secureCodeBox · J12934 · Sep 10, 2021 · Sep 6, 2021 · Sep 6, 2021 · Sep 6, 2021
diff --git a/demo-targets/old-typo3/.helm-docs.gotmpl b/demo-targets/old-typo3/.helm-docs.gotmpl
@@ -0,0 +1,40 @@
+{{- /*
+SPDX-FileCopyrightText: 2021 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Old Typo3"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Modern insecure web application"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest`  (represents the latest stable release build)
+- tagged releases, e.g. `3.0.0`, `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Old Typo3?
+
+Insecure & Outdated Typo3 Instance: Never expose it to the internet!
+
+### Source Code
+
+* <https://github.com/secureCodeBox/secureCodeBox/tree/master/demo-targets/old-typo3>
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
diff --git a/demo-targets/old-typo3/.helmignore b/demo-targets/old-typo3/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/demo-targets/old-typo3/Chart.yaml b/demo-targets/old-typo3/Chart.yaml
@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v2
+version: v3.1.0-alpha1
+appVersion: "v9.5.26"
+name: old-typo3
+description: "Insecure & Outdated Typo3 Instance: Never expose it to the internet!"
+type: application
+home: https://typo3.org/
+icon: https://typo3.org/typo3conf/ext/t3olayout/Resources/Public/Images/Template/typo3_nomargins.svg
+keywords:
+  - vulnerable
+  - typo3
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox/tree/master/demo-targets/old-typo3
+maintainers:
+  - name: iteratec GmbH
+    email: securecodebox@iteratec.com
diff --git a/demo-targets/old-typo3/README.md b/demo-targets/old-typo3/README.md
@@ -0,0 +1,91 @@
+---
+title: "Old Typo3"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "v9.5.26"
+usecase: "Modern insecure web application"
+---
+
+<!--
+SPDX-FileCopyrightText: 2021 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+-->
+<!--
+.: IMPORTANT! :.
+--------------------------
+This file is generated automatically with `helm-docs` based on the following template files:
+- ./.helm-docs/templates.gotmpl (general template data for all charts)
+- ./chart-folder/.helm-docs.gotmpl (chart specific template data)
+
+Please be aware of that and apply your changes only within those template files instead of this file.
+Otherwise your changes will be reverted/overwritten automatically due to the build process `./.github/workflows/helm-docs.yaml`
+--------------------------
+-->
+
+<p align="center">
+  <a href="https://opensource.org/licenses/Apache-2.0"><img alt="License Apache-2.0" src="https://img.shields.io/badge/License-Apache%202.0-blue.svg"/></a>
+  <a href="https://github.com/secureCodeBox/secureCodeBox/releases/latest"><img alt="GitHub release (latest SemVer)" src="https://img.shields.io/github/v/release/secureCodeBox/secureCodeBox?sort=semver"/></a>
+  <a href="https://owasp.org/www-project-securecodebox/"><img alt="OWASP Incubator Project" src="https://img.shields.io/badge/OWASP-Incubator%20Project-365EAA"/></a>
+  <a href="https://artifacthub.io/packages/search?repo=securecodebox"><img alt="Artifact HUB" src="https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/securecodebox"/></a>
+  <a href="https://github.com/secureCodeBox/secureCodeBox/"><img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/secureCodeBox/secureCodeBox?logo=GitHub"/></a>
+  <a href="https://twitter.com/securecodebox"><img alt="Twitter Follower" src="https://img.shields.io/twitter/follow/securecodebox?style=flat&color=blue&logo=twitter"/></a>
+</p>
+
+## What is Old Typo3?
+
+Insecure & Outdated Typo3 Instance: Never expose it to the internet!
