diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/_config.yml b/_config.yml new file mode 100755 index 0000000..8fb2e4b --- /dev/null +++ b/_config.yml @@ -0,0 +1,6 @@ +title: "XplorCveX" +description: "CVEX Legacy" +show_downloads: false +google_analytics: + +theme: jekyll-theme-midnight diff --git a/_layouts/DesigningSecureSoftware.epub b/_layouts/DesigningSecureSoftware.epub new file mode 100755 index 0000000..8b35734 Binary files /dev/null and b/_layouts/DesigningSecureSoftware.epub differ diff --git a/_layouts/default.html b/_layouts/default.html new file mode 100755 index 0000000..7b0203d --- /dev/null +++ b/_layouts/default.html @@ -0,0 +1,51 @@ + + + + + + +{% seo %} + + + + + + + {% include head-custom.html %} + + + + +
+ +
+
+

{{ site.title | default: site.github.repository_name }}

+

{{ site.description | default: site.github.project_tagline }}

+
+ +
+ + {{ content }} + +
+ +
+ + diff --git a/api_server/.dockerignore b/api_server/.dockerignore new file mode 100755 index 0000000..93f1361 --- /dev/null +++ b/api_server/.dockerignore @@ -0,0 +1,2 @@ +node_modules +npm-debug.log diff --git a/api_server/Dockerfile b/api_server/Dockerfile new file mode 100755 index 0000000..118cf30 --- /dev/null +++ b/api_server/Dockerfile @@ -0,0 +1,24 @@ +# Use an official Node.js runtime as a parent image +FROM node:16 + +# Set the working directory in the container +WORKDIR /usr/src/app + +# Copy package.json and package-lock.json +COPY package*.json ./ + +# Install dependencies +RUN npm install + +# Copy the rest of the application code +COPY . . + +# Environment variables +ENV GITHUB_USERNAME=ucsb-seclab +ENV GITHUB_TOKEN= +ENV PACKAGE_TYPE=container + +EXPOSE 80 + +# Run the application +CMD ["node", "api.js"] \ No newline at end of file diff --git a/api_server/api.js b/api_server/api.js new file mode 100755 index 0000000..09df7ea --- /dev/null +++ b/api_server/api.js @@ -0,0 +1,86 @@ +const { Octokit } = require("@octokit/rest"); +const fs = require('fs'); +const path = require('path'); + +const username = process.env.GITHUB_USERNAME; +const token = process.env.GITHUB_TOKEN; +const packageType = process.env.PACKAGE_TYPE; + +const octokit = new Octokit({ auth: token }); +const data = JSON.parse(fs.readFileSync('cve-cvex.json')); + +/** Summary. DON'T USE. JUST DEMO: fetch JSON data for seclab images */ +async function listPackages() { + try { + const response = await octokit.request('GET /users/{username}/packages', { + username: username, + package_type: packageType + }); + console.log(response.data); + return response.data; + } catch (error) { + console.error(`Error fetching packages: ${error}`); + } +} + +/** + * Summary. Given a container name, fetch JSON data for image + * @param {string} container name of container from our ghcr.io registry + * @return {string} JSON-formatted data */ +async function fetchPackage(container) { +try { + const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', { + username: username, + package_type: packageType, + package_name: container + }); + console.log(response.data); + return response.data; + } catch (error) { + console.error(`Error fetching package: ${error}`); + } +} + +/** + * Summary. Given a cve id & container type, fetch JSON data for cvex image + * @param {string} cve_id name of container from our ghcr.io registry + * @param {string} type exploiter or target + * @return {string} JSON-formatted data */ +async function fetchPackageViaCveId(cve_id, type) { + try { + const name = data[cve_id]+'/'+type; + console.log(name); + const response = await octokit.request('GET /users/{username}/packages/{package_type}/{package_name}', { + username: username, + package_type: packageType, + package_name: name + }); + console.log(response.data); // replace with a return instead when using it + return response.data; + } catch (error) { + console.error(`Error fetching package: ${error}`); + } + } + +/** Summary. fetch ALL CVEXes in JSON format */ +async function listCvexContainers(){ + try{ + const prefix = "cvex"; + const response = await octokit.request('GET /users/{username}/packages', { + username: username, + package_type: packageType + }); + const packages = response.data; + const filteredPackages = packages.filter(pkg => pkg.name.startsWith(prefix)); + console.log(filteredPackages); + return filteredPackages; + }catch (error) { + console.error(`Error fetching packages: ${error}`); + } +} + +// testing +// let res = fetchPackageViaCveId("CVE-2012-1823", "exploiter"); +// listCvexContainers(); +// listPackages(); +// fetchPackage("cvex-210825-010/exploiter"); diff --git a/api_server/cve-cvex.json b/api_server/cve-cvex.json new file mode 100644 index 0000000..1745d2c --- /dev/null +++ b/api_server/cve-cvex.json @@ -0,0 +1,12 @@ +{ + "CVE-2012-1823": "cvex-210825-001", + "CVE-2019-12725": "cvex-210825-003", + "CVE-2019-16278": "cvex-210825-004", + "CVE-2014-4511": "cvex-210825-006", + "CVE-2018-16763": "cvex-210825-007", + "CVE-2015-2208": "cvex-210825-008", + "CVE-2017-1000486": "cvex-210825-009", + "CVE-2019-16662": "cvex-210825-010", + "CVE-2019-16663": "cvex-210825-011", + "CVE-2020-25952": "cvex-210825-012" +} \ No newline at end of file diff --git a/api_server/docker-compose.yml b/api_server/docker-compose.yml new file mode 100755 index 0000000..372c179 --- /dev/null +++ b/api_server/docker-compose.yml @@ -0,0 +1,7 @@ +version: '3.8' + +services: + github-api: + build: . + ports: + - 80:80 diff --git a/api_server/package.json b/api_server/package.json new file mode 100755 index 0000000..3cbd676 --- /dev/null +++ b/api_server/package.json @@ -0,0 +1,13 @@ +{ + "name": "gh-api-docker", + "version": "1.0.0", + "description": "A Docker container to call GitHub API", + "main": "api.js", + "scripts": { + "start": "node api.js" + }, + "dependencies": { + "@octokit/rest": "^19.0.7" + } + } + \ No newline at end of file diff --git a/index.md b/index.md new file mode 100755 index 0000000..d364c99 --- /dev/null +++ b/index.md @@ -0,0 +1,14 @@ +# Xplor CVEX - Beta + +Team Kruegel/Vigna/Noah + +### Description +This is just a test + +### Tables + +|In-Class Exercises | 25% | +|Homework / Projects| 20% | +|Group Project / Presentation | 20% | +|Midterm | 15% | +|Final | 20% | diff --git a/legacy_cvex.md b/legacy_cvex.md new file mode 100755 index 0000000..f937f50 --- /dev/null +++ b/legacy_cvex.md @@ -0,0 +1,6 @@ +--- +permalink: /legacy_cvex/ +--- + +# Group Project +We could place legacy CVEXes created in 2020 here