Hi, I wanted to deploy this application using a CICD pipeline as part of my project. I'm planning this as part of a DevSecOps pipeline which will focus on using security tools on different stages in CICD. While trying to deploy the image by using the dockerfile provided in the repo, it shows a postgressql error. Upon investigating I found that this project has multiple dependencies and running docker-compose up revealed that there are multiple containers running. Exploring the repo helped me see multiple dockerfiles present in the client and internal site folder.I'm confused seeing these multiple dockerfile and dependencies. Can someone provide me an idea or any sources of how to implement this ? I'm using gitlab for implementing my pipeline.

PS: I'm a noob.

Hey there ;-)

I played with your machine ;-) and i found some problems in the XSS exercise:

• When my browser tries to go: localhost:1337 i see that all Scripts, Images, and CSS getting 403 from the Server.
  So i investigated it a little bit.

First, you must specify a relevant tag when you're using Base docker images
https://github.com/ScaleSec/vulnado/blob/master/client/Dockerfile#L1
Pls change it to something that works and you're happy with like:
nginx:3.14-alpine.
This is what made you trouble, since every time you're taking the latest version.

Workaround(Temporary fix):

Enter to Container

sudo docker exec -it $(sudo docker ps -aqf "name=^vulnado-client") /bin/sh

and goes to

> cd /usr/share/nginx/html

Run those commands:

chmod -R a+rwx images
chmod -R a+rwx css
chmod -R a+rwx js

Now navigate to http://localhost:1337/login.html and make sure that everything is working fine!
• Check if there errors in the Inspect > Console tab in your browser.

Enjoy!

We could still demonstrate the XSS attack by making is stored in cookies. This would allow to add XSRF attack as well.