-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NoSQL Challenges #328
Comments
I remember that one... somehow slipped through... It requires a separate DB running, so probably not possible the easy way with single Dockerfile, right? You built in a way where the additional challenges are only available if you find a running NoSQL DB at an expected URL, right? |
The MongoDB now runs in the same Container as the the Applications. The challenge disabling is still in the current implementation, but more a relict of the times where the MongoDB was external. Probably not even really needed when the Database always gets installed with the Application. |
Oh, this is awesome news! No |
Yup |
It'd be great if you could rebase your changes to |
Ok i will try that. |
Looks there are a few conflicts occuring between your branch and the main repo (no matter if develop or master). It might be easier in the end if you fork freshly and re-apply your changes/enhancements. Sorry for that, but merging might probably be even less fun. |
Ok no problem I will do so. |
This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs. |
Hi Guys,
me and a few colleges of mine have wanted to use the JuiceShop to demonstrate NoSQL Injection Attacks. To Do this we have implemented a MongoDB Integration to JuiceShop using a prebuild MongoDB loaded via npm.
The MongoDB is used to store comments for the products. There are 2 challenges regarding NoSQL Injections at the moment.
This was implemented a few Months ago there were some problems with the libraries that should be solved by now.
During OWASP Summit i'd like to update these integration. I dont know if it will be done by the end of it / if it is in a state to get merged by the end of it.
The branch with the current features can be found here:
Feature Branch
I'm always open for feedback on the idea and the features.
Have a good time at the Summit
The text was updated successfully, but these errors were encountered: