From 13ba0e1c0aaa6387d1797efc8fccdea39550946f Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 11:52:43 -0400
Subject: [PATCH 1/6] add fixes from meeting

---
 Controllers/EnvController.cs   | 16 ++++++++++++----
 Controllers/UsersController.cs |  2 +-
 check-endpoint.sh              | 15 +++++++++++++++
 docker-compose.yaml            |  2 +-
 openapi-spec.yml               | 30 +++++++++++++++---------------
 5 files changed, 44 insertions(+), 21 deletions(-)
 create mode 100755 check-endpoint.sh

diff --git a/Controllers/EnvController.cs b/Controllers/EnvController.cs
index 6364163..92f3cbc 100644
--- a/Controllers/EnvController.cs
+++ b/Controllers/EnvController.cs
@@ -3,16 +3,24 @@
 namespace dvcsa.Controllers;
 
 [ApiController]
-[Route("/api/.env")]
+[Route("/.env")]
 public class EnvController : ControllerBase
 {
     [HttpGet(Name = "GetEnv")]
     public ActionResult<string> Get()
     {
        var envContent = """
-                      DB_NAME=dvcsa
-                      DB_USER=dvcsa
-                      DB_PASSWORD=dvcsa
+                      DB_NAME=crapi
+                      DB_USER=crapi
+                      DB_PASSWORD=crapi
+                      DB_HOST=postgresdb
+                      DB_PORT=5432
+                      SERVER_PORT=8080
+                      MONGO_DB_HOST=mongodb
+                      MONGO_DB_PORT=27017
+                      MONGO_DB_USER=crapi
+                      MONGO_DB_PASSWORD=crapi
+                      MONGO_DB_NAME=crapi
                       """;
         Response.Headers.Add("Content-Disposition", "attachment; filename=env");
         return envContent;
diff --git a/Controllers/UsersController.cs b/Controllers/UsersController.cs
index e6e736d..c3be19d 100644
--- a/Controllers/UsersController.cs
+++ b/Controllers/UsersController.cs
@@ -6,7 +6,7 @@
 namespace dvcsa.Controllers;
 
 [ApiController]
-[Route("/api/[controller]")]
+[Route("/[controller]")]
 public class UsersController : ControllerBase
 {
 
diff --git a/check-endpoint.sh b/check-endpoint.sh
new file mode 100755
index 0000000..6d2ad2b
--- /dev/null
+++ b/check-endpoint.sh
@@ -0,0 +1,15 @@
+echo "==========================================="
+echo "SQL INJECTION"
+echo "curl \"http://127.0.0.1:8999/Users?name='%20OR%20'1'='1\""
+echo
+curl "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1"
+echo 
+echo "==========================================="
+echo "Laravel - Sensitive Information Disclosure"
+echo 'curl http://127.0.0.1:8999/.env'
+echo
+curl http://127.0.0.1:8999/.env
+
+read
+open -a Google\ Chrome "http://127.0.0.1:8999/.env" &
+open -a Google\ Chrome "http://127.0.0.1:8999/users?name='%20OR%20'1'='1" &
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 7b698ce..4a21161 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -7,4 +7,4 @@ services:
       context: .
       dockerfile: Dockerfile
     ports:
-      - "9000:9000" # Change the port mapping if your app listens on a different port
+      - "8999:9000" # Change the port mapping if your app listens on a different port
diff --git a/openapi-spec.yml b/openapi-spec.yml
index 5bed4cc..d4af964 100644
--- a/openapi-spec.yml
+++ b/openapi-spec.yml
@@ -27,18 +27,18 @@ info:
   version: "0.1"
 openapi: 3.0.0
 paths:
-  /api/.env:
+  /.env:
     get:
-      operationId: api_.env_GET
+      operationId: .env_GET
       responses:
         default:
           description: Default response
-      x-name: api_.env_GET
+      x-name: .env_GET
       x-source: Controllers/EnvController.cs~~9
-    x-name: api_.env
-  /api/Users:
+    x-name: .env
+  /Users:
     get:
-      operationId: api_Users_GET
+      operationId: Users_GET
       parameters:
       - in: query
         name: name
@@ -51,10 +51,10 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_GET
+      x-name: Users_GET
       x-source: Controllers/UsersController.cs~~22
     post:
-      operationId: api_Users_POST
+      operationId: Users_POST
       requestBody:
         content:
           application/json:
@@ -64,12 +64,12 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_POST
+      x-name: Users_POST
       x-source: Controllers/UsersController.cs~~34
-    x-name: api_Users
-  /api/Users/search:
+    x-name: Users
+  /Users/search:
     get:
-      operationId: api_Users_search_GET
+      operationId: Users_search_GET
       parameters:
       - in: query
         name: name
@@ -82,9 +82,9 @@ paths:
       responses:
         default:
           description: Default response
-      x-name: api_Users_search_GET
+      x-name: Users_search_GET
       x-source: Controllers/UsersController.cs~~42
-    x-name: api_Users_search
+    x-name: Users_search
 servers:
 - description: Default server
-  url: http://localhost:9000
+  url: http://localhost:8999

From 27fc3827ff27ee951aa192f0ce3399256c5db8b0 Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 12:00:08 -0400
Subject: [PATCH 2/6] fix check

---
 check-endpoint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/check-endpoint.sh b/check-endpoint.sh
index 6d2ad2b..4794cc2 100755
--- a/check-endpoint.sh
+++ b/check-endpoint.sh
@@ -1,6 +1,6 @@
 echo "==========================================="
 echo "SQL INJECTION"
-echo "curl \"http://127.0.0.1:8999/Users?name='%20OR%20'1'='1\""
+echo "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1"
 echo
 curl "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1"
 echo 
@@ -12,4 +12,4 @@ curl http://127.0.0.1:8999/.env
 
 read
 open -a Google\ Chrome "http://127.0.0.1:8999/.env" &
-open -a Google\ Chrome "http://127.0.0.1:8999/users?name='%20OR%20'1'='1" &
\ No newline at end of file
+open -a Google\ Chrome "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" &
\ No newline at end of file

From 9aa266fed9e13ca99f53b0953b2abd6c84379c2a Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 12:05:46 -0400
Subject: [PATCH 3/6] add pipeline

---
 .github/workflows/nightvision.yml | 52 +++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 .github/workflows/nightvision.yml

diff --git a/.github/workflows/nightvision.yml b/.github/workflows/nightvision.yml
new file mode 100644
index 0000000..d390ce1
--- /dev/null
+++ b/.github/workflows/nightvision.yml
@@ -0,0 +1,52 @@
+name: Test Case - Flask App
+
+on:
+  # push:
+  workflow_dispatch:
+
+env:
+  # nightvision app create -n dvcsa
+  # nightvision target create -n dvcsa -u http://localhost:8999 --type api
+  # nightvision swagger extract ./ -t dvcsa --lang dotnet
+  # nightvision scan -t dvcsa -a dvcsa
+  NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }}
+  NIGHTVISION_TARGET: dvcsa
+  NIGHTVISION_APP: dvcsa
+  
+jobs:
+  test:
+    permissions:
+      security-events: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: (1) Clone Code
+        uses: actions/checkout@v3
+      
+      - name: (2) Install NightVision
+        run: |
+            wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - \
+            | tar -xz; sudo mv nightvision /usr/local/bin/
+
+      - name: (3) Extract API documentation from code
+        run: nightvision swagger extract ./ -t ${NIGHTVISION_TARGET} --lang dotnet
+
+      - name: (4) Start the app
+        run: docker-compose up -d; sleep 10
+
+      - name: (5) Scan the API
+        run: |
+          nightvision scan -t ${NIGHTVISION_TARGET} -a ${NIGHTVISION_APP} > scan-results.txt
+          nightvision export sarif -s "$(head -n 1 scan-results.txt)" --swagger-file openapi-spec.yml
+
+      - name: (5.5) Upload sarif documentation artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: results.sarif
+          path: results.sarif
+          retention-days: 30
+
+      - name: (6) Upload SARIF file to GitHub Security Alerts if vulnerabilities are found
+        uses: github/codeql-action/upload-sarif@v2
+        if: success()
+        with:
+          sarif_file: results.sarif
\ No newline at end of file

From 9e4690784121a0f3dcb51b9b5321ed5a941b59ff Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 12:07:09 -0400
Subject: [PATCH 4/6] default

---
 .github/workflows/nightvision.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightvision.yml b/.github/workflows/nightvision.yml
index d390ce1..d08d99c 100644
--- a/.github/workflows/nightvision.yml
+++ b/.github/workflows/nightvision.yml
@@ -1,7 +1,7 @@
-name: Test Case - Flask App
+name: Test Case - DotNet App
 
 on:
-  # push:
+  push:
   workflow_dispatch:
 
 env:

From 057bbed7e13b773ec1da9bffc0cfa89153f75e79 Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 12:12:38 -0400
Subject: [PATCH 5/6] add XSS in check

---
 .github/workflows/nightvision.yml |  2 +-
 check-endpoint.sh                 | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/nightvision.yml b/.github/workflows/nightvision.yml
index d08d99c..df8f8bc 100644
--- a/.github/workflows/nightvision.yml
+++ b/.github/workflows/nightvision.yml
@@ -1,7 +1,7 @@
 name: Test Case - DotNet App
 
 on:
-  push:
+  # push:
   workflow_dispatch:
 
 env:
diff --git a/check-endpoint.sh b/check-endpoint.sh
index 4794cc2..297f749 100755
--- a/check-endpoint.sh
+++ b/check-endpoint.sh
@@ -8,8 +8,14 @@ echo "==========================================="
 echo "Laravel - Sensitive Information Disclosure"
 echo 'curl http://127.0.0.1:8999/.env'
 echo
-curl http://127.0.0.1:8999/.env
-
+curl "http://127.0.0.1:8999/.env"
+echo "==========================================="
+echo "XSS REFLECTION"
+echo "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"
+echo
+curl "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"
+echo
 read
 open -a Google\ Chrome "http://127.0.0.1:8999/.env" &
-open -a Google\ Chrome "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" &
\ No newline at end of file
+open -a Google\ Chrome "http://127.0.0.1:8999/Users?name='%20OR%20'1'='1" &
+open -a Google\ Chrome "http://127.0.0.1:8999/Users/search?name=<script>alert()</script>"
\ No newline at end of file

From 87388e1254a391d0b506566d04cd066c34b79018 Mon Sep 17 00:00:00 2001
From: alex-nightvision <alex@nightvision.net>
Date: Mon, 6 May 2024 12:14:34 -0400
Subject: [PATCH 6/6] add comment

---
 .github/workflows/nightvision.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/nightvision.yml b/.github/workflows/nightvision.yml
index df8f8bc..067a4bd 100644
--- a/.github/workflows/nightvision.yml
+++ b/.github/workflows/nightvision.yml
@@ -5,6 +5,7 @@ on:
   workflow_dispatch:
 
 env:
+  #### SHOULD RUN IN DEBUG MODE FOR BETTER OUTPUT
   # nightvision app create -n dvcsa
   # nightvision target create -n dvcsa -u http://localhost:8999 --type api
   # nightvision swagger extract ./ -t dvcsa --lang dotnet