-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathDevSecOps-4837.cshtml.cs
More file actions
177 lines (152 loc) · 8.17 KB
/
DevSecOps-4837.cshtml.cs
File metadata and controls
177 lines (152 loc) · 8.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using System.Text.RegularExpressions;
using Microsoft.Data.SqlClient;
using Newtonsoft.Json;
using System.Text.Json;
namespace webapp01.Pages
{
/// <summary>
/// DevSecOps Demo Page Model - Contains intentional security vulnerabilities for GHAS demonstration
/// WARNING: This code is intentionally insecure for educational purposes only
/// </summary>
public class DevSecOps4837Model : PageModel
{
private readonly ILogger<DevSecOps4837Model> _logger;
// SECURITY ISSUE: Hardcoded database credentials - will be detected by GHAS Secret Scanning
private const string DB_CONNECTION_STRING = "Server=demo-sql.database.windows.net;Database=GHASDemo;User Id=demoadmin;Password=P@ssw0rd123!;";
// SECURITY ISSUE: Vulnerable regex pattern susceptible to ReDoS (Regular Expression Denial of Service)
// This pattern has nested quantifiers which can cause exponential backtracking
private static readonly Regex VulnerableEmailRegex = new Regex(@"^([a-zA-Z0-9]+)*@([a-zA-Z0-9]+)*\.com$", RegexOptions.Compiled);
public DevSecOps4837Model(ILogger<DevSecOps4837Model> logger)
{
_logger = logger;
_logger.LogInformation("DevSecOps4837Model initialized");
}
public List<GHASNewsItem> GHASNews { get; set; } = new List<GHASNewsItem>();
public void OnGet()
{
// SECURITY ISSUE: Log Forging - Unsanitized user input directly in log statements
string userName = Request.Query.ContainsKey("user") ? Request.Query["user"].ToString() ?? "anonymous" : "anonymous";
_logger.LogInformation($"User {userName} accessed DevSecOps-4837 page");
// SECURITY ISSUE: Another log forging example with query parameter
string action = Request.Query.ContainsKey("action") ? Request.Query["action"].ToString() ?? "view" : "view";
_logger.LogInformation($"Action performed: {action} by user {userName}");
// Load GHAS news with intentional vulnerabilities
LoadGHASNews();
// Demonstrate regex vulnerability
DemonstrateRegexVulnerability();
// Demonstrate SQL injection risk
DemonstrateSQLRisk();
}
private void LoadGHASNews()
{
_logger.LogInformation("Loading latest GitHub Advanced Security news");
GHASNews = new List<GHASNewsItem>
{
new GHASNewsItem
{
Title = "CodeQL 2.20 Released with Enhanced Security Analysis",
Description = "New CodeQL version includes improved support for C#, Java, and JavaScript with 50+ new security queries for OWASP Top 10 vulnerabilities.",
Date = DateTime.Now.AddDays(-2)
},
new GHASNewsItem
{
Title = "Secret Scanning Push Protection Now GA",
Description = "Push protection prevents developers from accidentally committing secrets to repositories, with support for 200+ token patterns.",
Date = DateTime.Now.AddDays(-5)
},
new GHASNewsItem
{
Title = "Dependabot Security Updates Enhanced",
Description = "Automated dependency updates now include intelligent PR grouping and compatibility scoring to reduce alert fatigue.",
Date = DateTime.Now.AddDays(-7)
},
new GHASNewsItem
{
Title = "AI-Powered Security Fix Suggestions",
Description = "GitHub Copilot for Security now provides context-aware fix suggestions for code scanning alerts with one-click remediation.",
Date = DateTime.Now.AddDays(-10)
},
new GHASNewsItem
{
Title = "Custom CodeQL Query Suites",
Description = "Organizations can now create and share custom CodeQL query suites across repositories for industry-specific compliance requirements.",
Date = DateTime.Now.AddDays(-14)
},
new GHASNewsItem
{
Title = "Security Overview Dashboard Updates",
Description = "New metrics and visualizations for tracking security posture across enterprise organizations with improved filtering and export capabilities.",
Date = DateTime.Now.AddDays(-18)
}
};
// SECURITY ISSUE: Unnecessary JSON serialization/deserialization that could introduce vulnerabilities
string jsonData = JsonConvert.SerializeObject(GHASNews);
var tempData = JsonConvert.DeserializeObject<List<GHASNewsItem>>(jsonData);
_logger.LogInformation($"Loaded {GHASNews.Count} GHAS news items");
}
private void DemonstrateRegexVulnerability()
{
// SECURITY ISSUE: Testing vulnerable regex pattern that could cause ReDoS
string testEmail = Request.Query.ContainsKey("email") ? Request.Query["email"].ToString() ?? "test@example.com" : "test@example.com";
try
{
// This vulnerable regex can cause exponential backtracking with inputs like "aaaaaaaaaaaaaaaaaaaaaaaaa@aaaaaaaaaaaaaaa"
bool isValidEmail = VulnerableEmailRegex.IsMatch(testEmail);
_logger.LogInformation($"Email validation result for {testEmail}: {isValidEmail}");
}
catch (Exception ex)
{
// SECURITY ISSUE: Logging full exception details which might contain sensitive information
_logger.LogError($"Regex validation failed for email: {testEmail}. Exception: {ex}");
}
}
private void DemonstrateSQLRisk()
{
// SECURITY ISSUE: Using hardcoded connection string
try
{
using var connection = new SqlConnection(DB_CONNECTION_STRING);
_logger.LogInformation("Database connection configured with demo credentials");
// SECURITY ISSUE: Potential SQL injection if this were to accept user input
string userId = Request.Query.ContainsKey("userId") ? Request.Query["userId"].ToString() ?? "1" : "1";
string unsafeQuery = $"SELECT * FROM Users WHERE UserId = {userId}"; // SQL INJECTION RISK
// Log the unsafe query (for demonstration - not actually executing)
_logger.LogWarning($"Unsafe SQL query constructed: {unsafeQuery}");
}
catch (Exception ex)
{
_logger.LogError($"Database operation failed: {ex.Message}");
}
}
public IActionResult OnPostProcessInput(string userInput)
{
if (string.IsNullOrEmpty(userInput))
{
_logger.LogWarning("Empty input received in ProcessInput handler");
return Page();
}
// SECURITY ISSUE: Log Forging - User input directly in logs without sanitization
_logger.LogInformation($"Processing user input: {userInput}");
// SECURITY ISSUE: User input could contain newlines or control characters
_logger.LogInformation($"Input length: {userInput.Length}, Content: {userInput}");
// Demonstrate potential command injection risk (not actually executing)
if (userInput.Contains(";") || userInput.Contains("|"))
{
_logger.LogWarning($"Suspicious input detected with special characters: {userInput}");
}
TempData["Message"] = $"Input processed: {userInput}";
return RedirectToPage();
}
}
/// <summary>
/// Model for GHAS news items
/// </summary>
public class GHASNewsItem
{
public string Title { get; set; } = string.Empty;
public string Description { get; set; } = string.Empty;
public DateTime Date { get; set; }
}
}