implement tests

testdata/xray/jas-test/sast/flask_webgoat/__init__.py

@@ -0,0 +1,51 @@
+import os
+import sqlite3
+from pathlib import Path
+
+from flask import Flask, g
+
+DB_FILENAME = "database.db"
+
+
+def query_db(query, args=(), one=False, commit=False):
+    with sqlite3.connect(DB_FILENAME) as conn:
+        # vulnerability: Sensitive Data Exposure
+        conn.set_trace_callback(print)
+        cur = conn.cursor().execute(query, args)
+        if commit:
+            conn.commit()
+        return cur.fetchone() if one else cur.fetchall()
+
+
+def create_app():
+    app = Flask(__name__)
+    app.secret_key = "aeZ1iwoh2ree2mo0Eereireong4baitixaixu5Ee"
+
+    db_path = Path(DB_FILENAME)
+    if db_path.exists():
+        db_path.unlink()
+
+    conn = sqlite3.connect(DB_FILENAME)
+    create_table_query = """CREATE TABLE IF NOT EXISTS user
+    (id INTEGER PRIMARY KEY, username TEXT, password TEXT, access_level INTEGER)"""
+    conn.execute(create_table_query)
+
+    insert_admin_query = """INSERT INTO user (id, username, password, access_level)
+    VALUES (1, 'admin', 'admin', 0)"""
+    conn.execute(insert_admin_query)
+    conn.commit()
+    conn.close()
+
+    with app.app_context():
+        from . import actions
+        from . import auth
+        from . import status
+        from . import ui
+        from . import users
+
+        app.register_blueprint(actions.bp)
+        app.register_blueprint(auth.bp)
+        app.register_blueprint(status.bp)
+        app.register_blueprint(ui.bp)
+        app.register_blueprint(users.bp)
+        return app

testdata/xray/jas-test/sast/flask_webgoat/ui.py

@@ -0,0 +1,25 @@
+import sqlite3
+
+from flask import Blueprint, request, render_template
+from . import query_db
+
+bp = Blueprint("ui", __name__)
+
+
+@bp.route("/search")
+def search():
+    query_param = request.args.get("query")
+    if query_param is None:
+        message = "please provide the query parameter"
+        return render_template("error.html", message=message)
+
+    try:
+        query = "SELECT username, access_level FROM user WHERE username LIKE ?;"
+        results = query_db(query, (query_param,))
+        # vulnerability: XSS
+        return render_template(
+            "search.html", results=results, num_results=len(results), query=query_param
+        )
+    except sqlite3.Error as err:
+        message = "Error while executing query " + query_param + ": " + err
+        return render_template("error.html", message=message)