Skip to content

Commit

Permalink
compiled the code
Browse files Browse the repository at this point in the history
  • Loading branch information
uranium committed Oct 8, 2024
0 parents commit 25d3da2
Show file tree
Hide file tree
Showing 8 changed files with 338 additions and 0 deletions.
16 changes: 16 additions & 0 deletions .github/ISSUE_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
## Issue Template

**Description:**
<!-- Provide a detailed description of the issue. -->

**Steps to Reproduce:**
<!-- Outline the steps to reproduce the issue. -->

**Expected Outcome:**
<!-- Describe what you expected to happen. -->

**Actual Outcome:**
<!-- Describe what actually happened. -->

**Additional Information:**
<!-- Add any additional information or context. -->
22 changes: 22 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
## AppSec Wiki Pull Request

**Change Description:**

<!-- Describe the purpose of this wiki page and the changes made -->

**Changes Made:**

<!-- Provide a summary of the changes made to the wiki page -->

**Reason for Change:**

<!-- Explain why these changes were made and their significance -->

**Checklist:**

- [ ] I have tested the changes locally
- [ ] Is Code changes ready for review
- [ ] I have proofread the changes to ensure accuracy
- [ ] I have tested any links or references within the wiki page
- [ ] I have checked for consistency with other existing pages (if applicable)
- [ ] I have updated any relevant cross-references or documentation
53 changes: 53 additions & 0 deletions .github/workflows/PrBot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Bot scan
on:
pull_request_target:
types: [opened, reopened, synchronize, edited]
issues:
types: [opened, edited, milestoned]
permissions:
issues: write
pull-requests: write

jobs:
Snyk_scanning:
name: Snyk Bot scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Snyk Bot scan
run: |
rm -rf node_modules
rm -f package-lock.json
npm install
echo "Downloading and authenticating Snyk CLI..."
curl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"
chmod +x snyk
./snyk auth ${{ secrets.SNYK_TOKEN }}
echo "Running Snyk test and monitor..."
./snyk test --all-projects --color --json || true
./snyk monitor --all-projects || true
TruffleHog_scanning:
name: TruffleHog Bot scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
- name: TruffleHog Bot scan
uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
with:
args: ${{ github.event.repository.default_branch }} master --json
BotCheck:
name: Bot scan
permissions: write-all
runs-on: ubuntu-latest
needs: [Snyk_scanning, TruffleHog_scanning]
steps:
- uses: itsarraj/pr-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}


47 changes: 47 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Node.js dependencies
/node_modules
/npm-debug.log
/yarn-error.log
/package-lock.json
/pnpm-lock.yaml
/.pnp
.pnp.js

# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*

# Environment variables
.env

# OS-generated files
.DS_Store
Thumbs.db

# IDE/Editor settings
.vscode
.idea

# Build output
/dist
/out
/build

# Coverage directory used by testing tools
/coverage

# Temporary files
/tmp
/.temp

# Ignore SSH keys, sensitive files
*.pem
*.key

# Specific custom files
important_config_file

44 changes: 44 additions & 0 deletions VulnerableJavaFile.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import java.nio.file.Files;
import java.nio.file.Paths;

public class VulnerableJavaFile {

// Vulnerability 1: Hardcoded sensitive information
private static final String DB_URL = "jdbc:mysql://localhost:3306/mydb";
private static final String USER = "root";
private static final String PASS = "password";

// Vulnerability 2: Hardcoded MongoDB connection string
private static final String MONGO_URL = "mongodb://admin:password@localhost:27017/secureDB";

// Vulnerability 3: Hardcoded SSH private key
private static final String SSH_PRIVATE_KEY =
"-----BEGIN RSA PRIVATE KEY-----\n" +
"MIIEpAIBAAKCAQEA7kjbBBkLmOWK1X8...\n" +
"-----END RSA PRIVATE KEY-----";

public static void main(String[] args) {
String userInput = args[0]; // Simulated user input

// Vulnerability 4: SQL Injection
try {
Connection conn = DriverManager.getConnection(DB_URL, USER, PASS);
Statement stmt = conn.createStatement();
String sql = "SELECT * FROM users WHERE username = '" + userInput + "'";
stmt.executeQuery(sql);
} catch (Exception e) {
e.printStackTrace();
}

