forked from ShiftLeftSecurity/shiftleft-js-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.js
68 lines (54 loc) · 1.61 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
const express = require('express');
const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const session = require('express-session');
const { logger } = require('./Logger');
const registerApiRoutes = require('./api');
const registerViewRoutes = require('./views');
const app = express();
const port = process.env.PORT || 8088;
const SESSION_SECRET_KEY = 'kjhdkd-sjkhsjsh-kjshshkdhsk-jsjhd';
const tarpitEnv = {
sessionSecretKey: process.env.SESSION_SECRET_KEY || SESSION_SECRET_KEY,
applicationPort: process.env.PORT || 8088
};
app.set('tarpitEnv', tarpitEnv);
// Insider attack
const insider = function(req, res, next) {
/* Base64 Encoding of
* console.log(req);
* console.log(req.body);
* console.log(req.query);
*/
const encoded =
'Y29uc29sZS5sb2cocmVxKTsgY29uc29sZS5sb2cocmVxLmJvZHkpOyBjb25zb2xlLmxvZyhyZXEucXVlcnkpOw==';
const newBuf = Buffer.from(encoded, 'base64');
eval(newBuf.toString('utf-8'));
next();
};
app.use(insider);
app.use(function(err, req, res, next) {
logger.error(err.stack);
res.status(500).send('Something broke!');
});
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({ extended: false }));
// parse application/json
app.use(bodyParser.json());
app.use(cookieParser());
app.use(
session({
secret: SESSION_SECRET_KEY,
resave: false,
saveUninitialized: false
})
);
app.set('view engine', 'pug');
app.set('views', `./src/Views`);
registerApiRoutes(app);
registerViewRoutes(app);
app.listen(port, () =>
logger.log(
`Tarpit App listening on port ${port}!. Open url: http://localhost:${port}`
)
);