Add Challenge 62: MCP privilege escalation via Google Service Account on Google Drive

[Copilot]

Adds a new AI-category challenge demonstrating that an MCP server configured with an overly-privileged Google Service Account allows callers to read Google Drive documents they are not directly authorized to access — a real-world privilege escalation pattern seen widely in agent/MCP deployments.

Challenge design

• MCP endpoint at /mcp62 exposes a single read_google_drive_document tool
• Tool authenticates to Google Drive using a service account (GOOGLE_SERVICE_ACCOUNT_KEY, base64-encoded JSON key) and returns the document's plain-text content
• The document content is the secret; answer is validated against WRONGSECRETS_MCP_GOOGLEDRIVE_SECRET
• Gracefully degrades to a placeholder message when credentials are unconfigured

New env vars (all defaulted in application.properties)

Variable	Purpose
GOOGLE_SERVICE_ACCOUNT_KEY	Base64-encoded service account JSON key
GOOGLE_DRIVE_DOCUMENT_ID	Document to read (defaults to OWASP doc)
WRONGSECRETS_MCP_GOOGLEDRIVE_SECRET	Expected answer stored in the document

Implementation notes

• Uses ServiceAccountCredentials from google-auth-library-oauth2-http (already a transitive dep via google-cloud-secretmanager) — no new dependencies added
• Validates service account JSON structure before use to guard against malformed input
• @Autowired on the primary constructor disambiguates Spring injection from the package-private test constructor

Operator setup

docs/CHALLENGE62_GOOGLE_DRIVE_SETUP.md covers end-to-end: create GCP project → enable Drive API → create service account → share document → encode key → configure env vars.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkstyle.org
  • Triggering command: /opt/hostedtoolcache/CodeQL/2.24.3/x64/codeql/tools/linux64/java/bin/java /opt/hostedtoolcache/CodeQL/2.24.3/x64/codeql/tools/linux64/java/bin/java -jar /opt/hostedtoolcache/CodeQL/2.24.3/x64/codeql/xml/tools/xml-extractor.jar --fileList=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/working/files-to-index3796442728103403313.list --sourceArchiveDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/src --outputDir=/tmp/codeql-scratch-54b93b06a133b0d9/dbs/java/trap/java --global nfig/composer/ve/home/REDACTED/work/wrongsecrets/wrongsecrets/src/test/java/org/owasp/wrongsecretsc21324bbeaa5380a50a9b7265f9930c251045693:src/main/resources/explanations/challenge62_hint.adoc credential.userngit (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Use MCP server Google Service Account, configured as env-var to obtain document secret</issue_title>
<issue_description>### Context

• What should the challenge scenario be like?
  You want to get access to a secret document in google drive you are not authorized to (e.g. as default https://docs.google.com/document/d/1vfHmi5lGoHogcjD0wxClZAjDy_qml_i2BtVrjVaklHc/edit?tab=t.0, which is a document in the OWASP Google Drive). But the MCP should use a service-account which allows you with a method to obtain the contents of the document.

• What should the participant learn from completing the challenge?
  That an MCP should not have a more powerful service account than the caller (Agent/user) in order not to allow for escalating privileges.

• For what category would the challenge be? (e.g. Docker, K8s, binary)
  AI

Did you encounter this in real life? Could you tell us more about the scenario?

All the times: we see many MCPs created by people that allow for escalating privileges

</issue_description>

<agent_instructions>Please note: you have to scaffold the service-account credential access as well, but those will be provisioned separately later as env-vars. You have to update the readme as well and make sure a user can setup his own service account in his own organization and how the user can then configure wrongsecrets to use that.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes New challenge: Use MCP server Google Service Account, configured as env-var to obtain document secret #2463

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.