diff --git a/samples/Dockerfile-01 b/samples/Dockerfile-01 new file mode 100644 index 0000000..9f755f5 --- /dev/null +++ b/samples/Dockerfile-01 @@ -0,0 +1,2 @@ +FROM alpine:3.14.0 +RUN echo "testuser:x:10999:10999:,,,:/home/testuser:/bin/bash" >> /etc/passwd && echo "testuser::18761:0:99999:7:::" >> /etc/shadow diff --git a/samples/Pipfile.lock b/samples/Pipfile.lock new file mode 100644 index 0000000..b501457 --- /dev/null +++ b/samples/Pipfile.lock @@ -0,0 +1,129 @@ +{ + "_meta": { + "hash": { + "sha256": "069f33d2dc75b242fa5ee44daf090c80831812dc6cc59824e94c22a677eac958" + }, + "pipfile-spec": 6, + "requires": { + "python_version": "3.8" + }, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "click": { + "hashes": [ + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" + ], + "markers": "python_version >= '3.6'", + "version": "==8.0.1" + }, + "flask": { + "hashes": [ + "sha256:7b2fb8e934ddd50731893bdcdb00fc8c0315916f9fcd50d22c7cc1a95ab634e2", + "sha256:cb90f62f1d8e4dc4621f52106613488b5ba826b2e1e10a33eac92f723093ab6a" + ], + "index": "pypi", + "version": "==2.0.2" + }, + "itsdangerous": { + "hashes": [ + "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c", + "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.1" + }, + "jinja2": { + "hashes": [ + "sha256:827a0e32839ab1600d4eb1c4c33ec5a8edfbc5cb42dafa13b81f182f97784b45", + "sha256:8569982d3f0889eed11dd620c706d39b60c36d6d25843961f33f77fb6bc6b20c" + ], + "markers": "python_version >= '3.6'", + "version": "==3.0.2" + }, + "markupsafe": { + "hashes": [ + "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298", + "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64", + "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b", + "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567", + "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff", + "sha256:0d4b31cc67ab36e3392bbf3862cfbadac3db12bdd8b02a2731f509ed5b829724", + "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74", + "sha256:168cd0a3642de83558a5153c8bd34f175a9a6e7f6dc6384b9655d2697312a646", + "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35", + "sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6", + "sha256:2a7d351cbd8cfeb19ca00de495e224dea7e7d919659c2841bbb7f420ad03e2d6", + "sha256:2d7d807855b419fc2ed3e631034685db6079889a1f01d5d9dac950f764da3dad", + "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26", + "sha256:36bc903cbb393720fad60fc28c10de6acf10dc6cc883f3e24ee4012371399a38", + "sha256:37205cac2a79194e3750b0af2a5720d95f786a55ce7df90c3af697bfa100eaac", + "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7", + "sha256:3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6", + "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75", + "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f", + "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135", + "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8", + "sha256:5855f8438a7d1d458206a2466bf82b0f104a3724bf96a1c781ab731e4201731a", + "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a", + "sha256:5bb28c636d87e840583ee3adeb78172efc47c8b26127267f54a9c0ec251d41a9", + "sha256:60bf42e36abfaf9aff1f50f52644b336d4f0a3fd6d8a60ca0d054ac9f713a864", + "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914", + "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18", + "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8", + "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2", + "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d", + "sha256:6fcf051089389abe060c9cd7caa212c707e58153afa2c649f00346ce6d260f1b", + "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b", + "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f", + "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb", + "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833", + "sha256:99df47edb6bda1249d3e80fdabb1dab8c08ef3975f69aed437cb69d0a5de1e28", + "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415", + "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902", + "sha256:add36cb2dbb8b736611303cd3bfcee00afd96471b09cda130da3581cbdc56a6d", + "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9", + "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d", + "sha256:baa1a4e8f868845af802979fcdbf0bb11f94f1cb7ced4c4b8a351bb60d108145", + "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066", + "sha256:bf5d821ffabf0ef3533c39c518f3357b171a1651c1ff6827325e4489b0e46c3c", + "sha256:c47adbc92fc1bb2b3274c4b3a43ae0e4573d9fbff4f54cd484555edbf030baf1", + "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f", + "sha256:d8446c54dc28c01e5a2dbac5a25f071f6653e6e40f3a8818e8b45d790fe6ef53", + "sha256:e0f138900af21926a02425cf736db95be9f4af72ba1bb21453432a07f6082134", + "sha256:e9936f0b261d4df76ad22f8fee3ae83b60d7c3e871292cd42f40b81b70afae85", + "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5", + "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94", + "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509", + "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51", + "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.1" + }, + "python-dotenv": { + "hashes": [ + "sha256:aae25dc1ebe97c420f50b81fb0e5c949659af713f31fdb63c749ca68748f34b1", + "sha256:f521bc2ac9a8e03c736f62911605c5d83970021e3fa95b37d769e2bbbe9b6172" + ], + "index": "pypi", + "version": "==0.19.0" + }, + "werkzeug": { + "hashes": [ + "sha256:63d3dc1cf60e7b7e35e97fa9861f7397283b75d765afcaefd993d6046899de8f", + "sha256:aa2bb6fc8dee8d6c504c0ac1e7f5f7dc5810a9903e793b6f715a9f015bdadb9a" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.2" + } + }, + "develop": {} +} diff --git a/samples/example-02.tf b/samples/example-02.tf new file mode 100644 index 0000000..e83411f --- /dev/null +++ b/samples/example-02.tf @@ -0,0 +1,189 @@ +resource "azurerm_resource_group" "myresourcegroup" { + name = "${var.prefix}-workshop" + location = var.location + + tags = { + environment = "Production" + } +} + +resource "azurerm_virtual_network" "vnet" { + name = "${var.prefix}-vnet" + location = azurerm_resource_group.myresourcegroup.location + address_space = [var.address_space] + resource_group_name = azurerm_resource_group.myresourcegroup.name +} + +resource "azurerm_subnet" "subnet" { + name = "${var.prefix}-subnet" + virtual_network_name = azurerm_virtual_network.vnet.name + resource_group_name = azurerm_resource_group.myresourcegroup.name + address_prefixes = [var.subnet_prefix] +} + +resource "azurerm_network_security_group" "catapp-sg" { + name = "${var.prefix}-sg" + location = var.location + resource_group_name = azurerm_resource_group.myresourcegroup.name + + security_rule { + name = "HTTP" + priority = 100 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "80" + source_address_prefix = "*" + destination_address_prefix = "*" + } + + security_rule { + name = "HTTPS" + priority = 102 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "443" + source_address_prefix = "*" + destination_address_prefix = "*" + } + + security_rule { + name = "SSH" + priority = 101 + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "22" + source_address_prefix = "*" + destination_address_prefix = "*" + } +} + +resource "azurerm_network_interface" "catapp-nic" { + name = "${var.prefix}-catapp-nic" + location = var.location + resource_group_name = azurerm_resource_group.myresourcegroup.name + + ip_configuration { + name = "${var.prefix}ipconfig" + subnet_id = azurerm_subnet.subnet.id + private_ip_address_allocation = "Dynamic" + public_ip_address_id = azurerm_public_ip.catapp-pip.id + } +} + +resource "azurerm_network_interface_security_group_association" "catapp-nic-sg-ass" { + network_interface_id = azurerm_network_interface.catapp-nic.id + network_security_group_id = azurerm_network_security_group.catapp-sg.id +} + +resource "azurerm_public_ip" "catapp-pip" { + name = "${var.prefix}-ip" + location = var.location + resource_group_name = azurerm_resource_group.myresourcegroup.name + allocation_method = "Dynamic" + domain_name_label = "${var.prefix}-meow" +} + +resource "azurerm_virtual_machine" "catapp" { + name = "${var.prefix}-meow" + location = var.location + resource_group_name = azurerm_resource_group.myresourcegroup.name + vm_size = var.vm_size + + network_interface_ids = [azurerm_network_interface.catapp-nic.id] + delete_os_disk_on_termination = "true" + + storage_image_reference { + publisher = var.image_publisher + offer = var.image_offer + sku = var.image_sku + version = var.image_version + } + + storage_os_disk { + name = "${var.prefix}-osdisk" + managed_disk_type = "Standard_LRS" + caching = "ReadWrite" + create_option = "FromImage" + } + + os_profile { + computer_name = var.prefix + admin_username = var.admin_username + admin_password = var.admin_password + } + + os_profile_linux_config { + disable_password_authentication = false + } + + tags = {} + + # Added to allow destroy to work correctly. + depends_on = [azurerm_network_interface_security_group_association.catapp-nic-sg-ass] +} + +# We're using a little trick here so we can run the provisioner without +# destroying the VM. Do not do this in production. + +# If you need ongoing management (Day N) of your virtual machines a tool such +# as Chef or Puppet is a better choice. These tools track the state of +# individual files and can keep them in the correct configuration. + +# Here we do the following steps: +# Sync everything in files/ to the remote VM. +# Set up some environment variables for our script. +# Add execute permissions to our scripts. +# Run the deploy_app.sh script. +resource "null_resource" "configure-cat-app" { + depends_on = [ + azurerm_virtual_machine.catapp, + ] + + # Terraform 0.11 + # triggers { + # build_number = "${timestamp()}" + # } + + # Terraform 0.12 + triggers = { + build_number = timestamp() + } + + provisioner "file" { + source = "files/" + destination = "/home/${var.admin_username}/" + + connection { + type = "ssh" + user = var.admin_username + password = var.admin_password + host = azurerm_public_ip.catapp-pip.fqdn + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt -y update", + "sleep 15", + "sudo apt -y update", + "sudo apt -y install apache2", + "sudo systemctl start apache2", + "sudo chown -R ${var.admin_username}:${var.admin_username} /var/www/html", + "chmod +x *.sh", + "PLACEHOLDER=${var.placeholder} WIDTH=${var.width} HEIGHT=${var.height} PREFIX=${var.prefix} ./deploy_app.sh", + ] + + connection { + type = "ssh" + user = var.admin_username + password = var.admin_password + host = azurerm_public_ip.catapp-pip.fqdn + } + } +} diff --git a/samples/insecure-01.js b/samples/insecure-01.js new file mode 100644 index 0000000..dd7f84f --- /dev/null +++ b/samples/insecure-01.js @@ -0,0 +1,2 @@ +let injection = "Hello, security vulnerabilities!"; +eval(`console.log(\"${injection}\");`); \ No newline at end of file diff --git a/samples/insecure-01.py b/samples/insecure-01.py new file mode 100644 index 0000000..da0b2b9 --- /dev/null +++ b/samples/insecure-01.py @@ -0,0 +1,26 @@ +#Commented out sample to pass scanning + +import hashlib +print("I am very insecure. Bandit thinks so too.") +#B110 +xs=[1,2,3,4,5,6,7,8] +try: + print(xs[7]) + print(xs[8]) +except: pass + +ys=[1, 2, None, None] +for y in ys: + try: + print(str(y+3)) #TypeErrors ahead + except: continue #not how to handle them + +#some imports +import telnetlib +import ftplib + +#B303 and B324 +s = b"I am a string" +print("MD5: " +hashlib.md5(s).hexdigest()) +print("SHA1: " +hashlib.sha1(s).hexdigest()) +print("SHA256: " +hashlib.sha256(s).hexdigest()) diff --git a/samples/insecure_arm-01.json b/samples/insecure_arm-01.json new file mode 100644 index 0000000..8c0c904 --- /dev/null +++ b/samples/insecure_arm-01.json @@ -0,0 +1,330 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + } + }, + "resources": [ + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/serverfarms", + "name": "serverFarm", + "location": "[parameters('location')]" + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiAppNoHttps", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiApp_HttpsFalse", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": false + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiApp_HttpsTrue", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": true + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp", + "name": "FunctionAppNoHttps", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp,linux", + "name": "FunctionApp_HttpsFalse", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": false + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp", + "name": "FunctionApp_HttpsTrue", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": true + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "app,linux", + "name": "WebAppNoHttps", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "name": "WebApp_HttpsFalse", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": false + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "app", + "name": "WebApp_HttpsTrue", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]" + ], + "properties": { + "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', 'serverFarm')]", + "httpsOnly": true + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiApp_RestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiApp_NoSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites/config", + "name": "SitesConfig/RestrictedCORSAccess_web", + "location": "[parameters('location')]", + "dependsOn": [ + "ApiApp_NoSitesConfig", + "WebApp_NoSitesConfig", + "FunctionApp_NoSitesConfig" + ], + "properties": { + "cors": { + "allowedOrigins": [ + "someIP" + ] + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "api", + "name": "ApiApp_UnrestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP", + "*" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites/config", + "name": "SitesConfig/UnrestrictedCORSAccess_web", + "location": "[parameters('location')]", + "dependsOn": [ + "ApiApp_NoSitesConfig", + "WebApp_NoSitesConfig", + "FunctionApp_NoSitesConfig" + ], + "properties": { + "cors": { + "allowedOrigins": [ + "*" + ] + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "app", + "name": "WebApp_RestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "name": "WebApp_NoKind_RestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "app", + "name": "WebApp_UnrestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP", + "*" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "app", + "name": "WebApp_NoSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp", + "name": "FunctionApp_RestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp", + "name": "FunctionApp_UnrestrictedCORSAccess_EmbeddedSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true, + "siteConfig": { + "cors": { + "allowedOrigins": [ + "someIP", + "*" + ] + } + } + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Web/sites", + "kind": "functionapp", + "name": "FunctionApp_NoSitesConfig", + "location": "[parameters('location')]", + "properties": { + "httpsOnly": true + } + } + ] +} diff --git a/samples/routes-01.py b/samples/routes-01.py new file mode 100644 index 0000000..bab7594 --- /dev/null +++ b/samples/routes-01.py @@ -0,0 +1,30 @@ + +from flask import request, render_template, make_response + +from server.webapp import flaskapp, cursor +from server.models import Book + + +@flaskapp.route('/') +def index(): + name = request.args.get('name') + author = request.args.get('author') + read = bool(request.args.get('read')) + + if name: + cursor.execute( + "SELECT * FROM books WHERE name LIKE '%" + name + "%'" + ) + books = [Book(*row) for row in cursor] + + elif author: + cursor.execute( + "SELECT * FROM books WHERE author LIKE '%" + author + "%'" + ) + books = [Book(*row) for row in cursor] + + else: + cursor.execute("SELECT name, author, read FROM books") + books = [Book(*row) for row in cursor] + + return render_template('books.html', books=books) diff --git a/src/webapp01/Pages/DevSecOps.cshtml b/src/webapp01/Pages/DevSecOps.cshtml new file mode 100644 index 0000000..e6644c5 --- /dev/null +++ b/src/webapp01/Pages/DevSecOps.cshtml @@ -0,0 +1,43 @@ +@page +@model DevSecOpsModel +@{ + ViewData["Title"] = "DevSecOps"; +} + +

