Skip to content

docs: add lab5 SAST and DAST submission #883

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
InnoNodo wants to merge 1 commit into from
Closed

docs: add lab5 SAST and DAST submission #883

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions labs/lab5/analysis/correlation.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
SAST/DAST Correlation Report
Semgrep findings: 8
ZAP noauth alert rules: 13
ZAP auth alert rules: 11
Nuclei matches: 1
Nikto items: 84
SQLmap confirmed injection points: 2
Key correlation: Semgrep SQL injection in routes/search.ts was confirmed by SQLmap against /rest/products/search.
3 changes: 3 additions & 0 deletions labs/lab5/analysis/sast-analysis.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
SAST Analysis Report
Semgrep findings: 8
Critical patterns: SQL injection, eval, MD5, open redirect
85 changes: 85 additions & 0 deletions labs/lab5/nikto/nikto-results.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
- Nikto v2.5.0/
+ Target Host: localhost
+ Target Port: 3000
+ GET /: Retrieved access-control-allow-origin header: *.
+ GET /:X-Frame-Options header is deprecated and was replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options:
+ GET /: Uncommon header(s) 'x-recruiting' found, with contents: /#/jobs.
+ GET /robots.txt: Entry '/ftp/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file:
+ GET /robots.txt: contains 1 entry which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt:
+ HEAD /archive.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /localhost.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /database.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /backup.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /127.0.0.1.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /archive.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /dump.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ HEAD /site.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html:
+ GET /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security:
+ GET /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy:
+ GET /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy:
+ GET /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP:
+ GET /ftp/: This might be interesting.
+ GET /public/: This might be interesting.
+ GET /.htpasswd: Contains authorization information.
1 change: 1 addition & 0 deletions labs/lab5/nuclei/nuclei-results.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"template":"http/exposures/apis/swagger-api.yaml","template-url":"https://cloud.projectdiscovery.io/public/swagger-api","template-id":"swagger-api","template-path":"/root/nuclei-templates/http/exposures/apis/swagger-api.yaml","info":{"name":"Public Swagger API - Detect","author":["pdteam","c-sh0","amirhossein raeisi","eduardo quintanilha"],"tags":["exposure","api","swagger","discovery"],"description":"Public Swagger API was detected.\n","reference":["https://swagger.io/"],"severity":"info","metadata":{"verified":true,"max-request":59,"shodan-query":"http.title:\"swagger\""},"classification":{"cve-id":null,"cwe-id":["cwe-200"],"cvss-metrics":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"}},"type":"http","host":"localhost","port":"3000","scheme":"http","url":"http://localhost:3000","matched-at":"http://localhost:3000/api-docs/swagger.yaml","request":"GET /api-docs/swagger.yaml HTTP/1.1\r\nHost: localhost:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0\r\nAccept: text/html, application/json\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 13 Apr 2026 08:52:15 GMT\r\nEtag: W/\"c22-H8FH9nKD8DeX/nvIRrte6ZjP2a4\"\r\nFeature-Policy: payment 'self'\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Recruiting: /#/jobs\r\n\r\n\n\u003c!-- HTML for static distribution bundle build --\u003e\n\u003c!DOCTYPE html\u003e\n\u003chtml lang=\"en\"\u003e\n\u003chead\u003e\n \u003cmeta charset=\"UTF-8\"\u003e\n \n \u003ctitle\u003eSwagger UI\u003c/title\u003e\n \u003clink rel=\"stylesheet\" type=\"text/css\" href=\"./swagger-ui.css\" \u003e\n \u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-32x32.png\" sizes=\"32x32\" /\u003e\u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-16x16.png\" sizes=\"16x16\" /\u003e\n \u003cstyle\u003e\n html\n {\n box-sizing: border-box;\n overflow: -moz-scrollbars-vertical;\n overflow-y: scroll;\n }\n *,\n *:before,\n *:after\n {\n box-sizing: inherit;\n }\n\n body {\n margin:0;\n background: #fafafa;\n }\n \u003c/style\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" style=\"position:absolute;width:0;height:0\"\u003e\n \u003cdefs\u003e\n \u003csymbol viewBox=\"0 0 20 20\" id=\"unlocked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z\"\u003e\u003c/path\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"locked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"close\"\u003e\n \u003cpath d=\"M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow\"\u003e\n \u003cpath d=\"M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow-down\"\u003e\n \u003cpath d=\"M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z\"/\u003e\n \u003c/symbol\u003e\n\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"jump-to\"\u003e\n \u003cpath d=\"M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"expand\"\u003e\n \u003cpath d=\"M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z\"/\u003e\n \u003c/symbol\u003e\n\n \u003c/defs\u003e\n\u003c/svg\u003e\n\n\u003cdiv id=\"swagger-ui\"\u003e\u003c/div\u003e\n\n\u003cscript src=\"./swagger-ui-bundle.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-standalone-preset.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-init.js\"\u003e \u003c/script\u003e\n\n\n\n\u003cstyle\u003e\n .swagger-ui .topbar .download-url-wrapper { display: none } undefined\n\u003c/style\u003e\n\u003c/body\u003e\n\n\u003c/html\u003e\n","meta":{"paths":"/api-docs/swagger.yaml"},"ip":"127.0.0.1","timestamp":"2026-04-13T08:52:15.140536908Z","curl-command":"curl -X 'GET' -d '' -H 'Accept: text/html, application/json' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0' 'http://localhost:3000/api-docs/swagger.yaml'","matcher-status":true}
44 changes: 44 additions & 0 deletions labs/lab5/semgrep/custom-rules.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
rules:
- id: juice-shop-md5-hash
languages: [typescript, javascript]
severity: WARNING
message: Insecure MD5 hashing detected.
metadata:
category: security
cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
confidence: MEDIUM
pattern: crypto.createHash('md5')

- id: juice-shop-sql-string-interpolation
languages: [typescript, javascript]
severity: ERROR
message: Raw SQL query built from string interpolation can enable SQL injection.
metadata:
category: security
cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command"
confidence: HIGH
patterns:
- pattern: $DB.query(`...${...}...`)
- metavariable-regex:
metavariable: $DB
regex: .*(sequelize|Sequelize).*

- id: juice-shop-eval
languages: [typescript, javascript]
severity: ERROR
message: Use of eval on dynamic input is dangerous.
metadata:
category: security
cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code"
confidence: HIGH
pattern: eval(...)

- id: juice-shop-open-redirect
languages: [typescript, javascript]
severity: WARNING
message: Redirecting to a user-controlled URL can enable open redirect attacks.
metadata:
category: security
cwe: "CWE-601: URL Redirection to Untrusted Site"
confidence: MEDIUM
pattern: res.redirect($URL)
Loading