Skip to content

test dast static analysis #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: dast-test1
Choose a base branch
from
Open

test dast static analysis #63

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 67 additions & 1 deletion app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,67 @@
foobar
from flask import Flask, request, jsonify, Response
import sqlite3

app = Flask(__name__)

# Database file
DATABASE = 'app.db'

def get_db_connection():
conn = sqlite3.connect(DATABASE)
return conn
Comment on lines +9 to +11
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance database connection handling.

The current implementation lacks proper error handling and connection management.

Consider implementing:

  1. Connection pooling
  2. Error handling with proper exception catching
  3. Connection timeout settings
 def get_db_connection():
-    conn = sqlite3.connect(DATABASE)
-    return conn
+    try:
+        conn = sqlite3.connect(
+            DATABASE,
+            timeout=30,
+            check_same_thread=False
+        )
+        return conn
+    except sqlite3.Error as e:
+        app.logger.error(f"Database connection error: {e}")
+        raise
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
def get_db_connection():
conn = sqlite3.connect(DATABASE)
return conn
def get_db_connection():
try:
conn = sqlite3.connect(
DATABASE,
timeout=30,
check_same_thread=False
)
return conn
except sqlite3.Error as e:
app.logger.error(f"Database connection error: {e}")
raise


def init_db():
# Create table and insert data
conn = get_db_connection()
cursor = conn.cursor()
# Check if table already exists to prevent overwriting
cursor.execute("SELECT name FROM sqlite_master WHERE type='table' AND name='users';")
if cursor.fetchone() is None:
cursor.execute('CREATE TABLE users (id INTEGER PRIMARY KEY, name TEXT, age INTEGER);')
cursor.execute("INSERT INTO users (name, age) VALUES ('Alice', 30), ('Bob', 25), ('Charlie', 35);")
conn.commit()
conn.close()

@app.route('/users', methods=['GET'])
def get_user():
name = request.args.get('name')
conn = get_db_connection()
cursor = conn.cursor()

# Vulnerable SQL Query from raw string concatenation
query = f"SELECT * FROM users WHERE name = '{name}'"
cursor.execute(query)

# # Fixed SQL Query using parameterized queries
# query = "SELECT * FROM users WHERE name = ?"
# cursor.execute(query, (name,))

user = cursor.fetchone()
conn.close()
if user:
return jsonify({"id": user[0], "name": user[1], "age": user[2]})
else:
return jsonify({"error": "User not found"}), 404
Comment on lines +25 to +44
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

CRITICAL: Fix SQL injection vulnerability immediately.

The current implementation is vulnerable to SQL injection attacks through raw string concatenation. This is a severe security risk that could allow attackers to:

  1. Access unauthorized data
  2. Modify database contents
  3. Execute arbitrary commands

Apply this fix immediately by uncommenting the secure implementation and removing the vulnerable code:

-    # Vulnerable SQL Query from raw string concatenation
-    query = f"SELECT * FROM users WHERE name = '{name}'"
-    cursor.execute(query)
+    # Secure SQL Query using parameterized queries
+    query = "SELECT * FROM users WHERE name = ?"
+    cursor.execute(query, (name,))

Additionally, add input validation:

 def get_user():
     name = request.args.get('name')
+    if not name or not isinstance(name, str):
+        return jsonify({"error": "Invalid name parameter"}), 400
     conn = get_db_connection()
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@app.route('/users', methods=['GET'])
def get_user():
name = request.args.get('name')
conn = get_db_connection()
cursor = conn.cursor()
# Vulnerable SQL Query from raw string concatenation
query = f"SELECT * FROM users WHERE name = '{name}'"
cursor.execute(query)
# # Fixed SQL Query using parameterized queries
# query = "SELECT * FROM users WHERE name = ?"
# cursor.execute(query, (name,))
user = cursor.fetchone()
conn.close()
if user:
return jsonify({"id": user[0], "name": user[1], "age": user[2]})
else:
return jsonify({"error": "User not found"}), 404
@app.route('/users', methods=['GET'])
def get_user():
name = request.args.get('name')
if not name or not isinstance(name, str):
return jsonify({"error": "Invalid name parameter"}), 400
conn = get_db_connection()
cursor = conn.cursor()
# Secure SQL Query using parameterized queries
query = "SELECT * FROM users WHERE name = ?"
cursor.execute(query, (name,))
user = cursor.fetchone()
conn.close()
if user:
return jsonify({"id": user[0], "name": user[1], "age": user[2]})
else:
return jsonify({"error": "User not found"}), 404
🧰 Tools
🪛 GitHub Actions: Linters

[error] 25-25: SQL Injection vulnerability in /users endpoint using SQLite database


@app.route('/.env', methods=['GET'])
def get_env():
env_content = """
DB_NAME=crapi
DB_USER=crapi
DB_PASSWORD=crapi
DB_HOST=postgresdb
DB_PORT=5432
SERVER_PORT=8080
MONGO_DB_HOST=mongodb
MONGO_DB_PORT=27017
MONGO_DB_USER=crapi
MONGO_DB_PASSWORD=crapi
MONGO_DB_NAME=crapi
"""
return Response(env_content, headers={
"Content-Disposition": "attachment; filename=env"
})
Comment on lines +46 to +63
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

CRITICAL: Remove endpoint exposing sensitive credentials.

This endpoint poses a severe security risk by exposing:

  1. Database credentials

  2. Server configuration

  3. MongoDB credentials

  4. Remove this endpoint immediately:

-@app.route('/.env', methods=['GET'])
-def get_env():
-    env_content = """
-DB_NAME=crapi
-DB_USER=crapi
-DB_PASSWORD=crapi
-DB_HOST=postgresdb
-DB_PORT=5432
-SERVER_PORT=8080
-MONGO_DB_HOST=mongodb
-MONGO_DB_PORT=27017
-MONGO_DB_USER=crapi
-MONGO_DB_PASSWORD=crapi
-MONGO_DB_NAME=crapi
-"""
-    return Response(env_content, headers={
-        "Content-Disposition": "attachment; filename=env"
-    })
  1. Use environment variables or a secure configuration management system instead:
import os
from dotenv import load_dotenv

load_dotenv()

DB_NAME = os.getenv('DB_NAME')
DB_USER = os.getenv('DB_USER')
# ... etc
🧰 Tools
🪛 GitHub Actions: Linters

[error] 46-46: Sensitive information disclosure vulnerability: .env file is publicly accessible at /.env endpoint


if __name__ == '__main__':
init_db() # Initialize the database and populate it
app.run(host="0.0.0.0", debug=True)
Comment on lines +65 to +67
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Disable debug mode and restrict network binding.

Running with debug=True in production is a security risk as it can expose sensitive information and allow code execution through the debugger.

Modify the run configuration:

 if __name__ == '__main__':
     init_db()  # Initialize the database and populate it
-    app.run(host="0.0.0.0", debug=True)
+    debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() == 'true'
+    app.run(
+        host="127.0.0.1",  # Only bind to localhost unless explicitly needed
+        debug=debug_mode,  # Control through environment variable
+    )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if __name__ == '__main__':
init_db() # Initialize the database and populate it
app.run(host="0.0.0.0", debug=True)
if __name__ == '__main__':
init_db() # Initialize the database and populate it
debug_mode = os.getenv('FLASK_DEBUG', 'False').lower() == 'true'
app.run(
host="127.0.0.1", # Only bind to localhost unless explicitly needed
debug=debug_mode, # Control through environment variable
)

Loading