Add Challenge61: Telegram Channel Secrets with Real API Integration

[Copilot]

• Analyze current state of Challenge60 files
• Rename Challenge60.java to Challenge61.java (update class name and logger)
• Rename Challenge60Test.java to Challenge61Test.java (update class references)
• Rename challenge60.adoc to challenge61.adoc
• Rename challenge60_hint.adoc to challenge61_hint.adoc (update class reference inside)
• Rename challenge60_reason.adoc to challenge61_reason.adoc
• Update wrong-secrets-configuration.yaml to reference challenge61
• Fix compilation error: replace removed RestTemplateBuilder with SimpleClientHttpRequestFactory (Spring Boot 4.x removed org.springframework.boot.web.client.RestTemplateBuilder)

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[commjoen]

@copilot we use Java 23 . Please make everything java23 again

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2206

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2206

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[Copilot]

@copilot we use Java 23 . Please make everything java23 again

Restored Java version to 23 in pom.xml as requested. The change reverts the java.version property from 17 back to 23 (commit 938b181). The maven.compiler.target was already set to 23 and remains unchanged.

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11
docker run -p 8080:8080 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/Challenges.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge59.java
- src/main/resources/explanations/challenge59.adoc
- src/main/resources/explanations/challenge59_hint.adoc
- src/main/resources/explanations/challenge59_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11
docker run -p 8080:8080 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-e0ebf11

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/Challenges.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge59.java
- src/main/resources/explanations/challenge59.adoc
- src/main/resources/explanations/challenge59_hint.adoc
- src/main/resources/explanations/challenge59_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2206}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2206}

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2206

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[commjoen]

@copilot please use java23 syntax including getfirst and getlast

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292
docker run -p 8080:8080 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/Challenges.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge59.java
- src/main/resources/explanations/challenge59.adoc
- src/main/resources/explanations/challenge59_hint.adoc
- src/main/resources/explanations/challenge59_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292
docker run -p 8080:8080 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-94b4292

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/Challenges.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengeUI.java
- src/main/java/org/owasp/wrongsecrets/challenges/ChallengesController.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge59.java
- src/main/resources/explanations/challenge59.adoc
- src/main/resources/explanations/challenge59_hint.adoc
- src/main/resources/explanations/challenge59_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2206}

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2206

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-c323d1d

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-c323d1d
docker run -p 8080:8080 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-c323d1d

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge60.java
- src/main/resources/explanations/challenge60.adoc
- src/main/resources/explanations/challenge60_hint.adoc
- src/main/resources/explanations/challenge60_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2206}

[commjoen]

@copilot Another MR became challenge60, this means that we have to update all the new contents in this MR to become challenge61. Can you update all the code here to be challenge61 instead?

[Copilot]

@copilot Another MR became challenge60, this means that we have to update all the new contents in this MR to become challenge61. Can you update all the code here to be challenge61 instead?

Updated all content from Challenge60 to Challenge61 in commit e2d78fb:

• Challenge60.java → Challenge61.java (class name, logger, constructors)
• Challenge60Test.java → Challenge61Test.java (all class references)
• challenge60*.adoc → challenge61*.adoc (including hint file reference update)
• wrong-secrets-configuration.yaml updated to reference Challenge61 and challenge-61

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkstyle.org
  • Triggering command: /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/tools/linux64/java/bin/java /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/tools/linux64/java/bin/java -jar /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/xml/tools/xml-extractor.jar --fileList=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/working/files-to-index5491394632681817234.list --sourceArchiveDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/src --outputDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/trap/java (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[commjoen]

@copilot can you fix the failing github actions please?

[Copilot]

@copilot can you fix the failing github actions please?

Fixed in commit 7ada768. The build failure was caused by RestTemplateBuilder being removed in Spring Boot 4.x (package org.springframework.boot.web.client does not exist). Replaced it with SimpleClientHttpRequestFactory using Duration-based timeouts, matching the pattern in WrongSecretsApplication.java.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkstyle.org
  • Triggering command: /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/tools/linux64/java/bin/java /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/tools/linux64/java/bin/java -jar /opt/hostedtoolcache/CodeQL/2.24.2/x64/codeql/xml/tools/xml-extractor.jar --fileList=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/working/files-to-index15196729679738833227.list --sourceArchiveDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/src --outputDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/trap/java (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2206

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-ec6c9b2

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2206)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 -p 8090:8090 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-ec6c9b2
docker run -p 8080:8080 -p 8090:8090 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2206-ec6c9b2

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge14.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge61.java
- src/main/resources/explanations/challenge61.adoc
- src/main/resources/explanations/challenge61_hint.adoc
- src/main/resources/explanations/challenge61_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2206}