diff --git a/IAC/ec2.tf b/IAC/ec2.tf deleted file mode 100644 index ef6cf82..0000000 --- a/IAC/ec2.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "aws_instance" "web_host" { - # ec2 have plain text secrets in user data - ami = "${var.ami}" - instance_type = "t2.nano" - - vpc_security_group_ids = [ - "${aws_security_group.web-node.id}"] - subnet_id = "${aws_subnet.web_subnet.id}" - user_data = <Deployed via Terraform" | sudo tee /var/www/html/index.html -EOF - tags = merge({ - Name = "${local.resource_prefix.value}-ec2" - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/ec2.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "347af3cd-4f70-4632-aca3-4d5e30ffc0b6" - }) -} diff --git a/IAC/s3.tf b/IAC/s3.tf deleted file mode 100644 index 45afe45..0000000 --- a/IAC/s3.tf +++ /dev/null @@ -1,141 +0,0 @@ -resource "aws_s3_bucket" "data" { - # bucket is public - # bucket is not encrypted - # bucket does not have access logs - # bucket does not have versioning - bucket = "${local.resource_prefix.value}-data" - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-data" - Environment = local.resource_prefix.value - }, { - git_commit = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2022-05-18 07:08:06" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "34870196+LironElbaz/nimrod/nimrodkor/jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "0874007d-903a-4b4c-945f-c9c233e13243" - }) -} - -resource "aws_s3_bucket_object" "data_object" { - bucket = aws_s3_bucket.data.id - key = "customer-master.xlsx" - source = "resources/customer-master.xlsx" - tags = merge({ - Name = "${local.resource_prefix.value}-customer-master" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "njmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "a7f01cc7-63c2-41a8-8555-6665e5e39a64" - }) -} - -resource "aws_s3_bucket" "financials" { - # bucket is not encrypted - # bucket does not have access logs - # bucket does not have versioning - bucket = "${local.resource_prefix.value}-financials" - acl = "private" - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-financials" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "0e012640-b597-4e5d-9378-d4b584aea913" - }) - -} - -resource "aws_s3_bucket" "operations" { - # bucket is not encrypted - # bucket does not have access logs - bucket = "${local.resource_prefix.value}-operations" - acl = "private" - versioning { - enabled = true - } - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-operations" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "29efcf7b-22a8-4bd6-8e14-1f55b3a2d743" - }) -} - -resource "aws_s3_bucket" "data_science" { - # bucket is not encrypted - bucket = "${local.resource_prefix.value}-data-science" - acl = "private" - versioning { - enabled = true - } - logging { - target_bucket = "${aws_s3_bucket.logs.id}" - target_prefix = "log/" - } - force_destroy = true - tags = { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "9a7c8788-5655-4708-bbc3-64ead9847f64" - } -} - -resource "aws_s3_bucket" "logs" { - bucket = "${local.resource_prefix.value}-logs" - acl = "log-delivery-write" - versioning { - enabled = true - } - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - kms_master_key_id = "${aws_kms_key.logs_key.arn}" - } - } - } - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-logs" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "01946fe9-aae2-4c99-a975-e9b0d3a4696c" - }) -} diff --git a/IAC/s3bucket.yaml b/IAC/s3bucket.yaml deleted file mode 100644 index 5a22548..0000000 --- a/IAC/s3bucket.yaml +++ /dev/null @@ -1,24 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Metadata: - License: Apache-2.0 -Description: 'AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: - Sample template showing how to create a publicly accessible S3 bucket configured - for website access with a deletion policy of retain on delete. **WARNING** This - template creates an S3 bucket that will NOT be deleted when the stack is deleted. - You will be billed for the AWS resources used if you create a stack from this template.' -Resources: - S3Bucket: - Type: AWS::S3::Bucket - Properties: - AccessControl: PublicRead - WebsiteConfiguration: - IndexDocument: index.html - ErrorDocument: error.html - DeletionPolicy: Retain -Outputs: - WebsiteURL: - Value: !GetAtt [S3Bucket, WebsiteURL] - Description: URL for website hosted on S3 - S3BucketSecureURL: - Value: !Join ['', ['https://', !GetAtt [S3Bucket, DomainName]]] - Description: Name of S3 bucket to hold website content \ No newline at end of file diff --git a/IAC/storage.bicep b/IAC/storage.bicep deleted file mode 100644 index 9dd77d4..0000000 --- a/IAC/storage.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Name of environment') -param env string = 'dev' - -@description('Default location for all resources.') -param location string = resourceGroup().location - -var name = 'bicepgoat' - -resource datadisk 'Microsoft.Compute/disks@2021-12-01' = { - name: '${name}-disk-${env}' - location: location - sku: { - name: 'Standard_LRS' - } - - properties: { - diskSizeGB: 10 - encryptionSettingsCollection: { - enabled: false - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-01-01' = { - name: '${name}-sa-${env}' - location: location - kind: 'StorageV2' - sku: { - name: 'Standard_GRS' - } - - properties: { - supportsHttpsTrafficOnly: false - - networkAcls: { - bypass: 'None' - defaultAction: 'Deny' - } - } - - resource configWeb 'config' = { - name: 'web' - - properties: { - minTlsVersion: '1.1' - remoteDebuggingEnabled: true - } - } -} \ No newline at end of file diff --git a/SCA/pom.xml b/SCA/pom.xml deleted file mode 100644 index c245fb2..0000000 --- a/SCA/pom.xml +++ /dev/null @@ -1,128 +0,0 @@ - - 4.0.0 - com.checkmarx.app - sca-big-goat - jar - 1.0-SNAPSHOT - sca-big-goat - http://maven.apache.org - - - - ${org.checkerframework:jdk8:jar} - - - - - commons-httpclient - commons-httpclient - 3.1 - - - commons-collections - commons-collections - 3.2.2 - - - dom4j - dom4j - 1.6.1 - - - axis - axis - 1.4 - - - org.apache.httpcomponents - httpasyncclient - 4.1.4 - - - ca.juliusdavies - not-yet-commons-ssl - 0.3.9 - - - org.bouncycastle - bcprov-jdk15 - 1.46 - - - org.webjars - jquery - 3.5.1 - - - org.beanshell - bsh - 2.0b5 - - - org.codehaus.jackson - jackson-core-asl - 1.9.13 - - - org.mortbay.jetty - jetty-util - 6.1.26 - - - io.netty - netty - 3.10.6.Final - - - log4j - log4j - 1.2.17 - - - net.sf.dozer - dozer - 5.5.1 - - - org.beanshell - bsh - 2.0b4 - - - org.codehaus.jackson - jackson-mapper-asl - 1.9.13 - - - taglibs - standard - 1.1.2 - - - org.simpleframework - simple-xml - 2.7.1 - - - ant - ant - 1.6.5 - - - org.apache.spark - spark-core_2.11 - 2.4.7 - - - org.mortbay.jetty - jetty - 6.1.26 - - - org.apache.hadoop - hadoop-yarn-server-nodemanager - 3.3.0 - - - diff --git a/SCA/requirements.txt b/SCA/requirements.txt deleted file mode 100644 index 6ecc4ce..0000000 --- a/SCA/requirements.txt +++ /dev/null @@ -1,38 +0,0 @@ -parso==0.8.1 -pycrypto==2.6.1 -oauth2==1.9.0.post1 -httplib2==0.17.4 -Django==1.11.1 -PyYAML==3.13 -urllib3==1.23 -requests==2.2.1 -PyYAML==5.1 -Django==1.7.1 -ansible==2.8.8 -Werkzeug==0.15.3 -urllib3==1.25.2 -Jinja2==2.10.1 -Pygments==2.0.2 -pandas==0.24.2 -python-gnupg==0.4.3 -PyJWT==0.4.2 -rsa==3.4.2 -requests==2.19.1 -urllib3==1.24.2 -Django==3.1 -Pillow==7.1.0 -pycrypto==2.4 -tensorflow==1.14.0 -Jinja2==2.7.2 -Flask==0.11.1 -feedparser==5.1.1 -mercurial==4.8.2 -buildbot==0.7.11 -notebook==5.7.10 -httplib2==0.12.0 -lodash==3.10.1 -sphinx==3.0.3 -sphinx-py3doc-enhanced-theme==2.4.0 -docutils==0.16 --e . - diff --git a/Secrets/app1.js b/Secrets/app1.js deleted file mode 100644 index 68d0341..0000000 --- a/Secrets/app1.js +++ /dev/null @@ -1,3 +0,0 @@ -const SEC_1 = "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" -const SEC_2 = "eyJrIjoiNUwyZU7TMmRxQXNVcnR7UXB0ME4zYkhRaTk2STVhR0MiLCJuIjoidGVtcCIsImlkIjoxfQ==" -const SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2" \ No newline at end of file diff --git a/Secrets/config.js b/Secrets/config.js deleted file mode 100644 index 430f192..0000000 --- a/Secrets/config.js +++ /dev/null @@ -1,2 +0,0 @@ -const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472" -const JIRA = "5FP0NmFYz81U32XdjNb42762" \ No newline at end of file diff --git a/Secrets/secrets.txt b/Secrets/secrets.txt new file mode 100644 index 0000000..7b3d343 --- /dev/null +++ b/Secrets/secrets.txt @@ -0,0 +1,11 @@ +const SEC_1 = "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" +const SEC_2 = "eyJrIjoiNUwyZU7TMmRxQXNVcnR7UXB0ME4zYkhRaTk2STVhR0MiLCJuIjoidGVtcCIsImlkIjoxfQ==" +const SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2" +const AWS_User=Admin +const AWSUser_Password="idsuhgpry9349ge485rgh5gn594g45" +const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472" +const JIRA = "5FP0NmFYz81U32XdjNb42762" +provider "aws" { +# checkov:skip=CKV_SECRET_2:nah + access_key = "AKIAIOSFODNN7EXAMPLE" + secret_key = "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" diff --git a/java/main.java b/java/main.java deleted file mode 100644 index c6d4618..0000000 --- a/java/main.java +++ /dev/null @@ -1,189 +0,0 @@ -import static org.apache.commons.io.FilenameUtils; -import org.apache.commons.fileupload.FileItem; -import javax.servlet.http.Cookie; -import static org.apache.commons.io.FilenameUtils; - -class MyBadImplementation extends java.security.MessageDigest { - -} - -class Connector1 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - HttpServletResponse res = new HttpServletResponse(); - res.setHeader("Access-Control-Allow-Origin", "*"); - } -} - -import javax.servlet.Filter; -public class HttpRequestDebugFilter implements Filter { - public void doFilter(ServletRequest request) throws IOException, - ServletException { - if (request instanceof HttpServletRequest) { - javax.crypto.Cipher.getInstance("/CBC/PKCS5Padding") - } - } -} - -@EnableWebSecurity -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().ignoringAntMatchers("/route/fre"); - } -} - -class Connector2 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - SymmetricEncryptionConfig sec = new com.hazelcast.config.SymmetricEncryptionConfig(); - } -} - -class Connector3 { - void connect(HttpServletRequest req){ - javax.servlet.http.Cookie cookie = new Cookie("cookie") - HttpServletResponse res = new HttpServletResponse(); - res.addCookie(cookie); - } -} - -class Connector4 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - javax.crypto.Cipher.getInstance("DES/CBC/NoPadding"); - } -} - -class Connector5 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - Keygen keygen = javax.crypto.KeyGenerator.getInstance("Blowfish"); - keygen.init(100); - } -} - -class Connector6 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - javax.servlet.http.Cookie cook = new Cookie("cookie"); - cook.setSecure(false); - req.addCookie(cook); - } -} - - -class Connector7 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - Cookie cook = new Cookie("cookie"); - cook.setMaxAge(31536000); - } -} - -class Connector8 { - void connect(HttpServletRequest req){ - java.nio.file.Files.createTempDirectory("file"); - } -} - -public class WeakNightVoter implements AccessDecisionVoter { - @Override - public int vote(Authentication authentication, Object object, Collection collection) { // Noncompliant - Calendar calendar = Calendar.getInstance(); - int currentHour = calendar.get(Calendar.HOUR_OF_DAY); - return ACCESS_ABSTAIN; // Noncompliant - } -} - -class Connector9 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - Cookie cook = new Cookie("cookie"); - for (Cookie cookie : req.getCookies()) { - cookie.getPath(); - } - } -} - -class Connector10 { - @javax.jws.WebMethod - void connect(HttpServletRequest req){ - Cookie cook = new Cookie("cookie"); - req.setAttribute(cook.getString(), cook.getVal()); - } -} - -public class Decorator1 { - - public static void main(String[] args) { - org.apache.commons.io.FilenameUtils.normalize(args[0]); - } -} - -public class Decorator2 { - - public void decorator(HttpServletRequest request) { - ServletFileUpload sfu = new ServletFileUpload(); - FileItem[] files = sfu.parseRequest(request); - for (FileItem file : files) { - System.out.println(file.getName()); - } - } -} - -public class Decorator3 { - - public void decorator(HttpServletRequest request) { - Parameter param = request.getParameter('param'); - new java.io.FileReader(param); - } -} - -public class Decorator4 { - - public void decorator(String[] args) { - new java.io.FileWriter(args[0]) - } -} - -public class Decorator5 { - - public void decorator(String var) { - FileInputStream fis = new FileInputStream(var); - javax.xml.transform.Transformer transformer = new Transformer(); - transformer.transform(fis); - } -} - -public class Decorator6 { - - public void decorator(HttpServletRequest request) { - Parameter param = request.getParameter('param'); - added = param + "addition"; - new java.io.FileInputStream(added); - } -} - -public class Decorator7 { - - public void decorator(String[] args) { - String param = args[0]; - new java.io.RandomAccessFile(param); - } -} - - - -public class LambdaFunctionHandler implements RequestHandler < Request, String > { - @javax.ws.rs.Path("some/path") - String handleRequest(Request request, Context context) { - String s = " "; - if (s == "") { - s = "Sucess " + String.format("Added %s %s %s %s %s.", request.emp_id, request.month, request.year, request.overtime); - } - return s; - } -} - diff --git a/javascript/crypto.js b/javascript/crypto.js deleted file mode 100644 index 006f5db..0000000 --- a/javascript/crypto.js +++ /dev/null @@ -1,94 +0,0 @@ -const cryptoRandomString = require('crypto-random-string'); -const forge = require('node-forge'); -const randomBytes = require('randombytes'); -const nacl = require('tweetnacl'); -import crypto from 'node:crypto'; -var crypto = require('crypto'); - -let Rand = new brorand.Rand({getByte: () => 255}); -let rand = Rand.rand; -let result= Rand.generate(12); - -randomBytes(12, (err, buf) => { - if (err) throw err; - console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`); -}); -randomBytes(8, function (err, resp) { -}); - -const randString = cryptoRandomString({length: 10}); -var randKey1 = forge.random.getBytesSync(8); -var randKey2 = new Buffer(nacl.randomBytes(12)); - - -// getting derived key -// by using hkdf() method -const val = crypto.hkdf('sha512', 'key', '', - 'info', 64, (err, derivedKey) => { - if (err) throw