From 42f9718899eac30a210d4829fa8313d0f970f704 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Sun, 6 Sep 2020 21:30:19 -0300
Subject: [PATCH 01/60] Update README.md
---
README.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/README.md b/README.md
index 5041d25..02ef92c 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,10 @@ A Simple and porpousely vulnerable django web-application for testing and learni
## Running
The recommended way is using docker using the following commands to build and run the container
+`yum install git -y`
+
+`git clone clone https://github.com/caf3ina/HeadPage.git`
+
`docker build --tag=headpage:latest .`
`docker run -d --rm -p 8000:8000 --name headpage headpage:latest`
From 4796977572efa4d1a91d4e0f1e870c57cd13b79e Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Sun, 6 Sep 2020 22:14:55 -0300
Subject: [PATCH 02/60] Update README.md
---
README.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/README.md b/README.md
index 02ef92c..04caf15 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,10 @@
A Simple and porpousely vulnerable django web-application for testing and learning
+Create a account in Cloud One https://cloudone.trendmicro.com/
+We will focus ins Application Security (RASP) to protect our application
+More information here: https://cloudone.trendmicro.com/docs/application-security/
+
From a9a8b58f7d27c1926428331626298eb32597162f Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Sun, 6 Sep 2020 22:15:27 -0300
Subject: [PATCH 03/60] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 04caf15..416a193 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,9 @@
A Simple and porpousely vulnerable django web-application for testing and learning
-Create a account in Cloud One https://cloudone.trendmicro.com/
-We will focus ins Application Security (RASP) to protect our application
-More information here: https://cloudone.trendmicro.com/docs/application-security/
+* Create a account in Cloud One https://cloudone.trendmicro.com/
+* We will focus ins Application Security (RASP) to protect our application
+* More information here: https://cloudone.trendmicro.com/docs/application-security/
From f756a7f99143cc9a3bbaf623076fa1d688cf12bd Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 7 Sep 2020 01:24:12 -0300
Subject: [PATCH 04/60] Update README.md
---
README.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/README.md b/README.md
index 416a193..9000201 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,8 @@ The recommended way is using docker using the following commands to build and ru
Otherwise, install the dependencies on `requirements.txt` and run the default django webserver and you'll be good to go.
+* Open the url http://ip-address:8000/social/
+
## Allowing connections other than localhost
Change the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
From 9d9e0b4d31848861db25e1a5a7f509ddf6e2195a Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 7 Sep 2020 01:25:10 -0300
Subject: [PATCH 05/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 9000201..be15271 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,6 @@ The recommended way is using docker using the following commands to build and ru
Otherwise, install the dependencies on `requirements.txt` and run the default django webserver and you'll be good to go.
-* Open the url http://ip-address:8000/social/
## Allowing connections other than localhost
@@ -41,6 +40,7 @@ Change the following line on `src/headpage/settings.py` to serve HeadPage on all
## The site is ugly as sin!
**Yes** - Also, I'm not a web developer
+* Open the url http://ip-address:8000/social/
## Main Vulnerabilities
From a7b07de49c415a27de9ed8709dad380915ab3487 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 7 Sep 2020 11:24:50 -0300
Subject: [PATCH 06/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index be15271..adfb732 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
A Simple and porpousely vulnerable django web-application for testing and learning
* Create a account in Cloud One https://cloudone.trendmicro.com/
-* We will focus ins Application Security (RASP) to protect our application
+* We will focus in Application Security (RASP) to protect our application
* More information here: https://cloudone.trendmicro.com/docs/application-security/
From 0b30fea31e5947c37eee18e890ab7176853e95e9 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 9 Sep 2020 16:59:08 -0300
Subject: [PATCH 07/60] Update README.md
---
README.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.md b/README.md
index adfb732..19a40fd 100644
--- a/README.md
+++ b/README.md
@@ -74,3 +74,6 @@ Change the following line on `src/headpage/settings.py` to serve HeadPage on all
* Some static files are returned after GET requests `127.0.0.1:8000/social/static/?file=privacy.txt` The `file` in the GET is not properly validated/sanitized
+
+### Console Events
+
From 2ac88602b425f32479ece14783f4afc0595a98d1 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 9 Sep 2020 17:04:45 -0300
Subject: [PATCH 08/60] Update README.md
---
README.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.md b/README.md
index 19a40fd..8cfddb4 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,9 @@ The recommended way is using docker using the following commands to build and ru
Otherwise, install the dependencies on `requirements.txt` and run the default django webserver and you'll be good to go.
+`create a file with name trend_app_protect.ini`
+
+* https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
## Allowing connections other than localhost
From 004dda360d8c075ad576131a13b4e4e436a17770 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 9 Sep 2020 17:27:43 -0300
Subject: [PATCH 09/60] Update README.md
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index 8cfddb4..3d1192c 100644
--- a/README.md
+++ b/README.md
@@ -80,3 +80,4 @@ Change the following line on `src/headpage/settings.py` to serve HeadPage on all
### Console Events
+
From 742b6782da5160aca0c32d98c8488a0aaf8ed25e Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 9 Sep 2020 17:29:42 -0300
Subject: [PATCH 10/60] Update README.md
---
README.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/README.md b/README.md
index 3d1192c..5f1514f 100644
--- a/README.md
+++ b/README.md
@@ -80,4 +80,7 @@ Change the following line on `src/headpage/settings.py` to serve HeadPage on all
### Console Events
+* Malicious Payload
+
+
From 063e9852cc5a2c2dfbab1804928371a67270d293 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 28 Oct 2020 15:36:29 -0300
Subject: [PATCH 11/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 5f1514f..7d798a8 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ The recommended way is using docker using the following commands to build and ru
`yum install git -y`
-`git clone clone https://github.com/caf3ina/HeadPage.git`
+`git clone https://github.com/caf3ina/HeadPage.git`
`docker build --tag=headpage:latest .`
From f6029ba9858710a6df1d9bd68278f9c2043081c5 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 28 Oct 2020 16:49:53 -0300
Subject: [PATCH 12/60] Update README.md
---
README.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 7d798a8..3bc7f98 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,8 @@ The recommended way is using docker using the following commands to build and ru
`git clone https://github.com/caf3ina/HeadPage.git`
+`cd /HeadPage`
+
`docker build --tag=headpage:latest .`
`docker run -d --rm -p 8000:8000 --name headpage headpage:latest`
@@ -33,10 +35,11 @@ Otherwise, install the dependencies on `requirements.txt` and run the default dj
## Allowing connections other than localhost
-Change the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
+Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
`ALLOWED_HOSTS = ['*']`
+Now, you must rerun the HeadPage.
