First commit - data import lab

.gitignore

@@ -0,0 +1,7 @@
+.DS_Store
+**.terraform*
+**tfstate
+**.tfout
+**tfstate.backup
+**go.sum
+**go.mod

README.md

@@ -1 +1,13 @@
-# cloudsec-tidbits
+# .: CloudSec Tidbits :.
+
+![cloudsectidbit-logo200](https://user-images.githubusercontent.com/77505868/196213004-2a04f023-297a-4e4b-88de-73aea747e970.png)
+
+CloudSec Tidbits is a blogpost series aiming to describe some bugs found by Doyensec during security testing activities.
+Sometimes the Cloud Infrastructure is properly configured, but the web application logic fails to use the services correctly.
+
+Each blogpost will discuss a specific vulnerability resulting from an insecure combination of web and cloud related technologies. Every article will include an Infrastructure as Code (IaC) laboratory easily deployable to play with the described case.
+
+### Available episodes:
+
+- [Tidbit #1 - The Danger of Falling to System Role in AWS SDK Client](https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html)
+

lab-dataimport/Dockerfile

@@ -0,0 +1,23 @@
+# golang:1.17-alpine base image
+FROM golang:1.17-alpine
+
+WORKDIR /app
+
+COPY app/web.go /app
+COPY app/frontend /app/frontend
+COPY app/data-storage /app/data-storage
+
+RUN go mod init challenge
+
+# tidy
+RUN go mod tidy
+
+# compile application
+RUN go build -o /app/data-import-app
+
+# god mode
+RUN chmod 777 /app/data-import-app
+
+EXPOSE 80
+
+CMD [ "/app/data-import-app" ]

lab-dataimport/README.md

@@ -0,0 +1,24 @@
+# .: IaC Lab #1 - Data Import Vulnerability Scenario :.
+
+**Brief lab description:** The deployed infrastructure will run a simple application designed to fetch and store data from AWS S3 Buckets. Can you leak the data stored within the internal infrastructure?
+
+**Blog post:** [Tidbit #1 - The Danger of Falling to System Role in AWS SDK Client](https://blog.doyensec.com/2022/10/18/cloudsectidbit-dataimport.html)
+
+
+### Requirements
+- The [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed
+- [AWS account](https://aws.amazon.com/free) and [associated credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html) that allow you to create resources
+- The [Terraform CLI](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started)  installed and [configured](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration) to work with AWS
+
+**Note:** The application runs in a container image fetched from the public Doyensec Amazon Elastic Container Registry  (ECR). The web application code is also present in this repository for an eventual local deployment.  
+
+### Deployment
+
+*Data Import lab deployment*
+
+```bash
+$ git clone https://github.com/doyensec/cloudsec-tidbits.git
+
+$ cd cloudsec-tidbits/lab-dataimport/terraform/
+$ bash deploy-dataimport-lab.sh
+```

lab-dataimport/app/frontend/assets/sticky-footer-navbar.css

@@ -0,0 +1,7 @@
+/* Custom page CSS
+-------------------------------------------------- */
+/* Not required for template or sticky footer method. */
+
+main > .container {
+  padding: 60px 15px 0;
+}

lab-dataimport/app/frontend/gallery.html

@@ -0,0 +1,118 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Data Import App - CloudSecTidbit #1</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="assets/bootstrap.min.css" rel="stylesheet">
+
+    <meta name="theme-color" content="#7952b3">
+
+    <style>
+        .bd-placeholder-img {
+            font-size: 1.125rem;
+            text-anchor: middle;
+            -webkit-user-select: none;
+            -moz-user-select: none;
+            user-select: none;
+        }
+
+        @media (min-width: 768px) {
+            .bd-placeholder-img-lg {
+                font-size: 3.5rem;
+            }
+        }
+
+        .logo_image{
+            width: 40px;
+            padding-right: 10px;
+        }
+    </style>
+</head>
+
+<body>
+    <main>
+        <div class="container py-4">
+
+            <div class="container">
+                <header class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom">
+                    <a href="/" class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none">
+
+                        <img class="logo_image" src="" />
+
+                      <span class="fs-4">Vulnerable Web Platform</span>
+                    </a>
+
+                    <ul class="nav nav-pills">
+                      <li class="nav-item"><a href="/" class="nav-link" aria-current="page">Home</a></li>
+                      <li class="nav-item"><a href="/gallery.html" class="nav-link active">Data Gallery</a></li>
+                      <li class="nav-item"><a onclick="fetch('/reset-challenge');" class="nav-link">Reset Challenge</a></li>
+                    </ul>
+                  </header>
+              </div>
+
+            <div class="p-5 mb-4 bg-light rounded-3">
+                <div class="container-fluid py-5">
+                    <h2 class="display-7 fw-bold">Data Strorage Gallery</h2>
+
+                    <br><br>
+                    <ul class="list-group" id="list">
+
+                    </ul>
+                </div>
+            </div>
+
+            <div class="row align-items-md-stretch">
+                <footer class="pt-3 mt-4 text-muted border-top">
+                    &copy; Doyensec 2022
+                </footer>
+            </div>
+    </main>
+
+    <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
+
+    <script>
+        $.ajax({
+            type: 'GET',
+            url: '/variable',
+            dataType: 'json',
+            success: function (data) {
+                let source_internal = `https://${data}.s3.amazonaws.com/public-stuff/logo.png?${Math.random()}`;
+                $(".logo_image").attr("src", source_internal);
+            },
+            error: function (jqXHR, status, err) {
+                alert("Error getting the S3 bucket name");
+            }
+        });
+    </script>
+
+    <script type="text/javascript">
+        $(window).load(function () {
+
+            $.ajax({
+                type: 'GET',
+                url: '/getListFiles',
+                dataType: 'json',
+                success: function (data) {
+                    $.each(data, function (index, element) {
+
+                        let item = `<li class="list-group-item d-flex justify-content-between align-items-center">
+                            <code><a target="_black" href="/storage/${element.file_name}">${element.file_name}</a></code>
+                            <span class="badge bg-primary rounded-pill">${element.size}</span>
+                        </li>`;
+
+                        $("#list").append(item);
+                    });
+                },
+                error: function (jqXHR, status, err) {
+                    alert("Error listing files");
+                }
+            });
+
+        });
+    </script>
+</body>
+</html>