Skip to content

jclayton40/bad-python-app

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
.circleci
.circleci
 
 
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
data/payloads
data/payloads
 
 
static
static
 
 
templates
templates
 
 
vulns
vulns
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_debug.py
_debug.py
 
 
api_keys.py
api_keys.py
 
 
app.py
app.py
 
 
db_helper.py
db_helper.py
 
 
db_models.py
db_models.py
 
 
middlewares.py
middlewares.py
 
 
prod.py
prod.py
 
 
requirements.txt
requirements.txt
 
 
run.prod.sh
run.prod.sh
 
 
run.sh
run.sh
 
 
setup.sh
setup.sh
 
 
util.py
util.py
 
 
vuln-1.py
vuln-1.py
 
 
vuln-main-10.java
vuln-main-10.java
 
 
vuln-main-2.java
vuln-main-2.java
 
 
vuln-main-3.java
vuln-main-3.java
 
 
vuln-main-4.java
vuln-main-4.java
 
 
vuln-main-7.java
vuln-main-7.java
 
 
vuln-main-9.java
vuln-main-9.java
 
 
vuln-main.java
vuln-main.java
 
 

Repository files navigation

Setup

Requisites

Running

Run in Docker

# building
docker build -t vuln-flask-web-app .

# running
docker run -it -p 5000:5000 --rm --name vuln-flask-web-app vuln-flask-web-app

Run Local

python3 -m venv venv
source venv/bin/activate
sh setup.sh
sh run.sh

Options

Restricting Access (optional)

By default, the api key is set to None and any request will be allowed.

If you want to restrict the access to the app, just set the environment variable named VULN_FLASK_APP_API_KEY with your secret:

export VULN_FLASK_APP_API_KEY=myapisecret

Now, every request should include a cookie named api_key with the value of the VULN_FLASK_APP_API_KEY environment variable.

GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Host: localhost:5000
...

Cookie: api_key=myapisecret

...

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Python 38.4%
  • HTML 30.5%
  • Java 28.3%
  • JavaScript 1.7%
  • Other 1.1%