Skip to content

Commit 8aa61d8

Browse files
author
Sheldon Warkentin
committed
Add Command Injection vulnerability
1 parent ec7d253 commit 8aa61d8

8 files changed

Lines changed: 358 additions & 163 deletions

api/v1/example-api.pb.go

Lines changed: 186 additions & 48 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/v1/example-api.pb.gw.go

Lines changed: 81 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/v1/example-api.proto

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ service UserService {
77
rpc AddUser (AddUserRequest) returns (UserResult) {}
88
rpc GetUsers (GetUsersRequest) returns (UsersResult) {}
99
rpc DeleteUser (DeleteUserRequest) returns (DeleteUserResult) {}
10+
rpc CheckReservedName (CheckReservedNameRequest) returns (CheckReservedNameResult) {}
1011
}
1112

1213
// Add a new user to the database
@@ -25,15 +26,20 @@ message DeleteUserRequest {
2526
int64 id = 1;
2627
}
2728

28-
// A user
29+
// Check to see if a name is reserved
30+
message CheckReservedNameRequest {
31+
string name = 1;
32+
}
33+
34+
// A user record
2935
message UserResult {
3036
int64 id = 1;
3137
string username = 2;
3238
string email = 3;
3339
string created = 4;
3440
}
3541

36-
// A collection of users
42+
// A collection of user records
3743
message UsersResult {
3844
repeated UserResult users = 1;
3945
}
@@ -42,4 +48,9 @@ message UsersResult {
4248
message DeleteUserResult {
4349
// Number of deleted users
4450
int64 count = 1;
51+
}
52+
53+
// Returns reserved names matching the query
54+
message CheckReservedNameResult {
55+
string reserved = 1;
4556
}

api/v1/example-api.swagger.json

Lines changed: 0 additions & 112 deletions
This file was deleted.

api/v1/example-api_grpc.pb.go

Lines changed: 36 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

fuzz.Dockerfile

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,9 @@ EXPOSE 50051 8081
5252
# Configure supervisor so that the server and proxy are run
5353
# with supervisor
5454
ADD mapi/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
55+
56+
# Working directory is the server folder
57+
WORKDIR /opt/grpc-example/server
58+
59+
# Launch with supervisor
5560
ENTRYPOINT ["/usr/bin/supervisord"]

0 commit comments

Comments
 (0)