bendehaan
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/main.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 8 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 4 additions & 5 deletions b/‎Dockerfile‎
Lines changed: 4 additions & 5 deletions
diff --git a/‎Dockerfile-improved‎
Lines changed: 3 additions & 3 deletions b/‎Dockerfile-improved‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎LICENSE‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 9 additions & 0 deletions b/‎README.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎brute.py‎
Lines changed: 0 additions & 1 deletion b/‎brute.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎csp.txt‎
Lines changed: 1 addition & 2 deletions b/‎csp.txt‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎db.py‎
Lines changed: 0 additions & 1 deletion b/‎db.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎db_init.py‎
Lines changed: 23 additions & 18 deletions b/‎db_init.py‎
Lines changed: 23 additions & 18 deletions
@@ -31,4 +31,3 @@ jobs:
             sed -E 's/.*"v([^"]+)".*/\1/' \
             )
           docker run --rm goodwithtech/dockle:v${DOCKLE_LATEST} benno001/problematic-project:latest
-        
@@ -0,0 +1,8 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks.git
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-merge-conflict
+      - id: check-yaml
+      - id: end-of-file-fixer
@@ -1,7 +1,6 @@
-FROM python:3.7-buster
+FROM python:3.14
 
-RUN apt-get update -y
-RUN apt-get upgrade -y
+RUN apt-get update
 RUN apt-get install -y build-essential
 
 WORKDIR /usr/src/app
@@ -14,6 +13,6 @@ COPY . .
 
 RUN "python" "db_init.py"
 
-EXPOSE 5000
+EXPOSE 8080
 
-CMD [ "python", "./vulpy.py" ]
+CMD [ "python", "./vulpy.py" ]
@@ -1,4 +1,4 @@
-FROM python:3.7-alpine3.11
+FROM python:3.14-alpine
 
 RUN apk update && apk add gcc musl-dev python3-dev libffi-dev openssl-dev --no-cache
 
@@ -18,6 +18,6 @@ RUN "python" "db_init.py"
 
 USER nobody
 
-EXPOSE 5000
+EXPOSE 8080
 
-CMD [ "python", "./vulpy.py" ]
+CMD [ "python", "./vulpy.py" ]
@@ -21,4 +21,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.
@@ -5,3 +5,12 @@ Contains bad Python code with weak configuration settings, a sub-standard Docker
 _**Don't run this thing in production.**_ 🙄
 
 Based on the vulnerable Python webapp [Vulpy](https://github.com/fportantier/vulpy/) created by F. Portantier.
+
+## Installing dependencies
+
+`uv sync`
+
+## Running the application
+
+1. `uv run python db_init.py`
+2. `uv run python ./vulpy.py`
@@ -22,4 +22,3 @@
     if result.returncode == 0:
         print("cracked! user: {} password: {}".format(username, password))
         break
-
@@ -13,8 +13,7 @@
 #img-src 'self' https://www.python.org;
 
 #style-src 'self';
-#style-src 'self' 'unsafe-inline'; 
+#style-src 'self' 'unsafe-inline';
 
 #style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
 #font-src https://fonts.gstatic.com;
-
@@ -24,4 +24,3 @@ def db_init():
 
 if __name__ == '__main__':
     db_init()
-
@@ -4,47 +4,52 @@
 import sqlite3
 
 
-def db_init_users():
+def set_wal_mode(db_path):
+    conn = sqlite3.connect(db_path)
+    conn.execute("PRAGMA journal_mode=WAL")
+    conn.close()
 
-    users = [
-        ('admin', 'SuperSecret'),
-        ('elliot', '123123123'),
-        ('tim', '12345678')
-    ]
 
-    conn = sqlite3.connect('db_users.sqlite')
+def db_init_users():
+    db_path = "db_users.sqlite"
+    users = [("admin", "SuperSecret"), ("elliot", "123123123"), ("tim", "12345678")]
+    set_wal_mode(db_path)
+    conn = sqlite3.connect(db_path)
     c = conn.cursor()
-    c.execute("CREATE TABLE users (username text, password text, failures int, mfa_enabled int, mfa_secret text)")
+    c.execute(
+        "CREATE TABLE users (username text, password text, failures int, mfa_enabled int, mfa_secret text)"
+    )
 
-    for u,p in users:
-        c.execute("INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')" %(u, p, 0, 0, ''))
+    for u, p in users:
+        c.execute(
+            "INSERT INTO users (username, password, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%d', '%d', '%s')"
+            % (u, p, 0, 0, "")
+        )
 
     conn.commit()
     conn.close()
 
 
 def db_init_posts():
-
-    conn = sqlite3.connect('db_posts.sqlite')
+    db_path = "db_posts.sqlite"
+    set_wal_mode(db_path)
+    conn = sqlite3.connect(db_path)
     c = conn.cursor()
     c.execute("CREATE TABLE posts (date date, username text, text text)")
 
     conn.commit()
     conn.close()
 
 
-if __name__ == '__main__':
-
+if __name__ == "__main__":
     try:
-        os.remove('db_users.sqlite')
+        os.remove("db_users.sqlite")
     except FileNotFoundError:
         pass
 
     try:
-        os.remove('db_posts.sqlite')
+        os.remove("db_posts.sqlite")
     except FileNotFoundError:
         pass
-
     db_init_users()
     db_init_posts()
-
Original file line number	Diff line number	Diff line change
`@@ -31,4 +31,3 @@ jobs:`
`31`	`31`	`sed -E 's/."v([^"]+)"./\1/' \`
`32`	`32`	`)`
`33`	`33`	`docker run --rm goodwithtech/dockle:v${DOCKLE_LATEST} benno001/problematic-project:latest`
`34`		`-`
Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,3 @@ def db_init():`
`24`	`24`
`25`	`25`	`if __name__ == '__main__':`
`26`	`26`	`db_init()`
`27`		`-`