Skip to content

Commit 9c23ae1

Browse files
CopilotCalinL
Copilot
and
CalinL
committed
Add DevSecOps2 page with extended security vulnerability demonstrations
Co-authored-by: CalinL <10718943+CalinL@users.noreply.github.com>
1 parent 64c1d22 commit 9c23ae1

File tree

4 files changed

+474
-0
lines changed

4 files changed

+474
-0
lines changed

src/webapp01/Pages/DevSecOps.cshtml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,9 @@
139139
<a href="https://docs.github.com/en/code-security/secret-scanning" class="btn btn-outline-warning btn-sm" target="_blank">
140140
<i class="bi bi-key"></i> Secret Scanning
141141
</a>
142+
<a asp-page="/DevSecOps2" class="btn btn-outline-danger btn-sm">
143+
<i class="bi bi-arrow-right"></i> Advanced Demo
144+
</a>
142145
</div>
143146
</div>
144147
</div>

src/webapp01/Pages/DevSecOps2.cshtml

Lines changed: 252 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,252 @@
1+
@page
2+
@model DevSecOps2Model
3+
@{
4+
ViewData["Title"] = "Advanced DevSecOps Security Demonstrations";
5+
}
6+
7+
<div class="container">
8+
<div class="row">
9+
<div class="col-12">
10+
<h1 class="display-4 text-danger">@ViewData["Title"]</h1>
11+
<p class="lead">Extended security vulnerability demonstrations for GitHub Advanced Security scanning</p>
12+
<hr />
13+
</div>
14+
</div>
15+
16+
<!-- Alert for TempData messages -->
17+
@if (TempData["SqlResult"] != null)
18+
{
19+
<div class="alert alert-info alert-dismissible fade show" role="alert">
20+
@TempData["SqlResult"]
21+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
22+
</div>
23+
}
24+
25+
@if (TempData["SqlError"] != null)
26+
{
27+
<div class="alert alert-danger alert-dismissible fade show" role="alert">
28+
@TempData["SqlError"]
29+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
30+
</div>
31+
}
32+
33+
<div class="row">
34+
<!-- Extended GHAS Features Section -->
35+
<div class="col-lg-8">
36+
<div class="card mb-4">
37+
<div class="card-header bg-danger text-white">
38+
<h3 class="card-title mb-0">
39+
<i class="bi bi-bug"></i> Advanced Security Vulnerabilities Demo
40+
</h3>
41+
</div>
42+
<div class="card-body">
43+
@if (Model.SecurityDemos.Any())
44+
{
45+
<div class="list-group list-group-flush">
46+
@foreach (var demo in Model.SecurityDemos)
47+
{
48+
<div class="list-group-item d-flex align-items-start">
49+
<span class="badge bg-danger rounded-pill me-3 mt-1">VULN</span>
50+
<div>
51+
<p class="mb-1">@demo</p>
52+
<small class="text-muted">Detected by GHAS Code Scanning</small>
53+
</div>
54+
</div>
55+
}
56+
</div>
57+
}
58+
else
59+
{
60+
<p class="text-muted">No vulnerability demonstrations available.</p>
61+
}
62+
</div>
63+
</div>
64+
65+
<!-- Security Tools Overview -->
66+
<div class="card mb-4">
67+
<div class="card-header bg-secondary text-white">
68+
<h3 class="card-title mb-0">Extended GHAS Capabilities</h3>
69+
</div>
70+
<div class="card-body">
71+
<div class="row">
72+
<div class="col-md-6">
73+
<h5><i class="bi bi-shield-exclamation"></i> Advanced Code Analysis</h5>
74+
<p>Deep semantic analysis with custom CodeQL queries for complex vulnerability patterns.</p>
75+
76+
<h5><i class="bi bi-database-exclamation"></i> SQL Injection Detection</h5>
77+
<p>Automated detection of SQL injection vulnerabilities in database queries.</p>
78+
</div>
79+
<div class="col-md-6">
80+
<h5><i class="bi bi-file-earmark-code"></i> Custom Security Rules</h5>
81+
<p>Organization-specific security policies and custom vulnerability detection rules.</p>
82+
83+
<h5><i class="bi bi-cloud-upload"></i> Supply Chain Security</h5>
84+
<p>Comprehensive dependency vulnerability tracking and remediation guidance.</p>
85+
</div>
86+
</div>
87+
</div>
88+
</div>
89+
90+
<!-- Security Metrics -->
91+
<div class="card mb-4">
92+
<div class="card-header bg-info text-white">
93+
<h3 class="card-title mb-0">Security Metrics Dashboard</h3>
94+
</div>
95+
<div class="card-body">
96+
<div class="row text-center">
97+
<div class="col-md-3">
98+
<h4 class="text-danger">@Model.VulnerabilityCount</h4>
99+
<small class="text-muted">Critical Vulnerabilities</small>
100+
</div>
101+
<div class="col-md-3">
102+
<h4 class="text-warning">@Model.SecretCount</h4>
103+
<small class="text-muted">Exposed Secrets</small>
104+
</div>
105+
<div class="col-md-3">
106+
<h4 class="text-primary">@Model.DependencyCount</h4>
107+
<small class="text-muted">Vulnerable Dependencies</small>
108+
</div>
109+
<div class="col-md-3">
110+
<h4 class="text-success">@Model.FixedCount</h4>
111+
<small class="text-muted">Issues Resolved</small>
112+
</div>
113+
</div>
114+
</div>
115+
</div>
116+
</div>
117+
118+
<!-- Advanced Security Demo Tools -->
119+
<div class="col-lg-4">
120+
<!-- SQL Injection Demo Section -->
121+
<div class="card mb-4">
122+
<div class="card-header bg-danger text-white">
123+
<h4 class="card-title mb-0">
124+
<i class="bi bi-database-exclamation"></i> SQL Injection Demo
125+
</h4>
126+
</div>
127+
<div class="card-body">
128+
<p class="text-muted small">
129+
This form demonstrates SQL injection vulnerabilities that should be detected by GHAS.
130+
<strong>DO NOT use in production!</strong>
131+
</p>
132+
133+
<!-- SQL Injection Testing Form -->
134+
<form method="post" asp-page-handler="TestSql" class="mt-3">
135+
<div class="mb-3">
136+
<label for="username" class="form-label">Username Search:</label>
137+
<input type="text" class="form-control" id="username" name="username"
138+
placeholder="Enter username" value="admin">
139+
<div class="form-text text-danger">
140+
⚠️ This query is vulnerable to SQL injection attacks.
141+
</div>
142+
</div>
143+
<button type="submit" class="btn btn-danger btn-sm">
144+
<i class="bi bi-search"></i> Search User
145+
</button>
146+
</form>
147+
</div>
148+
</div>
149+
150+
<!-- CSRF Demo Section -->
151+
<div class="card mb-4">
152+
<div class="card-header bg-warning text-dark">
153+
<h4 class="card-title mb-0">
154+
<i class="bi bi-shield-slash"></i> CSRF Demo
155+
</h4>
156+
</div>
157+
<div class="card-body">
158+
<p class="text-muted small">
159+
This form lacks CSRF protection, demonstrating a common security vulnerability.
160+
</p>
161+
162+
<!-- CSRF Vulnerable Form -->
163+
<form method="post" asp-page-handler="UnsafeAction" class="mt-3">
164+
<div class="mb-3">
165+
<label for="action" class="form-label">Action:</label>
166+
<select class="form-control" id="action" name="action">
167+
<option value="view">View Data</option>
168+
<option value="delete">Delete Record</option>
169+
<option value="update">Update Settings</option>
170+
</select>
171+
</div>
172+
<button type="submit" class="btn btn-warning btn-sm">
173+
<i class="bi bi-play"></i> Execute
174+
</button>
175+
</form>
176+
</div>
177+
</div>
178+
179+
<!-- Advanced Resources -->
180+
<div class="card">
181+
<div class="card-header bg-dark text-white">
182+
<h4 class="card-title mb-0">Advanced Resources</h4>
183+
</div>
184+
<div class="card-body">
185+
<div class="d-grid gap-2">
186+
<a href="https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system" class="btn btn-outline-primary btn-sm" target="_blank">
187+
<i class="bi bi-gear"></i> CodeQL CI Integration
188+
</a>
189+
<a href="https://docs.github.com/en/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning" class="btn btn-outline-secondary btn-sm" target="_blank">
190+
<i class="bi bi-key"></i> Custom Secret Patterns
191+
</a>
192+
<a href="https://docs.github.com/en/code-security/dependabot" class="btn btn-outline-success btn-sm" target="_blank">
193+
<i class="bi bi-arrow-repeat"></i> Dependabot Configuration
194+
</a>
195+
<a href="https://docs.github.com/en/code-security/security-advisories" class="btn btn-outline-info btn-sm" target="_blank">
196+
<i class="bi bi-exclamation-triangle"></i> Security Advisories
197+
</a>
198+
<a asp-page="/DevSecOps" class="btn btn-outline-primary btn-sm">
199+
<i class="bi bi-arrow-left"></i> Basic Demo
200+
</a>
201+
</div>
202+
</div>
203+
</div>
204+
</div>
205+
</div>
206+
207+
<!-- Extended Footer Section -->
208+
<div class="row mt-5">
209+
<div class="col-12">
210+
<div class="alert alert-danger" role="alert">
211+
<h5 class="alert-heading">
212+
<i class="bi bi-exclamation-triangle-fill"></i> Security Warning:
213+
</h5>
214+
<p>
215+
This page contains <strong>intentionally vulnerable code</strong> designed for GitHub Advanced Security
216+
demonstrations. The vulnerabilities include SQL injection, CSRF, hardcoded credentials,
217+
and insecure data handling patterns.
218+
</p>
219+
<hr>
220+
<p class="mb-0">
221+
<strong>Never deploy this code to production!</strong> Use it only for learning and testing
222+
GHAS capabilities in a secure, isolated environment.
223+
</p>
224+
</div>
225+
</div>
226+
</div>
227+
</div>
228+
229+
@section Scripts {
230+
<script>
231+
// Auto-dismiss alerts after 6 seconds
232+
setTimeout(function() {
233+
const alerts = document.querySelectorAll('.alert-dismissible');
234+
alerts.forEach(alert => {
235+
const bsAlert = new bootstrap.Alert(alert);
236+
bsAlert.close();
237+
});
238+
}, 6000);
239+
240+
// Add warning confirmation for dangerous actions
241+
document.addEventListener('DOMContentLoaded', function() {
242+
const dangerousForms = document.querySelectorAll('form[asp-page-handler="UnsafeAction"], form[asp-page-handler="TestSql"]');
243+
dangerousForms.forEach(form => {
244+
form.addEventListener('submit', function(e) {
245+
if (!confirm('This action demonstrates a security vulnerability. Continue for demo purposes?')) {
246+
e.preventDefault();
247+
}
248+
});
249+
});
250+
});
251+
</script>
252+
}

0 commit comments

Comments
 (0)