completely ridiculous API (crAPI)

Related tags

Testing crAPI
Overview

crAPI

completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.

crAPI is modern, built on top of a microservices architecture. When time has come to buy your first car, sign up for an account and start your journey. To know more about crAPI, please check crAPI's overview.

QuickStart Guide

Docker

You'll need to have Docker installed and running on your host system. After having crAPI running, you may want to remove unnecessary docker images left behind.

  1. Clone crAPI repository
    $ git clone [REPOSITORY-URL]
    
  2. Build all docker images
    $ deploy/docker/build-all.sh
    
  3. Start crAPI
    $ docker-compose -f deploy/docker/docker-compose.yml --compatibility up -d
    
  4. Visit http://localhost:8888

Note: All emails are sent to mailhog service by default and can be checked on http://localhost:8025 You can change the smtp configuration if required however all emails with domain example.com will still go to mailhog.

If you would like to deploy on kubernetes we have sample k8s configs already created. Check the setup instructions for more details.

Vagrant

This option allows you to run crAPI within a virtual machine, thus isolated from your system. You'll need to have Vagrant and, for example VirtualBox installed.

  1. Clone crAPI repository
    $ git clone [REPOSITORY-URL]
    
  2. Start crAPI Virtual Machine
    $ cd deploy/vagrant && vagrant up
    
  3. Visit http://192.168.33.20

Note: All emails are sent to mailhog service and can be checked on http://192.168.33.20:8025

Once you're done playing with crAPI, you can remove it completely from your system running the following command from the repository root directory

$ cd deploy/vagrant && vagrant destroy

Copyright (c) 2020 "Traceable AI". All rights reserved.

Comments
  • crapi-web  Container

    crapi-web Container "f6e54027f4ea" is unhealthy

    Hello, I run crAPI in the Ubuntu18.04, but when I run the command "docker-compose -f docker-compose.yml --compatibility up -d", it report the error: "ERROR: for crapi-web Container "f6e54027f4ea" is unhealthy. " the logs is: Can't open /.keys/jwks.json for reading, No such file or directory 139965617173696:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/.keys/jwks.json','rb') 139965617173696:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: Can't open /.keys/jwks.json for reading, No such file or directory 139712569619648:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/.keys/jwks.json','rb') 139712569619648:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: Can't open /.keys/jwks.json for reading, No such file or directory 140523683042496:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/.keys/jwks.json','rb') 140523683042496:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: Can't open /.keys/jwks.json for reading, No such file or directory 139945362683072:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/.keys/jwks.json','rb') 139945362683072:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:

    bug 
    opened by mo718 16
  • ERROR: Invalid interpolation format for

    ERROR: Invalid interpolation format for "crapi-identity" option in service "services": "crapi/crapi-identity:${VERSION:-latest}"

    ERROR: Invalid interpolation format for "crapi-identity" option in service "services": "crapi/crapi-identity:${VERSION:-latest}"

    curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
    
    docker-compose pull
    
    docker-compose -f docker-compose.yml --compatibility up -d
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  6013  100  6013    0     0   6919      0 --:--:-- --:--:-- --:--:--  6911
    /home/hunter/.local/lib/python3.9/site-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.9) or chardet (3.0.4) doesn't match a supported version!
      warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
    ERROR: Invalid interpolation format for "crapi-identity" option in service "services": "crapi/crapi-identity:${VERSION:-latest}"
    /home/hunter/.local/lib/python3.9/site-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.9) or chardet (3.0.4) doesn't match a supported version!
      warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
    ERROR: Invalid interpolation format for "crapi-identity" option in service "services": "crapi/crapi-identity:${VERSION:-latest}"
    
    bug hacktoberfest 
    opened by re4sonzy 13
  • Unable to create docker image and vagrant vm (kali)

    Unable to create docker image and vagrant vm (kali)

    when i use docker to create the image show me an error "docker container is unhealthy". in vagrant I can not enter to the crAPI application only to mailhog in port (8025).

    bug 
    opened by guzzisec 9
  • Added troubleshooting doc for general issues faced while installing and running crAPI

    Added troubleshooting doc for general issues faced while installing and running crAPI

    Refers to this issue: #117

    Description

    Please include a summary of the change, motivation and context.

    Testing

    Please describe the tests that you ran to verify your changes. Please summarize what did you test and what needs to be tested e.g. deployed and tested the service locally.

    Documentation

    Make sure that you have documented corresponding changes in this repository.

