Add secaudit tool for security auditing (#117)

* WIP - working version

* Implement required methods

test_simulation_files/api_endpoints.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+from flask import Flask, request, jsonify
+import os
+import subprocess
+import requests
+
+app = Flask(__name__)
+
+# A05: Security Misconfiguration - Debug mode enabled
+app.config['DEBUG'] = True
+app.config['SECRET_KEY'] = 'dev-secret-key'  # Hardcoded secret
+
+@app.route('/api/search', methods=['GET'])
+def search():
+    '''Search endpoint with multiple vulnerabilities'''
+    # A03: Injection - XSS vulnerability, no input sanitization
+    query = request.args.get('q', '')
+
+    # A03: Injection - Command injection vulnerability
+    if 'file:' in query:
+        filename = query.split('file:')[1]
+        # Direct command execution
+        result = subprocess.run(f"cat {filename}", shell=True, capture_output=True, text=True)
+        return jsonify({"result": result.stdout})
+
+    # A10: Server-Side Request Forgery (SSRF)
+    if query.startswith('http'):
+        # No validation of URL, allows internal network access
+        response = requests.get(query)
+        return jsonify({"content": response.text})
+
+    # Return search results without output encoding
+    return f"<h1>Search Results for: {query}</h1>"
+
+@app.route('/api/admin', methods=['GET'])
+def admin_panel():
+    '''Admin panel with broken access control'''
+    # A01: Broken Access Control - No authentication check
+    # Anyone can access admin functionality
+    action = request.args.get('action')
+
+    if action == 'delete_user':
+        user_id = request.args.get('user_id')
+        # Performs privileged action without authorization
+        return jsonify({"status": "User deleted", "user_id": user_id})
+
+    return jsonify({"status": "Admin panel"})
+
+@app.route('/api/upload', methods=['POST'])
+def upload_file():
+    '''File upload with security issues'''
+    # A05: Security Misconfiguration - No file type validation
+    file = request.files.get('file')
+    if file:
+        # Saves any file type to server
+        filename = file.filename
+        file.save(os.path.join('/tmp', filename))
+
+        # A03: Path traversal vulnerability
+        return jsonify({"status": "File uploaded", "path": f"/tmp/{filename}"})
+
+    return jsonify({"error": "No file provided"})
+
+# A06: Vulnerable and Outdated Components
+# Using old Flask version with known vulnerabilities (hypothetical)
+# requirements.txt: Flask==0.12.2 (known security issues)
+
+if __name__ == '__main__':
+    # A05: Security Misconfiguration - Running on all interfaces
+    app.run(host='0.0.0.0', port=5000, debug=True)

test_simulation_files/auth_manager.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import hashlib
+import pickle
+import sqlite3
+from flask import request, session
+
+class AuthenticationManager:
+    def __init__(self, db_path="users.db"):
+        # A01: Broken Access Control - No proper session management
+        self.db_path = db_path
+        self.sessions = {}  # In-memory session storage
+    def login(self, username, password):
+        '''User login with various security vulnerabilities'''
+        # A03: Injection - SQL injection vulnerability
+        conn = sqlite3.connect(self.db_path)
+        cursor = conn.cursor()
+
+        # Direct string interpolation in SQL query
+        query = f"SELECT id, password_hash FROM users WHERE username = '{username}'"
+        cursor.execute(query)
+
+        user = cursor.fetchone()
+        if not user:
+            return {"status": "failed", "message": "User not found"}
+
+        # A02: Cryptographic Failures - Weak hashing algorithm
+        password_hash = hashlib.md5(password.encode()).hexdigest()
+
+        if user[1] == password_hash:
+            # A07: Identification and Authentication Failures - Weak session generation
+            session_id = hashlib.md5(f"{username}{password}".encode()).hexdigest()
+            self.sessions[session_id] = {"user_id": user[0], "username": username}
+
+            return {"status": "success", "session_id": session_id}
+        else:
+            return {"status": "failed", "message": "Invalid password"}
+
+    def reset_password(self, email):
+        '''Password reset with security issues'''
+        # A04: Insecure Design - No rate limiting or validation
+        reset_token = hashlib.md5(email.encode()).hexdigest()
+
+        # A09: Security Logging and Monitoring Failures - No security event logging
+        # Simply returns token without any verification or logging
+        return {"reset_token": reset_token, "url": f"/reset?token={reset_token}"}
+
+    def deserialize_user_data(self, data):
+        '''Unsafe deserialization'''
+        # A08: Software and Data Integrity Failures - Insecure deserialization
+        return pickle.loads(data)
+
+    def get_user_profile(self, user_id):
+        '''Get user profile with authorization issues'''
+        # A01: Broken Access Control - No authorization check
+        conn = sqlite3.connect(self.db_path)
+        cursor = conn.cursor()
+
+        # Fetches any user profile without checking permissions
+        cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
+        return cursor.fetchone()

test_simulation_files/config.json

@@ -0,0 +1,16 @@
+{
+  "database": {
+    "host": "localhost",
+    "port": 5432,
+    "name": "testdb",
+    "ssl": true
+  },
+  "cache": {
+    "redis_url": "redis://localhost:6379",
+    "ttl": 3600
+  },
+  "logging": {
+    "level": "INFO",
+    "format": "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+  }
+}

test_simulation_files/test_module.py

@@ -0,0 +1,32 @@
+"""
+Sample Python module for testing MCP conversation continuity
+"""
+
+def fibonacci(n):
+    """Calculate fibonacci number recursively"""
+    if n <= 1:
+        return n
+    return fibonacci(n-1) + fibonacci(n-2)
+
+def factorial(n):
+    """Calculate factorial iteratively"""
+    result = 1
+    for i in range(1, n + 1):
+        result *= i
+    return result
+
+class Calculator:
+    """Simple calculator class"""
+
+    def __init__(self):
+        self.history = []
+
+    def add(self, a, b):
+        result = a + b
+        self.history.append(f"{a} + {b} = {result}")
+        return result
+
+    def multiply(self, a, b):
+        result = a * b
+        self.history.append(f"{a} * {b} = {result}")
+        return result