Add Admin Permission

Aif4thah · Aug 28, 2024 · cbde3af · cbde3af
1 parent 9097331
commit cbde3af
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 18 deletions.
diff --git a/Identity/VLAIdentity.cs b/Identity/VLAIdentity.cs
@@ -4,6 +4,7 @@
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Cryptography;
+using Newtonsoft.Json.Linq;
 
 
 namespace VulnerableWebApplication.VLAIdentity
@@ -31,6 +32,7 @@ public static async Task<object> VulnerableQuery(string User, string Passwd)
             Authentifie les utilisateurs par login et mot de passe, et renvoie un token JWT si l'authentification a réussi
             */
 
+            bool IsAdmin = false;
             SHA256 Sha256Hash = SHA256.Create();
             byte[] Bytes = Sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(Passwd));
             StringBuilder stringbuilder = new StringBuilder();
@@ -39,12 +41,13 @@ public static async Task<object> VulnerableQuery(string User, string Passwd)
 
             VLAController.VLAController.VulnerableLogs("login attempt for:\n" + User + "\n" + Passwd + "\n", LogFile);
             var DataSet = VLAModel.Data.GetDataSet();
-            var Result = DataSet.Tables[0].Select("Passwd = '" + Hash + "' and User = '" + User + "'");
+            var Result = DataSet.Tables[0].Select("Passwd = '" + Hash + "' and User = '" + User + "'");            
+            if( DataSet.Tables[0].Select("User = '" + User.Replace("'", "''") + "' and IsAdmin = 1" ).Length > 0) IsAdmin = true;
 
-            return Result.Length > 0 ? Results.Ok(VulnerableGenerateToken(User)) : Results.Unauthorized();
+            return Result.Length > 0 ? Results.Ok(VulnerableGenerateToken(User, IsAdmin)) : Results.Unauthorized();
         }
 
-        public static string VulnerableGenerateToken(string User)
+        public static string VulnerableGenerateToken(string User, bool IsAdmin)
         {
             /*
             Retourne un token JWT signé pour l'utilisateur passé en paramètre
@@ -53,7 +56,7 @@ Retourne un token JWT signé pour l'utilisateur passé en paramètre
             var Key = Encoding.ASCII.GetBytes(Secret);
             var TokenDescriptor = new SecurityTokenDescriptor
             {
-                Subject = new ClaimsIdentity(new[] { new Claim("Id", User) }),
+                Subject = new ClaimsIdentity(new[] { new Claim("Id", User), new Claim("IsAdmin", IsAdmin.ToString()) }),
                 Expires = DateTime.UtcNow.AddDays(365),
                 SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Key), SecurityAlgorithms.HmacSha256Signature)
             };
@@ -93,5 +96,47 @@ Vérifie la validité du token JWT passé en paramètre
 
             return Result;
         }
+
+        public static bool VulnerableAdminValidateToken(string Token, string Secret)
+        {
+            /*
+            Vérifie la validité du token ADMIN passé en paramètre
+            */
+            var TokenHandler = new JwtSecurityTokenHandler();
+            var Key = Encoding.ASCII.GetBytes(Secret);
+            bool Result = false;
+            Token = Token.Substring("Bearer ".Length);
+
+            try
+            {
+                var JwtSecurityToken = TokenHandler.ReadJwtToken(Token);
+                if (JwtSecurityToken.Header.Alg == "HS256" || JwtSecurityToken.Header.Typ == "JWT")
+                {
+                    TokenHandler.ValidateToken(Token, new TokenValidationParameters
+                    {
+                        ValidateIssuerSigningKey = true,
+                        IssuerSigningKey = new SymmetricSecurityKey(Key),
+                        ValidateIssuer = false,
+                        ValidateAudience = false,
+                        ValidateLifetime = true,
+                    }, out SecurityToken validatedToken);
+
+                    var JwtToken = (JwtSecurityToken)validatedToken;
+                    var claims = JwtToken.Claims;
+
+                    var isAdminClaim = claims.FirstOrDefault(c => c.Type == "IsAdmin");
+                    Console.WriteLine(isAdminClaim.Value);
+                    if (isAdminClaim.Value.Contains("True")) Result = true;
+                }
+            }
+            catch (Exception e) { Result = false; }
+
+
+
+
+            return Result;
+        }
+
+
     }
 }
diff --git a/MidlWare/MidlWare.cs b/MidlWare/MidlWare.cs
@@ -52,11 +52,19 @@ Authentifie les utilisateurs
             }
 
             string authHeader = context.Request.Headers["Authorization"];
+
             if (authHeader.IsNullOrEmpty() || !VLAIdentity.VLAIdentity.VulnerableValidateToken(authHeader, configuration["Secret"]))
             {
                 context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                 return;
             }
+
+            if (path.StartsWith("/Patch", StringComparison.OrdinalIgnoreCase) && (authHeader.IsNullOrEmpty() || !VLAIdentity.VLAIdentity.VulnerableAdminValidateToken(authHeader, configuration["Secret"])) )
+            {
+                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                return;
+            }
+
             await _next(context);
         }
     }

