Skip to content

Files

Latest commit

snyk-botsnyk-bot
fix: requirements.txt to reduce vulnerabilities
Aug 8, 2024
e5d17fa · Aug 8, 2024

History

History
Cannot retrieve ahead/behind information for this branch.

Folders and files

NameName
Last commit message
Last commit date
.circleci
.circleci
Jun 19, 2020
polls
polls
Apr 29, 2020
scripts
scripts
Jul 1, 2020
static
static
Jun 9, 2020
templates/admin
templates/admin
Apr 29, 2020
vuln_django
vuln_django
Jun 29, 2020
.dockerignore
.dockerignore
Jun 24, 2020
.gitignore
.gitignore
Jun 26, 2020
.gitlab-ci.yml
.gitlab-ci.yml
Apr 30, 2020
.travis.yml
.travis.yml
Nov 18, 2020
BASE.gitlab-ci.yml
BASE.gitlab-ci.yml
Apr 29, 2020
Dockerfile
Dockerfile
Jul 1, 2020
HAWKSCAN_LOCAL.gitlab-ci.yml
HAWKSCAN_LOCAL.gitlab-ci.yml
Apr 30, 2020
HAWKSCAN_REMOTE.gitlab-ci.yml
HAWKSCAN_REMOTE.gitlab-ci.yml
Apr 30, 2020
LOCAL.gitlab-ci.yml
LOCAL.gitlab-ci.yml
Apr 30, 2020
Procfile
Procfile
Apr 29, 2020
README.md
README.md
Nov 18, 2020
REMOTE.gitlab-ci.yml
REMOTE.gitlab-ci.yml
Apr 30, 2020
docker-compose.yml
docker-compose.yml
Jun 27, 2020
docker-micro-scan.yml
docker-micro-scan.yml
Jun 29, 2020
docker-micro.yml
docker-micro.yml
Jul 1, 2020
manage.py
manage.py
Apr 29, 2020
nginx.conf.micro
nginx.conf.micro
Jun 28, 2020
nginx.default
nginx.default
Jun 26, 2020
requirements.txt
requirements.txt
Aug 8, 2024
setup.py
setup.py
Apr 29, 2020
stackhawk-circleci.yml
stackhawk-circleci.yml
Jun 26, 2020
stackhawk-gitlab-heroku.yml
stackhawk-gitlab-heroku.yml
Apr 30, 2020
stackhawk-gitlab.yml
stackhawk-gitlab.yml
Mar 17, 2020
stackhawk-travis.yml
stackhawk-travis.yml
Jun 29, 2020
stackhawk.yml
stackhawk.yml
Aug 3, 2023
start-server.sh
start-server.sh
Jun 25, 2020

README.md

Vulnerable Polls

Polls is a simple Django app to conduct Web-based polls. For each question, visitors can choose between a fixed number of answers.

Based on the Django Polls tutorial, contains a few XSS/SQLi issues and turns off the built in protections to prevent that.

Build and run

Prerequisites

If you are building on a Mac, you will need to have MySQL and PostgreSQL installed to satisfy dependencies for the MySQL and Postgres client modules listed in requirements.txt.

brew install postgresql
brew install mysql

Using docker-compose

All-in-One vuln_django

The default Docker Compose configuration builds an all-in-one container, including vuln_django, an Nginx front-end, and SQLite.

Build and run in foreground:

docker-compose up --build

Run as a daemon:

docker-compose up -d

Build:

docker-compose build

Microservice vuln_django

The docker-micro-pg Docker Compose configuration builds a microservice version of vuln_django, with separate containers running an Nginx front-end, and PostgreSQL database.

Build, run, and run data migrations:

docker-compose -f docker-micro.yml build
docker-compose -f docker-micro.yml up --detach
./scripts/migrations.sh

To bring the microservice stack up with migrations, a Django admin user, and seed data, run:

./scripts/build-and-run.sh

To do that plus run HawkScan against it, run:

./scripts/build-and-scan.sh

Using Dockerfile

Build the docker image

docker build -t vuln_django .

Run the docker container

docker run -it -p 8020:8020 vuln_django:latest

Usage