Merge pull request #88 from dolevf/dvga-py3-10

3.10

Author: dolevf

.github/workflows/test.yaml

@@ -24,6 +24,7 @@ jobs:
           - '3.7'
           - '3.8'
           - '3.9'
+          - '3.10'
         exclude:
           - os: ubuntu-22.04
             pyver: 3.6

Dockerfile

@@ -1,21 +1,21 @@
-FROM python:3.7-alpine
+FROM python:3.10
 
 LABEL description="Damn Vulnerable GraphQL Application"
 LABEL github="https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application"
-LABEL maintainers="Dolev Farhi & Connor McKinnon & Nick Aleks"
+LABEL maintainers="Dolev Farhi & Nick Aleks"
 
 ARG TARGET_FOLDER=/opt/dvga
 WORKDIR $TARGET_FOLDER/
 
-RUN apk add --update curl
+RUN apt install curl git
 
-RUN adduser -D dvga
+RUN useradd dvga -m 
 RUN chown dvga. $TARGET_FOLDER/
 USER dvga
 
 RUN python -m venv venv
-RUN source venv/bin/activate
-RUN pip3 install --upgrade pip --no-warn-script-location --disable-pip-version-check
+RUN . venv/bin/activate
+RUN pip3 install --user --upgrade pip --no-warn-script-location --disable-pip-version-check
 
 ADD --chown=dvga:dvga core /opt/dvga/core
 ADD --chown=dvga:dvga db /opt/dvga/db

Dockerfile.arm64

@@ -77,7 +77,7 @@ DVGA supports Beginner and Expert level game modes, which will change the exploi
 
 The following Python3 libraries are required:
 
-* Python3 (3.6 - 3.9) (3.10 is not supported)
+* Python3 (3.6 - 3.10)
 * Flask
 * Flask-SQLAlchemy
 * Flask-Sockets
@@ -101,10 +101,6 @@ See [requirements.txt](requirements.txt) for dependencies.
 
 `docker build -t dvga .`
 
-**Note:** If you are using an ARM-based Mac, use the dedicated Dockerfile.arm64 file:
-
-`docker build -t dvga -f Dockerfile.arm64 .`
-
 ### Create a container from the image
 
 `docker run -d -t -p 5013:5013 -e WEB_HOST=0.0.0.0 --name dvga dvga`

README.md

@@ -4,7 +4,6 @@
 
 from flask import Flask
 from flask_sqlalchemy import SQLAlchemy
-from flask_sockets import Sockets
 from flask_graphql_auth import GraphQLAuth
 
 app = Flask(__name__, static_folder="static/")
@@ -18,7 +17,6 @@
 app.config["JWT_REFRESH_TOKEN_EXPIRES"] = 30
 
 auth = GraphQLAuth(app)
-sockets = Sockets(app)
 
 app.app_protocol = lambda environ_path_info: 'graphql-ws'
 

app.py

@@ -85,7 +85,7 @@ class Owner(db.Model):
   __tablename__ = 'owners'
   id = db.Column(db.Integer, primary_key=True)
   name = db.Column(db.String)
-  paste = db.relationship('Paste', lazy='dynamic')
+  paste = db.relationship('Paste', lazy='dynamic', overlaps="pastes")
 
 
 class Paste(db.Model):
@@ -99,7 +99,8 @@ class Paste(db.Model):
   owner_id = db.Column(db.Integer, db.ForeignKey(Owner.id))
   owner = db.relationship(
     Owner,
-    backref='pastes'
+    backref='pastes',
+    overlaps="paste"
   )
   burn = db.Column(db.Boolean, default=False)
 

core/models.py

@@ -1,44 +1,47 @@
 aniso8601==7.0.0
-attrs==21.4.0
-certifi==2020.12.5
-chardet==4.0.0
-click==7.1.2
-Flask==1.1.2
-Flask-Cors==3.0.10
+attrs==22.1.0
+bidict==0.22.0
+certifi==2022.12.7
+charset-normalizer==2.1.1
+click==8.1.3
+exceptiongroup==1.0.4
+Flask==2.2.2
 Flask-GraphQL==2.0.1
-Flask-GraphQL-Auth==1.3.2
-Flask-Sockets==0.2.1
-Flask-SQLAlchemy==2.4.4
-gevent==21.12.0
+Flask-GraphQL-Auth==1.3.3
+Flask-SocketIO==5.3.2
+Flask-SQLAlchemy==3.0.2
+gevent==22.10.2
 gevent-websocket==0.10.1
-graphene==2.1.8
+graphene==2.1.9
 graphene-sqlalchemy==2.3.0
 graphql-core==2.3.2
 graphql-relay==2.0.1
 graphql-server-core==1.2.0
 graphql-ws==0.4.4
-greenlet==1.1.2
-idna==2.10
+greenlet==2.0.1
+h11==0.14.0
+idna==3.4
 iniconfig==1.1.1
-itsdangerous==1.1.0
-Jinja2==2.11.2
-MarkupSafe==1.1.1
-packaging==21.3
+itsdangerous==2.1.2
+Jinja2==3.1.2
+MarkupSafe==2.1.1
+packaging==22.0
 pluggy==1.0.0
 promise==2.3
-py==1.11.0
-PyJWT==1.7.1
-pyparsing==3.0.9
-Pypubsub==4.0.3
-pytest==7.0.1
-pytest-flask==1.2.0
-requests==2.25.1
+PyJWT==2.0.1
+pytest==7.2.0
+python-engineio==4.3.4
+python-socketio==5.7.2
+requests==2.28.1
 Rx==1.6.1
-singledispatch==3.4.0.3
-six==1.15.0
-SQLAlchemy==1.3.22
-tomli==1.2.3
-urllib3==1.26.3
-Werkzeug==1.0.1
+simple-websocket==0.9.0
+singledispatch==3.7.0
+six==1.16.0
+SQLAlchemy==1.4.44
+tomli==2.0.1
+urllib3==1.26.13
+Werkzeug==2.2.2
+wsproto==1.2.0
 zope.event==4.5.0
-zope.interface==5.4.0
+zope.interface==5.5.2
+git+https://github.com/dolevf/flask-sockets@master