diff --git a/Model/Model.cs b/Model/Model.cs
@@ -42,19 +42,20 @@ Contenu de la BDD relationnelle (Utilisateurs)
             DataTable table = new DataTable();
             table.Columns.Add("User", typeof(string));
             table.Columns.Add("Passwd", typeof(string));
-            table.Rows.Add("root", "ce5ca673d13b36118d54a7cf13aeb0ca012383bf771e713421b4d1fd841f539a");
-            table.Rows.Add("admin", "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a444");
-            table.Rows.Add("User", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
-            table.Rows.Add("Alice", "9b510b4af0d9b121f68d5a3400975047cbf38f963963b4c7510842d9d6310e7f");
-            table.Rows.Add("Bob", "aed8f2deab14c36eeaa6d9c5c07ac6b586a74c18015dff9ac1cd0fc320f107b2");
-            table.Rows.Add("Charlie", "99cdaf24cef97271760d72f0552ff18bb0c53e47d272cc1b3aa2c8b4e7d71b22");
-            table.Rows.Add("Diana", "c27ab3e46131d5e15819aa5c919dca2c7d449a13a1293c9963e1a9d6181b51ac");
-            table.Rows.Add("Edward", "3b179a52471e65a043a6c2b2dc1cb703165e2f94a8d4d3818b35eb278f730111");
-            table.Rows.Add("Fiona", "31b6273952ff5ef238f5ef544a212eb434813782a279de537bf8c02ccc07fa08");
-            table.Rows.Add("George", "27730420c3b86d8eb76e568be4e9279f69d5b00d625c2f0742d260ed9cc2ec26");
-            table.Rows.Add("Hannah", "dc8fd3ef67d7031e81a8e2d088aceb430972e4ad03bfccafd063b5729ca0a139");
-            table.Rows.Add("Ian", "0964e66cc96ed16adb6364caf1d0c80f80b91c9bf49aed3ffc0e51bca4dc0567");
-            table.Rows.Add("Julia", "69ccc763a7a99e5ef616c760e8dcc90a96491cfd15ec84d61fbbf222474a9b3d");
+            table.Columns.Add("IsAdmin", typeof(int));
+            table.Rows.Add("User", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", 0);
+            table.Rows.Add("root", "ce5ca673d13b36118d54a7cf13aeb0ca012383bf771e713421b4d1fd841f539a", 1);
+            table.Rows.Add("admin", "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a444", 1);
+            table.Rows.Add("Alice", "9b510b4af0d9b121f68d5a3400975047cbf38f963963b4c7510842d9d6310e7f", 0);
+            table.Rows.Add("Bob", "aed8f2deab14c36eeaa6d9c5c07ac6b586a74c18015dff9ac1cd0fc320f107b2", 0);
+            table.Rows.Add("Charlie", "99cdaf24cef97271760d72f0552ff18bb0c53e47d272cc1b3aa2c8b4e7d71b22", 0);
+            table.Rows.Add("Diana", "c27ab3e46131d5e15819aa5c919dca2c7d449a13a1293c9963e1a9d6181b51ac", 0);
+            table.Rows.Add("Edward", "3b179a52471e65a043a6c2b2dc1cb703165e2f94a8d4d3818b35eb278f730111",0);
+            table.Rows.Add("Fiona", "31b6273952ff5ef238f5ef544a212eb434813782a279de537bf8c02ccc07fa08", 0);
+            table.Rows.Add("George", "27730420c3b86d8eb76e568be4e9279f69d5b00d625c2f0742d260ed9cc2ec26", 0);
+            table.Rows.Add("Hannah", "dc8fd3ef67d7031e81a8e2d088aceb430972e4ad03bfccafd063b5729ca0a139", 0);
+            table.Rows.Add("Ian", "0964e66cc96ed16adb6364caf1d0c80f80b91c9bf49aed3ffc0e51bca4dc0567", 0);
+            table.Rows.Add("Julia", "69ccc763a7a99e5ef616c760e8dcc90a96491cfd15ec84d61fbbf222474a9b3d", 0);
             var DataSet = new DataSet();
             DataSet.Tables.Add(table);
             return DataSet;

diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@
 | CWE-287 | Improper Authentication | Medium |
 | CWE-319 | Cleartext Transmission of Sensitive Information | Easy |
 | CWE-326 | Inadequate Encryption Strength | Easy |
-| CWE-434 | Unrestricted Upload of File with Dangerous Type | Medium |
+| CWE-434 | Unrestricted Upload of File with Dangerous Type | Hard |
 | CWE-502 | Deserialization of Untrusted Data | Hard |
 | CWE-521 | Weak Password Requirements | Easy |
 | CWE-532 | Insertion of Sensitive Information into Log File | Easy |