overview of the vulnerabilities found in the
@@ -226,9 +253,9 @@ also [browse the full content online](https://pwning.owasp-juice.shop)!
 
 * [Introduction Slide Deck](http://bkimminich.github.io/juice-shop) in
   HTML5
-* [PDF of the Intro Slide Deck](docs/OWASP%20Juice%20Shop%20-%20An%20intentionally%20insecure%20JavaScript%20Web%20Application.pdf)
+* [PDF of the Intro Slide Deck](docs/OWASP%20Juice%20Shop%20-%20Probably%20the%20most%20modern%20and%20sophisticated%20insecure%20web%20application.pdf)
 
-## Contributing [![GitHub contributors](https://img.shields.io/github/contributors/bkimminich/juice-shop.svg)](https://github.com/bkimminich/juice-shop/graphs/contributors) [![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/owasp-juice-shop/localized.svg)](https://crowdin.com/project/owasp-juice-shop) [![Bountysource Activity](https://img.shields.io/bountysource/team/juice-shop/activity.svg)](https://www.bountysource.com/teams/juice-shop) ![GitHub issues by-label](https://img.shields.io/github/issues/bkimminich/juice-shop/help%20wanted.svg) ![GitHub issues by-label](https://img.shields.io/github/issues/bkimminich/juice-shop/good%20first%20issue.svg)
+## Contributing [![GitHub contributors](https://img.shields.io/github/contributors/bkimminich/juice-shop.svg)](https://github.com/bkimminich/juice-shop/graphs/contributors) [![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/owasp-juice-shop/localized.svg)](https://crowdin.com/project/owasp-juice-shop) [![Bountysource Activity](https://img.shields.io/bountysource/team/juice-shop/activity.svg)](https://www.bountysource.com/teams/juice-shop) ![GitHub issues by-label](https://img.shields.io/github/issues/bkimminich/juice-shop/help%20wanted.svg) ![GitHub issues by-label](https://img.shields.io/github/issues/bkimminich/juice-shop/good%20first%20issue.svg)
 
 We are always happy to get new contributors on board! Please check
 [CONTRIBUTING.md](CONTRIBUTING.md) to learn how to