From 117443d1e86782a6ad690ee68827d8d14fe415b6 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:48 +0800 Subject: [PATCH 01/17] Patched introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html --- .../Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html index 1fa4c91..e7dc04e 100644 --- a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html +++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_1.html @@ -9,7 +9,7 @@

Admins Have the Secretkey

- + {% csrf_token %}

@@ -43,4 +43,4 @@

Please Provide Credentials

-{% endblock %} \ No newline at end of file +{% endblock %} From ce31b11c7a2e5a7bbebd7735b95751b2cd39c454 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:48 +0800 Subject: [PATCH 02/17] Patched introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html --- .../Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html index cce8b6e..c1aafed 100644 --- a/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html +++ b/introduction/templates/Lab_2021/A1_BrokenAccessControl/broken_access_lab_2.html @@ -9,7 +9,7 @@

Can you log in as an admin and get the secretkey?

From a889dae9f377049ac021bb5a4c344f5d44c3f155 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:48 +0800 Subject: [PATCH 10/17] Patched introduction/templates/Lab/BrokenAccess/ba_lab.html --- introduction/templates/Lab/BrokenAccess/ba_lab.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/introduction/templates/Lab/BrokenAccess/ba_lab.html b/introduction/templates/Lab/BrokenAccess/ba_lab.html index d45da9b..5248d56 100644 --- a/introduction/templates/Lab/BrokenAccess/ba_lab.html +++ b/introduction/templates/Lab/BrokenAccess/ba_lab.html @@ -9,7 +9,7 @@

Admins Have the Secretkey

- + {% csrf_token %}

@@ -43,4 +43,4 @@

Please Provide Credentials

-{% endblock %} \ No newline at end of file +{% endblock %} From fc414c68823d457ab8353251b524943d4a7a066a Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 11/17] Patched introduction/templates/Lab/CMD/cmd_lab2.html --- introduction/templates/Lab/CMD/cmd_lab2.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/introduction/templates/Lab/CMD/cmd_lab2.html b/introduction/templates/Lab/CMD/cmd_lab2.html index a71a605..7319130 100644 --- a/introduction/templates/Lab/CMD/cmd_lab2.html +++ b/introduction/templates/Lab/CMD/cmd_lab2.html @@ -7,6 +7,7 @@

Evaluate any expression!

+ {% csrf_token %}

@@ -29,4 +30,4 @@
Output

-{% endblock %} \ No newline at end of file +{% endblock %} From d55f3c934babf927645a51d0056abab806dbc178 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 12/17] Patched introduction/apis.py --- introduction/apis.py | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/introduction/apis.py b/introduction/apis.py index 7926708..a3b90e6 100644 --- a/introduction/apis.py +++ b/introduction/apis.py @@ -12,14 +12,6 @@ from .utility import * from .views import authentication_decorator - - -# steps --> -# 1. covert input code to corrosponding code and write in file -# 2. extract inputs form 2nd code -# 3. Run the code -# 4. get the result -@csrf_exempt def ssrf_code_checker(request): if request.user.is_authenticated: if request.method == 'POST': @@ -55,8 +47,6 @@ def ssrf_code_checker(request): # Insufficient Logging & Monitoring - -@csrf_exempt # @authentication_decorator def log_function_checker(request): if request.method == 'POST': @@ -67,10 +57,10 @@ def log_function_checker(request): log_filename = os.path.join(dirname, "playground/A9/main.py") api_filename = os.path.join(dirname, "playground/A9/api.py") f = open(log_filename,"w") - f.write(log_code) + f.write(escape(log_code)) f.close() f = open(api_filename,"w") - f.write(api_code) + f.write(escape(api_code)) f.close() # Clearing the log file before starting the test f = open('test.log', 'w') @@ -90,7 +80,6 @@ def log_function_checker(request): return JsonResponse({"message":"method not allowed"},status = 405) #a7 codechecking api -@csrf_exempt def A7_disscussion_api(request): if request.method != 'POST': return JsonResponse({"message":"method not allowed"},status = 405) @@ -109,7 +98,6 @@ def A7_disscussion_api(request): return JsonResponse({"message":"failure"},status = 400) #a6 codechecking api -@csrf_exempt def A6_disscussion_api(request): test_bench = ["Pillow==8.0.0","PyJWT==2.4.0","requests==2.28.0","Django==4.0.4"] @@ -122,7 +110,6 @@ def A6_disscussion_api(request): except Exception as e: return JsonResponse({"message":"failure"},status = 400) -@csrf_exempt def A6_disscussion_api_2(request): if request.method != 'POST': return JsonResponse({"message":"method not allowed"},status = 405) @@ -131,8 +118,8 @@ def A6_disscussion_api_2(request): dirname = os.path.dirname(__file__) filename = os.path.join(dirname, "playground/A6/utility.py") f = open(filename,"w") - f.write(code) + f.write(escape(code)) f.close() except: return JsonResponse({"message":"missing code"},status = 400) - return JsonResponse({"message":"success"},status = 200) \ No newline at end of file + return JsonResponse({"message":"success"},status = 200) From f60c23e3864bf93207910a86fde183de9c320345 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 13/17] Patched introduction/templates/Lab/A9/a9_lab.html --- introduction/templates/Lab/A9/a9_lab.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/introduction/templates/Lab/A9/a9_lab.html b/introduction/templates/Lab/A9/a9_lab.html index 5a70b46..7145c34 100644 --- a/introduction/templates/Lab/A9/a9_lab.html +++ b/introduction/templates/Lab/A9/a9_lab.html @@ -8,6 +8,7 @@

