SC 110: Finding Security Issues with Codacy (15 pts)

What You Need

Make a Github Account

In a Web browser, go to https://github.com/

Create an account and log in.

Forking the OWASP Juice Shop Core

This is a deliberately vulnerable codebase from OWASP. Instead of forking the original code from OWASP, which may be changing, you'll copy my version, which is frozen in the state the code was on Mar 3, 2024.

In a Web browser, go to https://github.com/sambowne/juice-shop-orig

At the top right, click the drop-down arrow next to "Fork". Click "Create a new fork", as shown below.

On the "Create a new fork" page, change the Repository name to juice-shop-working, and, at the bottom right, click the "Create fork" button, as shown below.

Make a Codacy Account

In a Web browser, go to https://www.codacy.com/

At the top right, click the "Start free" button.

On the next page, click the GitHub button, as shown below.

Log in to Github if you are prompted to.

When you see it, click the green "Authorize Codacy Production" button.

If you see a box saying "Welcone to your organizations page!", close it.

In the Organizations page, at the bottom, click "Install and authorize Codacy", as shown below,

On the "Install & Authorize" page. at the bottom, click the "Install & Authorize" button, as shown below.

In the Organizations page, in the box with your Github account name, click Add, as shown below.

Click your Github account name.

Adding the juice-shop-working Repository

In the "Manage repositories" box, on the "juice-shop-working" line, click Add, as shown below.

The "Add" message changes to "Go to repository". Click "Go to repository".

Codacy analyzes the code, as shown below.

Viewing Security Issues

When the analysis is done, you see an overview page showing a number of issues at the bottom. as shown below.

When I did it, there were 236 issues, but you may see a different number.

On the left side, click Security.

In the middle, click the blue "Explore the dashboard now" button.

In the "Security and risk management" page, in the Total box, click the Review button, as shown below.

A list of security issues appears, as shown below.

At the top left, click Severity and check the Critical box, as shown above.

Click Apply.

Flag SC 110.1: Critical Issue (15 pts)

The flag is covered by a green rectangle in the image below.

References

OWASP Juice Shop Github

Posted 2-26-24