// Vulnerability 5: Insecure file access
try {
Files.setPosixFilePermissions(Paths.get("config.txt"), PosixFilePermissions.fromString("rwxrwxrwx")); // Overly permissive
} catch (Exception e) {
e.printStackTrace();
}
}
}

92 changes: 92 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
const { exec } = require('child_process');
const crypto = require('crypto');
const fs = require('fs');
const minimist = require('minimist');
const lodash = require('lodash');
const chalk = require('chalk');

// Vulnerability 1: Command Injection
function runCommand(userInput) {
exec(`ls ${userInput}`, (error, stdout, stderr) => {
if (error) {
console.error(`Command execution error: ${error}`);
return;
}
console.log(`Output: ${stdout}`);
});
}

// Vulnerability 2: Insecure use of eval()
function runEval(userInput) {
eval(userInput); // Dangerous use of eval leading to code execution
}

// Vulnerability 3: Insecure randomness
function generateWeakToken() {
return Math.random().toString(36).substring(2); // Weak token generation
}

// Vulnerability 4: Hardcoded sensitive information
const apiKey = '12345-SECRET-API-KEY'; // Hardcoded sensitive information

// Vulnerability 5: Hardcoded MongoDB connection string
const mongoUrl = 'mongodb://admin:password@localhost:27017/mydatabase'; // Hardcoded MongoDB connection

// Vulnerability 6: Storing SSH Private Key insecurely
const sshPrivateKey = `
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7kjbBBkLmOWK1X8...
-----END RSA PRIVATE KEY-----
`; // Hardcoded SSH key

// Vulnerability 7: SQL Injection
function getUserData(userInput) {
const sqlQuery = `SELECT * FROM users WHERE name = '${userInput}'`; // SQL injection vulnerability
console.log(sqlQuery);
}

// Vulnerability 8: Insecure file permissions
function insecureFileAccess() {
fs.chmodSync('important_config_file', 0o777); // Granting excessive permissions to a file
}

// Vulnerability 9: Prototype Pollution via lodash
function exploitLodash() {
const payload = '{"__proto__": {"isAdmin": true}}';
const obj = {};
lodash.merge(obj, JSON.parse(payload));
console.log("Prototype Pollution: ", obj.isAdmin); // Outputs: true
}

// Vulnerability 10: ReDoS via minimist
function minimistReDoS() {
const userInput = '--foo='.repeat(10000); // Large input to cause Regular Expression Denial of Service
const argv = minimist([userInput]);
console.log(argv);
}

// Vulnerability 11: Improper String Handling via chalk
function chalkVuln() {
const userInput = chalk.red("This is malicious ".repeat(10000)); // Potentially causing performance issues
console.log(userInput);
}

// Example usage
const args = minimist(process.argv.slice(2));
if (args.runCommand) {
runCommand(args.runCommand);
}
if (args.runEval) {
runEval(args.runEval);
}
if (args.lodashExploit) {
exploitLodash();
}
if (args.minimistReDoS) {
minimistReDoS();
}
if (args.chalkVuln) {
chalkVuln();
}

module.exports = { runCommand, runEval, generateWeakToken, getUserData, insecureFileAccess, exploitLodash, minimistReDoS, chalkVuln };
30 changes: 30 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"name": "vulnerable-app",
"version": "1.0.0",
"description": "A test app with vulnerable dependencies",
"main": "index.js",
"dependencies": {
"express": "3.0.0",
"lodash": "4.17.19",
"minimist": "0.0.8",
"marked": "0.3.6",
"jquery": "3.4.0",
"hoek": "4.2.1",
"debug": "2.6.8",
"underscore": "1.8.2",
"handlebars": "4.0.5",
"js-yaml": "3.13.0",
"es6-promise": "3.0.2",
"tough-cookie": "2.3.4"
},
"devDependencies": {
"mocha": "3.5.3",
"sinon": "1.17.0"
},
"scripts": {
"start": "node index.js",
"test": "mocha"
},
"author": "Erik",
"license": "ISC"
}
34 changes: 34 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>jenkins.mvn.demo</groupId>
<artifactId>mvnwebapp</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>mvnwebapp Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>

<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-embedder</artifactId>
<version>2.0</version>
</dependency>

</dependencies>
<build>
<finalName>mvnwebapp</finalName>
</build>
</project>

0 comments on commit 25d3da2

Please sign in to comment.