diff --git a/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj b/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
index a6cfd21..5a11a62 100644
--- a/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
+++ b/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
@@ -22,6 +22,7 @@
+
diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs
new file mode 100644
index 0000000..6ec3c7a
--- /dev/null
+++ b/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs
@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Mvc;
+using MySql.Data.MySqlClient;
+using SerilogTimings;
+using System.Data;
+
+namespace AmIVulnerable.Controllers {
+
+ [Route("api/[controller]")]
+ [ApiController]
+ public class MySqlConnectionController : ControllerBase {
+
+ private readonly IConfiguration Configuration;
+
+ public MySqlConnectionController(IConfiguration configuration) {
+ Configuration = configuration;
+ }
+
+ [HttpGet, Route("checkReachable")]
+ public IActionResult PingWithDb() {
+ using (Operation.Time("TaskDuration")) {
+ try {
+ MySqlConnection c = new MySqlConnection(Configuration["ConnectionStrings:cvedb"]);
+
+ MySqlCommand cmd = new MySqlCommand("SELECT * FROM cve", c);
+
+ c.Open();
+ MySqlDataReader reader = cmd.ExecuteReader();
+ DataTable dataTable = new DataTable();
+ dataTable.Load(reader);
+ reader.Close();
+ c.Close();
+
+ string r = "";
+ foreach (DataRow row in dataTable.Rows) {
+ foreach (object? item in row.ItemArray) {
+ r += item;
+ }
+ }
+
+ return Ok(r);
+ }
+ catch (Exception ex) {
+ return BadRequest(ex.ToString());
+ }
+ }
+ }
+ }
+}
diff --git a/code/AmIVulnerable/AmIVulnerable/Program.cs b/code/AmIVulnerable/AmIVulnerable/Program.cs
index 5e8deb8..cdba890 100644
--- a/code/AmIVulnerable/AmIVulnerable/Program.cs
+++ b/code/AmIVulnerable/AmIVulnerable/Program.cs
@@ -17,11 +17,11 @@ public static void Main (string[] args) {
WebApplication app = builder.Build();
- // Configure the HTTP request pipeline.
- if (app.Environment.IsDevelopment()) {
+ //// Configure the HTTP request pipeline.
+ //if (app.Environment.IsDevelopment()) {
app.UseSwagger();
app.UseSwaggerUI();
- }
+ //}
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
@@ -33,11 +33,13 @@ public static void Main (string[] args) {
)
.CreateLogger();
+ // Allow CORS
+ app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin());
+
app.UseHttpsRedirection();
app.UseAuthorization();
-
app.MapControllers();
app.Run();
diff --git a/code/AmIVulnerable/AmIVulnerable/appsettings.json b/code/AmIVulnerable/AmIVulnerable/appsettings.json
index 10f68b8..042a5d9 100644
--- a/code/AmIVulnerable/AmIVulnerable/appsettings.json
+++ b/code/AmIVulnerable/AmIVulnerable/appsettings.json
@@ -5,5 +5,8 @@
"Microsoft.AspNetCore": "Warning"
}
},
- "AllowedHosts": "*"
+ "AllowedHosts": "*",
+ "ConnectionStrings": {
+ "essenskasse": "Server=amivulnerable_db;Port=3306;Uid=u;Pwd=p;Database=cve;SslMode=None;"
+ }
}
diff --git a/code/AmIVulnerable/docker-compose.yml b/code/AmIVulnerable/docker-compose.yml
index 8f60245..e9fccdd 100644
--- a/code/AmIVulnerable/docker-compose.yml
+++ b/code/AmIVulnerable/docker-compose.yml
@@ -1,27 +1,37 @@
version: '3.4'
-# networks:
-# amivulnerable:
-
-# services:
-# amivulnerable:
-# networks:
-# - amivulnerable
-# container_name: api
-# image: amivulnerable:latest
-# build:
-# context: .
-# dockerfile: AmIVulnerable/Dockerfile
-# ports:
-# - "8080:80"
-# - "8443:443"
-
services:
+ amivulnerable_db:
+ container_name: MySqlDbAmIVulnerable
+ image: mysql:8.0.2
+ environment:
+ - MYSQL_ROOT_PASSWORD=cvecve
+ - MYSQL_DATABASE=cve
+ - MYSQL_USER=u
+ - MYSQL_PASSWORD=p
+ - MYSQL_ALLOW_EMPTY_PASSWORD=1
+ volumes:
+ - db_volume:/var/lib/mysql
+ - ./sql/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
+ restart: on-failure
+ healthcheck:
+ test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+ timeout: 20s
+ retries: 10
+ ports:
+ - 3306:3306
+ command: --default-authentication-plugin=mysql_native_password
+
amivulnerable:
- container_name: api
+ container_name: ApiAmIVulnerable
build:
context: .
dockerfile: AmIVulnerable/Dockerfile
ports:
- 8080:80
- 8443:443
+ depends_on:
+ - amivulnerable_db
+
+volumes:
+ db_volume:
diff --git a/code/AmIVulnerable/sql/init.sql b/code/AmIVulnerable/sql/init.sql
new file mode 100644
index 0000000..26baea1
--- /dev/null
+++ b/code/AmIVulnerable/sql/init.sql
@@ -0,0 +1,21 @@
+CREATE TABLE cve.cve (
+ cve_number VARCHAR(15) PRIMARY KEY NOT NULL,
+ designation VARCHAR(100) NOT NULL,
+ version_affected TEXT NOT NULL
+);
+
+INSERT INTO cve (cve_number, designation, version_affected)
+VALUES ('CVE-2016-582384','dummy 1','< 1.0.3'),
+ ('CVE-2019-482384','dummy 5a','< 3.0.3'),
+ ('CVE-2019-182384','dummy 21a','< 2.4.3'),
+ ('CVE-2019-284384','dummy 5a','< 1.5.3'),
+ ('CVE-2019-588384','dummy 31a','< 2.0.3'),
+ ('CVE-2019-587384','dummy r23v','< 6.0.3'),
+ ('CVE-2019-582984','dummy v123','< 1.4.3'),
+ ('CVE-2019-582784','dummy 5a','< 1.4.6'),
+ ('CVE-2019-582344','dummy 5v123','< 1.1.12'),
+ ('CVE-2019-582383','dummy v123a','< 2.1.3'),
+ ('CVE-2019-582387','dummy 5v14 143a','< 7.8.3'),
+ ('CVE-2018-312397','dummy 2','> 1.5.6');
+
+CREATE INDEX idx_designation ON cve (designation);