1+ using Microsoft . AspNetCore . Mvc ;
2+ using Microsoft . AspNetCore . Mvc . RazorPages ;
3+ using System . Text . RegularExpressions ;
4+ using Microsoft . Data . SqlClient ;
5+ using Newtonsoft . Json ;
6+ using System . Text . Json ;
7+
8+ namespace webapp01 . Pages
9+ {
10+ public class DevSecOps5Model : PageModel
11+ {
12+ private readonly ILogger < DevSecOps5Model > _logger ;
13+
14+ // INSECURE: Hardcoded database credentials for demo purposes
15+ private const string DB_CONNECTION = "Server=localhost;Database=DemoApp;User Id=admin;Password=SuperSecret123!;TrustServerCertificate=true;" ;
16+
17+ // INSECURE: API Key hardcoded for demo purposes
18+ private const string API_KEY = "sk-demo-1234567890abcdef-NEVER-USE-IN-PROD" ;
19+
20+ // INSECURE: Vulnerable regex pattern susceptible to ReDoS attacks
21+ private static readonly Regex VulnerableRegex = new Regex ( @"^(a+)+$" , RegexOptions . Compiled ) ;
22+ private static readonly Regex EmailRegex = new Regex ( @"^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$" , RegexOptions . Compiled ) ;
23+
24+ public DevSecOps5Model ( ILogger < DevSecOps5Model > logger )
25+ {
26+ _logger = logger ;
27+ }
28+
29+ public List < string > LatestGHASNews { get ; set ; } = new ( ) ;
30+ public int VulnerabilityCount { get ; set ; }
31+ public int SecretsFound { get ; set ; }
32+ public int DependenciesScanned { get ; set ; }
33+ public string SecurityScore { get ; set ; } = "C+" ;
34+
35+ public void OnGet ( )
36+ {
37+ // LOG FORGING: User input directly logged without sanitization
38+ string userAgent = Request . Headers . UserAgent . ToString ( ) ;
39+ string ipAddress = Request . HttpContext . Connection . RemoteIpAddress ? . ToString ( ) ?? "unknown" ;
40+ string userInput = Request . Query . ContainsKey ( "user" ) ? Request . Query [ "user" ] . ToString ( ) ?? "anonymous" : "anonymous" ;
41+
42+ // INSECURE: Direct user input in logs
43+ _logger . LogInformation ( $ "DevSecOps5 page accessed by user: { userInput } from IP: { ipAddress } with UserAgent: { userAgent } ") ;
44+
45+ LoadLatestGHASNews ( ) ;
46+ GenerateSecurityStats ( ) ;
47+
48+ // INSECURE: Simulate database connection with hardcoded credentials
49+ try
50+ {
51+ // Don't actually connect for demo, but log the attempt with sensitive info
52+ _logger . LogInformation ( $ "Attempting database connection to: { DB_CONNECTION } ") ;
53+ _logger . LogDebug ( $ "Using API key: { API_KEY } ") ;
54+
55+ using var connection = new SqlConnection ( DB_CONNECTION ) ;
56+ // Simulated connection - don't actually open
57+
58+ _logger . LogInformation ( "Database connection simulation completed" ) ;
59+ }
60+ catch ( Exception ex )
61+ {
62+ // LOG FORGING: Exception details with user input
63+ _logger . LogError ( $ "Database connection failed for user { userInput } : { ex . Message } ") ;
64+ }
65+
66+ // INSECURE: Test vulnerable regex patterns
67+ TestVulnerableRegex ( ) ;
68+ }
69+
70+ private void LoadLatestGHASNews ( )
71+ {
72+ LatestGHASNews = new List < string >
73+ {
74+ "GitHub Advanced Security now includes AI-powered vulnerability remediation suggestions" ,
75+ "New CodeQL 2.25 with enhanced C# and .NET analysis capabilities released" ,
76+ "Secret scanning now supports 500+ new token patterns including cloud services" ,
77+ "Dependency review with automated security updates and license compliance checking" ,
78+ "Advanced threat modeling integration with STRIDE methodology support" ,
79+ "Real-time security alerts with Slack and Microsoft Teams integration" ,
80+ "Enhanced SARIF support with custom security rule definitions" ,
81+ "Supply chain security with SBOM generation and provenance tracking"
82+ } ;
83+
84+ // INSECURE: Potential JSON deserialization vulnerability
85+ try
86+ {
87+ string jsonData = JsonConvert . SerializeObject ( LatestGHASNews ) ;
88+ // INSECURE: Deserializing without type validation
89+ var deserializedData = JsonConvert . DeserializeObject < List < string > > ( jsonData ) ;
90+
91+ _logger . LogInformation ( $ "Successfully loaded { LatestGHASNews . Count } latest GHAS news items") ;
92+ }
93+ catch ( Exception ex )
94+ {
95+ _logger . LogError ( $ "Failed to process GHAS news: { ex . Message } ") ;
96+ }
97+ }
98+
99+ private void GenerateSecurityStats ( )
100+ {
101+ // Simulate security statistics
102+ Random rand = new Random ( ) ;
103+ VulnerabilityCount = rand . Next ( 15 , 25 ) ;
104+ SecretsFound = rand . Next ( 3 , 8 ) ;
105+ DependenciesScanned = rand . Next ( 150 , 300 ) ;
106+
107+ string [ ] scores = { "A+" , "A" , "B+" , "B" , "C+" , "C" , "D" } ;
108+ SecurityScore = scores [ rand . Next ( scores . Length ) ] ;
109+
110+ _logger . LogInformation ( $ "Generated security stats - Vulnerabilities: { VulnerabilityCount } , Secrets: { SecretsFound } , Dependencies: { DependenciesScanned } , Score: { SecurityScore } ") ;
111+ }
112+
113+ private void TestVulnerableRegex ( )
114+ {
115+ // INSECURE: Testing with potentially dangerous regex patterns
116+ string testPattern = Request . Query . ContainsKey ( "pattern" ) ? Request . Query [ "pattern" ] . ToString ( ) ?? "aaa" : "aaa" ;
117+
118+ try
119+ {
120+ bool isMatch = VulnerableRegex . IsMatch ( testPattern ) ;
121+ _logger . LogInformation ( $ "Vulnerable regex test result: { isMatch } for pattern: { testPattern } ") ;
122+ }
123+ catch ( Exception ex )
124+ {
125+ // LOG FORGING: User input in error logs
126+ _logger . LogError ( $ "Regex evaluation failed for pattern: { testPattern } . Error: { ex . Message } ") ;
127+ }
128+ }
129+
130+ public IActionResult OnPostTestSql ( string sqlInput )
131+ {
132+ if ( ! string . IsNullOrEmpty ( sqlInput ) )
133+ {
134+ // INSECURE: Direct SQL input logging (potential injection vulnerability demo)
135+ _logger . LogWarning ( $ "SQL test executed: { sqlInput } ") ;
136+
137+ // INSECURE: Simulated SQL injection vulnerability
138+ string userAgent = Request . Headers . UserAgent . ToString ( ) ;
139+ string queryToExecute = $ "SELECT * FROM logs WHERE query = '{ sqlInput } ' AND user_agent = '{ userAgent } '";
140+
141+ _logger . LogInformation ( $ "Constructed query: { queryToExecute } ") ;
142+
143+ TempData [ "SecurityTest" ] = $ "SQL Query processed: { sqlInput } (Check logs for potential injection patterns)";
144+ }
145+
146+ return RedirectToPage ( ) ;
147+ }
148+
149+ public IActionResult OnPostTestRegex ( string regexPattern )
150+ {
151+ if ( ! string . IsNullOrEmpty ( regexPattern ) )
152+ {
153+ try
154+ {
155+ // INSECURE: User-provided regex pattern could cause ReDoS
156+ var userRegex = new Regex ( regexPattern , RegexOptions . Compiled ) ;
157+ string testString = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ;
158+
159+ // LOG FORGING: User input in logs
160+ _logger . LogWarning ( $ "Testing user-provided regex pattern: { regexPattern } ") ;
161+
162+ DateTime start = DateTime . Now ;
163+ bool result = userRegex . IsMatch ( testString ) ;
164+ TimeSpan duration = DateTime . Now - start ;
165+
166+ _logger . LogInformation ( $ "Regex test completed in { duration . TotalMilliseconds } ms - Result: { result } ") ;
167+
168+ TempData [ "SecurityTest" ] = $ "Regex pattern '{ regexPattern } ' processed in { duration . TotalMilliseconds : F2} ms - Result: { result } ";
169+ }
170+ catch ( Exception ex )
171+ {
172+ // LOG FORGING: Exception with user input
173+ _logger . LogError ( $ "Regex test failed for pattern '{ regexPattern } ': { ex . Message } ") ;
174+ TempData [ "SecurityTest" ] = $ "Regex test failed: { ex . Message } ";
175+ }
176+ }
177+
178+ return RedirectToPage ( ) ;
179+ }
180+ }
181+ }
0 commit comments