## Why?
**Yes**
From 24f769d659498245b91306869c0b513bfe675e83 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 28 Oct 2020 23:35:06 -0300
Subject: [PATCH 13/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 3bc7f98..6e46103 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ The recommended way is using docker using the following commands to build and ru
`git clone https://github.com/caf3ina/HeadPage.git`
-`cd /HeadPage`
+`cd HeadPage/`
`docker build --tag=headpage:latest .`
From 12bfdb1c4bd0d8626aced67109dde3a600acc4fb Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:00:54 -0300
Subject: [PATCH 14/60] Update README.md
---
README.md | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
index 6e46103..64a052e 100644
--- a/README.md
+++ b/README.md
@@ -23,26 +23,18 @@ The recommended way is using docker using the following commands to build and ru
`cd HeadPage/`
-`docker build --tag=headpage:latest .`
-
-`docker run -d --rm -p 8000:8000 --name headpage headpage:latest`
+Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
-Otherwise, install the dependencies on `requirements.txt` and run the default django webserver and you'll be good to go.
+`ALLOWED_HOSTS = ['*']`
`create a file with name trend_app_protect.ini`
+The ideia here is install the App Protection agent
* https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
-## Allowing connections other than localhost
-
-Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
-
-`ALLOWED_HOSTS = ['*']`
-
-Now, you must rerun the HeadPage.
+`docker build --tag=headpage:latest .`
-## Why?
-**Yes**
+`docker run -d --rm -p 8000:8000 --name headpage headpage:latest`
## The site is ugly as sin!
**Yes** - Also, I'm not a web developer
@@ -59,9 +51,6 @@ Now, you must rerun the HeadPage.
* The user's first/last name or username are not sanitized and are displayed on their profile.
* E.g. username: ``
-### CSRF
-* To be Implemented (?)
-
### Open Redirect
* When clicking the link to the login/register page from a previous page, the previous Page URL is sent as a Parameter for a redirection back to the previous page after loging in/registering. The redirection URL is not validated.
* E.g. 127.0.0.1:8000/social/login/?redirect=evilsite.url
From d315bd7138c2fe28b5768bc2d754c1701e4d7057 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:03:09 -0300
Subject: [PATCH 15/60] Update README.md
---
README.md | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 64a052e..dcdd0d4 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,11 @@
A Simple and porpousely vulnerable django web-application for testing and learning
* Create a account in Cloud One https://cloudone.trendmicro.com/
+
* We will focus in Application Security (RASP) to protect our application
+
+* Trend Micro Cloud One - Application Security provides runtime protection for containerized applications and serverless functions. When Application Security is properly deployed, threats to your web applications will be detected and protected against, minimizing your risk. Determined attackers are continuously running scanners against your site, creating malicious user accounts, fuzzing various elements, triggering exceptions, and attempting to run exploitation tools
+
* More information here: https://cloudone.trendmicro.com/docs/application-security/
@@ -23,12 +27,12 @@ The recommended way is using docker using the following commands to build and ru
`cd HeadPage/`
-Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
+* Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
`ALLOWED_HOSTS = ['*']`
`create a file with name trend_app_protect.ini`
-The ideia here is install the App Protection agent
+* The ideia here is install the App Protection agent
* https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From 7eadda76b5181ea9aefbf0c04a75d1704ba99b5a Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:03:41 -0300
Subject: [PATCH 16/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index dcdd0d4..23548e2 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ A Simple and porpousely vulnerable django web-application for testing and learni
* We will focus in Application Security (RASP) to protect our application
-* Trend Micro Cloud One - Application Security provides runtime protection for containerized applications and serverless functions. When Application Security is properly deployed, threats to your web applications will be detected and protected against, minimizing your risk. Determined attackers are continuously running scanners against your site, creating malicious user accounts, fuzzing various elements, triggering exceptions, and attempting to run exploitation tools
+Trend Micro Cloud One - Application Security provides runtime protection for containerized applications and serverless functions. When Application Security is properly deployed, threats to your web applications will be detected and protected against, minimizing your risk. Determined attackers are continuously running scanners against your site, creating malicious user accounts, fuzzing various elements, triggering exceptions, and attempting to run exploitation tools
* More information here: https://cloudone.trendmicro.com/docs/application-security/
From d2861cb95e2cb2d471a5eba379568b09f4e865e7 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:06:28 -0300
Subject: [PATCH 17/60] Update README.md
---
README.md | 18 ++++++------------
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/README.md b/README.md
index 23548e2..74ac3ed 100644
--- a/README.md
+++ b/README.md
@@ -1,25 +1,19 @@
-# HeadPage
+# What is the HeadPage?
-A Simple and porpousely vulnerable django web-application for testing and learning
+A Simple and porpousely vulnerable django web-application for testing and learning how to protect using the Trend Micro Application Security.
