Skip to content

BBlue530/PatchHound_POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
README.md
README.md
 
 

Repository files navigation

PatchHound POC Vulnerable Test Application

Overview

This repository contains a deliberately vulnerable application designed to validate and demonstrate the capabilities of PatchHound.

It serves as a proof of concept testbed for:

  • SBOM generation and vulnerability detection
  • SAST scanning
  • Secret detection
  • Misconfiguration analysis
  • CI/CD pipeline integration

The project intentionally includes common security flaws to ensure PatchHound correctly identifies and reports them.

Included Vulnerabilities

Category Vulnerability Location
Injection Command Injection app/main.py -> /ping, utils.py -> run_command()
Injection SQL Injection app/db.py -> get_user()
SSRF Server Side Request Forgery app/main.py -> /fetch
Redirect Open Redirect app/main.py -> /redirect
Cryptography Weak hashing (MD5) app/crypto.py -> hash_password()
Access Control IDOR (Insecure Direct Object Reference) app/main.py -> /account/<user_id>
File Handling Path Traversal risk app/main.py -> /upload
Secrets Management Hardcoded secrets app/config.py, .env
Secrets Exposure Exposed cloud/API credentials .env
Misconfiguration Debug mode enabled app/main.py, Dockerfile (ENV DEBUG=true)
Container Security Running as root user Dockerfile -> USER root
Container Security Outdated base image Dockerfile -> python:3.7
Dependency Risk Vulnerable Flask version requirements.txt -> flask==0.12
Dependency Risk Vulnerable Django version requirements.txt -> Django==2.2.0
Dependency Risk Outdated requests library requirements.txt -> requests==2.19.0
Dependency Risk Outdated urllib3 requirements.txt -> urllib3==1.24.1
Dependency Risk Outdated PyYAML requirements.txt -> PyYAML==5.1
Dependency Risk Outdated Jinja2 requirements.txt -> jinja2==2.10.1
Cloud Misconfiguration Public S3 bucket main.tf -> aws_s3_bucket.bad_bucket

Expected Outcomes

When scanned with PatchHound this project should produce:

  • Multiple HIGH/CRITICAL vulnerabilities
  • Detected OWASP Top 10 issues
  • Exposed secrets
  • Misconfiguration findings
  • Outdated dependency CVEs
  • Prioritized vulnerabilities

PatchHound Scan

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages