coderabbitai
diff --git a/Diff for: ‎owasp-top10/.env
+2 b/Diff for: ‎owasp-top10/.env
+2
diff --git a/Diff for: ‎owasp-top10/.gitignore
+1 b/Diff for: ‎owasp-top10/.gitignore
+1
diff --git a/Diff for: ‎owasp-top10/README.md
+121 b/Diff for: ‎owasp-top10/README.md
+121
diff --git a/Diff for: ‎owasp-top10/auth_service/Dockerfile
+9 b/Diff for: ‎owasp-top10/auth_service/Dockerfile
+9
diff --git a/Diff for: ‎owasp-top10/auth_service/__pycache__/utils.cpython-312.pyc
874 Bytes b/Diff for: ‎owasp-top10/auth_service/__pycache__/utils.cpython-312.pyc
874 Bytes
diff --git a/Diff for: ‎owasp-top10/auth_service/app.py
+91 b/Diff for: ‎owasp-top10/auth_service/app.py
+91
diff --git a/Diff for: ‎owasp-top10/auth_service/utils.py
+15 b/Diff for: ‎owasp-top10/auth_service/utils.py
+15
diff --git a/Diff for: ‎owasp-top10/docker-compose.yml
+42 b/Diff for: ‎owasp-top10/docker-compose.yml
+42
diff --git a/Diff for: ‎owasp-top10/frontend/Dockerfile
+11 b/Diff for: ‎owasp-top10/frontend/Dockerfile
+11
@@ -0,0 +1,2 @@
+MONGODB_URI=mongodb://localhost:27017
+
@@ -0,0 +1 @@
+venv/
@@ -0,0 +1,121 @@
+# Educational Vulnerable Application
+
+**WARNING: This application is intentionally vulnerable and meant for educational purposes only. DO NOT deploy this in any production environment.**
+
+## Overview
+This application demonstrates common security vulnerabilities based on OWASP Top 10 (2021). It consists of two microservices:
+- Auth Service: Handles user authentication with intentional vulnerabilities
+- Profile Service: Manages user profile data with intentional vulnerabilities
+
+## Intentional Vulnerabilities
+
+### 1. Broken Access Control (A01:2021)
+- No role-based access control implementation
+- Direct object references without verification
+- Location: `auth_service/routes.py` - endpoint `/api/user/<id>`
+
+### 2. Cryptographic Failures (A02:2021)
+- Passwords stored with weak hashing (MD5)
+- Sensitive data transmitted without encryption
+- Location: `auth_service/utils.py` - `hash_password()` function
+
+### 3. Injection (A03:2021)
+- SQL injection vulnerability in login query
+- NoSQL injection in profile lookup
+- Location: `auth_service/routes.py` - `/login` endpoint
+- Location: `profile_service/routes.py` - `/profile` endpoint
+
+### 4. Insecure Design (A04:2021)
+- No rate limiting on login attempts
+- Password reset without verification
+- Location: `auth_service/routes.py` - all endpoints
+
+### 5. Security Misconfiguration (A05:2021)
+- Debug mode enabled
+- Default/weak credentials
+- Location: `config.py` - all configuration settings
+
+### 6. Vulnerable Components (A06:2021)
+- Outdated dependencies in requirements.txt
+- Known vulnerable versions of packages
+
+### 7. Authentication Failures (A07:2021)
+- Weak password requirements
+- Session tokens without expiry
+- Location: `auth_service/utils.py` - `validate_password()` function
+
+### 8. Software and Data Integrity Failures (A08:2021)
+- No integrity checks on uploaded files
+- Unsecured deserialization
+- Location: `profile_service/routes.py` - `/upload` endpoint
+
+### 9. Security Logging Failures (A09:2021)
+- No logging of security events
+- Sensitive data in logs
+- Location: Both services lack proper logging
+
+### 10. Server-Side Request Forgery (A10:2021)
+- Unvalidated URL inputs
+- Location: `profile_service/routes.py` - `/fetch-avatar` endpoint
+
+## Setup Instructions
+
+1. Create virtual environment:
+```bash
+python -m venv venv
+source venv/bin/activate  # Linux/Mac
+venv\Scripts\activate     # Windows
+```
+
+2. Install dependencies:
+```bash
+pip install -r requirements.txt
+```
+
+3. Set up MongoDB:
+   - Use local MongoDB instance or
+   - Create free MongoDB Atlas cluster
+
+4. Configure environment:
+```bash
+cp .env.example .env
+# Edit .env with your MongoDB URI
+```
+
+5. Run services:
+```bash
+# Terminal 1
+python auth_service/app.py
+
+# Terminal 2
+python profile_service/app.py
+```
+
+## Testing Vulnerabilities
+
+1. SQL Injection:
+```
+Username: admin' OR '1'='1
+Password: anything
+```
+
+2. NoSQL Injection:
+```javascript
+{"$gt": ""} in username field
+```
+
+3. Weak Passwords:
+```
+Any password with length > 1 is accepted
+```
+
+4. SSRF Test:
+```
+/fetch-avatar?url=file:///etc/passwd
+```
+
+## Automated Testing
+Run security scanners against http://localhost:5000 and http://localhost:5001 to detect vulnerabilities.