-* Create a account in Cloud One https://cloudone.trendmicro.com/
-
-* We will focus in Application Security (RASP) to protect our application
+# What is the Cloud One Application Security?
-Trend Micro Cloud One - Application Security provides runtime protection for containerized applications and serverless functions. When Application Security is properly deployed, threats to your web applications will be detected and protected against, minimizing your risk. Determined attackers are continuously running scanners against your site, creating malicious user accounts, fuzzing various elements, triggering exceptions, and attempting to run exploitation tools
+Trend Micro Cloud One - Application Security provides runtime protection for containerized applications and serverless functions. When Application Security is properly deployed, threats to your web applications will be detected and protected against, minimizing your risk. Determined attackers are continuously running scanners against your site, creating malicious user accounts, fuzzing various elements, triggering exceptions, and attempting to run exploitation tools.
* More information here: https://cloudone.trendmicro.com/docs/application-security/
+* Create a account in Cloud One https://cloudone.trendmicro.com/
-## Idea
-
-* Create a social-media-like (HeadPage != Facebook) web application with a relatively small, and vulnerable, code base.
-* Users create public profiles, upload files for public (such as photos)or private (such as pdfs) use and browse other users' profiles.
-
## Running
-The recommended way is using docker using the following commands to build and run the container
+The recommended way is using docker using the following commands to build and run the container.
`yum install git -y`
From bb61f68f380404e5c9df189f2cc0401dedfc0ca3 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:14:00 -0300
Subject: [PATCH 18/60] Update README.md
---
README.md | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 74ac3ed..31ddee8 100644
--- a/README.md
+++ b/README.md
@@ -25,10 +25,14 @@ The recommended way is using docker using the following commands to build and ru
`ALLOWED_HOSTS = ['*']`
-`create a file with name trend_app_protect.ini`
-* The ideia here is install the App Protection agent
+`create a file with name trend_app_protect.ini` and put the information bellow.
-* https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
+`[trend_app_protect]`
+`key = my-key`
+`secret = my-secret`
+
+Take de key and secret from Cloud One Application Security
+https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
`docker build --tag=headpage:latest .`
From 9db5df63c2bba9fabe67a4b3b42a38cf27516a87 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:14:42 -0300
Subject: [PATCH 19/60] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 31ddee8..61b4ced 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,9 @@ The recommended way is using docker using the following commands to build and ru
`create a file with name trend_app_protect.ini` and put the information bellow.
-`[trend_app_protect]`
-`key = my-key`
-`secret = my-secret`
+`[trend_app_protect]
+ key = my-key
+ secret = my-secret`
Take de key and secret from Cloud One Application Security
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From be0e92b85173a01bca73466ed412c114b12705c0 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:38:30 -0300
Subject: [PATCH 20/60] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 61b4ced..9213ef0 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,9 @@ The recommended way is using docker using the following commands to build and ru
`create a file with name trend_app_protect.ini` and put the information bellow.
-`[trend_app_protect]
- key = my-key
- secret = my-secret`
+[trend_app_protect]
+key = my-key
+secret = my-secret
Take de key and secret from Cloud One Application Security
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From d5f5c72c5d1735e14cc7e07bd34d0d5bc8f86ccf Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:40:04 -0300
Subject: [PATCH 21/60] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 9213ef0..248551b 100644
--- a/README.md
+++ b/README.md
@@ -25,11 +25,11 @@ The recommended way is using docker using the following commands to build and ru
`ALLOWED_HOSTS = ['*']`
-`create a file with name trend_app_protect.ini` and put the information bellow.
+Create a file with name `trend_app_protect.ini` and put the information bellow.
-[trend_app_protect]
+`[trend_app_protect]
key = my-key
-secret = my-secret
+secret = my-secret
`
Take de key and secret from Cloud One Application Security
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From 6aade1e1a6c8d6ed4288d7946130eb3b67626bcf Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:44:08 -0300
Subject: [PATCH 22/60] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 248551b..c6c57dd 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,9 @@ The recommended way is using docker using the following commands to build and ru
Create a file with name `trend_app_protect.ini` and put the information bellow.
-`[trend_app_protect]
-key = my-key
-secret = my-secret
`
+`[trend_app_protect]
`
+`key = my-key
`
+secret = my-secret
Take de key and secret from Cloud One Application Security
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From a6fff0875cc0081cdca1ba85862667b8ca3d449f Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:45:20 -0300
Subject: [PATCH 23/60] Update README.md
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index c6c57dd..9a3a991 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,8 @@ The recommended way is using docker using the following commands to build and ru
Create a file with name `trend_app_protect.ini` and put the information bellow.
-`[trend_app_protect]
`
-`key = my-key
`
+`trend_app_protect]`
+`key = my-key`
secret = my-secret
Take de key and secret from Cloud One Application Security
From 7ce7efae2b006406f07925842d92669aa6a58fa3 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+tbighouse@users.noreply.github.com>
Date: Tue, 26 Jan 2021 20:47:33 -0300
Subject: [PATCH 24/60] Update README.md
---
README.md | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 9a3a991..5b5c65f 100644
--- a/README.md
+++ b/README.md
@@ -15,11 +15,11 @@ Trend Micro Cloud One - Application Security provides runtime protection for con
## Running
The recommended way is using docker using the following commands to build and run the container.
-`yum install git -y`
+`$ yum install git -y`
-`git clone https://github.com/caf3ina/HeadPage.git`
+`$ git clone https://github.com/caf3ina/HeadPage.git`
-`cd HeadPage/`
+`$ cd HeadPage/`
* Edit the following line on `src/headpage/settings.py` to serve HeadPage on all interfaces. This can be dangerous, if possible run inside a VM on Host-Only interface.
