From fd49a9db1bcdf17af03a2f65bf4719b03d18c1b8 Mon Sep 17 00:00:00 2001
From: Wout Feys <me@woutfeys.be>
Date: Wed, 24 Jul 2024 15:31:58 +0200
Subject: [PATCH] Create flask-postgresql sample app

---
 sample-apps/flask-postgres/.env.example       |  2 +
 sample-apps/flask-postgres/Dockerfile         | 21 ++++++++
 sample-apps/flask-postgres/README.md          |  9 ++++
 sample-apps/flask-postgres/app.py             | 46 ++++++++++++++++++
 sample-apps/flask-postgres/docker-compose.yml | 42 ++++++++++++++++
 sample-apps/flask-postgres/init.sql           |  5 ++
 sample-apps/flask-postgres/requirements.txt   |  3 ++
 .../flask-postgres/templates/create_dog.html  | 17 +++++++
 .../flask-postgres/templates/dogpage.html     | 25 ++++++++++
 .../flask-postgres/templates/index.html       | 48 +++++++++++++++++++
 10 files changed, 218 insertions(+)
 create mode 100644 sample-apps/flask-postgres/.env.example
 create mode 100644 sample-apps/flask-postgres/Dockerfile
 create mode 100644 sample-apps/flask-postgres/README.md
 create mode 100644 sample-apps/flask-postgres/app.py
 create mode 100644 sample-apps/flask-postgres/docker-compose.yml
 create mode 100644 sample-apps/flask-postgres/init.sql
 create mode 100644 sample-apps/flask-postgres/requirements.txt
 create mode 100644 sample-apps/flask-postgres/templates/create_dog.html
 create mode 100644 sample-apps/flask-postgres/templates/dogpage.html
 create mode 100644 sample-apps/flask-postgres/templates/index.html

diff --git a/sample-apps/flask-postgres/.env.example b/sample-apps/flask-postgres/.env.example
new file mode 100644
index 000000000..6c6fd4ce1
--- /dev/null
+++ b/sample-apps/flask-postgres/.env.example
@@ -0,0 +1,2 @@
+AIKIDO_DEBUG=true
+AIKIDO_SECRET_KEY="secret"
diff --git a/sample-apps/flask-postgres/Dockerfile b/sample-apps/flask-postgres/Dockerfile
new file mode 100644
index 000000000..764e51b95
--- /dev/null
+++ b/sample-apps/flask-postgres/Dockerfile
@@ -0,0 +1,21 @@
+# Use an official Python runtime as a parent image
+FROM python:3
+
+#Copy code base
+COPY ./ /tmp
+
+# Set the working directory
+WORKDIR /app
+
+# Install dependencies
+RUN mv /tmp/sample-apps/flask-postgres/requirements.txt ./
+RUN pip install -r requirements.txt
+
+# Build and install aikido_firewall from source
+WORKDIR /tmp
+RUN pip install poetry
+RUN make build
+RUN pip install ./dist/aikido_firewall-0.1.0.tar.gz
+RUN pip list
+
+WORKDIR /app
diff --git a/sample-apps/flask-postgres/README.md b/sample-apps/flask-postgres/README.md
new file mode 100644
index 000000000..3644c533a
--- /dev/null
+++ b/sample-apps/flask-postgres/README.md
@@ -0,0 +1,9 @@
+# Flask w/ Postgres Sample app
+Run (with docker-compose installed) :
+```bash
+docker-compose up --build
+```
+
+- You'll be able to access the Flask Server at : [localhost:8080](http://localhost:8080)
+- To Create a reference test dog use `http://localhost:8080/create/`
+- To test a sql injection enter the following dog name : `Malicious dog', TRUE); -- `
diff --git a/sample-apps/flask-postgres/app.py b/sample-apps/flask-postgres/app.py
new file mode 100644
index 000000000..5f941afdf
--- /dev/null
+++ b/sample-apps/flask-postgres/app.py
@@ -0,0 +1,46 @@
+import aikido_firewall # Aikido package import
+aikido_firewall.protect()
+
+from flask import Flask, render_template, request
+import psycopg2
+
+app = Flask(__name__)
+if __name__ == '__main__':
+    app.run(threaded=True) # Run threaded so we can test our agent's capabilities
+
+def get_db_connection():
+    return psycopg2.connect(
+        host="db",
+        database="db",
+        user="user",
+        password="password")
+
+@app.route("/")
+def homepage():
+    cursor = get_db_connection().cursor()
+    cursor.execute("SELECT * FROM dogs")
+    dogs = cursor.fetchall()
+    return render_template('index.html', title='Homepage', dogs=dogs)
+
+
+@app.route('/dogpage/<int:dog_id>')
+def get_dogpage(dog_id):
+    cursor = get_db_connection().cursor()
+    cursor.execute("SELECT * FROM dogs WHERE id = " + str(dog_id))
+    dog = cursor.fetchmany(1)[0]
+    return render_template('dogpage.html', title=f'Dog', dog=dog, isAdmin=("Yes" if dog[2] else "No"))
+
+@app.route("/create", methods=['GET'])
+def show_create_dog_form():
+    return render_template('create_dog.html')
+
+@app.route("/create", methods=['POST'])
+def create_dog():
+    dog_name = request.form['dog_name']
+    conn = get_db_connection()
+    cursor =  conn.cursor()
+    cursor.execute(f"INSERT INTO dogs (dog_name, isAdmin) VALUES ('%s', FALSE)" % (dog_name))
