Skip to content

Commit

Permalink
🏗️ build(docker): Fix remaining PR comments
Browse files Browse the repository at this point in the history
  • Loading branch information
orazefabian committed Jun 6, 2024
1 parent e21e7fd commit dac1edf
Show file tree
Hide file tree
Showing 5 changed files with 228 additions and 196 deletions.
34 changes: 17 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,23 @@ Unguard is composed of eight microservices written in different languages that t

![Unguard Architecture](docs/images/unguard-architecture.svg)

| Service | Language | Service Account | Description |
|------------------------------------------------------------|-----------------|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| [envoy-proxy](./src/envoy-proxy) | | default | Routes to the frontend or the ad-service and also provides a vulnerable health endpoint. |
| [frontend](./src/frontend) | Node.js Express | default | Serves HTML to the user to interact with the application. |
| [ad-service](./src/ad-service) | .NET 5 | default | Provide CRUD operation for images and serves a HTML page which displays an image like an ad. |
| [microblog-service](./src/microblog-service) | Java Spring | default | Serves a REST API for the frontend and saves data into redis (explicitly calls vulnerable functions of the jackson-databind library 2.9.9). |
| [proxy-service](./src/proxy-service) | Java Spring | unguard-proxy | Serves REST API for proxying requests from frontend (vulnerable to SSRF; no sanitization on the entered URL). |
| [profile-service](./src/profile-service) | Java Spring | default | Serves REST API for updating biography information in a H2 database; vulnerable to SQL injection attacks |
| [membership-service](./src/membership-service) | .NET 7 | default | Serves REST API for updating user memberships in a MariaDB; vulnerable to SQL injection attacks |
| [like-service](./src/like-service) | PHP | default | Serves REST API for adding likes to posts using MariaDB; vulnerable to SQL injection attacks |
| [user-auth-service](./src/user-auth-service) | Node.js Express | default | Serves REST API for authenticating users with JWT tokens (vulnerable to JWT key confusion). |
| [status-service](./src/status-service) | Go | unguard-status | Serves REST API for Kubernetes deployments health, as well as a user and user role list (vulnerable to SQL injection) |
| jaeger | | default | The [Jaeger](https://www.jaegertracing.io/) stack for distributed tracing. |
| mariadb | | unguard-mariadb | Relational database that holds user and token data. |
| redis | | default | Key-value store that holds all user data (except authentication-related stuff). |
| [user-simulator](./src/user-simulator) | Node.js | default | Creates synthetic user traffic by simulating an Unguard user using a real browser. Acts as a load generator. |
| [malicious-load-generator](./src/malicious-load-generator) | | default | Malicious load generator that makes CMD, JNDI, and SQL injections. |
| Service | Language | Service Account | Description |
|------------------------------------------------------------|---------------------|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| [envoy-proxy](./src/envoy-proxy) | | default | Routes to the frontend or the ad-service and also provides a vulnerable health endpoint. |
| [frontend](./src/frontend) | Node.js Express | default | Serves HTML to the user to interact with the application. |
| [ad-service](./src/ad-service) | .NET 5 | default | Provide CRUD operation for images and serves a HTML page which displays an image like an ad. |
| [microblog-service](./src/microblog-service) | Java Spring | default | Serves a REST API for the frontend and saves data into redis (explicitly calls vulnerable functions of the jackson-databind library 2.9.9). |
| [proxy-service](./src/proxy-service) | Java Spring | unguard-proxy | Serves REST API for proxying requests from frontend (vulnerable to SSRF; no sanitization on the entered URL). |
| [profile-service](./src/profile-service) | Java Spring | default | Serves REST API for updating biography information in a H2 database; vulnerable to SQL injection attacks |
| [membership-service](./src/membership-service) | .NET 7 | default | Serves REST API for updating user memberships in a MariaDB; vulnerable to SQL injection attacks |
| [like-service](./src/like-service) | PHP | default | Serves REST API for adding likes to posts using MariaDB; vulnerable to SQL injection attacks |
| [user-auth-service](./src/user-auth-service) | Node.js Express | default | Serves REST API for authenticating users with JWT tokens (vulnerable to JWT key confusion). |
| [status-service](./src/status-service) | Go | unguard-status | Serves REST API for Kubernetes deployments health, as well as a user and user role list (vulnerable to SQL injection) |
| jaeger | | default | The [Jaeger](https://www.jaegertracing.io/) stack for distributed tracing. |
| mariadb | | unguard-mariadb | Relational database that holds user and token data. |
| redis | | default | Key-value store that holds all user data (except authentication-related stuff). |
| [user-simulator](./src/user-simulator) | Node.js (Puppeteer) | default | Creates synthetic user traffic by simulating an Unguard user using a real browser. Acts as a load generator. |
| [malicious-load-generator](./src/malicious-load-generator) | | default | Malicious load generator that makes CMD, JNDI, and SQL injections. |

## Quickstart

Expand Down
2 changes: 0 additions & 2 deletions src/user-simulator/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,7 @@ RUN apt-get update \
COPY . .

RUN npm install
RUN npm install -g tsc
RUN npm run build

#ENV FRONTEND_ADDR="unguard.kube/ui"
ENV NODE_ENV=production
CMD ["npm", "start"]
Loading

0 comments on commit dac1edf

Please sign in to comment.