From 1b9cab26e2e9c4316b006fb29eb64e52dc5b0412 Mon Sep 17 00:00:00 2001
From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com>
Date: Wed, 13 Mar 2024 19:28:32 +0100
Subject: [PATCH 1/2] MySql support added + init script as example

---
 code/AmIVulnerable/docker-compose.yml | 44 ++++++++++++++++-----------
 code/AmIVulnerable/sql/init.sql       | 21 +++++++++++++
 2 files changed, 48 insertions(+), 17 deletions(-)
 create mode 100644 code/AmIVulnerable/sql/init.sql

diff --git a/code/AmIVulnerable/docker-compose.yml b/code/AmIVulnerable/docker-compose.yml
index 8f60245..e9fccdd 100644
--- a/code/AmIVulnerable/docker-compose.yml
+++ b/code/AmIVulnerable/docker-compose.yml
@@ -1,27 +1,37 @@
 version: '3.4'
 
-# networks:
-#   amivulnerable:
-
-# services:
-#   amivulnerable:
-#     networks:
-#       - amivulnerable
-#     container_name: api
-#     image: amivulnerable:latest
-#     build:
-#       context: .
-#       dockerfile: AmIVulnerable/Dockerfile
-#     ports:
-#       - "8080:80"
-#       - "8443:443"
-
 services:
+  amivulnerable_db:
+    container_name: MySqlDbAmIVulnerable
+    image: mysql:8.0.2
+    environment:
+      - MYSQL_ROOT_PASSWORD=cvecve
+      - MYSQL_DATABASE=cve
+      - MYSQL_USER=u
+      - MYSQL_PASSWORD=p
+      - MYSQL_ALLOW_EMPTY_PASSWORD=1
+    volumes:
+      - db_volume:/var/lib/mysql
+      - ./sql/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
+    restart: on-failure
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+      timeout: 20s
+      retries: 10
+    ports:
+      - 3306:3306
+    command: --default-authentication-plugin=mysql_native_password
+
   amivulnerable:
-    container_name: api
+    container_name: ApiAmIVulnerable
     build:
       context: .
       dockerfile: AmIVulnerable/Dockerfile
     ports:
       - 8080:80
       - 8443:443
+    depends_on:
+      - amivulnerable_db
+
+volumes:
+  db_volume:
diff --git a/code/AmIVulnerable/sql/init.sql b/code/AmIVulnerable/sql/init.sql
new file mode 100644
index 0000000..26baea1
--- /dev/null
+++ b/code/AmIVulnerable/sql/init.sql
@@ -0,0 +1,21 @@
+CREATE TABLE cve.cve (
+    cve_number VARCHAR(15) PRIMARY KEY NOT NULL,
+    designation VARCHAR(100) NOT NULL,
+    version_affected TEXT NOT NULL
+);
+
+INSERT INTO cve (cve_number, designation, version_affected)
+VALUES  ('CVE-2016-582384','dummy 1','< 1.0.3'),
+        ('CVE-2019-482384','dummy 5a','< 3.0.3'),
+        ('CVE-2019-182384','dummy 21a','< 2.4.3'),
+        ('CVE-2019-284384','dummy 5a','< 1.5.3'),
+        ('CVE-2019-588384','dummy 31a','< 2.0.3'),
+        ('CVE-2019-587384','dummy r23v','< 6.0.3'),
+        ('CVE-2019-582984','dummy v123','< 1.4.3'),
+        ('CVE-2019-582784','dummy 5a','< 1.4.6'),
+        ('CVE-2019-582344','dummy 5v123','< 1.1.12'),
+        ('CVE-2019-582383','dummy v123a','< 2.1.3'),
+        ('CVE-2019-582387','dummy 5v14 143a','< 7.8.3'),
+        ('CVE-2018-312397','dummy 2','> 1.5.6');
+
+CREATE INDEX idx_designation ON cve (designation);

From 37cb832fa16bda1cf42b8bcecc821c224db7abf2 Mon Sep 17 00:00:00 2001
From: Kretchen001 <83697846+Kretchen001@users.noreply.github.com>
Date: Wed, 13 Mar 2024 19:41:39 +0100
Subject: [PATCH 2/2] Demo Controller for MySql Connection to intern db

https://localhost:8443/api/MySqlConnection/checkReachable
Link for check the reachable
---
 .../AmIVulnerable/AmIVulnerable.csproj        |  1 +
 .../Controllers/MySqlConnectionController.cs  | 48 +++++++++++++++++++
 code/AmIVulnerable/AmIVulnerable/Program.cs   | 10 ++--
 .../AmIVulnerable/appsettings.json            |  5 +-
 4 files changed, 59 insertions(+), 5 deletions(-)
 create mode 100644 code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs

diff --git a/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj b/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
index a6cfd21..5a11a62 100644
--- a/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
+++ b/code/AmIVulnerable/AmIVulnerable/AmIVulnerable.csproj
@@ -22,6 +22,7 @@
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.0" />
     <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.0" />
+    <PackageReference Include="MySql.Data" Version="8.3.0" />
     <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
     <PackageReference Include="SerilogTimings" Version="3.0.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs
new file mode 100644
index 0000000..6ec3c7a
--- /dev/null
+++ b/code/AmIVulnerable/AmIVulnerable/Controllers/MySqlConnectionController.cs
@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Mvc;
+using MySql.Data.MySqlClient;
+using SerilogTimings;
+using System.Data;
+
+namespace AmIVulnerable.Controllers {
+
+    [Route("api/[controller]")]
+    [ApiController]
+    public class MySqlConnectionController : ControllerBase {
+
+        private readonly IConfiguration Configuration;
+
+        public MySqlConnectionController(IConfiguration configuration) {
+            Configuration = configuration;
+        }
+
+        [HttpGet, Route("checkReachable")]
+        public IActionResult PingWithDb() {
+            using (Operation.Time("TaskDuration")) {
+                try {
+                    MySqlConnection c = new MySqlConnection(Configuration["ConnectionStrings:cvedb"]);
+
+                    MySqlCommand cmd = new MySqlCommand("SELECT * FROM cve", c);
+
+                    c.Open();
+                    MySqlDataReader reader = cmd.ExecuteReader();
+                    DataTable dataTable = new DataTable();
+                    dataTable.Load(reader);
+                    reader.Close();
+                    c.Close();
+
+                    string r = "";
+                    foreach (DataRow row in dataTable.Rows) {
+                        foreach (object? item in row.ItemArray) {
+                            r += item;
+                        }
+                    }
+
+                    return Ok(r);
+                }
+                catch (Exception ex) {
+                    return BadRequest(ex.ToString());
+                }
+            }
+        }
+    }
+}
diff --git a/code/AmIVulnerable/AmIVulnerable/Program.cs b/code/AmIVulnerable/AmIVulnerable/Program.cs
index 5e8deb8..cdba890 100644
--- a/code/AmIVulnerable/AmIVulnerable/Program.cs
+++ b/code/AmIVulnerable/AmIVulnerable/Program.cs
@@ -17,11 +17,11 @@ public static void Main (string[] args) {
 
             WebApplication app = builder.Build();
 
-            // Configure the HTTP request pipeline.
-            if (app.Environment.IsDevelopment()) {
+            //// Configure the HTTP request pipeline.
+            //if (app.Environment.IsDevelopment()) {
                 app.UseSwagger();
                 app.UseSwaggerUI();
-            }
+            //}
 
             Log.Logger = new LoggerConfiguration()
                 .MinimumLevel.Debug()
@@ -33,11 +33,13 @@ public static void Main (string[] args) {
                     )
                 .CreateLogger();
 
+            // Allow CORS
+            app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin());
+
             app.UseHttpsRedirection();
 
             app.UseAuthorization();
 
-
             app.MapControllers();
 
             app.Run();
diff --git a/code/AmIVulnerable/AmIVulnerable/appsettings.json b/code/AmIVulnerable/AmIVulnerable/appsettings.json
index 10f68b8..042a5d9 100644
--- a/code/AmIVulnerable/AmIVulnerable/appsettings.json
+++ b/code/AmIVulnerable/AmIVulnerable/appsettings.json
@@ -5,5 +5,8 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "essenskasse": "Server=amivulnerable_db;Port=3306;Uid=u;Pwd=p;Database=cve;SslMode=None;"
+  }
 }