    Checklist:

    • [x] My changes generate no new warnings
    • [x] I have added tests that prove my fix is effective or that my feature works
    • [x] Any dependent changes have been merged
    • [x] I have documented any changes if required in the docs.
    opened by sanket-mundra 7
  • ERROR: An HTTP request took too long to complete, consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).

    ERROR: An HTTP request took too long to complete, consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).


    1. Describe the bug == A clear and concise description of what the bug is == . Running docker-compose command always crashes my Amazon AWS EC2 server!

    • July 2022

    • Amazon AWS EC2: Ubuntu 22.04 LTS

    • crapi-identity container memory: 512M

    $ export COMPOSE_HTTP_TIMEOUT=120;
    
    $ printenv | grep COM
    COMPOSE_HTTP_TIMEOUT=120
    

    . Then starting docker-compose always crashes my Amazon AWS EC2 server. Also it still complains that my current COMPOSE_HTTP_TIMEOUT value is 60 seconds even though I have set it to 120 seconds.

    $ sudo docker-compose -f docker-compose.yml --compatibility up -d
    
    Starting postgresdb ... done
    Starting mongodb    ... done
    Starting mailhog    ... done
    Recreating crapi-identity ... done
    
    # ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
    # If you encounter this issue regularly because of slow network conditions,
    # consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).
    
    --- Server ALWAYS crash here! ---
    

    How do I properly set my COMPOSE_HTTP_TIMEOUT value. Do I need to run a certain command to update my export command, before running docker-compose?


    2. To Reproduce == Steps to reproduce the behavior. If applicable, add screenshots to help explain your problem. ==

    # Amazon AWS EC2: Ubuntu 22.04 LTS
    
    $ sudo ufw status
    Status: inactive
    
    $ curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
    
    $ sudo docker-compose pull
    
    # Quote from a different ticket:
    "Issue fixed by increasing the memory for the 'crapi-identity' block in 'docker-compose.yml' to be 512M, from 256M."
    
    $ nano docker-compose.yml
    
    $ export COMPOSE_HTTP_TIMEOUT=120;
    
    $ printenv | grep COMPOSE
    COMPOSE_HTTP_TIMEOUT=120
    

    .

    $ sudo docker-compose -f docker-compose.yml --compatibility up -d
    
    Starting postgresdb ... done
    Starting mongodb    ... done
    Starting mailhog    ... done
    Recreating crapi-identity ... done
    
    # ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
    # If you encounter this issue regularly because of slow network conditions,
    # consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).
    

    3. Expected behavior == A clear and concise description of what you expected to happen. == . I'm expecting the COMPOSE_HTTP_TIMEOUT value to be 120 seconds in the ERROR message before the Amazon AWS EC2 server crashes.

    # ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
    # If you encounter this issue regularly because of slow network conditions,
    # consider setting COMPOSE_HTTP_TIMEOUT to a higher value (current value: 60).
    

    4. Runtime Environment == Sytem/Environemnt information (e.g Output of docker -v and uname -a) ==

    $ docker -v
    Docker version 20.10.17, build 100c701
    
    $ uname -a
    Linux ip-xxx-xx-xx-xxx 5.15.0-1015-aws
    #19-Ubuntu SMP Wed Jun 22 17:44:56 UTC 2022
    x86_64 x86_64 x86_64 GNU/Linux
    
    bug hacktoberfest 
    opened by mrbiggleswirth 7
  • docker-compose fails to start

    docker-compose fails to start

    running the docker compose command as listed in the readme results in the following:

    docker-compose -f deploy/docker/docker-compose.yml --compatibility up -d
    [+] Running 3/4
     ⠿ Container mailhog         Running                                                                 0.0s
     ⠿ Container postgresdb      Healthy                                                                 1.1s
     ⠿ Container mongodb         Healthy                                                                 1.1s
     ⠿ Container crapi-identity  Waiting                                                                13.6s
    container for service "crapi-identity" is unhealthy
    

    OS information: Arch linux kernel 5.15.36-1-lts Docker Compose version 2.4.1 Docker version 20.10.14, build a224086349

    I ran docker-compose without -d, and got the following output:

    crapi-identity   | 2022-04-29 19:20:33.521  INFO 7 --- [           main] com.crapi.CRAPIBootApplication           : Starting CRAPIBootApplication v1.0-SNAPSHOT on 8e8201870c71 with PID 7 (/app/user-microservices-1.0-SNAPSHOT.jar started by root in /)
    crapi-identity   | 2022-04-29 19:20:33.536  INFO 7 --- [           main] com.crapi.CRAPIBootApplication           : No active profile set, falling back to default profiles: default
    crapi-identity   | Killed
    container for service "crapi-identity" is unhealthy
    crapi-identity exited with code 137
    

    Based on my research, 137 is the out of memory killer, which is very strange because I have 32 GB of ram, and there is no noticable change before or during the docker-compose up process.

