From 75fab6cdfbfb9cc3a7cae895e5f5d2ac7f6515fb Mon Sep 17 00:00:00 2001 From: Shweta Kadam Date: Sat, 31 Aug 2024 01:48:34 +0530 Subject: [PATCH 1/4] Create vulnerable.js --- vulnerable.js | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 vulnerable.js diff --git a/vulnerable.js b/vulnerable.js new file mode 100644 index 0000000..46c5598 --- /dev/null +++ b/vulnerable.js @@ -0,0 +1,65 @@ +vulnerable.js + +const express = require('express'); +const crypto = require('crypto'); +const mysql = require('mysql'); +const { exec } = require('child_process'); +const protobuf = require('protobufjs'); + +const app = express(); +const db = mysql.createConnection({ + host: 'localhost', + user: 'root', + password: 'password', + database: 'testdb' +}); + +app.use(express.json()); + +// Vulnerable SQL Injection Endpoint +app.get('/user/:id', (req, res) => { + const userId = req.params.id; + db.query(`SELECT * FROM users WHERE id = ${userId}`, (err, result) => { + if (err) throw err; + res.send(result); + }); +}); + +// Vulnerable Command Injection Endpoint +app.post('/execute', (req, res) => { + const command = req.body.command; + exec(command, (err, stdout, stderr) => { + if (err) { + res.status(500).send('Command execution failed'); + return; + } + res.send(`Command output: ${stdout}`); + }); +}); + +// Vulnerable Hashing (Use of Outdated Cryptographic Practices) +app.post('/hash', (req, res) => { + const password = req.body.password; + const hash = crypto.createHash('md5').update(password).digest('hex'); + res.send(`Hashed password: ${hash}`); +}); + +// Vulnerable Proto Buffing (Prototype Pollution) +app.post('/protobuf', async (req, res) => { + const root = await protobuf.load("example.proto"); + const Message = root.lookupType("examplepackage.Message"); + + const payload = req.body; + const errMsg = Message.verify(payload); + if (errMsg) { + res.status(400).send(`Invalid message: ${errMsg}`); + return; + } + + const message = Message.create(payload); + res.send(`Received message: ${JSON.stringify(message)}`); +}); + +app.listen(3000, () => { + console.log('Server is running on port 3000'); +}); From fbeaa9f496e90a18ac37c4b5d9c1cad01d8c0727 Mon Sep 17 00:00:00 2001 From: Shweta Kadam Date: Sat, 31 Aug 2024 01:49:34 +0530 Subject: [PATCH 2/4] Update Medicalreport.jsx From 76d60714cb176048d9519bbc5435e09a40695d6d Mon Sep 17 00:00:00 2001 From: Shweta Kadam Date: Sat, 31 Aug 2024 01:59:44 +0530 Subject: [PATCH 3/4] Update codeql.yml --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index efd9aa0..3d16acd 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,7 +17,7 @@ on: pull_request: branches: [ "main" ] schedule: - - cron: '32 9 * * 3' + - cron: '* * * * *' jobs: analyze: From bd372f222cfd14ea0b3c1a7226b1ebe1a8915209 Mon Sep 17 00:00:00 2001 From: Shweta Kadam Date: Sat, 31 Aug 2024 02:02:54 +0530 Subject: [PATCH 4/4] Update vulnerable.js --- vulnerable.js | 86 ++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 46 deletions(-) diff --git a/vulnerable.js b/vulnerable.js index 46c5598..03b0a9e 100644 --- a/vulnerable.js +++ b/vulnerable.js @@ -1,65 +1,59 @@ -vulnerable.js - const express = require('express'); -const crypto = require('crypto'); -const mysql = require('mysql'); -const { exec } = require('child_process'); -const protobuf = require('protobufjs'); +const fs = require('fs'); +const vm = require('vm'); +const jwt = require('jsonwebtoken'); const app = express(); -const db = mysql.createConnection({ - host: 'localhost', - user: 'root', - password: 'password', - database: 'testdb' +app.use(express.urlencoded({ extended: true })); +app.use(express.json()); + +// Insecure Deserialization +app.post('/deserialize', (req, res) => { + const serializedData = req.body.data; + try { + const deserializedData = JSON.parse(serializedData); + res.send(`Deserialized data: ${deserializedData}`); + } catch (e) { + res.status(400).send('Invalid data'); + } }); -app.use(express.json()); +// Cross-Site Scripting (XSS) +app.get('/greet', (req, res) => { + const name = req.query.name; + res.send(`

Hello, ${name}

`); +}); -// Vulnerable SQL Injection Endpoint -app.get('/user/:id', (req, res) => { - const userId = req.params.id; - db.query(`SELECT * FROM users WHERE id = ${userId}`, (err, result) => { - if (err) throw err; - res.send(result); - }); +// Insecure JWT Handling +app.post('/login', (req, res) => { + const user = { id: 1, username: req.body.username }; + const token = jwt.sign(user, 'secretkey'); // Weak secret + res.json({ token }); }); -// Vulnerable Command Injection Endpoint -app.post('/execute', (req, res) => { - const command = req.body.command; - exec(command, (err, stdout, stderr) => { +// Unsafe File Operations +app.get('/read-file', (req, res) => { + const filename = req.query.filename; + fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => { if (err) { - res.status(500).send('Command execution failed'); + res.status(500).send('File read error'); return; } - res.send(`Command output: ${stdout}`); + res.send(`File content: ${data}`); }); }); -// Vulnerable Hashing (Use of Outdated Cryptographic Practices) -app.post('/hash', (req, res) => { - const password = req.body.password; - const hash = crypto.createHash('md5').update(password).digest('hex'); - res.send(`Hashed password: ${hash}`); -}); - -// Vulnerable Proto Buffing (Prototype Pollution) -app.post('/protobuf', async (req, res) => { - const root = await protobuf.load("example.proto"); - const Message = root.lookupType("examplepackage.Message"); - - const payload = req.body; - const errMsg = Message.verify(payload); - if (errMsg) { - res.status(400).send(`Invalid message: ${errMsg}`); - return; +// Server-Side JavaScript Injection +app.post('/execute', (req, res) => { + const code = req.body.code; + try { + const result = vm.runInNewContext(code, {}); + res.send(`Execution result: ${result}`); + } catch (e) { + res.status(500).send('Execution error'); } - - const message = Message.create(payload); - res.send(`Received message: ${JSON.stringify(message)}`); }); app.listen(3000, () => { - console.log('Server is running on port 3000'); + console.log('Server running on port 3000'); });