initial sec vulns

scottsauber · scottsauber · commit 3e2880afcdfd · 2023-10-25T23:29:12.000-05:00
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/10 Security Vulnerabilities.pdf b/2023-10-25-Internal-10SecurityVulnerabilities/10 Security Vulnerabilities.pdf
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/10 Security Vulnerabilities.pptx b/2023-10-25-Internal-10SecurityVulnerabilities/10 Security Vulnerabilities.pptx
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/SecurityVulnerabilities.sln b/2023-10-25-Internal-10SecurityVulnerabilities/SecurityVulnerabilities.sln
@@ -0,0 +1,16 @@
+﻿
+Microsoft Visual Studio Solution File, Format Version 12.00
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecurityVulnerabilities", "src\SecurityVulnerabilities\SecurityVulnerabilities.csproj", "{ED481F32-3DEB-4190-B679-DF1B86069C9C}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{ED481F32-3DEB-4190-B679-DF1B86069C9C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{ED481F32-3DEB-4190-B679-DF1B86069C9C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{ED481F32-3DEB-4190-B679-DF1B86069C9C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{ED481F32-3DEB-4190-B679-DF1B86069C9C}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/docker-compose.yml b/2023-10-25-Internal-10SecurityVulnerabilities/docker-compose.yml
@@ -0,0 +1,21 @@
+version: "3.9"
+
+services:
+  db:
+    container_name: postgres
+    image: postgres:13.6-alpine
+    environment:
+      - POSTGRES_DB=a_site_to_order_stuff_local
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    ports:
+      - "5433:5432"
+
+  flyway:
+    container_name: flyway
+    image: "flyway/flyway:8.5-alpine"
+    command: -url=jdbc:postgresql://db:5432/a_site_to_order_stuff_local -user=postgres -password=postgres -connectRetries=60 migrate
+    volumes:
+      - ./sql/:/flyway/sql
+    depends_on:
+      - db
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/sql/V1__create_customers_table.sql b/2023-10-25-Internal-10SecurityVulnerabilities/sql/V1__create_customers_table.sql
@@ -0,0 +1,6 @@
+﻿CREATE TABLE customers
+(
+    id         SERIAL PRIMARY KEY,
+    first_name varchar(100) not null,
+    last_name  varchar(100) not null
+);
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/sql/V2__create_documents_table.sql b/2023-10-25-Internal-10SecurityVulnerabilities/sql/V2__create_documents_table.sql
@@ -0,0 +1,5 @@
+﻿CREATE TABLE documents
+(
+    id         uuid DEFAULT gen_random_uuid() PRIMARY KEY,
+    file_path varchar(100) not null
+);
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/Customer.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/Customer.cs
@@ -0,0 +1,8 @@
+﻿namespace SecurityVulnerabilities.Controllers;
+
+public class Customer
+{
+    public long Id { get; set; }
+    public string FirstName { get; set; }
+    public string LastName { get; set; }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/SafeCustomersController.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/SafeCustomersController.cs
@@ -0,0 +1,30 @@
+using Dapper;
+using Microsoft.AspNetCore.Mvc;
+using Npgsql;
+using SecurityVulnerabilities.Controllers;
+
+namespace SecurityVulnerabilities.Customers;
+
+[ApiController]
+[Route("[controller]")]
+public class SafeCustomersController : ControllerBase
+{
+    private readonly NpgsqlConnection _dbConnection;
+
+    public SafeCustomersController(NpgsqlConnection dbConnection)
+    {
+        _dbConnection = dbConnection;
+    }
+
+    [HttpGet("{lastName}")]
+    public Customer Get(string lastName)
+    {
+        var query = @"SELECT id, 
+                             first_name as FirstName, 
+                             last_name as LastName 
+                       FROM customers 
+                       WHERE last_name=@lastName";
+
+        return _dbConnection.QueryFirstOrDefault<Customer>(query, new { lastName});
+    }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/VulnerableCustomersController.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Customers/VulnerableCustomersController.cs
@@ -0,0 +1,30 @@
+using Dapper;
+using Microsoft.AspNetCore.Mvc;
+using Npgsql;
+using SecurityVulnerabilities.Controllers;
+
+namespace SecurityVulnerabilities.Customers;
+
+[ApiController]
+[Route("[controller]")]
+public class VulnerableCustomersController : ControllerBase
+{
+    private readonly NpgsqlConnection _dbConnection;
+
+    public VulnerableCustomersController(NpgsqlConnection dbConnection)
+    {
+        _dbConnection = dbConnection;
+    }
+
+    [HttpGet("{lastName}")]
+    public Customer Get(string lastName)
+    {
+        var query = $@"SELECT id, 
+                              first_name as FirstName, 
+                              last_name as LastName 
+                       FROM customers 
+                       WHERE last_name='{lastName}'";
+
+        return _dbConnection.QueryFirstOrDefault<Customer>(query);
+    }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/CreateFileRequest.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/CreateFileRequest.cs
@@ -0,0 +1,7 @@
+﻿namespace SecurityVulnerabilities.Documents;
+
+public class CreateFileRequest
+{
+    public string FilePath { get; set; }
+    public string FileContents { get; set; }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/NewFile.txt b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/NewFile.txt
@@ -0,0 +1 @@
+NewFile's Contents
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/SafeDocumentsController.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/SafeDocumentsController.cs
@@ -0,0 +1,34 @@
+﻿using Dapper;
+using Microsoft.AspNetCore.Mvc;
+using Npgsql;
+
+namespace SecurityVulnerabilities.Documents;
+
+[ApiController]
+[Route("[controller]")]
+public class SafeDocumentsController : ControllerBase
+{
+    private readonly NpgsqlConnection _dbConnection;
+
+    public SafeDocumentsController(NpgsqlConnection dbConnection)
+    {
+        _dbConnection = dbConnection;
+    }
+    
+    [HttpGet]
+    public string GetFile(string id)
+    {
+        var filePath = GetFilePathById(Guid.Parse(id));
+        return System.IO.File.ReadAllText(filePath);
+    }
+
+    [HttpPost]
+    public IActionResult CreateFile([FromBody] CreateFileRequest request)
+    {
+        System.IO.File.WriteAllText(Path.Combine("Documents", $"{Guid.NewGuid()}.txt"), request.FileContents);
+        return StatusCode(StatusCodes.Status201Created);
+    }
+    
+    private string GetFilePathById(Guid id) =>
+        _dbConnection.QueryFirst<string>("SELECT file_path FROM documents WHERE id=@id", new { id });
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/SomeFile.txt b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/SomeFile.txt
@@ -0,0 +1 @@
+SomeFile's Contents
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/VulnerableDocumentsController.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Documents/VulnerableDocumentsController.cs
@@ -0,0 +1,22 @@
+﻿using Microsoft.AspNetCore.Mvc;
+using Npgsql;
+
+namespace SecurityVulnerabilities.Documents;
+
+[ApiController]
+[Route("[controller]")]
+public class VulnerableDocumentsController : ControllerBase
+{
+    [HttpGet]
+    public string GetFile(string fileName)
+    {
+        return System.IO.File.ReadAllText(Path.Combine("Documents", fileName));
+    }
+
+    [HttpPost]
+    public IActionResult CreateFile([FromBody] CreateFileRequest request)
+    {
+        System.IO.File.WriteAllText(Path.Combine("Documents", request.FilePath), request.FileContents);
+        return StatusCode(StatusCodes.Status201Created);
+    }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Program.cs b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Program.cs
@@ -0,0 +1,81 @@
+using Dapper;
+using Npgsql;
+using SecurityVulnerabilities.Controllers;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+
+builder.Services.AddControllers();
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen();
+builder.Services.AddScoped<NpgsqlConnection>(_ => CreatePostgresConnection());
+
+SeedData();
+
+var app = builder.Build();
+
+app.Use(async (context, next) =>
+{
+    // context.Response.Headers.Add("x-frame-options", "DENY");
+    await next();
+});
+
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+}
+
+app.UseHttpsRedirection();
+
+app.UseAuthorization();
+
+app.MapControllers();
+
+app.Run();
+
+NpgsqlConnection CreatePostgresConnection()
+{
+    return new NpgsqlConnection(
+        connectionString: builder.Configuration.GetConnectionString("Postgres"));
+}
+
+void SeedData()
+{
+    var postgresConnection = CreatePostgresConnection();
+
+    InsertCustomerIfMissing(postgresConnection, 
+        "Spongebob", 
+        "Squarepants");
+
+    InsertCustomerIfMissing(postgresConnection, 
+        "Scooby", 
+        "Doo");
+    
+    InsertCustomerIfMissing(postgresConnection, 
+        "Bluey", 
+        "Heeler");
+    
+    InsertDocumentIfMissing(postgresConnection);
+}
+
+void InsertCustomerIfMissing(NpgsqlConnection dbConnection, string firstName, string lastName)
+{