    I'm happy to help troubleshoot, but I'm not sure where to look.

    opened by haicenhacks 7
  • OAS Specification

    OAS Specification

    Hello, would it be possible to please provide an OAS or Swagger specification for the APIs in /crAPI/blob/develop/services/web/src/constants/APIConstant.js?

    This would help in deploying and managing the APIs in this project with an API gateway.

    opened by ehog 7
  • Monitoring for crAPI (Issue 118)

    Monitoring for crAPI (Issue 118)

    Monitoring for crAPI

    Description

    #Issue118 https://github.com/OWASP/crAPI/issues/118 Provide an easy way to set up crAPI along with monitoring setup. For example, with Kubernetes setup, I should be able to monitor golden signals for my Kubernetes setup with Kube-state metrics.

    Way to deploy an application with Prometheus and Grafana. The user should be able to create a Grafana dashboard out of the infra metrics from crAPI. We can also provide a dashboard template.

    opened by drraghavendra 6
  • Unable to connect to webserver

    Unable to connect to webserver

    Hi,

    I followed the instructions to clone the repository, the docker install then run it in docker but I am unable to connect to the web server on port 8888.

    I can connect to the mail client on port 8025.

    I've run netstat -antp and port 8888 is listening but when I try and connect either using firefox or curl the connection is refused.

    opened by g78 6
  •  Add a way to demonstrate insufficient logging and monitoring vulnerabilities in crAPI (ISSUE 123)

    Add a way to demonstrate insufficient logging and monitoring vulnerabilities in crAPI (ISSUE 123)

    Description

    Please include a summary of the change, motivation and context.

    ISSUE 123 Add a way to demonstrate insufficient logging and monitoring vulnerabilities in crAPI

    opened by drraghavendra 5
  • Document explaining architecture of crAPI

    Document explaining architecture of crAPI

    Is your feature request related to a problem? Please describe. We need a clear and concise document that has an architecture diagram for crAPI and explain architecture and caveats.

    Describe the solution you'd like Separate architecture diagram and document linked to README.

    documentation enhancement hacktoberfest 
    opened by JBAhire 5
  • docker-compose pull => ConnectionRefusedError

    docker-compose pull => ConnectionRefusedError

    Describe the bug I get this error message and I can't use docker-compose -f docker-compose.yml --compatibility up -d

    To Reproduce Type in your terminal: sudo curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml

    and then: sudo docker-compose pull

    I've updated everything.

    The full Message:

    └─$ sudo docker-compose pull
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 704, in urlopen
        httplib_response = self._make_request(
      File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 399, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/usr/lib/python3.10/http/client.py", line 1282, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
        self.send(msg)
      File "/usr/lib/python3.10/http/client.py", line 975, in send
        self.connect()
      File "/usr/lib/python3/dist-packages/docker/transport/unixconn.py", line 30, in connect
        sock.connect(self.unix_socket)
    ConnectionRefusedError: [Errno 111] Connection refused
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/requests/adapters.py", line 489, in send
        resp = conn.urlopen(
      File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 788, in urlopen
        retries = retries.increment(
      File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 550, in increment
        raise six.reraise(type(error), error, _stacktrace)
      File "/usr/lib/python3/dist-packages/six.py", line 718, in reraise
        raise value.with_traceback(tb)
      File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 704, in urlopen
        httplib_response = self._make_request(
      File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 399, in _make_request
        conn.request(method, url, **httplib_request_kw)
      File "/usr/lib/python3.10/http/client.py", line 1282, in request
        self._send_request(method, url, body, headers, encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
        self.endheaders(body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
      File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
        self.send(msg)
      File "/usr/lib/python3.10/http/client.py", line 975, in send
        self.connect()
      File "/usr/lib/python3/dist-packages/docker/transport/unixconn.py", line 30, in connect
        sock.connect(self.unix_socket)
    urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/docker/api/client.py", line 214, in _retrieve_server_version
        return self.version(api_version=False)["ApiVersion"]
      File "/usr/lib/python3/dist-packages/docker/api/daemon.py", line 181, in version
        return self._result(self._get(url), json=True)
      File "/usr/lib/python3/dist-packages/docker/utils/decorators.py", line 46, in inner
        return f(self, *args, **kwargs)
      File "/usr/lib/python3/dist-packages/docker/api/client.py", line 237, in _get
        return self.get(url, **self._set_request_timeout(kwargs))
      File "/usr/lib/python3/dist-packages/requests/sessions.py", line 600, in get
        return self.request("GET", url, **kwargs)
      File "/usr/lib/python3/dist-packages/requests/sessions.py", line 587, in request
        resp = self.send(prep, **send_kwargs)
      File "/usr/lib/python3/dist-packages/requests/sessions.py", line 701, in send
        r = adapter.send(request, **kwargs)
      File "/usr/lib/python3/dist-packages/requests/adapters.py", line 547, in send
        raise ConnectionError(err, request=request)
    requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "/usr/bin/docker-compose", line 33, in <module>
        sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
      File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
        command_func()
      File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 200, in perform_command
        project = project_from_options('.', options)
      File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 60, in project_from_options
        return get_project(
      File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 152, in get_project
        client = get_client(
      File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 41, in get_client
        client = docker_client(
      File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 170, in docker_client
        client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
      File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in __init__
        self._version = self._retrieve_server_version()
      File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version
        raise DockerException(
    docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', ConnectionRefusedError(111, 'Connection refused'))
    
