Add "Supply Chain Attack" challenge

juice-shop · Jul 12, 2018 · 8565576 · 8565576
1 parent fee6e05
commit 8565576
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 1 deletion.
diff --git a/data/static/challenges.yml b/data/static/challenges.yml
@@ -494,3 +494,11 @@
   hint: 'No matter how good your eyes are, you will need tool assistance for this challenge.'
   hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/security-through-obscurity.html#rat-out-a-notorious-character-hiding-in-plain-sight-in-the-shop'
   key: hiddenImageChallenge
+-
+  name: 'Supply Chain Attack'
+  category: 'Broken Authentication'
+  description: '<a href="/#/contact">Inform the development team</a> about a danger to some of <em>their</em> credentials. (Send them the URL of the <em>original report</em> or the CVE of this vulnerability)'
+  difficulty: 4
+  hint: 'This vulnerability will not affect any customer of the shop. It is aimed exclusively at its developers.'
+  hintUrl: 'https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part2/broken-authentication.html#inform-the-development-team-about-a-danger-to-some-of-their-credentials'
+  key: supplyChainAttackChallenge
diff --git a/ftp/package.json.bak b/ftp/package.json.bak
@@ -89,6 +89,8 @@
     "chai": "~4",
     "codeclimate-test-reporter": "~0.5",
     "cross-spawn": "~5.1",
+    "eslint": "~4.7",
+    "eslint-scope": "3.7.2",
     "form-data": "~2.3",
     "frisby": "~2.0",
     "grunt-cli": "~1.2",

diff --git a/routes/verify.js b/routes/verify.js
@@ -248,3 +248,18 @@ function hiddenImageChallenge () {
     }
   })
 }
+
+function supplyChainAttackChallenge () { // TODO Extend to also pass for given CVE once one has been assigned (otherwise remove CVE mention from challenge description)
+  models.Feedback.findAndCountAll({where: {comment: {[Op.like]: '%https://github.com/eslint/eslint-scope/issues/39%'}}}
+  ).then(({count}) => {
+    if (count > 0) {
+      utils.solve(challenges.supplyChainAttackChallenge)
+    }
+  })
+  models.Complaint.findAndCountAll({where: {message: {[Op.like]: '%https://github.com/eslint/eslint-scope/issues/39%'}}}
+  ).then(({count}) => {
+    if (count > 0) {
+      utils.solve(challenges.supplyChainAttackChallenge)
+    }
+  })
+}
diff --git a/test/api/complaintApiSpec.js b/test/api/complaintApiSpec.js
@@ -11,7 +11,7 @@ describe('/api/Complaints', () => {
     frisby.post(API_URL + '/Complaints', {
       headers: authHeader,
       body: {
-        message: 'My stuff never arrived! This is outrageous!'
+        message: 'You have no clue what https://github.com/eslint/eslint-scope/issues/39 means, do you???'
       }
     })
       .expect('status', 201)

diff --git a/test/e2e/contactSpec.js b/test/e2e/contactSpec.js
@@ -171,6 +171,17 @@ describe('/#/contact', () => {
     protractor.expect.challengeSolved({ challenge: 'CAPTCHA Bypass' })
   })
 
+  describe('challenge "supplyChainAttack"', () => {
+    it('should be possible to post GitHub issue URL reporting malicious eslint-scope package as feedback', () => {
+      comment.sendKeys('Turn on 2FA! Now!!! https://github.com/eslint/eslint-scope/issues/39')
+      rating.click()
+
+      submitButton.click()
+    })
+
+    protractor.expect.challengeSolved({ challenge: 'Supply Chain Attack' })
+  })
+
   function solveNextCaptcha () {
     element(by.id('captcha')).getText().then((text) => {
       const answer = eval(text).toString() // eslint-disable-line no-eval