This project is intentionally vulnerable! It contains known vulnerabilities and security errors in its code and is meant as an example project for software security scanning tools such as Veracode. Please do not report vulnerabilities in this project; the odds are they’re there on purpose :) .
Blab-a-Gag is a simple forum type application that allows:
- Users can post a one-liner joke.
- Users can follow the jokes of other users or not (listen or ignore).
- Users can comment on other users messages (heckle).
/feedshows the jokes/heckles that are relevant to the current user./blabbersshows a list of all other users and allows the current user to listen or ignore./profileallows the current user to modify their profile./loginallows you to log in to your account/registerallows you to create a new user account/toolsshows a tools page that shows a fortune or lets you ping a host./resetallows the user to reset the database
If you don't already have Docker this is a prerequisite.
Visit docker desktop and download the compatible version for your operating system. Follow the installation instructions and open the Docker app.
Follow the instructions below for cloning and building the application through docker:
git clone https://github.com/veracode-demo-labs/verademo-python.git
cd verademo-python
docker build -t verademo-python .
docker run --rm -p 8000:8000 --name verademo-python verademo-python
Navigate to: http://127.0.0.1:8000.
Then register as a new user and add some feeds!
To run the program locally without Docker:
Prerequisite: Python 3.12.3
To check Python version: python --version or python3 --version
If you don't have Python, download it here
To upgrade Python version, read this guide
- NOTE: downloading via Python installer is recommended.
If your Python version is newer than the prerequisite, it is easier to use a Python virtual environment to run the project (this is already included in the dependency install below).
Clone the repository in terminal:
git clone https://github.com/veracode-demo-labs/verademo-python.git
cd verademo-python
Download dependencies and start the server:
python -m venv env
source env/bin/activate
pip install -r requirements.txt
python manage.py runserver
Navigate to: http://127.0.0.1:8000.
To run the program locally without Docker:
Prerequisite: Python 3.12.3
To check your Python version: python --version or python3 --version
If you don't have Python, download it here
To upgrade your Python version read this guide
- NOTE: Downloading via the Python installer is recommended.
If your Python version is newer than the prerequisite, it is easier to use a Python virtual environment to run the project (this is already included in the dependency install below).
Open Windows PowerShell and clone the repository:
git clone https://github.com/veracode-demo-labs/verademo-python.git
cd verademo-python
Download dependencies and start the server! (Try running console commands with python3 if python isn't found)
python -m venv env
env\Scripts\activate
pip install -r requirements.txt
python manage.py runserver
Navigate to: http://127.0.0.1:8000.
See the DEMO_NOTES file for information on using this application with the various Veracode scan types.
Also see the docs folder for in-depth explanations of the various exploits exposed in this application.
- Django (Version 4.2.13)
- sqlite3 (Supported by Django)