clean

Author: joshjohanning

.devcontainer/devcontainer.json

@@ -0,0 +1,36 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/universal
+{
+  "name": "Default Linux Universal",
+  // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+  "image": "mcr.microsoft.com/devcontainers/universal:2-linux",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "github.copilot",
+        "github.copilot-chat",
+        "github.vscode-pull-request-github",
+        "github.vscode-github-actions"
+        // "eg2.vscode-npm-script",
+        // "angular.ng-template",
+        // "dbaeumer.vscode-eslint",
+        // "stylelint.vscode-stylelint"
+      ]
+    }
+  }
+
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
+
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "export NG_CLI_ANALYTICS=ci && export NG_FORCE_TTY=false && npm i -g @angular/cli && npm install && unset NG_FORCE_TTY"
+
+  // Configure tool-specific properties.
+  // "customizations": {},
+
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+  // "remoteUser": "root"
+}

.dockerignore

@@ -0,0 +1,17 @@
+.git/
+monitoring/
+node_modules/
+screenshots/
+test/
+build/reports/
+dist/
+vagrant/
+logs/
+Dockerfile
+.npmrc
+/bom.json
+/bom.xml
+
+# Pattern is *not covered* by node_modules/ above no matter what IntelliJ says!
+frontend/node_modules/
+frontend/dist/

.eslintrc.js

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
+ * SPDX-License-Identifier: MIT
+ */
+
+module.exports = {
+  extends: 'standard-with-typescript',
+  env: {
+    browser: true,
+    node: true,
+    jasmine: true,
+    mocha: true,
+    jest: true
+  },
+  globals: {
+    Atomics: 'readonly',
+    SharedArrayBuffer: 'readonly'
+  },
+  parserOptions: {
+    ecmaVersion: 2018,
+    project: './tsconfig.json'
+  },
+  ignorePatterns: [
+    '.eslintrc.js',
+    'app/private/**',
+    'vagrant/**',
+    'frontend/**',
+    'data/static/codefixes/**',
+    'dist/**'
+  ],
+  overrides: [
+    {
+      files: ['**/*.ts'],
+      parser: '@typescript-eslint/parser',
+      rules: {
+        'no-void': 'off', // conflicting with recommendation from @typescript-eslint/no-floating-promises
+        // FIXME warnings below this line need to be checked and fixed.
+        '@typescript-eslint/explicit-function-return-type': 'off',
+        '@typescript-eslint/strict-boolean-expressions': 'off',
+        '@typescript-eslint/no-var-requires': 'off'
+      }
+    }
+  ]
+}

.gitignore

@@ -0,0 +1,66 @@
+# App
+node_modules/
+juiceshop.sqlite
+order_*.pdf
+app/
+!frontend/src/app
+uploads/complaints/*.*
+!uploads/complaints/.gitkeep
+ftp/legal.md
+package-lock.json
+i18n/*.json
+i18n/*.invalid
+!frontend/src/assets/i18n/*.json
+!data/static/i18n/*.json
+data/chatbot/*.*
+!data/chatbot/.gitkeep
+/data/juiceshop.sqlite-journal
+
+# Build
+.nyc_output/
+.sass-cache/
+build/
+cache/
+dist/
+logs/
+vagrant/.vagrant/
+*.orig
+*.out
+*.log
+JSON
+JSON.map
+frontend/src/**/*.js
+/bom.json
+/bom.xml
+
+# IDEs
+.idea/
+.vscode/
+out/
+*.eml
+*.iml
+*.iws
+*.swp
+
+# Branch ghpages
+assets/
+!frontend/src/assets/
+
+# Custom configuration files
+config/*.yml
+!config/addo.yml
+!config/bodgeit.yml
+!config/ctf.yml
+!config/fbctf.yml
+!config/default.yml
+!config/juicebox.yml
+!config/quiet.yml
+!config/test.yml
+!config/7ms.yml
+!config/mozilla.yml
+!config/unsafe.yml
+!config/tutorial.yml
+!config/oss.yml
+
+# System Files
+.DS_Store

.npmrc

@@ -0,0 +1 @@
+package-lock=false

Dockerfile

@@ -0,0 +1,51 @@
+FROM node:20-buster as installer
+COPY . /juice-shop
+WORKDIR /juice-shop
+RUN npm i -g typescript ts-node
+RUN npm install --omit=dev --unsafe-perm
+RUN npm dedupe --omit=dev
+RUN rm -rf frontend/node_modules
+RUN rm -rf frontend/.angular
+RUN rm -rf frontend/src/assets
+RUN mkdir logs
+RUN chown -R 65532 logs
+RUN chgrp -R 0 ftp/ frontend/dist/ logs/ data/ i18n/
+RUN chmod -R g=u ftp/ frontend/dist/ logs/ data/ i18n/
+RUN rm data/chatbot/botDefaultTrainingData.json || true
+RUN rm ftp/legal.md || true
+RUN rm i18n/*.json || true
+
+ARG CYCLONEDX_NPM_VERSION=latest
+RUN npm install -g @cyclonedx/cyclonedx-npm@$CYCLONEDX_NPM_VERSION
+RUN npm run sbom
+
+# workaround for libxmljs startup error
+FROM node:20-buster as libxmljs-builder
+WORKDIR /juice-shop
+RUN apt-get update && apt-get install -y build-essential python3
+COPY --from=installer /juice-shop/node_modules ./node_modules
+RUN rm -rf node_modules/libxmljs/build && \
+  cd node_modules/libxmljs && \
+  npm run build
+
+FROM gcr.io/distroless/nodejs20-debian11
+ARG BUILD_DATE
+ARG VCS_REF
+LABEL maintainer="Bjoern Kimminich <[email protected]>" \
+    org.opencontainers.image.title="OWASP Juice Shop" \
+    org.opencontainers.image.description="Probably the most modern and sophisticated insecure web application" \
+    org.opencontainers.image.authors="Bjoern Kimminich <[email protected]>" \
+    org.opencontainers.image.vendor="Open Worldwide Application Security Project" \
+    org.opencontainers.image.documentation="https://help.owasp-juice.shop" \
+    org.opencontainers.image.licenses="MIT" \
+    org.opencontainers.image.version="17.1.0" \
+    org.opencontainers.image.url="https://owasp-juice.shop" \
+    org.opencontainers.image.source="https://github.com/juice-shop/juice-shop" \
+    org.opencontainers.image.revision=$VCS_REF \
+    org.opencontainers.image.created=$BUILD_DATE
+WORKDIR /juice-shop
+COPY --from=installer --chown=65532:0 /juice-shop .
+COPY --chown=65532:0 --from=libxmljs-builder /juice-shop/node_modules/libxmljs ./node_modules/libxmljs
+USER 65532
+EXPOSE 3000
+CMD ["/juice-shop/build/app.js"]

Gruntfile.js

@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
+ * SPDX-License-Identifier: MIT
+ */
+
+'use strict'
+
+module.exports = function (grunt) {
+  const os = grunt.option('os') || process.env.PCKG_OS_NAME || ''
+  const platform = grunt.option('platform') || process.env.PCKG_CPU_ARCH || ''
+  const node = grunt.option('node') || process.env.nodejs_version || process.env.PCKG_NODE_VERSION || ''
+
+  grunt.initConfig({
+    pkg: grunt.file.readJSON('package.json'),
+
+    replace_json: {
+      manifest: {
+        src: 'package.json',
+        changes: {
+          'engines.node': (node || '<%= pkg.engines.node %>'),
+          os: (os ? [os] : '<%= pkg.os %>'),
+          cpu: (platform ? [platform] : '<%= pkg.cpu %>')
+        }
+      }
+    },
+
+    compress: {
+      pckg: {
+        options: {
+          mode: os === 'linux' ? 'tgz' : 'zip',
+          archive: 'dist/<%= pkg.name %>-<%= pkg.version %>' + (node ? ('_node' + node) : '') + (os ? ('_' + os) : '') + (platform ? ('_' + platform) : '') + (os === 'linux' ? '.tgz' : '.zip')
+        },
+        files: [
+          {
+            src: [
+              '.well-known/**',
+              'LICENSE',
+              '*.md',
+              'package.json',
+              'ctf.key',
+              'swagger.yml',
+              'server.ts',
+              'config.schema.yml',
+              'build/**',
+              '!build/reports/**',
+              'bom.json',
+              'bom.xml',
+              'config/*.yml',
+              'data/*.ts',
+              'data/static/**',
+              'data/chatbot/.gitkeep',
+              'encryptionkeys/**',
+              'frontend/dist/frontend/**',
+              'frontend/dist/bom/**',
+              'frontend/src/**/*.ts',
+              'ftp/**',
+              'i18n/.gitkeep',
+              'lib/**',
+              'models/*.ts',
+              'node_modules/**',
+              'routes/*.ts',
+              'uploads/complaints/.gitkeep',
+              'views/**'
+            ],
+            dest: 'juice-shop_<%= pkg.version %>/'
+          }
+        ]
+      }
+    }
+  })
+
+  grunt.registerTask('checksum', 'Create .md5 checksum files', function () {
+    const fs = require('fs')
+    const crypto = require('crypto')
+    fs.readdirSync('dist/').forEach(file => {
+      const buffer = fs.readFileSync('dist/' + file)
+      const md5 = crypto.createHash('md5')
+      md5.update(buffer)
+      const md5Hash = md5.digest('hex')
+      const md5FileName = 'dist/' + file + '.md5'
+      grunt.file.write(md5FileName, md5Hash)
+      grunt.log.write(`Checksum ${md5Hash} written to file ${md5FileName}.`).verbose.write('...').ok()
+      grunt.log.writeln()
+    })
+  })
+
+  grunt.loadNpmTasks('grunt-replace-json')
+  grunt.loadNpmTasks('grunt-contrib-compress')
+  grunt.registerTask('package', ['replace_json:manifest', 'compress:pckg', 'checksum'])
+}

LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.