[Summer 2021] Project A: Add more examples to the deliberately_vulnerable_app application

[r0rshark]

In order to showcase how Pysa can be used to detect bugs we created a vulnerable Flask application. Currently the application is only showing Remote Code Execution examples in the rce.py file. We should also add more usecases to show how Pysa can be used to catch other type of vulnerabilities.

The first step is getting familiar with Flask documentation. The application is currently very simple so it doesn't require a deep Flask understanding but the quickstart provides some useful concepts.

The second step is to code these vulnerable functions for showcasing the vulnerable code. Take some time understanding the vulnerability (this is a great opportunity to learn some basic security skills :) )and after that write the code which would be vulnerable to it:

• Path Traversal: user controlled input from the request is flowing into a file system operation (details) . We can use the python library open and read/write to implement this
• XXE: user controlled input from the request is flowing into a XML function (details) .We can use the python library lxml library to implement this
• SSRF: user controlled input from the request is flowing into an arbitrary request sending function (details). We can use the requests library
• SQL injection: user controlled input from the request is flowing into an SQL query. SQL injection is a security issue described here in details . To implement this function we can use the MysqlDb library here
• XSS: user controlled input from the request is returned to the user unescaped. XSS injection is a security issue described here in details . To implement this function we can use the flask.Markup library

After having implemented the vulnerable functions we should make sure that running Pysa on the app correctly detects the issue

pyre analyze --no-verify --save-results-to .
python3 -m sapp.cli analyze taint-output.json
python3 -m sapp.cli server

Finally we should create some documentation in the Pysa website to explain the vulnerability and how to fix it. (We have some internal doc I may be able to make public but we may still need to add information on how to fix the issue for Opensource users)

[PulkitMishra]

@r0rshark are these vulnerabilities to be added in the same flask app or a new flask app has to be created for each 5 of these ?

[r0rshark]

@PulkitMishra let's add all of them to the same app. We may create different files for each vulnerability but still use the same app

[PulkitMishra]

closed by https://github.com/facebook/pyre-check/pull/443