err; - console.log(Buffer.from(derivedKey).toString('hex')); -}); - -crypto.DEFAULT_ENCODING = 'hex'; -const key = crypto.scryptSync('password', '', 64, { N: 1024 }); - -function generateKeyFiles() { - - const keyPair = crypto.generateKeyPairSync('rsa', { - modulusLength: 520, - publicKeyEncoding: { - type: 'spki', - format: 'pem' - }, - privateKeyEncoding: { - type: 'pkcs8', - format: 'pem', - cipher: 'aes-256-cbc', - passphrase: 'top secret' - } - }); - - // Creating private key file - return keyPair.privateKey; -} - -// Generate keys -let privateKey = generateKeyFiles(); - -// Creating a function to encrypt string -function encryptString (plaintext, privateKey) { - privateKey = { - key: privateKey, - padding: crypto.constants.RSA_NO_PADDING, - passphrase: 'top secret' - } - // privateEncrypt() method with its parameters - const encrypted = crypto.privateEncrypt( - privateKey, Buffer.from(plaintext)); - return encrypted.toString("base64"); -} - - -const plainText = "GfG"; -const encrypted1 = encryptString(plainText, privateKey); -let functionCipher = crypto.createCipheriv('des128', "Password") -let myHashedPassword = functionCipher.update("my private password in plain text", "utf8", "hex") -myHashedPassword += functionCipher.final("hex") -var encrypted2 = CryptoJS.TripleDES.encrypt("Message", "Secret Passphrase"); - - -const filename = argv[2]; - -const hash = createHash('md5'); - -const input = createReadStream(filename); -input.on('readable', () => { - // Only one element is going to be produced by the - // hash stream. - const data = input.read(); - if (data) - hash.update(data); - else { - console.log(`${hash.digest('hex')} ${filename}`); - } -}); \ No newline at end of file diff --git a/javascript/express.js b/javascript/express.js deleted file mode 100644 index 5c3cf0b..0000000 --- a/javascript/express.js +++ /dev/null @@ -1,40 +0,0 @@ -const express = require('express') -const axios = require('axios'); -import qs from 'qs'; - -const data = { 'bar': 123 }; -const options = { - method: 'GET', - headers: { 'content-type': 'application/x-www-form-urlencoded' }, - data: qs.stringify(data), - url: "http://google.com" -}; -axios(options); - -express.csrf(); -express.methodOverride(); -const express = express() - -// GET random number -express.get("/random", (req, res) => { - var randomishNumber = crypto.pseudoRandomBytes - res.send(randomishNumber); -}); - -express.get("/", (req, res) => res.send("Hello World!")); - -express.listen(1000, () => console.log("Server listening on port 1000!")); - -import axios from 'axios'; - -async function doGetRequest() { - - let res = await axios.post('http://google.com'); - - let data = res.data; - console.log(data); -} - -doGetRequest(); - - diff --git a/javascript/index.js b/javascript/index.js deleted file mode 100644 index 2ac1517..0000000 --- a/javascript/index.js +++ /dev/null @@ -1,39 +0,0 @@ -const fs = require('fs'); - -fs.writeFile("temp_programming.txt", "foo", {mode:fs.constants.S_IXUSR | fs.constants.S_IRUSR }); - -const mode1 = fs.constants.S_IXGRP | fs.constants.S_IRUSR -fs.writeFile("temp_programming.txt", "bar", {mode1}); -fs.appendFile(argOne, data, callback) -fs.appendFileSync(argOne, data) -fs.chmod(argOne, mode, callback) -fs.chmodSync(argOne, mode) - -const mode2 = fs.constants.S_IXUSR; -const flags = 'w' -fs.open('temp_foo', flags, mode2, function (err, f) { - if (err) { - return console.error(err); - } - console.log(f); - console.log("File opened!!"); -}); - -fs.writeFileSync("temp_programming.txt", "foo", {mode:fs.constants.S_IXUSR | fs.constants.S_IRUSR }); - -new Buffer(5); -new Buffer(res.body.size); - -function