requirements.txt

@@ -6,7 +6,8 @@
 
 from ipaddress import IPv4Network
 
-from app import db
+from app import db, app
+
 from core.models import Paste, Owner, User, ServerMode
 
 from db.agents import agents
@@ -56,61 +57,62 @@ def random_useragent():
 
 def pump_db():
   print('Populating Database')
-  db.create_all()
-
-  admin = User(username="admin", email="admin@blackhatgraphql.com", password=random_password())
-  operator = User(username="operator", email="operator@blackhatgraphql.com", password="password123")
-  # create tokens for admin & operator
-
-  db.session.add(admin)
-  db.session.add(operator)
-
-  owner = Owner(name='DVGAUser')
-  db.session.add(owner)
-
-  paste = Paste()
-  paste.title = 'Testing Testing'
-  paste.content = "My First Paste"
-  paste.public = False
-  paste.owner_id = owner.id
-  paste.owner = owner
-  paste.ip_addr = '127.0.0.1'
-  paste.user_agent = 'User-Agent not set'
-  db.session.add(paste)
-
-  paste = Paste()
-  paste.title = '555-555-1337'
-  paste.content = "My Phone Number"
-  paste.public = False
-  paste.owner_id = owner.id
-  paste.owner = owner
-  paste.ip_addr = '127.0.0.1'
-  paste.user_agent = 'User-Agent not set'
-  db.session.add(paste)
-
-  db.session.commit()
-
-  for _ in range(0, 10):
-    owner = Owner(name=random_owner())
+  with app.app_context():
+    db.create_all()
+
+    admin = User(username="admin", email="admin@blackhatgraphql.com", password=random_password())
+    operator = User(username="operator", email="operator@blackhatgraphql.com", password="password123")
+    # create tokens for admin & operator
+
+    db.session.add(admin)
+    db.session.add(operator)
+
+    owner = Owner(name='DVGAUser')
+    db.session.add(owner)
+
     paste = Paste()
-    paste.title = random_title()
-    paste.content = random_content()
-    paste.public = True
+    paste.title = 'Testing Testing'
+    paste.content = "My First Paste"
+    paste.public = False
     paste.owner_id = owner.id
     paste.owner = owner
-    paste.ip_addr = random_address()
-    paste.user_agent = random_useragent()
+    paste.ip_addr = '127.0.0.1'
+    paste.user_agent = 'User-Agent not set'
+    db.session.add(paste)
 
-    db.session.add(owner)
+    paste = Paste()
+    paste.title = '555-555-1337'
+    paste.content = "My Phone Number"
+    paste.public = False
+    paste.owner_id = owner.id
+    paste.owner = owner
+    paste.ip_addr = '127.0.0.1'
+    paste.user_agent = 'User-Agent not set'
     db.session.add(paste)
 
-  mode = ServerMode()
-  mode.hardened = False
-  db.session.add(mode)
+    db.session.commit()
+
+    for _ in range(0, 10):
+      owner = Owner(name=random_owner())
+      paste = Paste()
+      paste.title = random_title()
+      paste.content = random_content()
+      paste.public = True
+      paste.owner_id = owner.id
+      paste.owner = owner
+      paste.ip_addr = random_address()
+      paste.user_agent = random_useragent()
+
+      db.session.add(owner)
+      db.session.add(paste)
+
+    mode = ServerMode()
+    mode.hardened = False
+    db.session.add(mode)
 
-  db.session.commit()
+    db.session.commit()
 
-  print('done')
+    print('done')
 
 if __name__ == '__main__':
   clean_up()

setup.py

@@ -1 +1 @@
-VERSION = '2.1.2'
+VERSION = '2.2.0'