tidy

2025-01-16 03:18:48 +08:00 · 2025-01-16 03:18:48 +08:00 · 4f984a46f8
parent 22f312cbb9
commit 4f984a46f8
9 changed files with 47 additions and 27 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,4 +15,7 @@

 # src-tauri
 **/target/
-**/gen/schemas
+**/gen/schemas
+
+# server
+server/server
--- a/README.md
+++ b/README.md
@ -1,21 +1,12 @@
-# cspj application
+# CSPJ Application

-## attacks
+## Services

-1. sql injection
-2. xss
-3. command injection
-4. file inclusion attacks
-5. csrf
-6. directory traversal
-7. insecure deserialization
-8. session hijacking
-9. xml external entity injection
-10. sever side request forgery
-11. broken authentication and session management
-12. clickjacking
-
-## backend
+- 3331: Apache + ModSecurity
+- 3332: Suricata
+- 3333: Backend server
+- 3334: Python backend server
+- 3335: PostgreSQL

 backend-for-frontend server

@ -41,7 +32,8 @@ PGPASSWORD=asdfpassword

 ### SQL Injection

-Use `' OR 1=1; --`
+Use `' OR 1=1; --`  
+Use `tohyouxuan@gmail.com' UNION SELECT id, email, password FROM users WHERE email = 'tohyouxuan@gmail.com'; --`

 - `/unsecure-register-sql`
 - `/secure-register-sql`
@ -52,3 +44,12 @@ Use `' OR 1=1; --`

 Used `pool.Query()` with a parameterized query, instead of dynamically constructing the SQL query by directly inserting the user input.  
 Parameterized queries separate the SQL code from the data, so user input is never directly put into the query's structure. Placeholders are used instead, and the data is passed as parameters. The DB will treat them as data, not executable code.
+
+## ZAP
+
+Content-Type: application/json
+
+{
+"email": "tohyouxuan@gmail.com",
+"password": "testpassword"
+}
--- a/client/src/components/Testing/Testing.tsx
+++ b/client/src/components/Testing/Testing.tsx
@ -1,7 +1,9 @@
 import { BugReportOutlined } from "@mui/icons-material";
 import { Box, Button, IconButton, useTheme } from "@mui/material";
 import { fetch } from "@tauri-apps/plugin-http";
+import { useAtom } from "jotai";
 import { useState } from "react";
+import { serverUrlAtom } from "../../lib/jotai";
 import { defaultSettings } from "../../lib/settings";
 import { FloatingDialog } from "../Generic/FloatingDialog";

@ -9,6 +11,9 @@ export const Testing = () => {
  // contexts
  const theme = useTheme();

+  // atoms
+  const [serverUrl, setServerUrl] = useAtom(serverUrlAtom);
+
  // states
  const [openState, setOpenState] = useState(false);
  const [maximisedState, setMaximisedState] = useState(false);
@ -17,10 +22,10 @@ export const Testing = () => {
  const close = () => setOpenState(false);

  const testing = () => {
-    fetch("http://localhost:5000/nuke-db").then((response) => {
+    fetch(serverUrl + "/nuke-db").then((response) => {
      console.log(response);
    });
-    fetch("http://localhost:5000/setup-demo-db").then((response) => {
+    fetch(serverUrl + "/setup-demo-db").then((response) => {
      console.log(response);
    });
  };
--- a/docker/modsecurity/docker-compose.yml
+++ b/docker/modsecurity/docker-compose.yml
@ -4,13 +4,13 @@ services:
    container_name: modsecurity
    restart: always
    ports:
-      - "8080:8080"
+      - "3331:3331"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    environment:
-      BACKEND: "http://host.docker.internal:5000"
+      BACKEND: "http://host.docker.internal:3333" # TODO: CHANGE THIS TO SURICATA'S PORT COS INLINE
      SERVER_NAME: "localhost"
-      PORT: "8080"
+      PORT: "3331"
    networks:
      - modsec-network

--- a/docker/postgres/docker-compose.yml
+++ b/docker/postgres/docker-compose.yml
@ -7,7 +7,7 @@ services:
      POSTGRES_PASSWORD: asdfpassword
      POSTGRES_DB: asdfdb
    ports:
-      - "5432:5432"
+      - "3335:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
 volumes:
--- a/docker/zaproxy/run.sh
+++ b/docker/zaproxy/run.sh
@ -0,0 +1 @@
+docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml
--- a/docker/zaproxy/zap.yaml
+++ b/docker/zaproxy/zap.yaml
@ -0,0 +1,10 @@
+jobs:
+  - type: spider
+    parameters:
+      context: "Default Context"
+      url: "http://localhost:5000/unsafe-login"
+      maxDuration: 2
+  - type: activeScan
+    parameters:
+      context: "Default Context"
+      policy: "SQL Injection"
--- a/server/internal/db/db.go
+++ b/server/internal/db/db.go
@ -14,7 +14,7 @@ import (
 // !MIGHT CHANGE
 const (
 	host     = "localhost"
-	port     = 5432
+	port     = 3335
 	user     = "asdfuser"
 	password = "asdfpassword"
 	dbname   = "asdfdb"
--- a/server/internal/http_server/http_server.go
+++ b/server/internal/http_server/http_server.go
@ -26,8 +26,8 @@ func ServeApi() {
 	http.HandleFunc("/unsecure-login-sql", sql_injection.UnsecureLoginSql)
 	http.HandleFunc("/secure-login-sql", sql_injection.SecureLoginSql)

-	log.Println("Server is running on http://localhost:5000")
-	if err := http.ListenAndServe(":5000", nil); err != nil {
+	log.Println("Server is running on http://localhost:3333")
+	if err := http.ListenAndServe(":3333", nil); err != nil {
 		log.Fatalf("Failed to start server: %v", err)
 	}
 }
				`@ -0,0 +1 @@`
				`docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml`