Skip to content

Commit c770174

Browse files
CopilotCalinL
Copilot
and
CalinL
committed
Implement DevSecOps4 page with GHAS 4.0 features and intentional vulnerabilities
Co-authored-by: CalinL <10718943+CalinL@users.noreply.github.com>
1 parent 55dc690 commit c770174

File tree

5 files changed

+488
-3
lines changed

5 files changed

+488
-3
lines changed

src/webapp01/Pages/DevSecOps4.cshtml

Lines changed: 242 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,242 @@
1+
@page
2+
@model DevSecOps4Model
3+
@{
4+
ViewData["Title"] = "DevSecOps 4.0 - Advanced GitHub Security Demo";
5+
}
6+
7+
<div class="container">
8+
<div class="row">
9+
<div class="col-12">
10+
<h1 class="display-4 text-primary">@ViewData["Title"]</h1>
11+
<p class="lead">Explore the cutting-edge features and latest innovations in GitHub Advanced Security (GHAS)</p>
12+
<hr />
13+
</div>
14+
</div>
15+
16+
<!-- Alert for TempData messages -->
17+
@if (TempData["SecurityResult"] != null)
18+
{
19+
<div class="alert alert-info alert-dismissible fade show" role="alert">
20+
@TempData["SecurityResult"]
21+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
22+
</div>
23+
}
24+
25+
@if (TempData["SecurityError"] != null)
26+
{
27+
<div class="alert alert-danger alert-dismissible fade show" role="alert">
28+
@TempData["SecurityError"]
29+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
30+
</div>
31+
}
32+
33+
<div class="row">
34+
<!-- Main Content Area -->
35+
<div class="col-lg-8">
36+
<!-- Latest GHAS News Section -->
37+
<div class="card mb-4">
38+
<div class="card-header bg-success text-white">
39+
<h3 class="card-title mb-0">
40+
<i class="bi bi-newspaper"></i> Latest GitHub Advanced Security News
41+
</h3>
42+
</div>
43+
<div class="card-body">
44+
@if (Model.LatestNews != null && Model.LatestNews.Any())
45+
{
46+
<div class="row">
47+
@foreach (var newsItem in Model.LatestNews)
48+
{
49+
<div class="col-md-6 mb-3">
50+
<div class="card h-100 border-success">
51+
<div class="card-body">
52+
<p class="card-text">
53+
<i class="bi bi-check-circle text-success"></i> @newsItem
54+
</p>
55+
</div>
56+
</div>
57+
</div>
58+
}
59+
</div>
60+
}
61+
else
62+
{
63+
<p class="text-muted">No news available at this time.</p>
64+
}
65+
</div>
66+
</div>
67+
68+
<!-- Enhanced GHAS Features Overview -->
69+
<div class="card mb-4">
70+
<div class="card-header bg-primary text-white">
71+
<h3 class="card-title mb-0">
72+
<i class="bi bi-shield-check"></i> Advanced GHAS 4.0 Features
73+
</h3>
74+
</div>
75+
<div class="card-body">
76+
<div class="row">
77+
<div class="col-md-6">
78+
<h5><i class="bi bi-cpu"></i> AI-Powered CodeQL</h5>
79+
<p>Enhanced semantic analysis with machine learning for better vulnerability detection.</p>
80+
81+
<h5><i class="bi bi-robot"></i> Automated Remediation</h5>
82+
<p>AI-suggested fixes for detected security vulnerabilities with one-click application.</p>
83+
84+
<h5><i class="bi bi-graph-up-arrow"></i> Advanced Analytics</h5>
85+
<p>Deep insights into security trends and patterns across your organization.</p>
86+
</div>
87+
<div class="col-md-6">
88+
<h5><i class="bi bi-cloud-arrow-up"></i> Cloud Security Integration</h5>
89+
<p>Seamless integration with cloud security services and infrastructure as code scanning.</p>
90+
91+
<h5><i class="bi bi-people"></i> Team Collaboration</h5>
92+
<p>Enhanced collaboration tools for security teams with real-time notifications.</p>
93+
94+
<h5><i class="bi bi-speedometer2"></i> Performance Optimized</h5>
95+
<p>Faster scanning with reduced false positives and improved accuracy.</p>
96+
</div>
97+
</div>
98+
</div>
99+
</div>
100+
101+
<!-- Resources Section -->
102+
<div class="card mb-4">
103+
<div class="card-header bg-info text-white">
104+
<h3 class="card-title mb-0">
105+
<i class="bi bi-book"></i> GHAS 4.0 Resources
106+
</h3>
107+
</div>
108+
<div class="card-body">
109+
<div class="d-flex flex-wrap gap-2">
110+
<a href="https://docs.github.com/en/code-security/getting-started/github-security-features" class="btn btn-outline-primary btn-sm" target="_blank">
111+
<i class="bi bi-book"></i> GHAS 4.0 Documentation
112+
</a>
113+
<a href="https://github.com/github/codeql" class="btn btn-outline-secondary btn-sm" target="_blank">
114+
<i class="bi bi-github"></i> CodeQL Repository
115+
</a>
116+
<a href="https://docs.github.com/en/code-security/code-scanning" class="btn btn-outline-success btn-sm" target="_blank">
117+
<i class="bi bi-shield-check"></i> Advanced Code Scanning
118+
</a>
119+
<a href="https://docs.github.com/en/code-security/secret-scanning" class="btn btn-outline-warning btn-sm" target="_blank">
120+
<i class="bi bi-key"></i> Secret Scanning Plus
121+
</a>
122+
<a href="https://docs.github.com/en/code-security/dependabot" class="btn btn-outline-danger btn-sm" target="_blank">
123+
<i class="bi bi-layers"></i> Dependabot Advanced
124+
</a>
125+
</div>
126+
</div>
127+
</div>
128+
</div>
129+
130+
<!-- Sidebar with Demo Tools -->
131+
<div class="col-lg-4">
132+
<!-- Security Demo Section -->
133+
<div class="card mb-4">
134+
<div class="card-header bg-warning text-dark">
135+
<h4 class="card-title mb-0">
136+
<i class="bi bi-exclamation-triangle"></i> Security Demo 4.0
137+
</h4>
138+
</div>
139+
<div class="card-body">
140+
<p class="text-muted small">
141+
This page contains intentionally vulnerable code patterns for GHAS 4.0 demonstration.
142+
These vulnerabilities showcase the advanced detection capabilities of GitHub Advanced Security.
143+
</p>
144+
145+
<!-- Enhanced Security Testing Form -->
146+
<form method="post" asp-page-handler="TestSecurity" class="mt-3">
147+
<div class="mb-3">
148+
<label for="userInput" class="form-label">User Input (Log Injection Test):</label>
149+
<input type="text" class="form-control" id="userInput" name="userInput"
150+
placeholder="Enter text to test log injection..." />
151+
</div>
152+
<div class="mb-3">
153+
<label for="regexPattern" class="form-label">Regex Pattern (ReDoS Test):</label>
154+
<input type="text" class="form-control" id="regexPattern" name="regexPattern"
155+
placeholder="^(a+)+$" value="^(a+)+$" />
156+
</div>
157+
<div class="mb-3">
158+
<label for="jsonData" class="form-label">JSON Data (Deserialization Test):</label>
159+
<textarea class="form-control" id="jsonData" name="jsonData" rows="3"
160+
placeholder='{"test": "data"}'></textarea>
161+
</div>
162+
<button type="submit" class="btn btn-warning btn-sm">
163+
<i class="bi bi-play-circle"></i> Run Security Tests
164+
</button>
165+
</form>
166+
</div>
167+
</div>
168+
169+
<!-- Database Connection Demo -->
170+
<div class="card mb-4">
171+
<div class="card-header bg-danger text-white">
172+
<h4 class="card-title mb-0">
173+
<i class="bi bi-database"></i> Database Demo
174+
</h4>
175+
</div>
176+
<div class="card-body">
177+
<p class="text-muted small">
178+
Demonstrates database connection vulnerabilities for GHAS detection.
179+
</p>
180+
<form method="post" asp-page-handler="TestDatabase" class="mt-3">
181+
<button type="submit" class="btn btn-danger btn-sm">
182+
<i class="bi bi-database-check"></i> Test DB Connection
183+
</button>
184+
</form>
185+
</div>
186+
</div>
187+
188+
<!-- Statistics Card -->
189+
<div class="card">
190+
<div class="card-header bg-secondary text-white">
191+
<h4 class="card-title mb-0">
192+
<i class="bi bi-graph-up"></i> Demo Statistics
193+
</h4>
194+
</div>
195+
<div class="card-body">
196+
<div class="row text-center">
197+
<div class="col-6">
198+
<h5 class="text-primary">@Model.VulnerabilityCount</h5>
199+
<small class="text-muted">Vulnerabilities</small>
200+
</div>
201+
<div class="col-6">
202+
<h5 class="text-success">@Model.NewsCount</h5>
203+
<small class="text-muted">News Items</small>
204+
</div>
205+
</div>
206+
</div>
207+
</div>
208+
</div>
209+
</div>
210+
211+
<!-- Footer Section -->
212+
<div class="row mt-5">
213+
<div class="col-12">
214+
<div class="card bg-light">
215+
<div class="card-body text-center">
216+
<h5 class="card-title">Ready to secure your code?</h5>
217+
<p class="card-text">Start your journey with GitHub Advanced Security 4.0 today.</p>
218+
<a href="https://github.com/features/security" class="btn btn-primary" target="_blank">
219+
<i class="bi bi-shield-shaded"></i> Get Started with GHAS 4.0
220+
</a>
221+
</div>
222+
</div>
223+
</div>
224+
</div>
225+
</div>
226+
227+
<!-- Include Bootstrap Icons if not already included -->
228+
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.0/font/bootstrap-icons.css">
229+
230+
@section Scripts {
231+
<script>
232+
// Simple JavaScript for demo purposes
233+
$(document).ready(function() {
234+
console.log('DevSecOps 4.0 page loaded');
235+
236+
// Demo: Potential XSS vulnerability (for GHAS detection)
237+
var userAgent = navigator.userAgent;
238+
document.querySelector('.card-footer')?.insertAdjacentHTML('beforeend',
239+
'<small class="text-muted">User Agent: ' + userAgent + '</small>');
240+
});
241+
</script>
242+
}

0 commit comments

Comments
 (0)