@@ -28,8 +28,10 @@ The recommended way is using docker using the following commands to build and ru
Create a file with name `trend_app_protect.ini` and put the information bellow.
`trend_app_protect]`
+
`key = my-key`
-secret = my-secret
+
+`secret = my-secret`
Take de key and secret from Cloud One Application Security
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
From f2eb9ee95d5fecd3422590094ae23ae4ebe82eee Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Wed, 27 Jan 2021 15:51:23 -0300
Subject: [PATCH 25/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 5b5c65f..b0172c1 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,7 @@ Create a file with name `trend_app_protect.ini` and put the information bellow.
`secret = my-secret`
-Take de key and secret from Cloud One Application Security
+Get the key and secret from Cloud One Application Security console
https://cloudone.trendmicro.com/docs/application-security/python/#install-the-agent
`docker build --tag=headpage:latest .`
From 5fd92f9b33fcbdede1a1ed7b871ce5367bb2976d Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 19 Apr 2021 18:15:10 -0300
Subject: [PATCH 26/60] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index b0172c1..fe5f5d6 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ The recommended way is using docker using the following commands to build and ru
Create a file with name `trend_app_protect.ini` and put the information bellow.
-`trend_app_protect]`
+`[trend_app_protect]`
`key = my-key`
From c64fec2cd67097d52b5faa14d69ce7085fee3769 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:43:46 -0300
Subject: [PATCH 27/60] Create config.yml
---
.circleci/config.yml | 1 +
1 file changed, 1 insertion(+)
create mode 100644 .circleci/config.yml
diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1 @@
+
From 1356fdfdf03c5057b94f79a4bc381633398a33a2 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:49:42 -0300
Subject: [PATCH 28/60] Update config.yml
---
.circleci/config.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 8b13789..7076216 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1 +1,3 @@
-
+version: 2.1
+orbs:
+ snyk: snyk/snyk@1.0.1
From 7067e15d61b8d8a7380610d71497db2fd3551e7f Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 18:54:11 -0300
Subject: [PATCH 29/60] Update config.yml
---
.circleci/config.yml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 7076216..5676492 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,3 +1,12 @@
version: 2.1
orbs:
snyk: snyk/snyk@1.0.1
+jobs:
+ build:
+ docker:
+ - image: 'python:1.8-slim-buster'
+ steps:
+ - checkout
+ - run: pip3 install requirements.txt
+ - snyk/scan
+workflows: null
From 3bc6616a9c27d8f412d93b2c72304a359ad08c78 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 19:27:46 -0300
Subject: [PATCH 30/60] Update config.yml
---
.circleci/config.yml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 5676492..a4a73df 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -9,4 +9,9 @@ jobs:
- checkout
- run: pip3 install requirements.txt
- snyk/scan
-workflows: null
+workflows:
+version: 2
+ build_and_test:
+ jobs:
+ - build
+ - test
From 7c2229cd3246ecc3be9a1b7b4d017d24b45caab0 Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 19:30:58 -0300
Subject: [PATCH 31/60] Update config.yml
---
.circleci/config.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index a4a73df..1fb561c 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -4,7 +4,7 @@ orbs:
jobs:
build:
docker:
- - image: 'python:1.8-slim-buster'
+ - image: 'caf3ina/vulnerableimage'
steps:
- checkout
- run: pip3 install requirements.txt
From ef89ace77170163507241a9e13067dcd198649cf Mon Sep 17 00:00:00 2001
From: Tales Casagrande <46326549+caf3ina@users.noreply.github.com>
Date: Mon, 2 Aug 2021 19:31:49 -0300
Subject: [PATCH 32/60] Update config.yml
---
.circleci/config.yml | 6 ------
1 file changed, 6 deletions(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 1fb561c..9b8d2de 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -9,9 +9,3 @@ jobs:
- checkout
- run: pip3 install requirements.txt
- snyk/scan
-workflows:
-version: 2
- build_and_test:
- jobs:
- - build
- - test
From 1dc61e842f09ac1685a1cf8cd98b5e6932542316 Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Thu, 3 Aug 2023 18:28:01 -0300
Subject: [PATCH 33/60] Create static-analysis.datadog.yml
---
static-analysis.datadog.yml | 5 +++++
1 file changed, 5 insertions(+)
create mode 100644 static-analysis.datadog.yml
diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
new file mode 100644
index 0000000..69098b3
--- /dev/null
+++ b/static-analysis.datadog.yml
@@ -0,0 +1,5 @@
+rulesets:
+ - python-security
+ - python-code-style
+ - python-best-practices
+ - python-inclusive
From ec794dd20ee60f54b88811c3e76deed7a9c7e2cb Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Thu, 3 Aug 2023 18:29:11 -0300
Subject: [PATCH 34/60] Create datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 .github/workflows/datadog-static-analysis.yml
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
new file mode 100644
index 0000000..58e900c
--- /dev/null
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -0,0 +1,17 @@
+on: [push]
+
+jobs:
+ check-quality:
+ runs-on: ubuntu-latest
+ name: Datadog Static Analyzer
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Check code meets quality standards
+ id: datadog-static-analysis
+ uses: datadog/datadog-static-analyzer-github-action@v1
+ with:
+ dd_app_key: ${{ secrets.DD_APP_KEY }}
+ dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_service: ${{ vars.DD_SERVICE }}
+ dd_site: "datadog.com"
From 01517e5fe5acbc6018a648fb10a1d2807d18b526 Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 4 Aug 2023 08:36:08 -0300
Subject: [PATCH 35/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index 58e900c..a7b087d 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -14,4 +14,4 @@ jobs:
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_service: ${{ vars.DD_SERVICE }}
- dd_site: "datadog.com"
+ dd_site: "datadoghq.com"
From e7ea05b71162709e03a9cf66bcea2ac643b6f8ef Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 4 Aug 2023 09:05:10 -0300
Subject: [PATCH 36/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index a7b087d..ee6c394 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -13,5 +13,6 @@ jobs:
with:
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_env: ${{ vars.DD_ENV }}
dd_service: ${{ vars.DD_SERVICE }}
dd_site: "datadoghq.com"
From c46825cd94aaa53d4b383842e28b3e11b26c95cc Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 4 Aug 2023 09:06:42 -0300
Subject: [PATCH 37/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index ee6c394..54e9446 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -6,7 +6,7 @@ jobs:
name: Datadog Static Analyzer
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v2
- name: Check code meets quality standards
id: datadog-static-analysis
uses: datadog/datadog-static-analyzer-github-action@v1
From 53a574ed9678e79d18998f7db127ef0584f52c28 Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 4 Aug 2023 10:15:06 -0300
Subject: [PATCH 38/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 23 ++++++++++---------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index 54e9446..b5a19f6 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -5,14 +5,15 @@ jobs:
runs-on: ubuntu-latest
name: Datadog Static Analyzer
steps:
- - name: Checkout
- uses: actions/checkout@v2
- - name: Check code meets quality standards
- id: datadog-static-analysis
- uses: datadog/datadog-static-analyzer-github-action@v1
- with:
- dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_api_key: ${{ secrets.DD_API_KEY }}
- dd_env: ${{ vars.DD_ENV }}
- dd_service: ${{ vars.DD_SERVICE }}
- dd_site: "datadoghq.com"
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Check code meets quality standards
+ id: datadog-static-analysis
+ uses: DataDog/datadog-static-analyzer-github-action@v1
+ with:
+ dd_app_key: ${{ secrets.DD_APP_KEY }}
+ dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_service: "headpage"
+ dd_env: "prod"
+ cpu_count: 2
+ enable_performance_statistics: false
From 31caac0bf9eab5193b0b6c0507a5ec63505dff65 Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 4 Aug 2023 10:26:56 -0300
Subject: [PATCH 39/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index b5a19f6..f01fa17 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -15,5 +15,6 @@ jobs:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_service: "headpage"
dd_env: "prod"
+ dd_site: "datadoghq.com"
cpu_count: 2
enable_performance_statistics: false
From 30c315e2df6ae79d64ad0c85ecfde607439fdb60 Mon Sep 17 00:00:00 2001
From: Tales Casagrande aka taleco
<46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 8 Aug 2023 19:34:41 -0300
Subject: [PATCH 40/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index f01fa17..7f8e732 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -17,4 +17,3 @@ jobs:
dd_env: "prod"
dd_site: "datadoghq.com"
cpu_count: 2
- enable_performance_statistics: false
From d3398239bff627c54e064e605b3162d16f29b210 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 2 Oct 2023 17:15:08 -0300
Subject: [PATCH 41/60] Update static-analysis.datadog.yml
---
static-analysis.datadog.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
index 69098b3..23d3adf 100644
--- a/static-analysis.datadog.yml
+++ b/static-analysis.datadog.yml
@@ -3,3 +3,4 @@ rulesets:
- python-code-style
- python-best-practices
- python-inclusive
+ - docker-best-practices
From f255b8dab862bccf7dd394344ce1fa90daf14b82 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 26 Dec 2023 15:11:27 -0300
Subject: [PATCH 42/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index 7f8e732..2593103 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -16,4 +16,3 @@ jobs:
dd_service: "headpage"
dd_env: "prod"
dd_site: "datadoghq.com"
- cpu_count: 2
From eb1157a0421a6bbd643f51a78afc452776d5cbc5 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 23 Jan 2024 16:02:34 -0300
Subject: [PATCH 43/60] Create datadog-sca.yml
---
.github/workflows/datadog-sca.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 .github/workflows/datadog-sca.yml
diff --git a/.github/workflows/datadog-sca.yml b/.github/workflows/datadog-sca.yml
new file mode 100644
index 0000000..ad58db8
--- /dev/null
+++ b/.github/workflows/datadog-sca.yml
@@ -0,0 +1,20 @@
+on: push
+
+name: Software Composition Analysis
+
+jobs:
+ software-composition-analysis:
+ runs-on: ubuntu-latest
+ name: Datadog SBOM Generation and Upload
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Generate SBOM and Upload
+ id: software-composition-analysis
+ uses: DataDog/datadog-sca-github-action@main
+ with:
+ dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_app_key: ${{ secrets.DD_APP_KEY }}
+ dd_service: "headpage"
+ dd_env: "prod"
+ dd_site: "datadoghq.com"
From 483943531aed107ac62668fa26ce005944ed4187 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Wed, 7 Feb 2024 11:42:54 -0300
Subject: [PATCH 44/60] Update datadog-sca.yml
---
.github/workflows/datadog-sca.yml | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/datadog-sca.yml b/.github/workflows/datadog-sca.yml