getVarFromObject(someVar, obj) { - obj.escapeMarkup = false; - const someObjVar = {s: someVar} - const val = obj[someObjVar.s] - return val -} - -const expression = new String("2 + 2"); -eval(String(expression)); - - - - diff --git a/javascript/nest.js b/javascript/nest.js deleted file mode 100644 index e77592d..0000000 --- a/javascript/nest.js +++ /dev/null @@ -1,26 +0,0 @@ -import { INestApplication, ValidationPipe } from '@nestjs/common'; -import { NestFactory } from '@nestjs/core'; -import { DocumentBuilder, SwaggerModule } from '@nestjs/swagger'; - -import { LoggingInterceptor } from 'libs/LoggingInterceptor'; -import { HttpExceptionFilter } from 'libs/HttpExceptionFilter'; - -import { Config } from 'src/Config'; -import { AppModule } from 'src/AppModule'; -import helmet from 'helmet'; -import compression from 'compression'; - - -async function bootstrap() { - const app = await NestFactory.create(AppModule); - app.enableCors(); - app.use(helmet()); - app.use(compression()); - app.useGlobalPipes(new ValidationPipe()); - app.useGlobalInterceptors(new LoggingInterceptor()); - app.useGlobalFilters(new HttpExceptionFilter()); - setupSwagger(app); - await app.listen(1000); -} - -bootstrap(); \ No newline at end of file diff --git a/javascript/next.js b/javascript/next.js deleted file mode 100644 index 12cfdee..0000000 --- a/javascript/next.js +++ /dev/null @@ -1,39 +0,0 @@ -// server.js -const { createServer } = require('http') -const { parse } = require('url') -const next = require('next') - -const hostname = 'localhost' -// when using middleware `hostname` and `port` must be provided below -const app = next({ dev: process.env.NODE_ENV !== 'production', hostname: 'localhost', port:5 }) -const handle = app.getRequestHandler() - -app.prepare().then(() => { - createServer(async (req, res) => { - try { - // Be sure to pass `true` as the second argument to `url.parse`. - // This tells it to parse the query portion of the URL. - const parsedUrl = parse(req.url, true) - const { pathname, query } = parsedUrl - - if (pathname === '/a') { - await app.render(req, res, '/a', query) - } else if (pathname === '/b') { - await app.render(req, res, '/b', query) - } else { - await handle(req, res, parsedUrl) - } - } catch (err) { - console.error('Error occurred handling', req.url, err) - res.statusCode = 500 - res.end('internal server error') - } - }) - .once('error', (err) => { - console.error(err) - process.exit(1) - }) - .listen(port, () => { - console.log(`> Ready on http://localhost:${5}`) - }) -}) \ No newline at end of file diff --git a/python/django.py b/python/django.py deleted file mode 100644 index 3beac97..0000000 --- a/python/django.py +++ /dev/null @@ -1,96 +0,0 @@ -import json -from collections import OrderedDict - -from django.conf import settings -try: - from django.core import urlresolvers -except ImportError: - from django import urls as urlresolvers -try: - from django.urls.exceptions import NoReverseMatch -except ImportError: - from django.core.urlresolvers import NoReverseMatch -from django.utils.html import format_html -from django.utils.safestring import mark_safe - -MAX = 75 - - -class LogEntryAdminMixin(object): - - def created(self, obj): - return obj.timestamp.strftime('%Y-%m-%d %H:%M:%S') - created.short_description = 'Created' - - def user_url(self, obj): - if obj.actor: - app_label, model = settings.AUTH_USER_MODEL.split('.') - viewname = 'admin:%s_%s_change' % (app_label, model.lower()) - try: - link = urlresolvers.reverse(viewname, args=[obj.actor.id]) - except NoReverseMatch: - return u'%s' % (obj.actor) - return format_html(u'{}', link, obj.actor) - - return 