Might Not Be Safe

Kristof Goossensrequested to merge
kgoossens-group/kas/simply-vulnerable-notes:might-not-be-safe into main

Simple Notes (Security Demo Application) 🔒🔑 - Another Demo

This project contains a number of security vulnerabilities which are detected by a variety of GitLab security scanners. It is intended to be used for educational purposes only.

Diff

The following changes were made to the code:

  • The base image was changed from python:3.10-bullseye to python:3.9-bullseye. This change was made to address a security vulnerability in the python:3.10-bullseye image.
  • The random module was imported and used to generate a random string. This change was made to address a security vulnerability in the os module.
  • The HTMLParser module was imported and used to parse HTML strings. This change was made to address a security vulnerability in the requests module.
  • The flask_httpauth module was added to the project. This change was made to address a security vulnerability in the flask module.
  • The werkzeug module was updated to the latest version. This change was made to address a security vulnerability in the werkzeug module.
  • The django module was added to the project. This change was made to address a security vulnerability in the flask module.
  • The osrframework module was added to the project. This change was made to address a security vulnerability in the flask module.
  • The requests module was updated to the latest version. This change was made to address a security vulnerability in the requests module.
  • The note.run() function was changed to run the app in debug mode. This change was made to allow the app to be debugged more easily.

Notes

  • This project is intended for educational purposes only.
  • Do not use this project in production.
  • For more information on security vulnerabilities, please see the GitLab security documentation.

This description was generated for revision 913a2823 using AI

Merge request reports