    bug 
    opened by Fady969 2
  • ERROR: for crapi-web  Container

    ERROR: for crapi-web Container "8054b214c1ec" is unhealthy.

    I'm pulling the latest docker images in Kali-Linux then running: docker-compose -f docker-compose.yml --compatibility up -d I receive the following response:

    ERROR: for crapi-web  Container "8054b214c1ec" is unhealthy.
    ERROR: Encountered errors while bringing up the project.
    

    Logs:

     sudo docker logs 8054b214c1ec
    Creating test database for alias 'default'...
    Creating test database for alias 'mongodb'...
    root         ERROR    /workshop/api/mechanic/signup - {'name': 'MechRaju', 'email': '[email protected]', 'mechanic_code': 'TRAC_MEC_3', 'number': '9123456708'} - 400 -{'password': [ErrorDetail(string='This field is required.', code='required')]}
    django.request WARNING  Bad Request: /workshop/api/mechanic/signup
    .django.request WARNING  Bad Request: /workshop/api/mechanic/signup
    .django.request WARNING  Bad Request: /workshop/api/mechanic/signup
    .django.request WARNING  Unauthorized: /workshop/api/mechanic/
    django.request WARNING  Unauthorized: /workshop/api/mechanic/
    .django.request WARNING  Unauthorized: /workshop/api/mechanic/
    ..root         ERROR    /workshop/api/merchant/contact_mechanic - {'mechanic_api': 'https://www.google.com', 'number_of_repeats': 5, 'mechanic_code': 'TRAC_MEC_3', 'vin': '9NFXO86WBWA082766', 'problem_details': 'My Car is not working'} - 400 -{'repeat_request_if_failed': [ErrorDetail(string='This field is required.', code='required')]}
    django.request WARNING  Bad Request: /workshop/api/merchant/contact_mechanic
    .root         INFO     Repeat count: 0
    root         INFO     Got a valid response at repeat count: 0
    .django.request ERROR    Service Unavailable: /workshop/api/merchant/contact_mechanic
    ..root         INFO     Repeat count: 0
    root         INFO     Repeat count: 1
    root         INFO     Repeat count: 2
    root         INFO     Repeat count: 3
    root         INFO     Repeat count: 4
    root         INFO     Repeat count: 5
    django.request WARNING  Not Found: /workshop/api/merchant/contact_mechanic
    .django.request WARNING  Bad Request: /workshop/api/shop/apply_coupon
    ProductTest  INFO     {'message': 'TRAC100 Coupon code is already claimed by you!! Please try with another coupon code'}
    .root         ERROR    /workshop/api/shop/apply_coupon - {'coupon_code': 'TRAC105', 'amount': 75} - 400 -Coupon matching query does not exist.
    django.request WARNING  Bad Request: /workshop/api/shop/apply_coupon
    ProductTest  INFO     {'message': 'Coupon not found'}
    .django.request WARNING  Bad Request: /workshop/api/shop/apply_coupon
    ProductTest  INFO     {'message': '9123456708 Coupon code is already claimed by you!! Please try with another coupon code'}
    .ProductTest  INFO     {'credit': 175.0, 'message': 'Coupon successfully applied!'}
    .
    ----------------------------------------------------------------------
    Ran 15 tests in 141.909s
    
