ShiftLeftSecurity
diff --git a/‎README.md‎
Lines changed: 27 additions & 1 deletion b/‎README.md‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎flask_webgoat/__init__.py‎
Lines changed: 46 additions & 0 deletions b/‎flask_webgoat/__init__.py‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎flask_webgoat/actions.py‎
Lines changed: 51 additions & 0 deletions b/‎flask_webgoat/actions.py‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎flask_webgoat/auth.py‎
Lines changed: 23 additions & 0 deletions b/‎flask_webgoat/auth.py‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎flask_webgoat/status.py‎
Lines changed: 14 additions & 0 deletions b/‎flask_webgoat/status.py‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎flask_webgoat/users.py‎
Lines changed: 34 additions & 0 deletions b/‎flask_webgoat/users.py‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎requirements.txt‎
Lines changed: 6 additions & 0 deletions b/‎requirements.txt‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎run.py‎
Lines changed: 6 additions & 0 deletions b/‎run.py‎
Lines changed: 6 additions & 0 deletions
@@ -1 +1,27 @@
-# flask-webgoat
+# flask-webgoat
+
+flask-webgoat is a deliberately-vulnerable application written with the Flask
+web framework.
+
+```
+ (_(
+ /_/'_____/)
+ " | |
+ |""""""|
+███████╗██╗ █████╗ ███████╗██╗ ██╗ ██╗ ██╗███████╗██████╗ ██████╗ ██████╗ █████╗ ████████╗
+██╔════╝██║ ██╔══██╗██╔════╝██║ ██╔╝ ██║ ██║██╔════╝██╔══██╗██╔════╝ ██╔═══██╗██╔══██╗╚══██╔══╝
+█████╗ ██║ ███████║███████╗█████╔╝ ██║ █╗ ██║█████╗ ██████╔╝██║ ███╗██║ ██║███████║ ██║
+██╔══╝ ██║ ██╔══██║╚════██║██╔═██╗ ██║███╗██║██╔══╝ ██╔══██╗██║ ██║██║ ██║██╔══██║ ██║
+██║ ███████╗██║ ██║███████║██║ ██╗ ╚███╔███╔╝███████╗██████╔╝╚██████╔╝╚██████╔╝██║ ██║ ██║
+╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚══╝╚══╝ ╚══════╝╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝
+```
+
+### Run
+
+```
+python -m venv .venv
+. .venv/bin/activate
+pip install -r requirements.txt
+FLASK_APP=run.py flask run
+```
+
@@ -0,0 +1,46 @@
+import os
+import sqlite3
+from pathlib import Path
+
+from flask import Flask, g
+
+
+def create_app():
+ app = Flask(__name__)
+ app.secret_key = 'aeZ1iwoh2ree2mo0Eereireong4baitixaixu5Ee'
+
+ db_filename = 'database.db'
+ db_path = Path(db_filename)
+ if db_path.exists():
+ db_path.unlink()
+
+ conn = sqlite3.connect(db_filename)
+ create_table_query = """CREATE TABLE IF NOT EXISTS user
+ (id INTEGER PRIMARY KEY, username TEXT, password TEXT, access_level INTEGER)"""
+ conn.execute(create_table_query)
+
+ insert_admin_query = """INSERT INTO user (id, username, password, access_level)
+ VALUES (1, 'admin', 'maximumentropy', 0)"""
+ conn.execute(insert_admin_query)
+ conn.commit()
+ conn.close()
+
+ def query_db(query, args = (), one=False, commit=False):
+ with sqlite3.connect(db_filename) as conn:
+ cur = conn.execute(query, args)
+ if commit:
+ conn.commit()
+ return cur.fetchone() if one else cur.fetchall()
+ app.query_db = query_db
+
+ with app.app_context():
+ from . import status
+ from . import auth
+ from . import users
+ from . import actions
+ app.register_blueprint(status.bp)
+ app.register_blueprint(auth.bp)
+ app.register_blueprint(users.bp)
+ app.register_blueprint(actions.bp)
+ return app
+
@@ -0,0 +1,51 @@
+from pathlib import Path
+import subprocess
+import uuid
+from flask import request
+
+from flask import (
+ Blueprint, jsonify, request, jsonify, session
+)
+from werkzeug.security import check_password_hash
+from flask import current_app as app
+
+bp = Blueprint('actions', __name__)
+
+
+@bp.route('/message', methods=['POST'])
+def log_entry():
+ auth = session.get('user_info', None)