+    if (dbConnection.QueryFirstOrDefault<Customer>("SELECT * FROM customers WHERE last_name=@LastName", new { LastName = lastName })
+        == null)
+    {
+        var insertSql = "INSERT INTO customers (first_name, last_name) VALUES (@FirstName, @LastName)";
+        dbConnection.Execute(insertSql, new { FirstName = firstName, LastName = lastName });
+    }
+}
+
+void InsertDocumentIfMissing(NpgsqlConnection dbConnection)
+{
+    var count = dbConnection.ExecuteScalar<int>("SELECT COUNT(*) FROM documents");
+    if (count == 0)
+    {
+        dbConnection.Execute("INSERT INTO documents (file_path) VALUES ('Documents\\SomeFile.txt')");
+    }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Properties/launchSettings.json b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/Properties/launchSettings.json
@@ -0,0 +1,15 @@
+﻿{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "https://localhost:7081;http://localhost:5163",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/SecurityVulnerabilities.csproj b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/SecurityVulnerabilities.csproj
@@ -0,0 +1,75 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+    <PropertyGroup>
+        <TargetFramework>net7.0</TargetFramework>
+        <Nullable>enable</Nullable>
+        <ImplicitUsings>enable</ImplicitUsings>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <PackageReference Include="Dapper" Version="2.0.123" />
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.3" />
+        <PackageReference Include="Npgsql" Version="7.0.4" />
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <None Remove="Documents\SomeFile.txt" />
+      <Content Include="Documents\SomeFile.txt">
+        <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      </Content>
+    </ItemGroup>
+
+    <ItemGroup>
+      <_ContentIncludedByDefault Remove="Pages\Examples\XFrameOptionsFacebookLike.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\Examples\XFrameOptionsTrick.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\Index.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\Shared\_Layout.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\Shared\_ValidationScriptsPartial.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\_ViewImports.cshtml" />
+      <_ContentIncludedByDefault Remove="Pages\_ViewStart.cshtml" />
+      <_ContentIncludedByDefault Remove="wwwroot\css\site.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\favicon.ico" />
+      <_ContentIncludedByDefault Remove="wwwroot\js\site.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.min.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.min.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.min.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.min.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.min.css" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.min.css.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.js.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.min.js.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.js.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.min.js.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\LICENSE" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\jquery.validate.unobtrusive.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\jquery.validate.unobtrusive.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\LICENSE.txt" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\additional-methods.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\additional-methods.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\jquery.validate.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\jquery.validate.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\LICENSE.md" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.min.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.min.map" />
+      <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\LICENSE.txt" />
+      <_ContentIncludedByDefault Remove="wwwroot\pages\harlemshake.js" />
+      <_ContentIncludedByDefault Remove="wwwroot\pages\XFrameOptionsFacebookLike.js" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <Folder Include="wwwroot\" />
+    </ItemGroup>
+
+</Project>
diff --git a/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/appsettings.json b/2023-10-25-Internal-10SecurityVulnerabilities/src/SecurityVulnerabilities/appsettings.json
@@ -0,0 +1,12 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "Postgres": "Server=localhost;Port=5433;User Id=postgres;Password=postgres;Database=a_site_to_order_stuff_local;"
+  }
+}