'system' - user_url.short_description = 'User' - - def msg_short(self, obj): - if obj.action == 2: - return '' # delete - changes = json.loads(obj.changes) - s = '' if len(changes) == 1 else 's' - fields = ', '.join(changes.keys()) - if len(fields) > MAX: - i = fields.rfind(' ', 0, MAX) - fields = fields[:i] + ' ..' - return '%d change%s: %s' % (len(changes), s, fields) - msg_short.short_description = 'Changes' - - def msg(self, obj): - if obj.action == 2: - return '' # delete - changes = json.loads(obj.changes) - msg = '' - for i, field in enumerate(sorted(changes), 1): - value = [i, field] + (['***', '***'] if field == 'password' else changes[field]) - msg += format_html('', *value) - - msg += '
#FieldFromTo
{}{}{}{}
' - return mark_safe(msg) - msg.short_description = 'Changes' - - -class State(models.Model): - name=models.CharField(max_length=150) - -class City(models.Model): - name=models.CharField(max_length=150) - -class Student(models.Model): - name=models.CharField(max_length=150) - state_id=models.PositiveIntegerField() - city_id=models.PositiveIntegerField() - is_active = models.BooleanField(default=False) - -students = Student.objects.filter( - is_active=True, - ).extra( - select={ - 'state': - 'SELECT name FROM state WHERE ' - 'state.id = ' - 'testapp_student.state_id', - 'city': - 'SELECT name FROM city WHERE ' - 'city.id = ' - 'testapp_student.city_id', - }, - ) - - -students_2 = Student.objects.extra( - select=OrderedDict([('a', '%s'), ('b', '%s')]), - select_params=('one', 'two')) - -Students_3 = Student.objects.extra(where=["foo='a' OR bar = 'a'", "baz = 'a'"]) \ No newline at end of file diff --git a/python/flask.py b/python/flask.py deleted file mode 100644 index c78931d..0000000 --- a/python/flask.py +++ /dev/null @@ -1,23 +0,0 @@ -import os -from flask import Flask, request -import bleach -app = Flask(__name__) - -# curl -X GET "http://localhost:5000/tainted7/touch%20HELLO" -@app.route("/tainted7/") -def test_sources_7(something): - - os.system(request.remote_addr) - - return "foo" - -@app.route("/sanitized/") -def test_sources_7(something): - data = flask.request.args.get("key") - sanitized_data = bleach.clean(data) - os.system(sanitized_data) - - return "bar" - -if __name__ == "__main__": - app.run(debug=True) diff --git a/python/main.py b/python/main.py deleted file mode 100644 index 2e7b1c0..0000000 --- a/python/main.py +++ /dev/null @@ -1,61 +0,0 @@ -import os, stat -from cryptography.hazmat.primitives.asymmetric import rsa, dsa -from Crypto.PublicKey import DSA -from socket import socket, AF_INET, SOCK_STREAM, SOCK_NONBLOCK - -# Set a file write by others. -temp_file = "/tmp/foo.txt" -os.chmod(temp_file, stat.S_IWOTH) - -with open(temp_file, 'r') as f: - print(f) - -os.chmod("/tmp/foo.txt", stat.S_IXGRP) -tar_file = '/file.tax*' -os.system(tar_file) - -KEY_SIZE = 1024 -private_rsa_key = rsa.generate_private_key( - public_exponent=65537, - key_size=KEY_SIZE -) - -private_dsa_key = dsa.generate_private_key( - key_size=KEY_SIZE, -) - - -private_dsa_key_2 = DSA.generate(bits=KEY_SIZE) - -assert(private_dsa_key_2 == private_dsa_key) - -program = 'a = 5\nb=10\nprint("Sum =", a+b)' -exec(program) - - -def is_real_user(user="user123", password="Password1"): - return True - - -sock = socket( - AF_INET, - SOCK_STREAM | SOCK_NONBLOCK) - -# Bind the socket to the internet with a port number -sock.bind(("::", 32007)) - - -def add_server_port(sg, server_name, port): - server = _get_server(sg, server_name, port) - if server is not None: - return False - set_port(port) - return server - -add_server_port('security-group', 'server', 80) - - - - - -