Yaml To Json Converter

+ {% csrf_token %}

@@ -34,4 +35,4 @@
Here is your output:

-{% endblock %} \ No newline at end of file +{% endblock %} From dc74d1d5971ecc02304d27eddacb897f17cd1903 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 14/17] Patched introduction/playground/A9/api.py --- introduction/playground/A9/api.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/introduction/playground/A9/api.py b/introduction/playground/A9/api.py index 35e1bd2..758fbb9 100644 --- a/introduction/playground/A9/api.py +++ b/introduction/playground/A9/api.py @@ -4,7 +4,6 @@ from .main import Log -@csrf_exempt def log_function_target(request): L = Log(request) if request.method == "GET": @@ -30,4 +29,4 @@ def log_function_target(request): return JsonResponse({"message":"success", "method":"patch"},status = 200) if request.method == "UPDATE": return JsonResponse({"message":"success", "method":"update"},status = 200) - return JsonResponse({"message":"method not allowed"},status = 403) \ No newline at end of file + return JsonResponse({"message":"method not allowed"},status = 403) From ca7fba1235e7ae0ff6434ad3a576b8fa4abebdba Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 15/17] Patched introduction/playground/A9/archive.py --- introduction/playground/A9/archive.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/introduction/playground/A9/archive.py b/introduction/playground/A9/archive.py index c9db8fc..1d99ead 100644 --- a/introduction/playground/A9/archive.py +++ b/introduction/playground/A9/archive.py @@ -4,7 +4,6 @@ from .main import Log -@csrf_exempt def log_function_target(request): L = Log(request) if request.method == "GET": @@ -60,3 +59,4 @@ def error(self,msg): f = open('test.log', 'a') f.write(f"ERROR:{now}:{msg}\n") f.close() + From e561e8174fa69b5dabe490ac085b4a19b4f37c1d Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 16/17] Patched introduction/templates/Lab/XSS/xss_lab_3.html --- introduction/templates/Lab/XSS/xss_lab_3.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/introduction/templates/Lab/XSS/xss_lab_3.html b/introduction/templates/Lab/XSS/xss_lab_3.html index a550b9a..af61751 100644 --- a/introduction/templates/Lab/XSS/xss_lab_3.html +++ b/introduction/templates/Lab/XSS/xss_lab_3.html @@ -19,10 +19,14 @@

Welcome to XSS Challenge

{{code}}

+
{% endblock content %} + From 96c63f0e972a365df486e83f6be7fa14e0b6a3a5 Mon Sep 17 00:00:00 2001 From: "patched.codes[bot]" <298395+patched.codes[bot]@users.noreply.github.com> Date: Tue, 28 May 2024 13:11:49 +0800 Subject: [PATCH 17/17] Patched docker-compose.yml --- docker-compose.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 3d39f83..8172fb0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,9 @@ services: - POSTGRES_DB=postgres - POSTGRES_USER=postgres - POSTGRES_PASSWORD=postgres + security_opt: + - no-new-privileges:true + read_only: true web: build: . image: pygoat/pygoat @@ -20,6 +23,9 @@ services: depends_on: - migration - db + security_opt: + - no-new-privileges:true + read_only: true migration: image: pygoat/pygoat command: python pygoat/manage.py migrate --noinput @@ -27,3 +33,6 @@ services: - .:/app depends_on: - db + security_opt: + - no-new-privileges:true + read_only: true