Skip to content
This repository was archived by the owner on Mar 20, 2020. It is now read-only.

Contrast-Security-OSS/NodeTestBench

BranchesTags

Repository files navigation

ExpressTestBench

Intentionally Vulnerable Node Applications

Running Locally

Make sure you have Node.js installed or install a version on node from nvm.

git clone https://github.com/Contrast-Security-OSS/NodeTestBench.git ExpressTestBench # or clone your own fork
cd ExpressTestBench
npm install
npm start

Your app should now be running on localhost:3000.

Running with Contrast

Installation

See our documentation for installation instructions.

Running the agent

After installation, the agent can be run with npm run contrast. For more information on configuration and which technologies the agent supports, see our documentation.

Adding a shared vulnerability

Once you have added shared functionality to @contrast/test-bench-utils and @contrast/test-bench-content, you are ready to add an endpoint in the test bench application.

Create a vulnerabilities/ruleName/index.js file and call the controllerFactory method:

const controllerFactory = require('../../utils/controllerFactory');
module.exports = controllerFactory('ruleName');

Check the documentation for controllerFactory under utils/controllerFactory.js usage information.

Add a vulnerabilities/ruleName/views/index.ejs file that includes the shared template from @contrast/test-bench-content:

<% include ../../../node_modules/@contrast/test-bench-content/views/ruleName.ejs %>

Now run the app and make sure everything works as expected!

About

Intentionally Vulnerable Node Applications

Resources

Readme
Activity
Custom properties

Stars

16 stars

Watchers

26 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 10

Languages