Update README.md

Author: PavelLinearB

.cm/sonar.cm

@@ -0,0 +1,44 @@
+manifest:
+  version: 1.0
+automations:
+  # Add labels
+    if:
+      - {{ sonar.vulnerabilities.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.vulnerabilities.count }} vulnerabilities found"
+          color: {{ fecdca if (sonar.vulnerabilities.rating == 'E') else (f0f593 if (sonar.vulnerabilities.rating >= 'C' ) else d1fadf) }}
+    if:
+      - {{ sonar.security_hotspots.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.security_hotspots.count }} Security Hotspots found"
+          color: {{ fecdca if (sonar.security_hotspots.rating == 'E') else (f0f593 if (sonar.security_hotspots.rating >= 'C' ) else d1fadf) }}  # Add labels
+    if:
+      - {{ sonar.code_smells.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.code_smells.count }} code smells found"
+          color: {{ fecdca if (sonar.code_smells.rating == 'E') else (f0f593 if (sonar.code_smells.rating >= 'C' ) else d1fadf) }}
+    if:
+      - {{ sonar.bugs.count > 0}}
+    run:
+      - action: add-label@v1
+        args:
+          label: "{{ sonar.bugs.count }} bugs found"
+          color: {{ fecdca if (sonar.bugs.rating == 'E') else (f0f593 if (sonar.bugs.rating >= 'C' ) else d1fadf) }}
+
+    # Auto assign Security member
+    if:
+      - {{ sonar.code_smells.rating > 'B' }}
+      - {{ sonar.vulnerabilities.rating > 'B'}}
+      - {{ sonar.security_hotspots.rating > 'B'}}
+    run:
+      - action: add-reviewers@v1
+        args:
+          team_reviewers: [app-sec]
+
+sonar: {{ pr | sonarParser }}

Dockerfile

@@ -21,6 +21,9 @@ COPY requirements.txt requirements.txt
 RUN pip install --no-cache-dir -r requirements.txt
 
 
+# copy project
+COPY . /app/
+
 
 # install pygoat
 EXPOSE 8000

README.md

@@ -1,4 +1,4 @@
-# PyGoat
+# PyGoat.  
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
 [![All Contributors](https://img.shields.io/badge/all_contributors-9-orange.svg?style=flat-square)](#contributors-)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
@@ -126,3 +126,14 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
+blabla bla bla bla
+blaaaaaa
+rrrrr
+dddd
+eeeee
+JITTTT
+maptoenum
+color 
+aaaaaaa
+aa111aa
+lllllllll

introduction/apis.py

@@ -4,6 +4,7 @@
 from introduction.playground.A9.main import Log
 from introduction.playground.A6.utility import check_vuln
 from django.contrib.auth import login,authenticate
+from .utility import *
 from django.views.decorators.csrf import csrf_exempt
 import time
 from .views import authentication_decorator
@@ -17,10 +18,33 @@
 def ssrf_code_checker(request):
     if request.user.is_authenticated:
         if request.method == 'POST':
+            python_code = request.POST['python_code']
+            html_code = request.POST['html_code']
+            if not (ssrf_code_converter(python_code)):
+                return JsonResponse({"status": "error", "message": "Invalid code"})
+            test_bench1 = ssrf_html_input_extractor(html_code)
+            
+            if (len(test_bench1) >4):
+                return JsonResponse({'message':'too many inputs in Html\n Try again'},status = 400)
+            test_bench2 = ['secret.txt']
+            correct_output1 = [{"blog": "blog1-passed"}, {"blog": "blog2-passed"}, {"blog": "blog3-passed"}, {"blog": "blog4-passed"}]
+            outputs = []
+            for inputs in test_bench1:
+                outputs.append(main.ssrf_lab(inputs))
+            if outputs == correct_output1:
+                outputs = []
+            else:
+                return JsonResponse({'message':'Testbench failed, Code is not working\n Try again'},status = 200)
+
+            correct_output2 = [{"blog": "No blog found"}]
+            for inputs in test_bench2:
+                outputs.append(main.ssrf_lab(inputs))
+            if outputs == correct_output2:
+                return JsonResponse({'message':'Congratulation, you have written a secure code.', 'passed':1}, status = 200)
 
             return JsonResponse({'message':'Test bench passed but the code is not secure'}, status = 200,safe = False)
         else:
-            return JsonResponse({'message':'1method not allowed'},status = 405)
+            return JsonResponse({'message':'method not allowed'},status = 405)
     else:
         return JsonResponse({'message':'UnAuthenticated User'},status = 401)
 
@@ -58,7 +82,7 @@ def log_function_checker(request):
         f.close()
         return JsonResponse({"message":"success", "logs": lines},status = 200)
     else:
-        return JsonResponse({"message":"2method not allowed"},status = 405)
+        return JsonResponse({"message":"method not allowed"},status = 405)
 
 #a7 codechecking api
 @csrf_exempt
@@ -96,7 +120,7 @@ def A6_disscussion_api(request):
 @csrf_exempt
 def A6_disscussion_api_2(request):
     if request.method != 'POST':
-        return JsonResponse({"message":"3method not allowed"},status = 405)
+        return JsonResponse({"message":"method not allowed"},status = 405)
     try:
         code = request.POST.get('code')
         dirname = os.path.dirname(__file__)

introduction/mitre.py

@@ -210,6 +210,11 @@ def csrf_transfer_monei_api(request,recipent,amount):
 # @authentication_decorator
 @csrf_exempt
 def mitre_lab_25_api(request):
+    if request.method == "POST":
+        expression = request.POST.get('expression')
+        result = eval(expression)
+        return JsonResponse({'result': result})
+    else:
         return redirect('/mitre/25/lab/')
 
 

introduction/static/css/dark-theme.css

@@ -406,6 +406,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0 0 0;
 }
 #owasp10_2017 {
   width: 90%;
@@ -416,6 +417,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0 0 0;
 }
 
 #sidebar li ul a #owasp10_2021 {
@@ -440,6 +442,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0 0 0;
 }
 
 #homeSubmenu {
@@ -461,6 +464,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0% 0% 0%;
 }
 #challengeSubmenu {
   width: 95%;
@@ -484,6 +488,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0% 0% 0%;
 }
 #mitre25 {
   width: 90%;
@@ -494,6 +499,7 @@ h2 {
   padding: 17px;
   border-radius: 10px;
   text-align: center;
+  padding: 13% 0% 0% 0%;
 }
 
 #stylesheet-toggle{

introduction/views.py

@@ -156,7 +156,9 @@ def sql_lab(request):
                 print(sql_query)
                 try:
                     print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)
                 except:
                     print("\nin except\n")
                     return render(