SC 110: Finding Security Issues with Codacy (15 pts)
What You Need
- Any device with a Web browser
Make a Github Account
In a Web browser, go to https://github.com/
Create an account and log in.
Forking the OWASP Juice Shop Core
This is a deliberately vulnerable codebase from OWASP.
Instead of forking the original
code from OWASP, which may be changing, you'll copy my
version, which is frozen in the state the code was on
Mar 3, 2024.
In a Web browser, go to https://github.com/sambowne/juice-shop-orig
At the top right, click the drop-down arrow
next to "Fork". Click "Create a new fork",
as shown below.
![](SC110-13.png)
On the "Create a new fork" page,
change the Repository name to
juice-shop-working, and,
at the bottom right,
click the "Create fork" button,
as shown below.
![](SC110-14.png)
Make a Codacy Account
In a Web browser, go to https://www.codacy.com/
At the top right, click the
"Start free" button.
On the next page, click the
GitHub button,
as shown below.
![](SC110-1.png)
Log in to Github if you are prompted to.
When you see it, click the green
"Authorize Codacy Production"
button.
If you see a box saying "Welcone to your organizations page!",
close it.
In the Organizations page,
at the bottom, click
"Install and authorize Codacy",
as shown below,
![](SC110-16.png)
On the "Install & Authorize" page.
at the bottom,
click
the "Install & Authorize"
button,
as shown below.
![](SC110-17.png)
In the Organizations page, in the box
with your Github account name,
click Add,
as shown below.
![](SC110-18.png)
Click your Github account name.
Adding the juice-shop-working Repository
In the "Manage repositories" box,
on the "juice-shop-working" line,
click Add,
as shown below.
![](SC110-19.png)
The "Add" message changes to
"Go to repository".
Click
"Go to repository".
Codacy analyzes the code,
as shown below.
![](SC110-20.png)
Viewing Security Issues
When the analysis is done,
you see an overview page showing
a number of issues at the bottom.
as shown below.
When I did it, there were
236 issues, but you may see a different
number.
![](SC110-21.png)
On the left side, click
Security.
In the middle, click the
blue "Explore the dashboard now"
button.
In the "Security and risk management"
page, in the Total box,
click the Review button,
as shown below.
![](SC110-22.png)
A list of security issues appears,
as shown below.
![](SC110-23.png)
At the top left,
click Severity and check
the Critical box,
as shown above.
Click Apply.
Flag SC 110.1: Critical Issue (15 pts)
The flag is
covered by a green
rectangle in the image below.
![](SC110-24.png)
|
References
OWASP Juice Shop Github
Posted 2-26-24