From 4f984a46f8fb831c0925bd9980da38ab8327bdf4 Mon Sep 17 00:00:00 2001 From: Vomitblood Date: Thu, 16 Jan 2025 03:18:48 +0800 Subject: [PATCH] tidy --- .gitignore | 5 +++- README.md | 35 +++++++++++----------- client/src/components/Testing/Testing.tsx | 9 ++++-- docker/modsecurity/docker-compose.yml | 6 ++-- docker/postgres/docker-compose.yml | 2 +- docker/zaproxy/run.sh | 1 + docker/zaproxy/zap.yaml | 10 +++++++ server/internal/db/db.go | 2 +- server/internal/http_server/http_server.go | 4 +-- 9 files changed, 47 insertions(+), 27 deletions(-) create mode 100644 docker/zaproxy/run.sh create mode 100644 docker/zaproxy/zap.yaml diff --git a/.gitignore b/.gitignore index 6e55e14..badbfe6 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,7 @@ # src-tauri **/target/ -**/gen/schemas \ No newline at end of file +**/gen/schemas + +# server +server/server \ No newline at end of file diff --git a/README.md b/README.md index 082b16d..22f73fa 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,12 @@ -# cspj application +# CSPJ Application -## attacks +## Services -1. sql injection -2. xss -3. command injection -4. file inclusion attacks -5. csrf -6. directory traversal -7. insecure deserialization -8. session hijacking -9. xml external entity injection -10. sever side request forgery -11. broken authentication and session management -12. clickjacking - -## backend +- 3331: Apache + ModSecurity +- 3332: Suricata +- 3333: Backend server +- 3334: Python backend server +- 3335: PostgreSQL backend-for-frontend server @@ -41,7 +32,8 @@ PGPASSWORD=asdfpassword ### SQL Injection -Use `' OR 1=1; --` +Use `' OR 1=1; --` +Use `tohyouxuan@gmail.com' UNION SELECT id, email, password FROM users WHERE email = 'tohyouxuan@gmail.com'; --` - `/unsecure-register-sql` - `/secure-register-sql` @@ -52,3 +44,12 @@ Use `' OR 1=1; --` Used `pool.Query()` with a parameterized query, instead of dynamically constructing the SQL query by directly inserting the user input. Parameterized queries separate the SQL code from the data, so user input is never directly put into the query's structure. Placeholders are used instead, and the data is passed as parameters. The DB will treat them as data, not executable code. + +## ZAP + +Content-Type: application/json + +{ +"email": "tohyouxuan@gmail.com", +"password": "testpassword" +} diff --git a/client/src/components/Testing/Testing.tsx b/client/src/components/Testing/Testing.tsx index e199448..8b57a86 100644 --- a/client/src/components/Testing/Testing.tsx +++ b/client/src/components/Testing/Testing.tsx @@ -1,7 +1,9 @@ import { BugReportOutlined } from "@mui/icons-material"; import { Box, Button, IconButton, useTheme } from "@mui/material"; import { fetch } from "@tauri-apps/plugin-http"; +import { useAtom } from "jotai"; import { useState } from "react"; +import { serverUrlAtom } from "../../lib/jotai"; import { defaultSettings } from "../../lib/settings"; import { FloatingDialog } from "../Generic/FloatingDialog"; @@ -9,6 +11,9 @@ export const Testing = () => { // contexts const theme = useTheme(); + // atoms + const [serverUrl, setServerUrl] = useAtom(serverUrlAtom); + // states const [openState, setOpenState] = useState(false); const [maximisedState, setMaximisedState] = useState(false); @@ -17,10 +22,10 @@ export const Testing = () => { const close = () => setOpenState(false); const testing = () => { - fetch("http://localhost:5000/nuke-db").then((response) => { + fetch(serverUrl + "/nuke-db").then((response) => { console.log(response); }); - fetch("http://localhost:5000/setup-demo-db").then((response) => { + fetch(serverUrl + "/setup-demo-db").then((response) => { console.log(response); }); }; diff --git a/docker/modsecurity/docker-compose.yml b/docker/modsecurity/docker-compose.yml index ca09f7f..33846a0 100644 --- a/docker/modsecurity/docker-compose.yml +++ b/docker/modsecurity/docker-compose.yml @@ -4,13 +4,13 @@ services: container_name: modsecurity restart: always ports: - - "8080:8080" + - "3331:3331" extra_hosts: - "host.docker.internal:host-gateway" environment: - BACKEND: "http://host.docker.internal:5000" + BACKEND: "http://host.docker.internal:3333" # TODO: CHANGE THIS TO SURICATA'S PORT COS INLINE SERVER_NAME: "localhost" - PORT: "8080" + PORT: "3331" networks: - modsec-network diff --git a/docker/postgres/docker-compose.yml b/docker/postgres/docker-compose.yml index 35eef03..5d46f70 100644 --- a/docker/postgres/docker-compose.yml +++ b/docker/postgres/docker-compose.yml @@ -7,7 +7,7 @@ services: POSTGRES_PASSWORD: asdfpassword POSTGRES_DB: asdfdb ports: - - "5432:5432" + - "3335:5432" volumes: - postgres_data:/var/lib/postgresql/data volumes: diff --git a/docker/zaproxy/run.sh b/docker/zaproxy/run.sh new file mode 100644 index 0000000..de33306 --- /dev/null +++ b/docker/zaproxy/run.sh @@ -0,0 +1 @@ +docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml \ No newline at end of file diff --git a/docker/zaproxy/zap.yaml b/docker/zaproxy/zap.yaml new file mode 100644 index 0000000..5203701 --- /dev/null +++ b/docker/zaproxy/zap.yaml @@ -0,0 +1,10 @@ +jobs: + - type: spider + parameters: + context: "Default Context" + url: "http://localhost:5000/unsafe-login" + maxDuration: 2 + - type: activeScan + parameters: + context: "Default Context" + policy: "SQL Injection" diff --git a/server/internal/db/db.go b/server/internal/db/db.go index 88d1369..2dda951 100644 --- a/server/internal/db/db.go +++ b/server/internal/db/db.go @@ -14,7 +14,7 @@ import ( // !MIGHT CHANGE const ( host = "localhost" - port = 5432 + port = 3335 user = "asdfuser" password = "asdfpassword" dbname = "asdfdb" diff --git a/server/internal/http_server/http_server.go b/server/internal/http_server/http_server.go index ba22a59..f0cc079 100644 --- a/server/internal/http_server/http_server.go +++ b/server/internal/http_server/http_server.go @@ -26,8 +26,8 @@ func ServeApi() { http.HandleFunc("/unsecure-login-sql", sql_injection.UnsecureLoginSql) http.HandleFunc("/secure-login-sql", sql_injection.SecureLoginSql) - log.Println("Server is running on http://localhost:5000") - if err := http.ListenAndServe(":5000", nil); err != nil { + log.Println("Server is running on http://localhost:3333") + if err := http.ListenAndServe(":3333", nil); err != nil { log.Fatalf("Failed to start server: %v", err) } }