Vuln-go

Intentionally vulnerable go (golang) application to test coverage of SAST tools.

All vulnerabilities are marked with // vulnerability in code.

Go web frameworks and libraries has been intentionally skipped. Custom helper functions are created using http standard library since some SAST tools might not support a web framework like gin.

Vulnerabilities

SQL Injection (SQLi)
Command Injection (RCE)
LFI
Hardcoded secret

Run

Ensure docker compose is installed.

Run the application with docker-compose up

Vulnerability Testing

Thunder Client is used to document HTTP requests for test cases as well as vulnerabilities. Folder thunder-tests in the repo contains these test cases. This makes it convenient to test various vulnerabilities.

Development

In development mode Gow is used to watch for file changes and rebuild the app.

To run in dev mode run:

docker-compose -f docker-compose-dev.yml up --build

Stop and delete volume for DB to recreate DB:

docker-compose down --remove-orphans --volumes --rmi local

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
licenses		licenses
thunder-tests		thunder-tests
Dockerfile		Dockerfile
Dockerfile-dev		Dockerfile-dev
README.md		README.md
album.go		album.go
db.go		db.go
docker-compose-dev.yml		docker-compose-dev.yml
docker-compose.yml		docker-compose.yml
go.mod		go.mod
go.sum		go.sum
httpHelper.go		httpHelper.go
init.sql		init.sql
license.go		license.go
main.go		main.go
time.go		time.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Vuln-go

Vulnerabilities

Run

Vulnerability Testing

Development

About

Releases

Packages

Languages

License

aircraft-cerier/test-golang-vuln2

Folders and files

Latest commit

History

Repository files navigation

Vuln-go

Vulnerabilities

Run

Vulnerability Testing

Development

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages