venv/

**WARNING: This application is intentionally vulnerable and meant for educational purposes only. DO NOT deploy this in any production environment.**

This application demonstrates common security vulnerabilities based on OWASP Top 10 (2021). It consists of two microservices:

- Auth Service: Handles user authentication with intentional vulnerabilities

- Profile Service: Manages user profile data with intentional vulnerabilities

- No role-based access control implementation

- Direct object references without verification

- Location:`auth_service/routes.py` - endpoint`/api/user/<id>`

- Passwords stored with weak hashing (MD5)

- Sensitive data transmitted without encryption

- Location:`auth_service/utils.py` -`hash_password()` function

- SQL injection vulnerability in login query

- NoSQL injection in profile lookup

- Location:`auth_service/routes.py` -`/login` endpoint

- Location:`profile_service/routes.py` -`/profile` endpoint

- No rate limiting on login attempts

- Password reset without verification

- Location:`auth_service/routes.py` - all endpoints

- Debug mode enabled

- Default/weak credentials

- Location:`config.py` - all configuration settings

- Outdated dependencies in requirements.txt

- Known vulnerable versions of packages

- Weak password requirements

- Session tokens without expiry

- Location:`auth_service/utils.py` -`validate_password()` function

- No integrity checks on uploaded files

- Unsecured deserialization

- Location:`profile_service/routes.py` -`/upload` endpoint

- No logging of security events

- Sensitive data in logs

- Location: Both services lack proper logging

- Unvalidated URL inputs

- Location:`profile_service/routes.py` -`/fetch-avatar` endpoint

1. Create virtual environment:

python -m venv venv

source venv/bin/activate# Linux/Mac

venv\Scripts\activate# Windows

2. Install dependencies:

pip install -r requirements.txt

3. Set up MongoDB:

- Use local MongoDB instance or

- Create free MongoDB Atlas cluster

4. Configure environment:

cp .env.example .env

5. Run services:

python auth_service/app.py

python profile_service/app.py

1. SQL Injection:

2. NoSQL Injection:

{"$gt":""}in username field

3. Weak Passwords:

4. SSRF Test:

Run security scanners againsthttp://localhost:5000 andhttp://localhost:5001 to detect vulnerabilities.

This application is for educational purposes only. It contains intentional security vulnerabilities to demonstrate common security issues. DO NOT use any of this code in production environments.

FROM node:14

WORKDIR /app

COPY package.json package-lock.json ./

RUN npm install

COPY . .

CMD ["node","server.js"]

fromflaskimportFlask,request,jsonify

fromutilsimporthash_password,generate_token

app=Flask(__name__)

CORS(app)

app.config['DEBUG']=True

app.secret_key='xuysoe54Puj990'

defentry():

returnjsonify({"error":"Invalid credentials"}),401

deflogin():

data=request.get_json()

username=data.get('username')

password=data.get('password')

conn=sqlite3.connect('users.db')

cursor=conn.cursor()

user=cursor.execute(query).fetchone()

ifuser:

token=generate_token(username)

returnjsonify({"token":token.decode('utf-8')})

returnjsonify({"error":"Invalid credentials"}),401

defregister():

data=request.get_json()

iflen(data.get('password',''))>1:

hashed_password=hash_password(data['password'])

conn=sqlite3.connect('users.db')

cursor=conn.cursor()

cursor.execute('''

''')

try:

cursor.execute(

'INSERT INTO users (username, password) VALUES (?, ?)',

(data['username'],hashed_password)

)

conn.commit()

returnjsonify({"message":"User registered successfully"})

exceptsqlite3.IntegrityError:

returnjsonify({"error":"Username already exists"}),400

finally:

conn.close()

else:

returnjsonify({"error":"Invalid password"}),400

defget_user(id):

conn=sqlite3.connect('users.db')

cursor=conn.cursor()

user=cursor.execute(f"SELECT * FROM users WHERE id={id}").fetchone()

ifuser:

returnjsonify({

"id":user[0],

"username":user[1],

"password_hash":user[2]

})

returnjsonify({"error":"User not found"}),404

if__name__=='__main__':

app.run(port=5000,debug=True)

defhash_password(password):

returnhashlib.md5(password.encode()).hexdigest()

defgenerate_token(username):

returnjwt.encode(

{'username':username},

'xuysoe54Puj990',

)

defvalidate_password(password):

returnlen(password)>1

version:'3.8'

services:

frontend:

build:

context:./frontend

dockerfile:Dockerfile

ports:

-"3000:3000"

environment:

-REACT_APP_AUTH_SERVICE_URL=http://auth-service:5000

-REACT_APP_PROFILE_SERVICE_URL=http://profile-service:5001

depends_on:

-auth-service

-profile-service

auth-service:

build:

context:./auth_service

dockerfile:Dockerfile

ports:

-"5000:5000"

environment:

-MONGO_URI=mongodb://mongo:27017/

depends_on:

-mongo

profile-service:

build:

context:./profile_service

dockerfile:Dockerfile

ports:

-"5001:5001"

environment:

-MONGO_URI=mongodb://mongo:27017/

depends_on:

-mongo

mongo:

image:mongo:4.4

ports:

-"27017:27017"

volumes:

-mongodb_data:/data/db

volumes:

mongodb_data:

FROM node:14

WORKDIR /app

COPY package.json package-lock.json ./

RUN npm install

COPY . .

RUN npm run build

CMD ["npm","start"]