+ if auth is None:
+ return jsonify({'error': 'no auth found in session'})
+ access_level = auth[2]
+ if access_level > 2:
+ return jsonify({'error': 'access level < 2 is required for this action'})
+ filename_param = request.form.get('filename')
+ if filename_param is None:
+ return jsonify({'error': 'filename parameter is required'})
+ text_param = request.form.get('text')
+ if text_param is None:
+ return jsonify({'error': 'text parameter is required'})
+
+ user_id = auth[0]
+ user_dir = Path("data/" + str(user_id))
+ if not user_dir.exists():
+ user_dir.mkdir()
+
+ filename = filename_param + ".txt"
+ path = user_dir / filename
+ with path.open("w", encoding ="utf-8") as f:
+ f.write(text_param)
+ return jsonify({'success': True})
+
+
+@bp.route('/grep_processes')
+def grep_processes():
+ name = request.args.get('name')
+ res = subprocess.run(["ps aux | grep " + name + " | awk '{print $11}'"], shell=True, capture_output=True)
+ if res.stdout is None:
+ return jsonify({'error': 'no stdout returned'})
+ out = res.stdout.decode("utf-8")
+ names = out.split('\n')
+ return jsonify({'success': True, 'names': names})
+
@@ -0,0 +1,23 @@
+from flask import (
+ Blueprint, jsonify, request, jsonify, session
+)
+from werkzeug.security import check_password_hash
+from flask import current_app as app
+
+bp = Blueprint('auth', __name__)
+
+
+@bp.route('/login', methods=['POST'])
+def login():
+ username = request.form.get('username')
+ password = request.form.get('password')
+ if username is None or password is None:
+ return jsonify({'error': 'username and password parameter have to be provided'}), 400
+
+ query = "SELECT id, username, access_level FROM user WHERE username = '%s' AND password = '%s'" % (username, password)
+ result = app.query_db(query, [], True)
+ if result is None:
+ return jsonify({'bad_login': True}), 400
+ session['user_info'] = (result[0], result[1], result[2])
+ return jsonify({'success': True})
+
@@ -0,0 +1,14 @@
+from flask import (
+ Blueprint, jsonify
+)
+
+bp = Blueprint('status', __name__)
+
+@bp.route('/status')
+def status():
+ return jsonify({'success': True})
+
+
+@bp.route('/ping')
+def ping():
+ return jsonify({'success': True})
@@ -0,0 +1,34 @@
+from flask import (
+ Blueprint, jsonify, request, jsonify, session
+)
+from werkzeug.security import check_password_hash
+from flask import current_app as app
+
+bp = Blueprint('users', __name__)
+
+
+@bp.route('/create_user', methods=['POST'])
+def create_user():
+ auth = session.get('user_info', None)
+ if auth is None:
+ return jsonify({'error': 'no auth found in session'})
+
+ access_level = auth[2]
+ if access_level != 0:
+ return jsonify({'error': 'access level of 0 is required for this action'})
+ username = request.form.get('username')
+ password = request.form.get('password')
+ access_level = request.form.get('access_level')
+ if username is None or password is None or access_level is None:
+ return jsonify({'error': 'username, password and access_level parameters have to be provided'}), 400
+ if len(password) < 3:
+ return jsonify({'error': 'the password needs to be at least 3 characters long'}), 402
+
+ query = "INSERT INTO user (username, password, access_level) VALUES ('%s', '%s', %d)" % (username, password, int(access_level))
+
+ try:
+ app.query_db(query, [], False, True)
+ return jsonify({'success': True})
+ except sqlite3.Error as err:
+ return jsonify({'error': 'could not create user:' + err})
+
@@ -0,0 +1,6 @@
+click==7.1.2
+Flask==1.1.2
+itsdangerous==1.1.0
+Jinja2==2.11.3
+MarkupSafe==1.1.1
+Werkzeug==1.0.1
@@ -0,0 +1,6 @@
+from flask_webgoat import create_app
+
+app = create_app()
+
+if __name__ == '__main__':
+ app.run()