    OK
    Destroying test database for alias 'default'...
    Destroying test database for alias 'mongodb'...
    This version of djongo does not support "NULL, NOT NULL column validation check" fully. Visit https://www.patreon.com/nesdis
    This version of djongo does not support "schema validation using CONSTRAINT" fully. Visit https://www.patreon.com/nesdis
    This version of djongo does not support "schema validation using KEY" fully. Visit https://www.patreon.com/nesdis
    This version of djongo does not support "schema validation using REFERENCES" fully. Visit https://www.patreon.com/nesdis
    This version of djongo does not support "COLUMN DROP NOT NULL " fully. Visit https://www.patreon.com/nesdis
    This version of djongo does not support "DROP CASCADE" fully. Visit https://www.patreon.com/nesdis
    System check identified no issues (0 silenced).
    Operations to perform:
      Apply all migrations: user
    Running migrations:
      Applying user.0001_initial... FAKED
    Operations to perform:
      Apply all migrations: crapi
    Running migrations:
      Applying crapi.0001_initial... OK
    Operations to perform:
      Apply all migrations: db
    Running migrations:
      Applying db.0001_initial... OK
    django.utils.autoreload INFO     Watching for file changes with StatReloader
    
    
    bug 
    opened by mhmd-git 0
  • Passwordvalidation RegEx requires symbols.

    Passwordvalidation RegEx requires symbols.

    In signup the validationmessage for passwords says "Password should contain at least one digit, one small letter and one capital letter and should at least contain 8 characters." but the RegEx requires one of #$@!%&*?

    bug 
    opened by Ctrlanton 1
  • Challenge #13 : SQL Injection

    Challenge #13 : SQL Injection

    image

    Challenge 12 and 13 are somewhat related to each other. NoSQL Injection can be cracked “manually” on /community/api/v2/coupon/validate-coupon - {"coupon_code":"TRAC075"} on this endpoint. The same endpoint cant have SQL injection attack, because the table will be a part of NoSQL DB. (for coupons) How can the same endpoint be used for SQL injection, if a different column of the same table (For Challenge 12) will be updated to redeem an already claimed Coupon, and the table is NoSQL based....

    enhancement 
    opened by rallapallinagarjun 1
  • [Snyk] Upgrade prop-types from 15.7.2 to 15.8.1

    [Snyk] Upgrade prop-types from 15.7.2 to 15.8.1

    Snyk has created this PR to upgrade prop-types from 15.7.2 to 15.8.1.

    merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


    • The recommended version is 2 versions ahead of your current version.
    • The recommended version was released 9 months ago, on 2022-01-05.

    The recommended version fixes:

    Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Improper Input Validation
    SNYK-JS-URLPARSE-2407770 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Arbitrary Code Injection
    SNYK-JS-SERIALIZEJAVASCRIPT-570062 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
    SNYK-JS-OBJECTPATH-1585658 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
    SNYK-JS-OBJECTPATH-1017036 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
    SNYK-JS-NODEFORGE-598677 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Remote Memory Exposure
    SNYK-JS-DNSPACKET-1293563 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
    SNYK-JS-ASYNC-2441827 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
    SNYK-JS-YARGSPARSER-560381 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass Through User-Controlled Key
    SNYK-JS-URLPARSE-2412697 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass
    SNYK-JS-URLPARSE-2407759 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Access Restriction Bypass
    SNYK-JS-URLPARSE-2401205 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Open Redirect
    SNYK-JS-URLPARSE-1533425 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Improper Input Validation
    SNYK-JS-URLPARSE-1078283 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Denial of Service (DoS)
    SNYK-JS-SOCKJS-575261 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
    SNYK-JS-OBJECTPATH-1569453 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
    SNYK-JS-FOLLOWREDIRECTS-2332181 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
    SNYK-JS-EVENTSOURCE-2823375 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
    SNYK-JS-FOLLOWREDIRECTS-2396346 | 512/1000
    Why? Proof of Concept exploit, CVSS 8.1 | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Release notes
    Package name: prop-types
    • 15.8.1 - 2022-01-05
      • [Fix] fix crash when a custom propType return lacks .data; call hasOwnProperty properly (#370)
      • [meta] Fix formatting in CHANGELOG.md (#367)
      • [Tests] add missing test coverage (#370)
      • [Tests] convert normal it functions to arrow functions (#370)
      • [Tests] do not fail fast; add react 17 (#366)
      • [Dev Deps] update eslint
    • 15.8.0 - 2021-12-22
      • [New] add PropTypes.bigint (#365)
      • [New] oneOfType: Add expected types to warning (#198)
      • [New] Add type check for validator for 'shape' and 'exact' (#234)
      • [Fix] checkPropTypes: Friendlier message when using a type checker that is not a function (#51)
      • [Refactor] extract has (#261, #125, #124)
      • [readme] Fix branch name (master -> main) (#364)
      • [readme] Clarify usage of elementType (#335)
      • [docs] highlighted the func name (#321)
      • [docs] Typo fix in example (#300)
      • [docs] Add instructions for intentional inclusion of validation in production. (#262)
      • [docs] PropTypes.node: add link to react docs
      • [docs] Improve wording for checkPropTypes (#258)
      • [meta] Add a package sideEffects field. (#350)
      • [meta] use in-publish to avoid running the build on install
      • [deps] regenerate yarn.lock
      • [deps] update react-is (#347, #346, #345, #340, #338)
      • [eslint] enable some rules (#360)
      • [Tests] Use GH Actions (#363)
      • [Tests] Fix spelling (#318)
      • [Tests] Fixed typo: 'Any type should accept any value' (#281)
      • [Tests] fix broken tests; test the build process
      • [Dev Deps] update browserify, bundle-collapser, eslint, in-publish, react, uglifyify, uglifyjs
    • 15.7.2 - 2019-02-13

