Skip to content

arvion-ai/test-vulnerable-python2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
app
app
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Vulnerable Python 2 Test Project

This is a test project designed to help test tools that identify vulnerable dependencies in Python 2 projects.

⚠️ WARNING ⚠️

This project intentionally contains known vulnerable dependencies and should NEVER be used in production environments. It is designed solely for testing vulnerability scanning tools.

Purpose

This project is created specifically to:

  • Test vulnerability scanning tools for Python 2 projects
  • Demonstrate Python 2-specific code patterns and dependencies
  • Provide a realistic test case with actual vulnerable packages

Known Vulnerabilities

This project intentionally includes the following vulnerable packages:

Package Version Known Vulnerabilities
requests 2.5.3 CVE-2018-18074 (SSL verification bypass)
PyYAML 3.12 CVE-2017-18342 (Arbitrary code execution)
Flask 0.12.2 CVE-2018-1000656, CVE-2019-1010083
Jinja2 2.8 CVE-2016-10745 (Sandbox escape)
SQLAlchemy 1.0.0 SQL injection vulnerabilities
urllib3 1.20 CRLF injection vulnerabilities
Werkzeug 0.11 CVE-2019-14806 (Directory traversal)

Python 2 Specific Features

The codebase demonstrates Python 2-only features including:

  • print statements (not functions)
  • unicode and str types
  • xrange() function
  • .has_key() dictionary method
  • raw_input() function
  • Integer division behavior (5/2 = 2)
  • Exception handling with comma syntax
  • Backticks for repr
  • execfile() function
  • long type with L suffix

Setup

Note: Python 2.7 is required and Python 3 will not work with this project.

# Install Python 2.7 if not already installed
# On Ubuntu/Debian:
sudo apt-get install python2.7

# Install pip for Python 2
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
python2 get-pip.py

# Install dependencies
pip2 install -r requirements.txt

Running Tests

# Run all tests
python2 -m unittest discover tests

# Run with coverage
pip2 install coverage
coverage run -m unittest discover tests
coverage report -m

GitHub Actions

The project includes a GitHub Actions workflow that:

  • Runs on Python 2.7
  • Executes all unit tests
  • Reports test coverage
  • Lists installed packages for vulnerability scanning

Security Notice

This project is for testing purposes only. Do not use any of the code or dependencies in production environments. All vulnerabilities are intentional and serve as test cases for security scanning tools.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages