diff --git a/.github/workflows/nightvision.yml b/.github/workflows/nightvision.yml new file mode 100644 index 0000000..067a4bd --- /dev/null +++ b/.github/workflows/nightvision.yml @@ -0,0 +1,53 @@ +name: Test Case - DotNet App + +on: + # push: + workflow_dispatch: + +env: + #### SHOULD RUN IN DEBUG MODE FOR BETTER OUTPUT + # nightvision app create -n dvcsa + # nightvision target create -n dvcsa -u http://localhost:8999 --type api + # nightvision swagger extract ./ -t dvcsa --lang dotnet + # nightvision scan -t dvcsa -a dvcsa + NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }} + NIGHTVISION_TARGET: dvcsa + NIGHTVISION_APP: dvcsa + +jobs: + test: + permissions: + security-events: write + runs-on: ubuntu-latest + steps: + - name: (1) Clone Code + uses: actions/checkout@v3 + + - name: (2) Install NightVision + run: | + wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - \ + | tar -xz; sudo mv nightvision /usr/local/bin/ + + - name: (3) Extract API documentation from code + run: nightvision swagger extract ./ -t ${NIGHTVISION_TARGET} --lang dotnet + + - name: (4) Start the app + run: docker-compose up -d; sleep 10 + + - name: (5) Scan the API + run: | + nightvision scan -t ${NIGHTVISION_TARGET} -a ${NIGHTVISION_APP} > scan-results.txt + nightvision export sarif -s "$(head -n 1 scan-results.txt)" --swagger-file openapi-spec.yml + + - name: (5.5) Upload sarif documentation artifact + uses: actions/upload-artifact@v3 + with: + name: results.sarif + path: results.sarif + retention-days: 30 + + - name: (6) Upload SARIF file to GitHub Security Alerts if vulnerabilities are found + uses: github/codeql-action/upload-sarif@v2 + if: success() + with: + sarif_file: results.sarif \ No newline at end of file diff --git a/Controllers/EnvController.cs b/Controllers/EnvController.cs index 6364163..92f3cbc 100644 --- a/Controllers/EnvController.cs +++ b/Controllers/EnvController.cs @@ -3,16 +3,24 @@ namespace dvcsa.Controllers; [ApiController] -[Route("/api/.env")] +[Route("/.env")] public class EnvController : ControllerBase { [HttpGet(Name = "GetEnv")] public ActionResult Get() { var envContent = """ - DB_NAME=dvcsa - DB_USER=dvcsa - DB_PASSWORD=dvcsa + DB_NAME=crapi + DB_USER=crapi + DB_PASSWORD=crapi + DB_HOST=postgresdb + DB_PORT=5432 + SERVER_PORT=8080 + MONGO_DB_HOST=mongodb + MONGO_DB_PORT=27017 + MONGO_DB_USER=crapi + MONGO_DB_PASSWORD=crapi + MONGO_DB_NAME=crapi """; Response.Headers.Add("Content-Disposition", "attachment; filename=env"); return envContent; diff --git a/Controllers/UsersController.cs b/Controllers/UsersController.cs index e6e736d..c3be19d 100644 --- a/Controllers/UsersController.cs +++ b/Controllers/UsersController.cs @@ -6,7 +6,7 @@ namespace dvcsa.Controllers; [ApiController] -[Route("/api/[controller]")] +[Route("/[controller]")] public class UsersController : ControllerBase { diff --git a/check-endpoint.sh b/check-endpoint.sh new file mode 100755 index 0000000..297f749 --- /dev/null +++ b/check-endpoint.sh @@ -0,0 +1,21 @@ +echo "===========================================" +echo "SQL INJECTION" +echo "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" +echo +curl "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" +echo +echo "===========================================" +echo "Laravel - Sensitive Information Disclosure" +echo 'curl http://127.0.0.1:8999/.env' +echo +curl "http://127.0.0.1:8999/.env" +echo "===========================================" +echo "XSS REFLECTION" +echo "http://127.0.0.1:8999/Users/search?name=" +echo +curl "http://127.0.0.1:8999/Users/search?name=" +echo +read +open -a Google\ Chrome "http://127.0.0.1:8999/.env" & +open -a Google\ Chrome "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" & +open -a Google\ Chrome "http://127.0.0.1:8999/Users/search?name=" \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 7b698ce..4a21161 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,4 +7,4 @@ services: context: . dockerfile: Dockerfile ports: - - "9000:9000" # Change the port mapping if your app listens on a different port + - "8999:9000" # Change the port mapping if your app listens on a different port diff --git a/openapi-spec.yml b/openapi-spec.yml index 5bed4cc..d4af964 100644 --- a/openapi-spec.yml +++ b/openapi-spec.yml @@ -27,18 +27,18 @@ info: version: "0.1" openapi: 3.0.0 paths: - /api/.env: + /.env: get: - operationId: api_.env_GET + operationId: .env_GET responses: default: description: Default response - x-name: api_.env_GET + x-name: .env_GET x-source: Controllers/EnvController.cs~~9 - x-name: api_.env - /api/Users: + x-name: .env + /Users: get: - operationId: api_Users_GET + operationId: Users_GET parameters: - in: query name: name @@ -51,10 +51,10 @@ paths: responses: default: description: Default response - x-name: api_Users_GET + x-name: Users_GET x-source: Controllers/UsersController.cs~~22 post: - operationId: api_Users_POST + operationId: Users_POST requestBody: content: application/json: @@ -64,12 +64,12 @@ paths: responses: default: description: Default response - x-name: api_Users_POST + x-name: Users_POST x-source: Controllers/UsersController.cs~~34 - x-name: api_Users - /api/Users/search: + x-name: Users + /Users/search: get: - operationId: api_Users_search_GET + operationId: Users_search_GET parameters: - in: query name: name @@ -82,9 +82,9 @@ paths: responses: default: description: Default response - x-name: api_Users_search_GET + x-name: Users_search_GET x-source: Controllers/UsersController.cs~~42 - x-name: api_Users_search + x-name: Users_search servers: - description: Default server - url: http://localhost:9000 + url: http://localhost:8999