Add secaudit tool for security auditing (#117)

* WIP - working version * Implement required methods
2025-06-22 04:28:05 -07:00
parent 327c801c9b
commit 000d12dc3a
14 changed files with 2696 additions and 7 deletions
--- a/test_simulation_files/auth_manager.py
+++ b/test_simulation_files/auth_manager.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import hashlib
+import pickle
+import sqlite3
+from flask import request, session
+
+class AuthenticationManager:
+    def __init__(self, db_path="users.db"):
+        # A01: Broken Access Control - No proper session management
+        self.db_path = db_path
+        self.sessions = {}  # In-memory session storage
+    def login(self, username, password):
+        '''User login with various security vulnerabilities'''
+        # A03: Injection - SQL injection vulnerability
+        conn = sqlite3.connect(self.db_path)
+        cursor = conn.cursor()
+
+        # Direct string interpolation in SQL query
+        query = f"SELECT id, password_hash FROM users WHERE username = '{username}'"
+        cursor.execute(query)
+
+        user = cursor.fetchone()
+        if not user:
+            return {"status": "failed", "message": "User not found"}
+
+        # A02: Cryptographic Failures - Weak hashing algorithm
+        password_hash = hashlib.md5(password.encode()).hexdigest()
+
+        if user[1] == password_hash:
+            # A07: Identification and Authentication Failures - Weak session generation
+            session_id = hashlib.md5(f"{username}{password}".encode()).hexdigest()
+            self.sessions[session_id] = {"user_id": user[0], "username": username}
+
+            return {"status": "success", "session_id": session_id}
+        else:
+            return {"status": "failed", "message": "Invalid password"}
+
+    def reset_password(self, email):
+        '''Password reset with security issues'''
+        # A04: Insecure Design - No rate limiting or validation
+        reset_token = hashlib.md5(email.encode()).hexdigest()
+
+        # A09: Security Logging and Monitoring Failures - No security event logging
+        # Simply returns token without any verification or logging
+        return {"reset_token": reset_token, "url": f"/reset?token={reset_token}"}
+
+    def deserialize_user_data(self, data):
+        '''Unsafe deserialization'''
+        # A08: Software and Data Integrity Failures - Insecure deserialization
+        return pickle.loads(data)
+
+    def get_user_profile(self, user_id):
+        '''Get user profile with authorization issues'''
+        # A01: Broken Access Control - No authorization check
+        conn = sqlite3.connect(self.db_path)
+        cursor = conn.cursor()
+
+        # Fetches any user profile without checking permissions
+        cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
+        return cursor.fetchone()