index ad58db8..ea1f99b 100644
--- a/.github/workflows/datadog-sca.yml
+++ b/.github/workflows/datadog-sca.yml
@@ -1,6 +1,6 @@
-on: push
+on: [push]
-name: Software Composition Analysis
+name: Datadog Software Composition Analysis
jobs:
software-composition-analysis:
@@ -9,12 +9,12 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
- - name: Generate SBOM and Upload
- id: software-composition-analysis
+ - name: Check imported libraries are secure and compliant
+ id: datadog-software-composition-analysis
uses: DataDog/datadog-sca-github-action@main
with:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_service: "headpage"
- dd_env: "prod"
- dd_site: "datadoghq.com"
+ dd_service: headpage
+ dd_env: prod
+ dd_site: datadoghq.com
From 7cc66819b27695580fc9589d60f71ad5fba14391 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Fri, 16 Feb 2024 08:35:04 -0300
Subject: [PATCH 45/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 28 ++++++++++---------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index 2593103..de44b7c 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -1,18 +1,20 @@
on: [push]
+name: Datadog Software Composition Analysis
+
jobs:
- check-quality:
+ software-composition-analysis:
runs-on: ubuntu-latest
- name: Datadog Static Analyzer
+ name: Datadog SBOM Generation and Upload
steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Check code meets quality standards
- id: datadog-static-analysis
- uses: DataDog/datadog-static-analyzer-github-action@v1
- with:
- dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_api_key: ${{ secrets.DD_API_KEY }}
- dd_service: "headpage"
- dd_env: "prod"
- dd_site: "datadoghq.com"
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Check imported libraries are secure and compliant
+ id: datadog-software-composition-analysis
+ uses: DataDog/datadog-sca-github-action@main
+ with:
+ dd_app_key: ${{ secrets.DD_APP_KEY }}
+ dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_service: "headpage"
+ dd_env: "prod"
+ dd_site: "datadoghq.com"
From 04a540adf2261bf683ce8795fd131f2fcbc7d9f7 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 29 Jul 2024 19:01:42 -0300
Subject: [PATCH 46/60] Update static-analysis.datadog.yml
---
static-analysis.datadog.yml | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
index 23d3adf..c9b42c5 100644
--- a/static-analysis.datadog.yml
+++ b/static-analysis.datadog.yml
@@ -1,6 +1,22 @@
rulesets:
- python-security
- python-code-style
+ - python-flask
- python-best-practices
- python-inclusive
+ - javascript-common-security
+ - javascript-express
+ - javascript-inclusive
+ - javascript-node-security
+ - jsx-react
+ - csharp-security
+ - go-best-practices
+ - go-inclusive
+ - go-security
+ - rails-best-practices
+ - ruby-best-practices
+ - ruby-code-style
+ - ruby-inclusive
+ - ruby-security
+ - tsx-react
- docker-best-practices
From ce7763089a31a9587e001d975662ac1d929d63be Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 29 Jul 2024 19:15:03 -0300
Subject: [PATCH 47/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 50 +++++++++++++------
1 file changed, 34 insertions(+), 16 deletions(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index de44b7c..c07d9b3 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -1,20 +1,38 @@
-on: [push]
-
-name: Datadog Software Composition Analysis
+on:
+ schedule:
+ # Run at every 11th minute of the hour, 11 can be any value.
+ - cron: '11 * * * *'
+ workflow_dispatch:
+ push:
jobs:
- software-composition-analysis:
+ check-quality:
+ runs-on: ubuntu-latest
+ name: Datadog Static Analyzer
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ - name: Check code meets quality standards
+ id: datadog-static-analysis
+ uses: DataDog/datadog-static-analyzer-github-action@v1
+ with:
+ dd_app_key: ${{ secrets.DD_APP_KEY }}
+ dd_api_key: ${{ secrets.DD_API_KEY }}
+ dd_service: "headpage"
+ dd_env: "github"
+ dd_site: "datadoghq.com"
+
+ datadog-gate:
+ needs: check-quality
runs-on: ubuntu-latest
- name: Datadog SBOM Generation and Upload
steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Check imported libraries are secure and compliant
- id: datadog-software-composition-analysis
- uses: DataDog/datadog-sca-github-action@main
- with:
- dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_api_key: ${{ secrets.DD_API_KEY }}
- dd_service: "headpage"
- dd_env: "prod"
- dd_site: "datadoghq.com"
+ - uses: actions/checkout@v3
+ - name: Install node
+ uses: actions/setup-node@v3
+ - run: yarn global add @datadog/datadog-ci
+ - run: >
+ DD_BETA_COMMANDS_ENABLED=true
+ DD_API_KEY=${{ secrets.DD_API_KEY }}
+ DD_APP_KEY=${{ secrets.DD_APP_KEY }}
+ DD_SITE="datadoghq.com"
+ datadog-ci gate evaluate
From 3426d9c820d648c91ffc565420660f28987b9072 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 29 Jul 2024 19:32:40 -0300
Subject: [PATCH 48/60] Update requirements.txt
---
requirements.txt | 1 -
1 file changed, 1 deletion(-)
diff --git a/requirements.txt b/requirements.txt
index ee3ac46..fb71cb9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1 @@
Django==2.2.12
-trend-app-protect #Optional
\ No newline at end of file
From ef8055bd8b7e53290a0ac3e55d2c6b0f04d7e4d6 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 29 Jul 2024 19:37:52 -0300
Subject: [PATCH 49/60] Update datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
index c07d9b3..58fb55e 100644
--- a/.github/workflows/datadog-static-analysis.yml
+++ b/.github/workflows/datadog-static-analysis.yml
@@ -1,8 +1,4 @@
on:
- schedule:
- # Run at every 11th minute of the hour, 11 can be any value.
