diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml deleted file mode 100644 index 0dd746b..0000000 --- a/.github/workflows/docker-build.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: docker-build - -on: - push: - branches: - - 'dev' - - 'main' - -jobs: - # build container - docker: - runs-on: ubuntu-latest - steps: - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v3 - with: - push: true - tags: cohenaj194/flask-test - - # # push container - # restart-deployment: - # runs-on: ubuntu-latest # Specifies the runner environment - # needs: docker - - # steps: - # - name: Checkout code - # uses: actions/checkout@v2 # Checks out your repository under $GITHUB_WORKSPACE - - # - name: Set up Kubectl - # uses: azure/setup-kubectl@v3 # Updated to version 3 to fix the vulnerability - # with: - # version: 'v1.20.0' # Specify the version of kubectl you want to use - - # - name: Configure Kubeconfig - # env: - # KUBECONFIG_STAGING: ${{ secrets.KUBECONFIG_STAGING }} # Uses the secret encoded in base64 - # run: | - # echo "$KUBECONFIG_STAGING" | base64 -d > kubeconfig - # export KUBECONFIG=$(pwd)/kubeconfig - - # - name: Rollout Restart Deployment - # run: kubectl rollout restart deployment flask-test --kubeconfig kubeconfig diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml deleted file mode 100644 index 13c372c..0000000 --- a/.github/workflows/linters.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -name: Linters - -on: - workflow_dispatch: - pull_request: - branches: - - main - push: - branches: - - main - -jobs: - # TODO: Fix Bandit Vulns - "Bandit": - runs-on: ubuntu-latest - container: python:3.11 - - steps: - - uses: actions/checkout@v2 - - - name: Bandit check - uses: jpetrucciani/bandit-check@master - with: - path: "app.py" - bandit_flags: "-lll" - - "Black": - runs-on: ubuntu-latest - container: python:3.11 - - steps: - - uses: actions/checkout@v2 - - - name: Install dependencies - run: pip install black - - - name: Run black check - run: black --check . diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml deleted file mode 100644 index c595176..0000000 --- a/.github/workflows/security.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Security Checks -on: - pull_request: - push: - -jobs: - semgrep: - runs-on: ubuntu-latest - container: - image: returntocorp/semgrep:latest - steps: - - uses: actions/checkout@v4 - - - name: Run Semgrep - env: - SEMGREP_RULES: >- - p/security-audit - p/owasp-top-ten - p/javascript - p/python - run: semgrep ci \ No newline at end of file diff --git a/.github/workflows/staging-cd.yml b/.github/workflows/staging-cd.yml deleted file mode 100644 index 41a17e3..0000000 --- a/.github/workflows/staging-cd.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Restart temp-fe Deployment on Staging - -# Defines when the workflow should run -on: - workflow_dispatch: - # push: - # branches: - # - main - -# Defines the jobs to run -jobs: - restart-deployment: - runs-on: ubuntu-latest # Specifies the runner environment - - steps: - - name: Checkout code - uses: actions/checkout@v2 # Checks out your repository under $GITHUB_WORKSPACE - - - name: Set up Kubectl - uses: azure/setup-kubectl@v1 # Sets up kubectl CLI - with: - version: 'v1.20.0' # Specify the version of kubectl you want to use - - - name: Configure Kubeconfig - env: - KUBECONFIG_STAGING: ${{ secrets.KUBECONFIG_STAGING }} # Uses the secret encoded in base64 - run: | - echo "$KUBECONFIG_STAGING" | base64 -d > kubeconfig - export KUBECONFIG=$(pwd)/kubeconfig - - - name: Rollout Restart Deployment - run: kubectl rollout restart deployment flask-test --kubeconfig kubeconfig diff --git a/README.md b/README.md index e1bcc8d..3617a5b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ A temporary frontend for new api functions, before we can redo them in react. +We also have circle-ci tests now + # deployment ``` diff --git a/app2.py b/app2.py new file mode 100644 index 0000000..f29c8f0 --- /dev/null +++ b/app2.py @@ -0,0 +1,67 @@ +from flask import Flask, request, jsonify, Response +import sqlite3 + +app = Flask(__name__) + +# Database file +DATABASE = 'app.db' + +def get_db_connection(): + conn = sqlite3.connect(DATABASE) + return conn + +def init_db(): + # Create table and insert data + conn = get_db_connection() + cursor = conn.cursor() + # Check if table already exists to prevent overwriting + cursor.execute("SELECT name FROM sqlite_master WHERE type='table' AND name='users';") + if cursor.fetchone() is None: + cursor.execute('CREATE TABLE users (id INTEGER PRIMARY KEY, name TEXT, age INTEGER);') + cursor.execute("INSERT INTO users (name, age) VALUES ('Alice', 30), ('Bob', 25), ('Charlie', 35);") + conn.commit() + conn.close() + +@app.route('/users', methods=['GET']) +def get_user(): + name = request.args.get('name') + conn = get_db_connection() + cursor = conn.cursor() + + # Vulnerable SQL Query from raw string concatenation + query = f"SELECT * FROM users WHERE name = '{name}'" + cursor.execute(query) + + # # Fixed SQL Query using parameterized queries + # query = "SELECT * FROM users WHERE name = ?" + # cursor.execute(query, (name,)) + + user = cursor.fetchone() + conn.close() + if user: + return jsonify({"id": user[0], "name": user[1], "age": user[2]}) + else: + return jsonify({"error": "User not found"}), 404 + +@app.route('/.env', methods=['GET']) +def get_env(): + env_content = """ +DB_NAME=crapi +DB_USER=crapi +DB_PASSWORD=crapi +DB_HOST=postgresdb +DB_PORT=5432 +SERVER_PORT=8080 +MONGO_DB_HOST=mongodb +MONGO_DB_PORT=27017 +MONGO_DB_USER=crapi +MONGO_DB_PASSWORD=crapi +MONGO_DB_NAME=crapi +""" + return Response(env_content, headers={ + "Content-Disposition": "attachment; filename=env" + }) + +if __name__ == '__main__': + init_db() # Initialize the database and populate it + app.run(host="0.0.0.0", debug=True) \ No newline at end of file