Merge pull request #1 from codeFather2/alex-fixes-1

add fixes from meeting

.github/workflows/nightvision.yml

@@ -0,0 +1,53 @@
+name: Test Case - DotNet App
+
+on:
+  # push:
+  workflow_dispatch:
+
+env:
+  #### SHOULD RUN IN DEBUG MODE FOR BETTER OUTPUT
+  # nightvision app create -n dvcsa
+  # nightvision target create -n dvcsa -u http://localhost:8999 --type api
+  # nightvision swagger extract ./ -t dvcsa --lang dotnet
+  # nightvision scan -t dvcsa -a dvcsa
+  NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }}
+  NIGHTVISION_TARGET: dvcsa
+  NIGHTVISION_APP: dvcsa
+
+jobs:
+  test:
+    permissions:
+      security-events: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: (1) Clone Code
+        uses: actions/checkout@v3
+
+      - name: (2) Install NightVision
+        run: |
+            wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - \
+            | tar -xz; sudo mv nightvision /usr/local/bin/
+
+      - name: (3) Extract API documentation from code
+        run: nightvision swagger extract ./ -t ${NIGHTVISION_TARGET} --lang dotnet
+
+      - name: (4) Start the app
+        run: docker-compose up -d; sleep 10
+
+      - name: (5) Scan the API
+        run: |
+          nightvision scan -t ${NIGHTVISION_TARGET} -a ${NIGHTVISION_APP} > scan-results.txt
+          nightvision export sarif -s "$(head -n 1 scan-results.txt)" --swagger-file openapi-spec.yml
+
+      - name: (5.5) Upload sarif documentation artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: results.sarif
+          path: results.sarif
+          retention-days: 30
+
+      - name: (6) Upload SARIF file to GitHub Security Alerts if vulnerabilities are found
+        uses: github/codeql-action/upload-sarif@v2
+        if: success()
+        with:
+          sarif_file: results.sarif

Controllers/EnvController.cs

@@ -3,16 +3,24 @@
 namespace dvcsa.Controllers;
 
 [ApiController]
-[Route("/api/.env")]
+[Route("/.env")]
 public class EnvController : ControllerBase
 {
     [HttpGet(Name = "GetEnv")]
     public ActionResult<string> Get()
     {
        var envContent = """
-                      DB_NAME=dvcsa
-                      DB_USER=dvcsa
-                      DB_PASSWORD=dvcsa
+                      DB_NAME=crapi
+                      DB_USER=crapi
+                      DB_PASSWORD=crapi
+                      DB_HOST=postgresdb
+                      DB_PORT=5432
+                      SERVER_PORT=8080
+                      MONGO_DB_HOST=mongodb
+                      MONGO_DB_PORT=27017
+                      MONGO_DB_USER=crapi
+                      MONGO_DB_PASSWORD=crapi
+                      MONGO_DB_NAME=crapi
                       """;
         Response.Headers.Add("Content-Disposition", "attachment; filename=env");
         return envContent;

Controllers/UsersController.cs

@@ -6,7 +6,7 @@
 namespace dvcsa.Controllers;
 
 [ApiController]
-[Route("/api/[controller]")]
+[Route("/[controller]")]
 public class UsersController : ControllerBase
 {
 

check-endpoint.sh

@@ -0,0 +1,21 @@
+echo "==========================================="
+echo "SQL INJECTION"
+echo "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1"
+echo
+curl "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1"
+echo 
+echo "==========================================="
+echo "Laravel - Sensitive Information Disclosure"
+echo 'curl http://127.0.0.1:8999/.env'
+echo
+curl "http://127.0.0.1:8999/.env"
+echo "==========================================="
+echo "XSS REFLECTION"
+echo "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"
+echo
+curl "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"
+echo
+read
+open -a Google\ Chrome "http://127.0.0.1:8999/.env" &
+open -a Google\ Chrome "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" &
+open -a Google\ Chrome "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"

docker-compose.yaml

@@ -7,4 +7,4 @@ services:
       context: .
       dockerfile: Dockerfile
     ports:
-      - "9000:9000" # Change the port mapping if your app listens on a different port
+      - "8999:9000" # Change the port mapping if your app listens on a different port

openapi-spec.yml

@@ -27,18 +27,18 @@ info:
   version: "0.1"
 openapi: 3.0.0
 paths:
-  /api/.env:
+  /.env:
     get:
-      operationId: api_.env_GET
+      operationId: .env_GET
       responses:
         default:
           description: Default response
-      x-name: api_.env_GET
+      x-name: .env_GET
       x-source: Controllers/EnvController.cs~~9
-    x-name: api_.env
-  /api/Users:
+    x-name: .env
+  /Users:
     get:
-      operationId: api_Users_GET
+      operationId: Users_GET
       parameters:
       - in: query
         name: name
@@ -51,10 +51,10 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_GET
+      x-name: Users_GET
       x-source: Controllers/UsersController.cs~~22
     post:
-      operationId: api_Users_POST
+      operationId: Users_POST
       requestBody:
         content:
           application/json:
@@ -64,12 +64,12 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_POST
+      x-name: Users_POST
       x-source: Controllers/UsersController.cs~~34
-    x-name: api_Users
-  /api/Users/search:
+    x-name: Users
+  /Users/search:
     get:
-      operationId: api_Users_search_GET
+      operationId: Users_search_GET
       parameters:
       - in: query
         name: name
@@ -82,9 +82,9 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_search_GET
+      x-name: Users_search_GET
       x-source: Controllers/UsersController.cs~~42
-    x-name: api_Users_search
+    x-name: Users_search
 servers:
 - description: Default server
-  url: http://localhost:9000
+  url: http://localhost:8999