- - cron: '11 * * * *'
- workflow_dispatch:
push:
jobs:
@@ -11,7 +7,7 @@ jobs:
name: Datadog Static Analyzer
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Check code meets quality standards
id: datadog-static-analysis
uses: DataDog/datadog-static-analyzer-github-action@v1
From db4000e7fd935edcacbd4ca449e67693d273792d Mon Sep 17 00:00:00 2001
From: 100hnomeunome
Date: Wed, 4 Sep 2024 13:19:15 -0300
Subject: [PATCH 50/60] update dockerfile
---
Dockerfile | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index d8ad704..b4a5fda 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,6 @@
FROM python:3.8-slim-buster
COPY . /headpage
WORKDIR /headpage
-RUN pip3 install --upgrade pip && \
- pip3 install --trusted-host pypi.python.org -r requirements.txt && \
- ./reset_db.sh
+RUN pip3 install --no-cache-dir --upgrade pip && \
EXPOSE 8000
ENTRYPOINT ["python3", "src/manage.py","runserver","0.0.0.0:8000"]
\ No newline at end of file
From 5b2dd9e83b67f97d0a05df98336f08fa84a9dba9 Mon Sep 17 00:00:00 2001
From: 100hnomeunome
Date: Fri, 6 Sep 2024 17:38:00 -0300
Subject: [PATCH 51/60] teste
---
Dockerfile | 2 +-
src/headpage/settings.py | 2 +-
static-analysis.datadog.yml | 22 ----------------------
3 files changed, 2 insertions(+), 24 deletions(-)
delete mode 100644 static-analysis.datadog.yml
diff --git a/Dockerfile b/Dockerfile
index b4a5fda..fb2d28c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.8-slim-buster
+FROM python:3.8
COPY . /headpage
WORKDIR /headpage
RUN pip3 install --no-cache-dir --upgrade pip && \
diff --git a/src/headpage/settings.py b/src/headpage/settings.py
index 116c755..973e3f9 100644
--- a/src/headpage/settings.py
+++ b/src/headpage/settings.py
@@ -25,7 +25,7 @@
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
# Application definition
diff --git a/static-analysis.datadog.yml b/static-analysis.datadog.yml
deleted file mode 100644
index c9b42c5..0000000
--- a/static-analysis.datadog.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-rulesets:
- - python-security
- - python-code-style
- - python-flask
- - python-best-practices
- - python-inclusive
- - javascript-common-security
- - javascript-express
- - javascript-inclusive
- - javascript-node-security
- - jsx-react
- - csharp-security
- - go-best-practices
- - go-inclusive
- - go-security
- - rails-best-practices
- - ruby-best-practices
- - ruby-code-style
- - ruby-inclusive
- - ruby-security
- - tsx-react
- - docker-best-practices
From 3a76682f1bc324a9dc7ff07b8f5887b12dbf4784 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 22 Apr 2025 16:14:37 -0300
Subject: [PATCH 52/60] Create config
---
config | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 config
diff --git a/config b/config
new file mode 100644
index 0000000..d188fd4
--- /dev/null
+++ b/config
@@ -0,0 +1,8 @@
+# ~/.aws/credentials
+[default]
+aws_access_key_id=AKIAR2L7C7UFW2L7RUNJ
+aws_secret_access_key=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
+
+# ~/.aws/config
+[default]
+region=us-west-2
From cf733d3d2ab7ecaec2e24cabaccd7d6b7a2d5b6e Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 22 Apr 2025 16:15:59 -0300
Subject: [PATCH 53/60] Update config
---
config | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/config b/config
index d188fd4..418dfde 100644
--- a/config
+++ b/config
@@ -1,8 +1,7 @@
# ~/.aws/credentials
[default]
-aws_access_key_id=AKIAR2L7C7UFW2L7RUNJ
-aws_secret_access_key=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
-
+aws_access_key_id=
+aws_secret_access_key=
# ~/.aws/config
[default]
region=us-west-2
From 0a9d13f11b934357841fbbc676c34f15e58c8896 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 22 Apr 2025 16:43:25 -0300
Subject: [PATCH 54/60] Update config
---
config | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config b/config
index 418dfde..7178dda 100644
--- a/config
+++ b/config
@@ -1,7 +1,7 @@
# ~/.aws/credentials
[default]
-aws_access_key_id=
-aws_secret_access_key=
+aws_access_key_id=AKIAR2L7C7UFQKDCQ4N7
+aws_secret_access_key=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
# ~/.aws/config
[default]
region=us-west-2
From eba5e7bc21c8be531baf82cd5e7513f4d034d02f Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 22 Apr 2025 17:06:00 -0300
Subject: [PATCH 55/60] Update and rename config to config_dyna
---
config | 7 -------
config_dyna | 2 ++
2 files changed, 2 insertions(+), 7 deletions(-)
delete mode 100644 config
create mode 100644 config_dyna
diff --git a/config b/config
deleted file mode 100644
index 7178dda..0000000
--- a/config
+++ /dev/null
@@ -1,7 +0,0 @@
-# ~/.aws/credentials
-[default]
-aws_access_key_id=AKIAR2L7C7UFQKDCQ4N7
-aws_secret_access_key=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
-# ~/.aws/config
-[default]
-region=us-west-2
diff --git a/config_dyna b/config_dyna
new file mode 100644
index 0000000..b9d82ea
--- /dev/null
+++ b/config_dyna
@@ -0,0 +1,2 @@
+dt0s01.ST2EY72KQINMH574WMNVI7YN.G3DFPBEJYMODIDAEX454M7YWBUVEFOWKPRVMWFASS64NFH52PX6BNDVFFM572RZM
+
From daa32cee7790ebc6c74e56d085480d6c3601aa08 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Tue, 22 Apr 2025 17:24:07 -0300
Subject: [PATCH 56/60] Create docker
---
docker | 1 +
1 file changed, 1 insertion(+)
create mode 100644 docker
diff --git a/docker b/docker
new file mode 100644
index 0000000..a66e2b9
--- /dev/null
+++ b/docker
@@ -0,0 +1 @@
+SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx
From 27d2202c1316c257e5e1aaa00a452ee034476cec Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Mon, 13 Oct 2025 13:30:54 -0300
Subject: [PATCH 57/60] [Datadog] Fix
python-security/variable-sql-statement-injection violation
Co-authored-by: datadog-official[bot] <214633350+datadog-official[bot]@users.noreply.github.com>
---
src/social/views.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/social/views.py b/src/social/views.py
index c7215cb..1f75623 100644
--- a/src/social/views.py
+++ b/src/social/views.py
@@ -152,9 +152,9 @@ def register(request):
password=get_password_hash(request.POST.get('password'))
try:
# +++ VULNERABLE TO SQL INJECTION +++
- curs.executescript(
- "INSERT INTO social_user ('username','password','first_name','last_name') VALUES ('{}','{}','{}','{}')".format(
- username,password,first_name,last_name)
+ curs.execute(
+ "INSERT INTO social_user (username, password, first_name, last_name) VALUES (%s, %s, %s, %s)",
+ [username, password, first_name, last_name]
)
#+++ VULNERABLE TO UNVALIDATED REDIRECTS +++
return redirect(url_to_redirect)
From a8350bd2057f927882165c7a2fb751a6b95ca9b2 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Wed, 29 Oct 2025 10:32:16 -0300
Subject: [PATCH 58/60] Delete .github/workflows/datadog-sca.yml
---
.github/workflows/datadog-sca.yml | 20 --------------------
1 file changed, 20 deletions(-)
delete mode 100644 .github/workflows/datadog-sca.yml
diff --git a/.github/workflows/datadog-sca.yml b/.github/workflows/datadog-sca.yml
deleted file mode 100644
index ea1f99b..0000000
--- a/.github/workflows/datadog-sca.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-on: [push]
-
-name: Datadog Software Composition Analysis
-
-jobs:
- software-composition-analysis:
- runs-on: ubuntu-latest
- name: Datadog SBOM Generation and Upload
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- - name: Check imported libraries are secure and compliant
- id: datadog-software-composition-analysis
- uses: DataDog/datadog-sca-github-action@main
- with:
- dd_api_key: ${{ secrets.DD_API_KEY }}
- dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_service: headpage
- dd_env: prod
- dd_site: datadoghq.com
From cdb1758743d89fbecaffea44f65c7db6b1cc4e1b Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Wed, 29 Oct 2025 10:32:27 -0300
Subject: [PATCH 59/60] Delete .github/workflows/datadog-static-analysis.yml
---
.github/workflows/datadog-static-analysis.yml | 34 -------------------
1 file changed, 34 deletions(-)
delete mode 100644 .github/workflows/datadog-static-analysis.yml
diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
deleted file mode 100644
index 58fb55e..0000000
--- a/.github/workflows/datadog-static-analysis.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-on:
- push:
-
-jobs:
- check-quality:
- runs-on: ubuntu-latest
- name: Datadog Static Analyzer
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - name: Check code meets quality standards
- id: datadog-static-analysis
- uses: DataDog/datadog-static-analyzer-github-action@v1
- with:
- dd_app_key: ${{ secrets.DD_APP_KEY }}
- dd_api_key: ${{ secrets.DD_API_KEY }}
- dd_service: "headpage"
- dd_env: "github"
- dd_site: "datadoghq.com"
-
- datadog-gate:
- needs: check-quality
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
- - name: Install node
- uses: actions/setup-node@v3
- - run: yarn global add @datadog/datadog-ci
- - run: >
- DD_BETA_COMMANDS_ENABLED=true
- DD_API_KEY=${{ secrets.DD_API_KEY }}
- DD_APP_KEY=${{ secrets.DD_APP_KEY }}
- DD_SITE="datadoghq.com"
- datadog-ci gate evaluate
From caff395c9cca5725f22eab711c64281e71a3fa18 Mon Sep 17 00:00:00 2001
From: Tales aka taleco <46326549+100HnoMeuNome@users.noreply.github.com>
Date: Wed, 29 Oct 2025 10:34:09 -0300
Subject: [PATCH 60/60] Add Dockerfile for multi-stage build and runtime
---
dockerfilenew | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 dockerfilenew
diff --git a/dockerfilenew b/dockerfilenew
new file mode 100644
index 0000000..81e274f
--- /dev/null
+++ b/dockerfilenew
@@ -0,0 +1,31 @@
+# --- STAGE 1: build all modules ---
+FROM maven:3.9.7-eclipse-temurin-17 AS builder
+WORKDIR /app
+
+# 1) copia todo o código
+COPY . .
+
+# 2) instala o bancocentral-module no repositório local
+RUN mvn -f bancocentral-module/pom.xml clean install -DskipTests
+
+# 3) compila e empacota o pom raiz (que engloba auth, account, transaction, etc)
+RUN mvn clean package -DskipTests
+
+# --- STAGE 2: runtime com JRE Debian-slim multi-arch ---
+FROM eclipse-temurin:17-jre
+WORKDIR /app
+
+# copia os jars prontos
+COPY --from=builder /app/auth-module/target/auth-module-1.0-SNAPSHOT.jar auth-module.jar
+COPY --from=builder /app/account-module/target/account-module-1.0-SNAPSHOT.jar account-module.jar
+COPY --from=builder /app/integration-module/target/integration-module-1.0-SNAPSHOT.jar integration-module.jar
+COPY --from=builder /app/notification-module/target/notification-module-1.0-SNAPSHOT.jar notification-module.jar
+COPY --from=builder /app/transaction-module/target/transaction-module-1.0-SNAPSHOT.jar transaction-module.jar
+COPY --from=builder /app/bancocentral-module/target/bancocentral-module-1.0-SNAPSHOT.jar bancocentral-module.jar
+
+# script de startup
+COPY start-all.sh .
+RUN chmod +x start-all.sh
+
+EXPOSE 8081 8082 8083 8084 8085 8088 8089
+CMD ["./start-all.sh"]