+    conn.commit()
+    cursor.close()
+    conn.close()
+    return f'Dog {dog_name} created successfully'
diff --git a/sample-apps/flask-postgres/docker-compose.yml b/sample-apps/flask-postgres/docker-compose.yml
new file mode 100644
index 000000000..6bac74361
--- /dev/null
+++ b/sample-apps/flask-postgres/docker-compose.yml
@@ -0,0 +1,42 @@
+version: '3'
+services:
+  db:
+    image: postgres:14-alpine
+    container_name: flask_postgres_db
+    restart: always
+    volumes:
+      - db_data2:/var/lib/postgresql/data
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
+    environment:
+      POSTGRES_DB: 'db'
+      POSTGRES_USER: 'user'
+      POSTGRES_PASSWORD: 'password'
+    ports:
+      - '5432:5432'
+    expose:
+      - '5432'
+    networks:
+      - default_network
+
+  backend:
+    build: 
+      context: ./../../
+      dockerfile: ./sample-apps/flask-postgres/Dockerfile
+    container_name: flask_postgres_backend
+    command: sh -c "flask --app app run --debug --host=0.0.0.0"
+    restart: always
+    volumes:
+      - .:/app
+    ports:
+      - "8080:5000"
+    depends_on:
+      - db
+    networks:
+      - default_network
+
+volumes:
+  db_data2:
+
+networks:
+  default_network:
+    driver: bridge
diff --git a/sample-apps/flask-postgres/init.sql b/sample-apps/flask-postgres/init.sql
new file mode 100644
index 000000000..c128bd36d
--- /dev/null
+++ b/sample-apps/flask-postgres/init.sql
@@ -0,0 +1,5 @@
+CREATE TABLE IF NOT EXISTS dogs (
+    id SERIAL PRIMARY KEY,
+    dog_name VARCHAR(250) NOT NULL,
+    isadmin BOOLEAN NOT NULL DEFAULT FALSE
+);
diff --git a/sample-apps/flask-postgres/requirements.txt b/sample-apps/flask-postgres/requirements.txt
new file mode 100644
index 000000000..2716531bd
--- /dev/null
+++ b/sample-apps/flask-postgres/requirements.txt
@@ -0,0 +1,3 @@
+flask==2.3.3
+psycopg2-binary
+cryptography
diff --git a/sample-apps/flask-postgres/templates/create_dog.html b/sample-apps/flask-postgres/templates/create_dog.html
new file mode 100644
index 000000000..fe26d428e
--- /dev/null
+++ b/sample-apps/flask-postgres/templates/create_dog.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Create Dog</title>
+</head>
+<body>
+    <h1>Create a Dog</h1>
+    <form action="/create" method="post">
+        <label for="dog_name">Dog Name:</label>
+        <input type="text" id="dog_name" name="dog_name" required>
+        <button type="submit">Create Dog</button>
+    </form>
+</body>
+</html>
diff --git a/sample-apps/flask-postgres/templates/dogpage.html b/sample-apps/flask-postgres/templates/dogpage.html
new file mode 100644
index 000000000..7edb9f801
--- /dev/null
+++ b/sample-apps/flask-postgres/templates/dogpage.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>{{ title }}</title>
+    <style>
+        body {
+            font-family: sans-serif;
+        }
+        h1 {
+            font-family: monospace;
+            text-align: center;
+            border: 1px solid black;
+            border-left: none;
+            border-right: none;
+            margin: 4px;
+        }
+    </style>
+</head>
+<body>
+    <h1>{{ title }}</h1>
+    <p><em>Name :</em> {{dog[1]}}</p>
+    <p><em>Is admin dog? </em>{{ isAdmin }}</p>
+    <p><em>ID :</em> {{dog[0]}}</p>
+</body>
+</html>
diff --git a/sample-apps/flask-postgres/templates/index.html b/sample-apps/flask-postgres/templates/index.html
new file mode 100644
index 000000000..5425a36f5
--- /dev/null
+++ b/sample-apps/flask-postgres/templates/index.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>{{ title }}</title>
+    <style>
+        body {
+            font-family: sans-serif;
+        }
+        /* Style for the list */
+        ul {
+            list-style-type:disc;
+        }
+
+        /* Style for list items */
+        li {
+            margin-bottom: 10px;
+        }
+
+        /* Style for links */
+        a {
+            text-decoration: none;
+            color: #48507f;
+        }
+
+        /* Hover effect for links */
+        a:hover {
+            color: #007bff;
+        }
+        h1 {
+            font-family: monospace;
+            text-align: center;
+            border: 1px solid black;
+            border-left: none;
+            border-right: none;
+            margin: 4px;
+        }
+    </style>
+</head>
+<body>
+    <h1>{{ title }}</h1>
+    <h2>List</h2>
+    <ul>
+        {% for dog in dogs %}
+            <li><a href="/dogpage/{{ dog[0] }}">{{ dog[1] }}</a></li>
+        {% endfor %}
+    </ul>
+</body>
+</html>