The AFIP Playground is a magical place where you can test out you code against several vulnerabilities.
You can build the docker image as follows:
docker build -t afip-playground .You can run the AFIP Playground in a container:
docker run -p 8080:8080 -d afip-playgroundThe AFIP Scanner relies on taint analysis to find vulnerabilities. The concept behind it is that any variable that can be modified by an outside user poses a potential security risk.
In this sense we can define three types of variables:
- Tainted: A variable that carries user modified data
- Vulnerable: If the tainted variable gets passed to a sink (vulnerable function) without first being sanitized it is flagged as a vulnerability
- Cleaned: When a tainted variable is sanitised it is flagged as a cleaner
The AFIP Playground points these cases for us in the code for a specific vulnerability.
-
Load a snippet of code you want to analyze. (You can use the Example button to load an example snippet for the selected vulnerability)
-
Select a vulnerability against which you want to test your code.
-
Analyze the code and see the results obtained!
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License here.