Merge pull request #1 from ucsb-seclab/basic_web

API GHR.IO Container Registry: JS file for API & JSON mapping from CVE-CVEX

_config.yml

@@ -0,0 +1,6 @@
+title: "XplorCveX"
+description: "CVEX Legacy"
+show_downloads: false
+google_analytics:
+
+theme: jekyll-theme-midnight

_layouts/default.html

@@ -0,0 +1,51 @@
+<!doctype html>
+<html lang="{{ site.lang | default: "en-US" }}">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+
+{% seo %}
+    <link rel="stylesheet" href="{{ '/assets/css/style.css?v=' | append: site.github.build_revision | relative_url }}">
+    <script src="https://code.jquery.com/jquery-1.12.4.min.js" integrity="sha256-ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ+Xp8a4MxAQ=" crossorigin="anonymous"></script>
+    <script src="{{ '/assets/js/respond.js' | relative_url }}"></script>
+    <!--[if lt IE 9]>
+      <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]-->
+    <!--[if lt IE 8]>
+    <link rel="stylesheet" href="{{ '/assets/css/ie.css' | relative_url }}">
+    <![endif]-->
+    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
+    {% include head-custom.html %}
+  </head>
+  <body>
+      <div id="header">
+        <nav>
+          <ul>
+            <li class="fork"><a href="/legacy_cvex/">group project</a></li>
+            {% if site.show_downloads %}
+              <li class="downloads"><a href="{{ site.github.zip_url }}">ZIP</a></li>
+              <li class="downloads"><a href="{{ site.github.tar_url }}">TAR</a></li>
+              <li class="title">DOWNLOADS</li>
+            {% endif %}
+          </ul>
+        </nav>
+      </div><!-- end header -->
+
+    <div class="wrapper">
+
+      <section>
+        <div id="title">
+          <h1><a href="/xplor-cvex/">{{ site.title | default: site.github.repository_name }}</a></h1>
+          <p>{{ site.description | default: site.github.project_tagline }}</p>
+          <hr>
+<!--          <span class="credits left">Project maintained by <a href="{{ site.github.owner_url }}">{{ site.github.owner_name }}</a></span>
+          <span class="credits right">Hosted on GitHub Pages &mdash; Theme by <a href="https://twitter.com/mattgraham">mattgraham</a></span> -->
+        </div>
+
+        {{ content }}
+
+      </section>
+
+    </div>
+  </body>
+</html>

api_server/.dockerignore

@@ -0,0 +1,2 @@
+node_modules
+npm-debug.log

api_server/Dockerfile

@@ -0,0 +1,24 @@
+# Use an official Node.js runtime as a parent image
+FROM node:16
+
+# Set the working directory in the container
+WORKDIR /usr/src/app
+
+# Copy package.json and package-lock.json
+COPY package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Environment variables
+ENV GITHUB_USERNAME=ucsb-seclab
+ENV GITHUB_TOKEN=<INSERT PUBLIC ACCESS TOKEN> 
+ENV PACKAGE_TYPE=container
+
+EXPOSE 80
+
+# Run the application
+CMD ["node", "api.js"]

api_server/api.js

@@ -0,0 +1,86 @@
+const { Octokit } = require("@octokit/rest");
+const fs = require('fs');
+const path = require('path');
+
+const username = process.env.GITHUB_USERNAME;
+const token = process.env.GITHUB_TOKEN;
+const packageType = process.env.PACKAGE_TYPE;
+
+const octokit = new Octokit({ auth: token });
+const data = JSON.parse(fs.readFileSync('cve-cvex.json'));
+
+/** Summary. DON'T USE. JUST DEMO: fetch JSON data for seclab images */
+async function listPackages() {
+  try {
+    const response = await octokit.request('GET /users/{username}/packages', {
+      username: username,
+      package_type: packageType 
+    });
+    console.log(response.data);
+    return response.data;
+  } catch (error) {
+    console.error(`Error fetching packages: ${error}`);
+  }
+}
+
+/**
+ * Summary. Given a container name, fetch  JSON data for image
+ * @param {string} container name of container from our ghcr.io registry
+ * @return {string} JSON-formatted data */
+async function fetchPackage(container) {
+try {
+    const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', {
+      username: username,
+      package_type: packageType,
+      package_name: container
+    });
+    console.log(response.data);
+    return response.data;
+    } catch (error) {
+        console.error(`Error fetching package: ${error}`);
+    }
+}
+
+/**
+ * Summary. Given a cve id & container type, fetch  JSON data for cvex image
+ * @param {string} cve_id name of container from our ghcr.io registry
+ * @param {string} type exploiter or target
+ * @return {string} JSON-formatted data */
+async function fetchPackageViaCveId(cve_id, type) {
+  try {
+      const name = data[cve_id]+'/'+type;
+      console.log(name);
+      const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', {
+        username: username,
+        package_type: packageType,
+        package_name: name
+      });
+      console.log(response.data); // replace with a return instead when using it
+      return response.data;
+      } catch (error) {
+          console.error(`Error fetching package: ${error}`);
+      }
+  }
+
+/** Summary. fetch ALL CVEXes in JSON format */
+async function listCvexContainers(){
+    try{
+        const prefix = "cvex";
+        const response = await octokit.request('GET /users/{username}/packages', {
+        username: username,
+        package_type: packageType
+        });
+        const packages = response.data;
+        const filteredPackages = packages.filter(pkg => pkg.name.startsWith(prefix));
+        console.log(filteredPackages);
+        return filteredPackages;
+    }catch (error) {
+        console.error(`Error fetching packages: ${error}`);
+    }
+}
+
+// testing
+// let res = fetchPackageViaCveId("CVE-2012-1823", "exploiter");
+// listCvexContainers();
+// listPackages();
+// fetchPackage("cvex-210825-010/exploiter");

api_server/cve-cvex.json

@@ -0,0 +1,12 @@
+{
+    "CVE-2012-1823": "cvex-210825-001",
+    "CVE-2019-12725": "cvex-210825-003",
+    "CVE-2019-16278": "cvex-210825-004",
+    "CVE-2014-4511": "cvex-210825-006",
+    "CVE-2018-16763": "cvex-210825-007",
+    "CVE-2015-2208": "cvex-210825-008",
+    "CVE-2017-1000486": "cvex-210825-009",
+    "CVE-2019-16662": "cvex-210825-010",
+    "CVE-2019-16663": "cvex-210825-011",
+    "CVE-2020-25952": "cvex-210825-012"
+}

api_server/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3.8'
+
+services:
+  github-api:
+    build: .
+    ports:
+      - 80:80

api_server/package.json

@@ -0,0 +1,13 @@
+{
+    "name": "gh-api-docker",
+    "version": "1.0.0",
+    "description": "A Docker container to call GitHub API",
+    "main": "api.js",
+    "scripts": {
+      "start": "node api.js"
+    },
+    "dependencies": {
+      "@octokit/rest": "^19.0.7"
+    }
+  }
+

index.md

@@ -0,0 +1,14 @@
+# Xplor CVEX - Beta
+
+Team Kruegel/Vigna/Noah
+
+### Description
+This is just a test
+
+### Tables
+
+|In-Class Exercises | 25% |
+|Homework / Projects| 20% |
+|Group Project / Presentation | 20% |
+|Midterm |            15% |
+|Final   |            20% |

legacy_cvex.md

@@ -0,0 +1,6 @@
+---
+permalink: /legacy_cvex/
+---
+
+# Group Project
+We could place legacy CVEXes created in 2020 here