Skip to content

matt1600/APIAntiPatterns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
anti-patterns_article.pdf
anti-patterns_article.pdf
 
 
app.py
app.py
 
 
docker-compose.yml
docker-compose.yml
 
 
log.txt
log.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

APIAntiPatterns

How to install

Clone from the Github repository.

git clone git@github.com:matt1600/APIAntiPatterns.git

Run using Docker Compose.

cd APIAntiPatterns
docker-compose up

Test welcome page in browser.

http://0.0.0.0:5000

Open a new shell window, but leave previous one running.

POST using curl. This simulates user data being entered into Redis.

Insert a username into the JSON field.

In this example, the username is mattwalravens.

curl -X POST 'http://0.0.0.0:5000/notes' -H 'Content-Type: application/json' -d '{"mattwalravens"}'

Repeat this command 2x with different usernames.

In browser, simulate hacker guessing ID number and retrieving username.

http://0.0.0.0:5000/notes?user=user1

Do the same for user2 and user3.

POST using CURL again.

Hacker successfully changes user1 data within Redis.

curl -X POST 'http://0.0.0.0:5000/notes?user=user1'  -H 'Content-Type: application/json' -d 'hacker changed this'

Check browser to see that hacker succeeded.

http://0.0.0.0:5000/notes?user=user1

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages