Coder Social home page Coder Social logo

dash24-demo's Introduction

dash24-demo

This repository is a demo for the DASH24 workshop. It contains a sample application with an API written in Python/Flask. We use this application to show how we can find security issues in projects and fix them.

Part 0: Getting started

Bootstrap the project

  1. If not installed, install the venv module: apt-get install python3-venv
  2. Install sqlite3: apt-get install sqlite3
  3. Create a virtual environment python -mvenv venv
  4. Use the virtual environment source venv/bin/activate
  5. Install all dependencies pip install -r requirements.txt
  6. Init the database rm -f db.sqlite ; sqlite3 db.sqlite < init.sql

Start the project, invoke

python service.py

Part 1: Use the API

List all products

To list all products from the API, use

curl http://127.0.0.1:5000/api/product/list

Add a product

To add a product via the API< use

curl -H "Content-Type: application/json" -X POST --data '{"name": "<product-name>"}' http://localhost:5000/api/product/add

Use the web interface

Navigate to

Part 2: onboard the project on Datadog

  1. Navigate to your repository settings
  2. Add a secrets for DD_API_KEY and DD_APP_KEY
  • You can find the value in your terminal by clicking
  1. Navigate to https://app.datadoghq.com/ci/setup/code-analysis
  2. Create a GitHub App
  3. Create .github/workflows/datadog-sca.yml with the content from the onboarding page
  4. Create .github/workflows/datadog-static-analysis.yml with the content from the onboarding page
  5. Commit your changes and the YML files
  6. Check the actions are correctly running in your GitHub Actions
  7. You should see resutls on the Datadog page
  8. Inspect the static analysis violations and dependencies violations

Part 3: IDE and static analysis

  1. Open the IDE
  2. Open the folder that contains the code
  3. Open the service.py file and fix the violation
  4. Open the database.py and fix the violation, including the SQL violation
  5. Once all issues fixed, commit your results: git commit -m"update flask" && git push
  6. No violation should be found in Datadog for the static analysis

Part 4: Software Composition Analysis

  1. Open the datadog interface and see the violation
  2. See the new version that fixes the issue
  3. Open requirements.txt in your IDE
  4. Update the flask dependency to 3.0.3
  5. Commit your result: git commit -m"update flask" && git push
  6. See the result in your Datadog code analysis page

dash24-demo's People

Contributors

juli1 avatar

Stargazers

Gérard jourdain avatar Tara Schofield avatar

Watchers

avatar Kassen Qian avatar

Forkers

kassenq

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.