init

.github/workflows/docker-publish.yml

@@ -0,0 +1,24 @@
+name: DockerPublish
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          tags: tuskington/tuskcon:latest

.github/workflows/pylint.yml

@@ -0,0 +1,24 @@
+name: Pylint
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9"]
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v3
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pylint
+        pip install -r src/requirements.txt
+    - name: Analysing the code with pylint
+      run: |
+        pylint $(git ls-files '*.py') --fail-under=3

.gitignore

@@ -0,0 +1 @@
+__pycache__

Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.9-alpine
+
+COPY src /app/
+WORKDIR /app
+
+RUN apk add git
+
+# install the dependencies and packages in the requirements file
+RUN pip install -r requirements.txt
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 0744 /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1 @@
+# This is an intentionally vulnerable GitHub repository for training purposes

docker-compose.yml

@@ -0,0 +1,22 @@
+version: '3'
+services:
+  database:
+    image: 'mongo'
+    container_name: 'tuskington-mongo'
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: tuskingtonuser
+      MONGO_INITDB_ROOT_PASSWORD: tuskingtonpass
+        #    volumes:
+      #      - ./mongo-volume:/data/db
+
+  tuskington:
+    depends_on:
+      - database
+    container_name: 'tuskington'
+    build: .
+    volumes:
+      - ./src:/app
+    env_file:
+      - tuskington.env
+    ports:
+      - '5000:5000'

entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+OUT=${ACCESS_LOG:-/proc/1/fd/1}
+gunicorn app:app \
+    -w 1 \
+    --threads 3 \
+    -b 0.0.0.0:5000 \
+    --reload \
+    --access-logfile "$OUT" \
+    --error-logfile "$OUT" \
+    --log-level 'info' \
+    --access-logformat '%({x-forwarded-for}i)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"'

src/app.py

@@ -0,0 +1,30 @@
+from flask import Flask
+from werkzeug.middleware.proxy_fix import ProxyFix
+from flask_session import Session
+import logging
+
+app = Flask(__name__)
+debug = True
+if debug:
+    app.config['DEBUG'] = True
+
+# Configured to run behind load balancer
+app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1)
+
+# Use flask sessions
+Session(app)
+
+gunicorn_logger = logging.getLogger('gunicorn.error')
+app.logger.handlers = gunicorn_logger.handlers
+app.logger.setLevel(gunicorn_logger.level)
+
+from routes import home
+from routes import health
+from routes import cloner
+from routes import selector
+from routes import echo
+
+
+# Start the server on port 5000
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=5000)

src/requirements.txt

@@ -0,0 +1,9 @@
+Flask==2.3.2
+Flask-Session2
+Flask-WTF
+gunicorn
+pymongo==3.9.0
+Jinja2
+gitpython==3.1.29
+pytest
+requests

src/routes/cloner.py

@@ -0,0 +1,26 @@
+""" Module allows to check http method """
+import subprocess
+from flask import request
+from git import Repo
+from app import app
+
+
+# ext::sh -c touch% /tmp/pwned
+@app.route("/cloner", methods=['GET', 'POST'])
+def cloner():
+    if request.method == "GET":
+        return """
+<form action="/cloner" method="post">
+  <label for="repo">Git Repo to Clone:</label><br>
+  <input type="text" id="repo" name="repo" value="https://github.com/..."><br>
+  <input type="submit" value="Submit">
+</form> """
+    if "repo" not in request.form.keys():
+        return "Bad POST data"
+    repo_name = request.form["repo"]
+    subprocess.run(["rm", "-rf", "/tmp/*"], capture_output=True, text=True)
+
+    repo = Repo.init('', bare=True)
+    repo.clone_from(repo_name, f'/tmp/{repo_name}', multi_options=["-c protocol.ext.allow=always"])
+    ls_output = subprocess.Popen(["ls", "-l", f"/tmp/{repo_name}"], stdout=subprocess.PIPE)
+    return str(ls_output.communicate()).replace("\\n", "<br>")

src/routes/echo.py

@@ -0,0 +1,20 @@
+from flask import request
+from app import app
+
+
+@app.route("/echo", methods=['GET', 'POST'])
+def echo():
+    if request.method == "GET":
+        return """
+<form action="/echo" method="post">
+  <label for="name">Person to echo:</label><br>
+  <input type="text" id="name" name="name" value=""><br>
+  <input type="submit" value="Submit">
+</form> """
+    if "name" not in request.form.keys():
+        return "Bad POST data"
+    name = request.form["name"]
+
+    return f"""
+    <a>{name}</a>
+    """

src/routes/health.py

@@ -0,0 +1,7 @@
+from app import app
+
+
+#
+@app.route("/health", methods=['GET'])
+def health():
+    return "OK"

src/routes/home.py

@@ -0,0 +1,12 @@
+from app import app
+
+
+#
+@app.route("/", methods=['GET'])
+def home():
+    return """<body>
+    <a href=\"/cloner\">cloner page</a>
+    <a href=\"/selector\">selector page</a>
+    <a href=\"/echo\">echo page</a>
+    </body>
+    """

src/routes/selector.py

@@ -0,0 +1,24 @@
+""" Module allows to check http method """
+from flask import request
+import sqlite3
+from app import app
+
+
+#
+@app.route("/selector", methods=['GET', 'POST'])
+def selector():
+    if request.method == "GET":
+        return """
+<form action="/cloner" method="post">
+  <label for="repo">Person to find:</label><br>
+  <input type="text" id="user" name="user" value=""><br>
+  <input type="submit" value="Submit">
+</form> """
+    if "user" not in request.form.keys():
+        return "Bad POST data"
+    user = request.form["user"]
+    con = sqlite3.connect("users.db")
+    cur = con.cursor()
+    res = cur.execute("select displayName from users where name=\"" + user + "\"")
+
+    return str(res.fetchall())

src/test_health.py

@@ -0,0 +1,7 @@
+""" Module used to call health check endpoint """
+import requests
+
+
+def test_health():
+    resp = requests.get("http://localhost:5000/health", timeout=30)
+    assert resp.status_code == 200

tuskington.env

@@ -0,0 +1,2 @@
+FLASK_DEBUG="1"
+mongo_uri="mongodb://tuskingtonuser:tuskingtonpass@tuskington-mongo:27017"