search api route

some signal handling for docker

Author: kberg

.dockerignore

@@ -0,0 +1 @@
+node_modules

Dockerfile

@@ -0,0 +1,9 @@
+FROM node:12.8-stretch
+
+WORKDIR /app
+COPY . .
+RUN npm install --production
+ENV DEBUG=myapp:*
+EXPOSE 3000
+CMD ["node", "/app/bin/www"]
+#CMD ["npm", "run", "start"]

README.md

@@ -0,0 +1,30 @@
+# Node Express Vulny
+
+Hi I'm Vulny a modern web stack using the latest in Node/Express framework technology.
+I'm both sophisticated and naive all while using a best in class in web framework.
+
+You should probably scan me with a web app vulnerability scanner.
+
+### NPM
+```shell script
+npm install
+```
+
+### Run
+```shell script
+DEBUG=myapp:* npm start
+```
+
+### Build
+```shell script
+docker build -t stackhawk/nodeexpressvulny .
+```
+
+### Run docker
+```shell script
+docker run --rm -p 9000:9000 --name nodeexpressvulny stackhawk/nodeexpressvulny
+```
+
+### Do bad stuff
+* SQL Injection via search box. - `a%'; insert into items values (default, 'hacker item name','bad bad description'); select * from ITEMS where name like  '%banan`
+* Cross Site Scripting via search box. - `<script>alert('hey guy');</script>`

app.js

@@ -6,6 +6,7 @@ var logger = require('morgan');
 
 var indexRouter = require('./routes/index');
 var searchRouter = require('./routes/search');
+var apiRouter = require('./routes/api');
 
 var app = express();
 
@@ -21,6 +22,7 @@ app.use(express.static(path.join(__dirname, 'public')));
 
 app.use('/', indexRouter);
 app.use('/search', searchRouter);
+app.use('/api', apiRouter);
 
 // catch 404 and forward to error handler
 app.use(function(req, res, next) {

bin/www

@@ -88,3 +88,27 @@ function onListening() {
     : 'port ' + addr.port;
   debug('Listening on ' + bind);
 }
+
+// Borrowed from https://medium.com/@becintec/building-graceful-node-applications-in-docker-4d2cd4d5d392
+// The signals we want to handle
+// NOTE: although it is tempting, the SIGKILL signal (9) cannot be intercepted and handled
+var signals = {
+  'SIGHUP': 1,
+  'SIGINT': 2,
+  'SIGTERM': 15
+};
+// Do any necessary shutdown logic for our application here
+const shutdown = (signal, value) => {
+  console.log("shutdown!");
+  server.close(() => {
+    console.log(`server stopped by ${signal} with value ${value}`);
+    process.exit(128 + value);
+  });
+};
+// Create a listener for each of the signals that we want to handle
+Object.keys(signals).forEach((signal) => {
+  process.on(signal, () => {
+    console.log(`process received a ${signal} signal`);
+    shutdown(signal, signals[signal]);
+  });
+});

package-lock.json

@@ -9,6 +9,7 @@
     "cookie-parser": "~1.4.4",
     "debug": "~2.6.9",
     "express": "~4.16.1",
+    "express-list-endpoints": "^4.0.1",
     "http-errors": "~1.6.3",
     "morgan": "~1.9.1",
     "pug": "2.0.0-beta11",

package.json

@@ -0,0 +1,21 @@
+const express = require('express');
+const router = express.Router();
+const searchService = require('../service/search');
+
+router.get('/search', function (req, res, next) {
+
+  const searchText = req.query.searchText !== undefined ? req.query.searchText : '';
+  console.log(req.query);
+  console.log('search text: ' + searchText);
+  searchService.searchByName(searchText, function (err, ret) {
+    if (err) {
+      res.json(err);
+    } else {
+      delete ret.searchText;
+      res.json(ret);
+    }
+  });
+
+});
+
+module.exports = router;

routes/api.js

@@ -1,7 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const sqlite3 = require('sqlite3').verbose();
-const db = new sqlite3.Database('./db/vulny.db');
+const searchService = require('../service/search');
 
 /* GET search listing. */
 router.get('/', function (req, res, next) {
@@ -10,21 +9,14 @@ router.get('/', function (req, res, next) {
 
 router.post('/', function (req, res, next) {
   const searchText = req.body.searchText;
-  db.all("select id,name,description from item where name like '%" + searchText + "%'", [], function (err, rows) {
+
+  searchService.searchByName(searchText, function (err, ret) {
     if (err) {
-      console.log('error ' + err);
       res.redirect('/search')
     } else {
-      console.log(req.body);
-      console.log('rows? ' + rows);
-      console.log('got ' + rows.length + ' rows');
-      const ret = {
-        searchText: searchText,
-        rows: rows
-      };
       res.render('searchResult', ret)
     }
-  })
+  });
 });
 
 module.exports = router;

routes/search.js

@@ -0,0 +1,29 @@
+const sqlite3 = require('sqlite3').verbose();
+const db = new sqlite3.Database('./db/vulny.db');
+
+const searchByName = function (searchText, cb) {
+
+  db.all("select id,name,description from item where name like '%" + searchText + "%'", [], function (err, rows) {
+  //db.all("select id,name,description from item where name like '%?%'", [searchText], function (err, rows) {
+    if (err) {
+      console.log('error ' + err);
+      cb(err);
+      //res.redirect('/search')
+    } else {
+      //console.log(req.body);
+      console.log('rows? ' + rows);
+      console.log('got ' + rows.length + ' rows');
+      const ret = {
+        searchText: searchText,
+        rows: rows
+      };
+      cb(null, ret);
+      //res.render('searchResult', ret)
+    }
+  });
+
+};
+
+module.exports = {
+  searchByName: searchByName
+};

service/search.js

@@ -0,0 +1,7 @@
+app:
+  host: ${APP_HOST:http://localhost:3000}
+  scanType: ${SCAN_TYPE:api-scan}
+  scanLevelConf: ${SCAN_LEVEL_CONF:}
+  basePath: /api
+  routes:
+    - path: GET /search?searchText=string