      v15.7.2

    from prop-types GitHub release notes

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

    For more information:

    🧐 View latest project report

    🛠 Adjust upgrade PR settings

    🔕 Ignore this dependency or unsubscribe from future upgrade PRs

    opened by snyk-bot 0
  • Added grpc protos and apis for community endpoints

    Added grpc protos and apis for community endpoints

    Description

    Partly Enhances #110 , added protobuf and defined rpc services

    Test

    Added buf.yaml to check for correct syntax for protobufs.

    Checklist:

    • [x] My changes generate no new warnings
    • [x] I have added tests that prove my fix is effective or that my feature works
    • [x] Any dependent changes have been merged
    • [x] I have documented any changes if required in the docs.
    opened by dhruv-singhal-github 0
Releases(v1.1.2)
  • v1.1.2(May 27, 2022)

  • v1.1.1(May 27, 2022)

    Added helm charts Updated docs

    What's Changed

    • build-docker-images by @piyushroshan in https://github.com/OWASP/crAPI/pull/21
    • CI workflow setup by @piyushroshan in https://github.com/OWASP/crAPI/pull/25
    • Fix tags syntax by @piyushroshan in https://github.com/OWASP/crAPI/pull/26
    • Fix workflow push condition by @piyushroshan in https://github.com/OWASP/crAPI/pull/27
    • Push condition workflow fix by @piyushroshan in https://github.com/OWASP/crAPI/pull/28
    • Removed mention of Traceable from Web and Workshop Services by @mathew-jose in https://github.com/OWASP/crAPI/pull/23
    • Removed mentions of Traceable from the source code by @Ph4t3 in https://github.com/OWASP/crAPI/pull/22
    • Correct indentation fixing workflow issues by @piyushroshan in https://github.com/OWASP/crAPI/pull/34
    • Modified docker configs to support ARM builds by @Ph4t3 in https://github.com/OWASP/crAPI/pull/20
    • Batch Files To Deploy Docker on Windows Machine by @mathew-jose in https://github.com/OWASP/crAPI/pull/19
    • Docker compose support variables for different release by @piyushroshan in https://github.com/OWASP/crAPI/pull/37
    • Change pull_request docker login condition by @piyushroshan in https://github.com/OWASP/crAPI/pull/40
    • Retrieval Of Orders Bug by @mathew-jose in https://github.com/OWASP/crAPI/pull/38
    • Added Heap memory limit for crapi-identity java application by @Ph4t3 in https://github.com/OWASP/crAPI/pull/36
    • Update readme by @piyushroshan in https://github.com/OWASP/crAPI/pull/43
    • Update CI branch refs by @piyushroshan in https://github.com/OWASP/crAPI/pull/44
    • Workflow merge fix by @piyushroshan in https://github.com/OWASP/crAPI/pull/45
    • refactoring: upgrade Vagrant box to ubuntu jammy by @PauloASilva in https://github.com/OWASP/crAPI/pull/42
    • chore: adds contributing guidelines, code of conduct, PR and issue templates by @JBAhire in https://github.com/OWASP/crAPI/pull/46
    • Modify Templates: Pull Request and Issues by @piyushroshan in https://github.com/OWASP/crAPI/pull/48
    • Max File Size Limit for Video Files by @mathew-jose in https://github.com/OWASP/crAPI/pull/47
    • Load built images in docker by @piyushroshan in https://github.com/OWASP/crAPI/pull/51
    • Run Postman Collection Once All Docker Images are built by @mathew-jose in https://github.com/OWASP/crAPI/pull/50
    • Dynamic Ports for Identity, Community and Workshop services by @mathew-jose in https://github.com/OWASP/crAPI/pull/49
    • Version Variable for Windows by @mathew-jose in https://github.com/OWASP/crAPI/pull/53
    • Increased memory limit for crapi-identity container by @willmccardell in https://github.com/OWASP/crAPI/pull/57
    • Openapi Spec Added by @Ph4t3 in https://github.com/OWASP/crAPI/pull/58
    • Update Vagrant to use prebuilt images and fix db versions by @piyushroshan in https://github.com/OWASP/crAPI/pull/59
    • Update latest tag on main merge by @piyushroshan in https://github.com/OWASP/crAPI/pull/60
    • Release created -> published by @piyushroshan in https://github.com/OWASP/crAPI/pull/62
    • Minor fixes by @piyushroshan in https://github.com/OWASP/crAPI/pull/61
    • Docs update by @piyushroshan in https://github.com/OWASP/crAPI/pull/63
    • Docs update 1 by @piyushroshan in https://github.com/OWASP/crAPI/pull/64
    • Docs update by @piyushroshan in https://github.com/OWASP/crAPI/pull/65
    • Docs links by @piyushroshan in https://github.com/OWASP/crAPI/pull/66
    • Add helm charts by @piyushroshan in https://github.com/OWASP/crAPI/pull/69
    • Docs revision by @piyushroshan in https://github.com/OWASP/crAPI/pull/71

