-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/vulnerable demo #39
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
const express = require('express'); | ||
const fs = require('fs'); | ||
const vm = require('vm'); | ||
const jwt = require('jsonwebtoken'); | ||
|
||
const app = express(); | ||
app.use(express.urlencoded({ extended: true })); | ||
app.use(express.json()); | ||
|
||
// Insecure Deserialization | ||
app.post('/deserialize', (req, res) => { | ||
const serializedData = req.body.data; | ||
try { | ||
const deserializedData = JSON.parse(serializedData); | ||
res.send(`Deserialized data: ${deserializedData}`); | ||
} catch (e) { | ||
res.status(400).send('Invalid data'); | ||
} | ||
}); | ||
|
||
// Cross-Site Scripting (XSS) | ||
app.get('/greet', (req, res) => { | ||
const name = req.query.name; | ||
res.send(`<h1>Hello, ${name}</h1>`); | ||
Check failure Code scanning / CodeQL Reflected cross-site scripting High
Cross-site scripting vulnerability due to a
user-provided value Error loading related location Loading |
||
}); | ||
|
||
// Insecure JWT Handling | ||
app.post('/login', (req, res) => { | ||
const user = { id: 1, username: req.body.username }; | ||
const token = jwt.sign(user, 'secretkey'); // Weak secret | ||
Check failure Code scanning / CodeQL Hard-coded credentials Critical
The hard-coded value "secretkey" is used as
jwt key Error loading related location Loading |
||
res.json({ token }); | ||
}); | ||
|
||
// Unsafe File Operations | ||
app.get('/read-file', (req, res) => { | ||
const filename = req.query.filename; | ||
fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => { | ||
Check failure Code scanning / CodeQL Uncontrolled data used in path expression High
This path depends on a
user-provided value Error loading related location Loading |
||
if (err) { | ||
res.status(500).send('File read error'); | ||
return; | ||
} | ||
res.send(`File content: ${data}`); | ||
}); | ||
}); | ||
Comment on lines
+35
to
+44
Check failure Code scanning / CodeQL Missing rate limiting High
This route handler performs
a file system access Error loading related location Loading |
||
|
||
// Server-Side JavaScript Injection | ||
app.post('/execute', (req, res) => { | ||
const code = req.body.code; | ||
try { | ||
const result = vm.runInNewContext(code, {}); | ||
Check failure Code scanning / CodeQL Code injection Critical
This code execution depends on a
user-provided value Error loading related location Loading |
||
res.send(`Execution result: ${result}`); | ||
} catch (e) { | ||
res.status(500).send('Execution error'); | ||
} | ||
}); | ||
|
||
app.listen(3000, () => { | ||
console.log('Server running on port 3000'); | ||
}); |
Check failure
Code scanning / CodeQL
Reflected cross-site scripting High