Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Rough draft of vulnerable server variant.
This feeds into differential security arguments. If the vulnerable server is trivially attackable but the target server is not, then the mitigiations provide value. This addresses issue #4 Still TODO: Run end-to-end tests against vulnerable server.
- Loading branch information
1 parent
417c327
commit ba3fb5e
Showing
4 changed files
with
717 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,8 @@ | |
/pg | ||
# Stores uploaded files | ||
/static/user-uploads | ||
# Server variant | ||
/vulnerable/** | ||
|
||
# Emacs droppings | ||
*~ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
#!/bin/bash | ||
|
||
# Builds a variant of the target server but with protective measures disabled. | ||
|
||
set -e | ||
|
||
force= | ||
if [[ "$1" == "-f" ]]; then | ||
force=1 | ||
shift | ||
fi | ||
|
||
if [ -z "$force" ] && [ -d vulnerable/ ] && ! git diff --quiet vulnerable/; then | ||
echo "Changes to vulnerable/" | ||
exit 1 | ||
fi | ||
|
||
source_files="$( | ||
git check-ignore -n -v --no-index \ | ||
$( find lib -type f | grep -v lib/framework; | ||
echo package.json main.js scripts/run-locally.js static/* ) \ | ||
| perl -ne 'print "$1\n" if m/^::\t(.*)/' | sort | ||
)" | ||
|
||
echo Deleting old vulnerable/ | ||
rm -rf vulnerable/ | ||
|
||
echo Copying files over | ||
for f in $source_files; do | ||
|
||
mkdir -p vulnerable/"$(dirname "$f")" | ||
cp -r "$f" vulnerable/"$f" | ||
done | ||
|
||
rm -rf vulnerable/static/user-uploads | ||
|
||
echo Copying node_modules | ||
cp -r node_modules/ vulnerable/node_modules/ | ||
|
||
echo Patching | ||
pushd vulnerable/ >& /dev/null | ||
echo "#/bin/bash" > scripts/postinstall.sh | ||
|
||
for f in node_modules/{module-keys,node-sec-patterns,safesql,sh-template-tag,web-contract-types}; do | ||
echo 'throw new Error(`kapow!`);' > $f/index.js | ||
done | ||
|
||
chmod +x scripts/postinstall.sh | ||
patch -p0 < ../vulnerable.patch | ||
popd >& /dev/null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
|
||
# Builds a variant of the target server but with protective measures disabled. | ||
# | ||
# Usually run thus: | ||
# ./scripts/gen-vulnerable-patch.sh > vulnerable.patch | ||
|
||
set -e | ||
|
||
source_files="$( | ||
git check-ignore -n -v --no-index \ | ||
$( find lib -type f | grep -v lib/framework; | ||
echo package.json main.js scripts/run-locally.js static/* ) \ | ||
| perl -ne 'print "$1\n" if m/^::\t(.*)/' | sort | ||
)" | ||
|
||
( | ||
for f in $source_files; do | ||
diff -u "$f" vulnerable/"$f" || true | ||
done | ||
) |
Oops, something went wrong.