@ViewData["Title"]

+ +

Stay up-to-date with the latest advancements in GitHub Advanced Security.

+ +

Latest News

+
+
+
+
GitHub Universe 2025 Highlights
+

Discover the key announcements from GitHub Universe 2025, including new features for Advanced Security that help you build more secure applications.

+ Read More +
+
+ Posted on May 8, 2025 +
+
+
+
+
Secret Scanning Enhancements
+

Learn about the latest improvements to secret scanning, including expanded partner patterns and new detection capabilities to keep your secrets safe.

+ Read More +
+
+ Posted on April 25, 2025 +
+
+
+
+
CodeQL Gets Faster and Smarter
+

Explore the performance and intelligence upgrades to CodeQL, enabling faster and more accurate security analysis of your codebases.

+ Read More +
+
+ Posted on April 10, 2025 +
+
+
diff --git a/src/webapp01/Pages/DevSecOps.cshtml.cs b/src/webapp01/Pages/DevSecOps.cshtml.cs new file mode 100644 index 0000000..9742d26 --- /dev/null +++ b/src/webapp01/Pages/DevSecOps.cshtml.cs @@ -0,0 +1,35 @@ +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.Extensions.Logging; + +public class DevSecOpsModel : PageModel +{ + private readonly ILogger _logger; + + string adminUserName = "demouser@example.com"; + + // TODO: Don't use this in production + public const string DEFAULT_PASSWORD_NEW = "Pass@word1"; + + // TODO: Change this to an environment variable + public const string JWT_SECRET_KEY = "SecretKeyOfDoomThatMustBeAMinimumNumberOfBytes"; + + + public DevSecOpsModel(ILogger logger) + { + _logger = logger; + } + + public void OnGet() + { + string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C"; + var str = $"/C fsutil volume diskfree {drive}:"; + + _logger.LogInformation($"Executing command: {str}"); + _logger.LogInformation($"User: {User.Identity?.Name}"); + _logger.LogInformation($"Admin: {User.IsInRole("Admin")}"); + _logger.LogInformation("Admin" + adminUserName); + + _logger.LogInformation("DevSecOps page visited at {Time}", System.DateTime.UtcNow); + } +} diff --git a/src/webapp01/Pages/Index.cshtml b/src/webapp01/Pages/Index.cshtml index f6c6665..5e7747c 100644 --- a/src/webapp01/Pages/Index.cshtml +++ b/src/webapp01/Pages/Index.cshtml @@ -11,3 +11,11 @@

Visit our About GHAS page to learn about GitHub Advanced Security features.

+ +
+
+

DevSecOps

+

Learn about the latest in DevSecOps and GitHub Advanced Security.

+

Explore DevSecOps »

+
+
diff --git a/src/webapp01/webapp01.csproj b/src/webapp01/webapp01.csproj index 0fdd793..9c86888 100644 --- a/src/webapp01/webapp01.csproj +++ b/src/webapp01/webapp01.csproj @@ -13,6 +13,7 @@ +