Skip to content

abdelrahaman-sameh03/sast-lab4

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
mutillidae
mutillidae
 
 
semgrep/rules
semgrep/rules
 
 
README.md
README.md
 
 
SAST_Lab4_Report_AbdelrahmanSameh.pdf
SAST_Lab4_Report_AbdelrahmanSameh.pdf
 
 

Repository files navigation

SAST Lab 4 – Mutillidae II & Semgrep (Abdelrahman Sameh)

This repository contains my work for SAST Lab 4.
I analysed OWASP Mutillidae II, found SQL injection and XSS vulnerabilities, and wrote custom Semgrep rules to detect these patterns in the PHP source code.

Structure

  • mutillidae/ – Git submodule pointing to the official Mutillidae II project
  • semgrep/rules/
    • php-sqli.yaml – custom rule for SQL injection
    • php-xss-dns.yaml – custom rule for reflected XSS
    • php-sqli.php – tests for the SQLi rule
    • php-xss-dns.php – tests for the XSS rule

All work is committed on the branch semgrep/AbdelrahmanSameh.

Semgrep

1. Run tests for the custom rules

docker run --rm -v "${PWD}:/src" semgrep/semgrep semgrep --test /src/semgrep/rules

2. Run a scan on the Mutillidae source code

docker run --rm -v "${PWD}:/src" semgrep/semgrep semgrep --config /src/semgrep/rules /src/mutillidae/src

Report

You can download and view the full report here:

📄 SAST Lab 4 Report – Abdelrahman Sameh

About

SAST Lab 4 – Custom Semgrep rules for OWASP Mutillidae II (SQLi & XSS)

github.com/webpwnized/mutillidae

Topics

php security xss owasp sql-injection sast mutillidae semgrep

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages