sasanlabs / vulnerableapp-php Goto Github PK

Problem statement
If you look at VulnerableApp-facade which is the User-interface for VulnerableApp-php, it has a way to tell the hints so that users can learn about the Vulnerability.

Solution
So we need to expose that hints objects, have a look at: https://github.com/SasanLabs/VulnerableApp-php/blob/main/src/FileUploadVulnerability/FileUpload.php#L428 for exposing hint metrics. Hints is present in the object definition:

Currently we don't have a continuous deployment pipeline for deploying new docker images on merging the PR. So we should have a github action which publish latest version with each PR merge and a master github action to publish a newer release version.
Sample github action: https://github.com/SasanLabs/VulnerableApp-facade/blob/main/.github/workflows/docker.yml

As VulnerableApp-php is in initial phase and hence we are using VSCode as IDE for the project, we do the code changes and then use docker to test the code changes.
As this is quite a tedious task where there is no way to debug the code except the very basic echo statements.

Solutions

1. We are looking for an IDE setup for the project such that we can debug the code changes without deployments.
2. Clear set of instructions for IDE setup.

The requirement is developing the framework in PHP to achieve following goals:

1. Ease of writing vulnerability (we want to make it very easy for other developers to write new vulnerabilities). we have done same in https://github.com/SasanLabs/VulnerableApp where adding new vulnerability is as simple as running a command. Look at: https://github.com/SasanLabs/VulnerableApp#contributing-to-project.
2. Framework should have a way to expose 2 pieces of information,

• List of vulnerabilities present via Vulnerability Definition (as objects in https://github.com/SasanLabs/VulnerableApp-php/tree/main/src/FacadeSchema)
• Scanner endpoint with information for DAST tools, more information at: #13

Every application which ties to Owasp VulnerableApp-Facade/VulnerableApp has a scanner endpoint that exposes information about VulnerableApplication which will be used by DAST tools like OWASP ZAP.

we already exposed this information in Owasp VulnerableApp: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java#L91
we would like to expose similar information. If you want to look at how it works then start OWASP VulnerableApp-facade application using https://github.com/SasanLabs/VulnerableApp-facade#simple-start and then visit: http://localhost/VulnerableApp/scanner endpoint, you will see the json exposed. we need similar json structure from VulnerableApp-php as well.

Is your feature request related to a problem? Please describe.
Currently, there is no level in Unrestricted File Upload that doesn't have a check on the size of the file uploaded.

Describe the solution you'd like
Adding a new level in File Upload Vulnerability with no size restriction such that it can cause DDOS in the vulnerableapp-php.

Project doesn't have logger integration.