    New Contributors

    • @mathew-jose made their first contribution in https://github.com/OWASP/crAPI/pull/23
    • @Ph4t3 made their first contribution in https://github.com/OWASP/crAPI/pull/22
    • @JBAhire made their first contribution in https://github.com/OWASP/crAPI/pull/46
    • @willmccardell made their first contribution in https://github.com/OWASP/crAPI/pull/57

    Full Changelog: https://github.com/OWASP/crAPI/compare/1.1.0...v1.1.1

    Source code(tar.gz)
    Source code(zip)
  • 1.1.0(May 14, 2022)

    • CI workflow setup

    • Convert job context to needs job output

    • Fix workflow push condition

    • Modified docker configs to support ARM builds (https://github.com/OWASP/crAPI/pull/20)

    • Added scripts to built mailhog

    • Batch Files To Deploy Docker on Windows Machine (https://github.com/OWASP/crAPI/pull/19)

    • Added Heap memory limit for crapi-identity java application (https://github.com/OWASP/crAPI/pull/36)

    • vagrant: upgrade to ubuntu jammy (https://github.com/OWASP/crAPI/pull/42)

    • chore: adds contributing guidelines, code of conduct, PR and issue templates (https://github.com/OWASP/crAPI/pull/46)

    • Dynamic Ports for Identity, Community and Workshop services (https://github.com/OWASP/crAPI/pull/49)

    What's Changed

    • Release the changes by @piyushroshan in https://github.com/OWASP/crAPI/pull/52

    Full Changelog: https://github.com/OWASP/crAPI/compare/1.0.0...1.1.0

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Dec 22, 2021)

    v1.0.0

    What's Changed

    • Meta content change by @piyushroshan in https://github.com/OWASP/crAPI/pull/1
    • pin to alpine3.13 by @dlowe in https://github.com/OWASP/crAPI/pull/8
    • fix: typos on signup form & welcome email by @PauloASilva in https://github.com/OWASP/crAPI/pull/3
    • Metadata update by @piyushroshan in https://github.com/OWASP/crAPI/pull/10
    • Fixes #14: alpine version inconsistency by @piyushroshan in https://github.com/OWASP/crAPI/pull/16
    • Build fixes by @piyushroshan in https://github.com/OWASP/crAPI/pull/17

    New Contributors

    • @piyushroshan made their first contribution in https://github.com/OWASP/crAPI/pull/1
    • @dlowe made their first contribution in https://github.com/OWASP/crAPI/pull/8
    • @PauloASilva made their first contribution in https://github.com/OWASP/crAPI/pull/3

