The mission of the GitHub Security Lab is to inspire and enable the community to secure the open source software we all depend on. Today, we are excited to present you a code security challenge inspired from real-world code, with which you can feel part of us through the thrill of finding and fixing a security issue to win GitHub Shop vouchers!
- Click Use this template followed by Create a new repository.
- In the new tab, most of the prompts will automatically fill in for you. For the rest:
- For owner, choose your personal account.
- For repository name, choose a name of your preference.
- For description, you can leave it blank.
- For visibility, choose Public if you wish to use code scanning for free, with the downside of others being able to see your code. Choose Private if you wish to keep your code private, with the downside of not being able to use code scanning as you will need a paid plan.
- Click the Create repository button at the bottom of the form.
- You can now proceed to the following section.
The challenge is configured to run instantly with Codespaces, a fully configured dev environment in the cloud with up to 60 hours a month free. For more information, checkout Codespaces. If you prefer to work locally, please follow the local installation guide in the next section.
To create a codespace:
- Click the Code drop down button in the upper-right of your repository navigation bar.
- Click Create codespace on main.
- After creating a codespace, wait for around a minute for the background installations to complete.
- Upon completion, ignore any files that may have changed such as
node_modules
andpackage-lock.json
. There's no need to commit these changes. - You can now scroll to the 🚀 PLAY section!
Please note: You don't need this step if you are using Codespaces, skip to the next section!
- Install Nodejs.
- Install express, body-parser and express-rate-limit using npm by running the following command in your terminal:
npm install express body-parser express-rate-limit
Once installation has completed, clone your repository to your local machine and install required dependencies.
- From your repository, click the Code drop down button in the upper-right of your repository navigation bar.
- Select the
Local
tab from the menu. - Copy the repository's URL.
- In your terminal, change the working directory to the location where you want the cloned directory.
- Type
git clone
and paste the copied URL. - Press Enter to create your local clone.
- Change the working directory to the cloned directory.
- Open a terminal and run:
node server.js
. To open a terminal in Codespaces, click Terminal in the top left menu and then New Terminal. - If you're inside a Codespace, you will notice a prompt appearing on the bottom right corner. Click Open in browser. If you're running the challenge locally, open a web browser and navigate to
http://localhost:3000/
. - Spot the security issue by reviewing the code in
script.js
,server.js
,index.html
andstyles.css
. - If you enjoy this challenge, we have 10 more challenges for you in the Secure Code Game!
- Answer 3 simple questions about this challenge and win GitHub Shop vouchers!
- The competition will run in a first-come, first-served basis where winners will be the first to submit the correct answers.
- We will inform the winners via email and we will publish our model solutions as a GitHub Discussion in this repository after the challenge ends.
- Enjoying this callenge? We have 10 more for you in the Secure Code Game!
Ask in the Discussions tab of this repository or email us at [email protected]