+
+## Disclaimer
+This application is for educational purposes only. It contains intentional security vulnerabilities to demonstrate common security issues. DO NOT use any of this code in production environments.
@@ -0,0 +1,9 @@
+# Dockerfile for auth-service
+FROM node:14
+
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm install
+
+COPY . .
+CMD ["node", "server.js"]
@@ -0,0 +1,91 @@
+from flask import Flask, request, jsonify
+from flask_cors import CORS  # Import CORS
+from utils import hash_password, generate_token
+import sqlite3
+import json
+
+app = Flask(__name__)
+
+# Enable CORS for all routes
+CORS(app)
+
+app.config['DEBUG'] = True
+app.secret_key = 'xuysoe54Puj990' 
+
+@app.route('/', methods=['GET'])
+def entry():
+    return jsonify({"error": "Invalid credentials"}), 401
+
+@app.route('/login', methods=['POST'])
+def login():
+    data = request.get_json()
+    username = data.get('username')
+    password = data.get('password')
+    
+    # Verify user credentials (hash password comparison)
+    query = f"SELECT * FROM users WHERE username='{username}' AND password='{hash_password(password)}'"
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    user = cursor.execute(query).fetchone()
+    
+    if user:
+        # Generate JWT token
+        token = generate_token(username)
+        
+        # Decode token to string and return
+        return jsonify({"token": token.decode('utf-8')})  # Decode bytes to string
+    return jsonify({"error": "Invalid credentials"}), 401
+
+
+@app.route('/register', methods=['POST'])
+def register():
+    data = request.get_json()
+
+    if len(data.get('password', '')) > 1:
+        hashed_password = hash_password(data['password'])
+
+        # Create connection to SQLite database
+        conn = sqlite3.connect('users.db')
+        cursor = conn.cursor()
+
+        # Ensure the users table is created if it does not exist
+        cursor.execute('''
+            CREATE TABLE IF NOT EXISTS users (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                username TEXT UNIQUE NOT NULL,
+                password TEXT NOT NULL
+            )
+        ''')
+
+        try:
+            # Use parameterized queries to prevent SQL injection
+            cursor.execute(
+                'INSERT INTO users (username, password) VALUES (?, ?)',
+                (data['username'], hashed_password)
+            )
+            conn.commit()
+            return jsonify({"message": "User registered successfully"})
+        except sqlite3.IntegrityError:
+            # Handle unique constraint violation (duplicate username)
+            return jsonify({"error": "Username already exists"}), 400
+        finally:
+            conn.close()
+    else:
+        return jsonify({"error": "Invalid password"}), 400
+
+@app.route('/api/user/<id>', methods=['GET'])
+def get_user(id):
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    user = cursor.execute(f"SELECT * FROM users WHERE id={id}").fetchone()
+    
+    if user:
+        return jsonify({
+            "id": user[0],
+            "username": user[1],
+            "password_hash": user[2]  
+        })
+    return jsonify({"error": "User not found"}), 404
+
+if __name__ == '__main__':
+    app.run(port=5000, debug=True)
@@ -0,0 +1,15 @@
+import hashlib
+import jwt
+
+def hash_password(password):
+    return hashlib.md5(password.encode()).hexdigest()
+
+def generate_token(username):
+    return jwt.encode(
+        {'username': username},
+        'xuysoe54Puj990',
+        algorithm='HS256'
+    )
+
+def validate_password(password):
+    return len(password) > 1
@@ -0,0 +1,42 @@
+version: '3.8'
+services:
+  frontend:
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile
+    ports:
+      - "3000:3000"
+    environment:
+      - REACT_APP_AUTH_SERVICE_URL=http://auth-service:5000
+      - REACT_APP_PROFILE_SERVICE_URL=http://profile-service:5001
+    depends_on:
+      - auth-service
+      - profile-service
+  auth-service:
+    build:
+      context: ./auth_service
+      dockerfile: Dockerfile
+    ports:
+      - "5000:5000"
+    environment:
+      - MONGO_URI=mongodb://mongo:27017/
+    depends_on:
+      - mongo
+  profile-service:
+    build:
+      context: ./profile_service
+      dockerfile: Dockerfile
+    ports:
+      - "5001:5001"
+    environment:
+      - MONGO_URI=mongodb://mongo:27017/
+    depends_on:
+      - mongo
+  mongo:
+    image: mongo:4.4
+    ports:
+      - "27017:27017"
+    volumes:
+      - mongodb_data:/data/db
+volumes:
+  mongodb_data:
@@ -0,0 +1,11 @@
+# Dockerfile for frontend
+FROM node:14
+
+WORKDIR /app
+COPY package.json package-lock.json ./
+RUN npm install
+
+COPY . .
+RUN npm run build
+
+CMD ["npm", "start"]
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+MONGODB_URI=mongodb://localhost:27017`
	`2`	`+`