    Full Changelog: https://github.com/OWASP/crAPI/commits/1.0.0

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
Consume an async api (with callback) from sync endpoint using vert.x

vertx-async-to-sync Problem statement Suppose we have two services - A and B. In a trivial and everyday scenario, client makes request to A. A then do

Tahniat Ashraf Priyam 12 Oct 19, 2022
A template for Spring Boot REST API tested with JUnit 5 and Cucumber 6

demo-bdd Un template Spring Boot pour lancer un BDD/ATDD avec Cucumber 6 et JUnit 5. Maven et le JDK 17 seront nécessaires. Exécuter les tests Le proj

Rui Lopes 4 Jul 19, 2022
API-автотесты для Reqres с использованием библиотеки REST Assured

API-автотесты для Reqres Покрытый функционал Разработаны автотесты на API. API Запросы GET, POST, PUT, PATCH и DELETE Отображение statusCode и body в

Karina Gordienko 2 Jan 31, 2022
This is a Java-API to controll the Lights from Phillips Hue

LightControllerAPI This is an easy to use LightControllerAPI in for Java to control Lights from PhillipsHue. How to get started Gradle (Default): repo

Maxi Zink 3 Apr 9, 2022
A project was created using the API of the TMDB page

TMDB API The project was created using the API of the TMDB page. You can find the description of the functions and their usage at https://developers.t

Atakan Koçyiğit 3 Jan 27, 2022
Automation Tests (REST-API with REST-ASSURED examples)

Automation Tests (REST-API with REST-ASSURED examples) Technology Stack IDEA Java Junit5 Gradle Selenide Allure Jenkins Rest-Assured See details: src/

null 3 Apr 11, 2022
REST API for Apache Spark on K8S

Lighter Lighter is an opensource application for interacting with Apache Spark on Kubernetes or Apache Hadoop YARN. It is hevily inspired by Apache Li

Exacaster 38 Jan 5, 2023
Restful-booker API test automation project using Java and REST Assured.

Restful-booker API Test Automation Restful-booker API is an API playground created by Mark Winteringham for those wanting to learn more about API test

Tahanima Chowdhury 7 Aug 14, 2022
A completely free Discord music bot that is easy for anyone to set up and run on their machine.

PortableAudioBot A Music Discord bot designed to be portable and easy for anyone to setup and run on their machine. Project is still in early access,

madey 3 Oct 1, 2022
A plugin that serving completely in-game webview based console backend for grasscutter

MojoConsolePlus EN|中文 MojoConsolePlus(MCP) is a Grasscutter plugin (Apart from 4Benj's GCGM plugin) and it's goal is to implement fully in-game webwie

null 68 Dec 13, 2022
This is a database system, completely based on java!

AstralPathSQL Creator BestLoveForYou website:website email:[email protected] 2022-07-17 0:4 Beijing time Brief Introduction: This is a database syst

茸 2 Jul 16, 2022
Completely customizable lightshows for everyone

Please view the new WIKI for set-up instructions! Music visualiser plugin for vanilla minecraft which uses beat saber beatmaps (including chroma suppo

Hydrogen 18 Dec 28, 2022
Examples and server integrations for generating the Swagger API Specification, which enables easy access to your REST API

Swagger Core NOTE: If you're looking for Swagger Core 1.5.X and OpenAPI 2.0, please refer to 1.5 branch. NOTE: Since version 2.1.7 Swagger Core suppor

Swagger 7.1k Jan 5, 2023
A Java API wrapper for the pastemyst api

Pastemyst.java What is pastemyst.java? pastemyst.java is a pastemyst API Wrapper, written in Java. The library is in early development, and all contri

YeffyCodeGit 8 Sep 28, 2022
Telegram API Client and Telegram BOT API Library and Framework in Pure java.

Javagram Telegram API Client and Telegram Bot API library and framework in pure Java. Hello Telegram You can use Javagram for both Telegram API Client

Java For Everything 3 Oct 17, 2021
Dio-api-1 - Repositório com os artefatos da mentoria de API

dio-api-1 Repositório com os artefatos da mentoria de API Reference Documentation For further reference, please consider the following sections: Offic

Ricardo Lucas Chagas 5 Feb 25, 2022
Produtos-api-client - Biblioteca de consumo de uma API Rest básica de produtos disponibilizada em outro repositório.

produtos-api-client Biblioteca de consumo de uma API Rest básica de produtos disponibilizada no repositório: clique aqui para acessar Com essa bibliot

null 1 Jan 4, 2022