Make a Github Account
In a Web browser, go to https://github.com/Create an account and log in.
Forking the OWASP Juice Shop Core
This is a deliberately vulnerable codebase from OWASP. Instead of forking the original code from OWASP, which may be changing, you'll copy my version, which is frozen in the state the code was on Mar 3, 2024.In a Web browser, go to https://github.com/sambowne/juice-shop-orig
At the top right, click the drop-down arrow next to "Fork". Click "Create a new fork", as shown below.
On the "Create a new fork" page, change the Repository name to juice-shop-working, and, at the bottom right, click the "Create fork" button, as shown below.
On the right, click the "Sign in with GitHub" button.
Log in to Github if you are prompted to.
When you see it, click the green "Authorize semgrep-app" button.
On the "Let's start with your oganization" page, click the blue "Create new oganization" button. as shown below.
A command appears. Execute that command on your system. It will look something like this:
SEMGREP_APP_TOKEN=1bca664ffbcccccccccccccccccccccccccccc6aceba semgrep login
Installing GitExecute these commands on your system:
git clone https://github.com/sambowne/juice-shop-orig.git
cd juice-shop-orig
semgrep ci
There are 19 findings in five categories, as shown below.
Flag SC 120.1: Generic Secret (15 pts)
Semgrep finds a "Generic Secret". Examine that code.The flag is covered by a green rectangle in the image below.
Posted 2-26-24