Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/vulnerable demo #39

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions vulnerable.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
const express = require('express');
const fs = require('fs');
const vm = require('vm');
const jwt = require('jsonwebtoken');

const app = express();
app.use(express.urlencoded({ extended: true }));
app.use(express.json());

// Insecure Deserialization
app.post('/deserialize', (req, res) => {
const serializedData = req.body.data;
try {
const deserializedData = JSON.parse(serializedData);
res.send(`Deserialized data: ${deserializedData}`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.
} catch (e) {
res.status(400).send('Invalid data');
}
});

// Cross-Site Scripting (XSS)
app.get('/greet', (req, res) => {
const name = req.query.name;
res.send(`<h1>Hello, ${name}</h1>`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.
});

// Insecure JWT Handling
app.post('/login', (req, res) => {
const user = { id: 1, username: req.body.username };
const token = jwt.sign(user, 'secretkey'); // Weak secret

Check failure

Code scanning / CodeQL

Hard-coded credentials Critical

The hard-coded value "secretkey" is used as
jwt key
.
res.json({ token });
});

// Unsafe File Operations
app.get('/read-file', (req, res) => {
const filename = req.query.filename;
fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => {

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
.
if (err) {
res.status(500).send('File read error');
return;
}
res.send(`File content: ${data}`);
});
});
Comment on lines +35 to +44

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a file system access
, but is not rate-limited.

// Server-Side JavaScript Injection
app.post('/execute', (req, res) => {
const code = req.body.code;
try {
const result = vm.runInNewContext(code, {});

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
.
res.send(`Execution result: ${result}`);
} catch (e) {
res.status(500).send('Execution error');
}
});

app.listen(3000, () => {
console.log('Server running on port 3000');
});