+
+### Source Code
+
+* <https://github.com/secureCodeBox/secureCodeBox/tree/master/demo-targets/old-typo3>
+
+## Deployment
+The old-typo3 chart can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install old-typo3 secureCodeBox/old-typo3
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"docker.io/securecodebox/old-typo3"` | Container Image |
+| image.tag | string | defaults to the appVersion | The image tag |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths | list | `[]` |  |
+| ingress.tls | list | `[]` |  |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |
+
+## License
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/old-typo3/container/Dockerfile b/demo-targets/old-typo3/container/Dockerfile
@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM martinhelmich/typo3:9
+RUN rm /var/www/html/FIRST_INSTALL \
+    && rm -r /var/www/html/typo3conf
+
+COPY ./typo3conf /var/www/html/typo3conf
+
+RUN chown -R www-data.www-data /var/www/html/typo3conf \
+    && chmod +rxw /var/www/html/typo3conf/cms-016d0ef9.sqlite
+# Change to low-privilege user 'www-data'    
+USER 33 
+
+# Login details
+  # Username: root
+  # Password: supersecret
+  # Website runs on port 80
diff --git a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php
@@ -0,0 +1,96 @@
+<?php
+return [
+    'BE' => [
+        'debug' => false,
+        'explicitADmode' => 'explicitAllow',
+        'installToolPassword' => '$argon2i$v=19$m=65536,t=16,p=1$aDJWVlhSZ3Awd3FiSFJ1VA$aEN0XL3JGAPSOwsxoX2dSOy/ss1DknHsLm6IoWonQTo',
+        'loginSecurityLevel' => 'normal',
+        'passwordHashing' => [
+            'className' => 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\Argon2iPasswordHash',
+            'options' => [],
+        ],
+    ],
+    'DB' => [
+        'Connections' => [
+            'Default' => [
+                'driver' => 'pdo_sqlite',
+                'path' => '/var/www/html/typo3conf/cms-016d0ef9.sqlite',
+            ],
+        ],
+    ],
+    'EXT' => [
+        'extConf' => [
+            'backend' => 'a:6:{s:9:"loginLogo";s:0:"";s:19:"loginHighlightColor";s:0:"";s:20:"loginBackgroundImage";s:0:"";s:13:"loginFootnote";s:0:"";s:11:"backendLogo";s:0:"";s:14:"backendFavicon";s:0:"";}',
+            'extensionmanager' => 'a:2:{s:21:"automaticInstallation";s:1:"1";s:11:"offlineMode";s:1:"0";}',
+        ],
+    ],
+    'EXTENSIONS' => [
+        'backend' => [
+            'backendFavicon' => '',
+            'backendLogo' => '',
+            'loginBackgroundImage' => '',
+            'loginFootnote' => '',
+            'loginHighlightColor' => '',
+            'loginLogo' => '',
+        ],
+        'extensionmanager' => [
+            'automaticInstallation' => '1',
+            'offlineMode' => '0',
+        ],
+    ],
+    'FE' => [
+        'debug' => false,
+        'loginSecurityLevel' => 'normal',
+        'passwordHashing' => [
+            'className' => 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\Argon2iPasswordHash',
+            'options' => [],
+        ],
+    ],
+    'GFX' => [
+        'processor' => 'GraphicsMagick',
+        'processor_allowTemporaryMasksAsPng' => false,
+        'processor_colorspace' => 'RGB',
+        'processor_effects' => false,
+        'processor_enabled' => true,
+        'processor_path' => '/usr/bin/',
+        'processor_path_lzw' => '/usr/bin/',
+    ],
+    'LOG' => [
+        'TYPO3' => [
+            'CMS' => [
+                'deprecations' => [
+                    'writerConfiguration' => [
+                        5 => [
+                            'TYPO3\CMS\Core\Log\Writer\FileWriter' => [
+                                'disabled' => true,
+                            ],
+                        ],
+                    ],
+                ],
+            ],
+        ],
+    ],
+    'MAIL' => [
+        'transport' => 'sendmail',
+        'transport_sendmail_command' => '/usr/sbin/sendmail -t -i',
+        'transport_smtp_encrypt' => '',
+        'transport_smtp_password' => '',
+        'transport_smtp_server' => '',
+        'transport_smtp_username' => '',
+    ],
+    'SYS' => [
+        'devIPmask' => '',
+        'displayErrors' => 0,
+        'encryptionKey' => 'd1b47649701ddcdb6efbbbf1b37ba2e6f06668123549abd883f939750abdbde09aa951e75ca4d6ac5e531379eebd88e5',
+        'exceptionalErrors' => 4096,
+        'features' => [
+            'newTranslationServer' => true,
+            'unifiedPageTranslationHandling' => true,
+        ],
+        'sitename' => 'New TYPO3 site',
+        'systemLogLevel' => 2,
+        'systemMaintainers' => [
+            1,
+        ],
+    ],
+];
diff --git a/demo-targets/old-typo3/container/typo3conf/PackageStates.php b/demo-targets/old-typo3/container/typo3conf/PackageStates.php
@@ -0,0 +1,97 @@
+<?php
+# PackageStates.php
+
+# This file is maintained by TYPO3's package management. Although you can edit it
+# manually, you should rather use the extension manager for maintaining packages.
+# This file will be regenerated automatically if it doesn't exist. Deleting this file
+# should, however, never become necessary if you use the package commands.
+
+return [
+    'packages' => [
+        'core' => [
+            'packagePath' => 'typo3/sysext/core/',
+        ],
+        'extbase' => [
+            'packagePath' => 'typo3/sysext/extbase/',
+        ],
+        'fluid' => [
+            'packagePath' => 'typo3/sysext/fluid/',
+        ],
+        'frontend' => [
+            'packagePath' => 'typo3/sysext/frontend/',
+        ],
+        'fluid_styled_content' => [
+            'packagePath' => 'typo3/sysext/fluid_styled_content/',
+        ],
+        'filelist' => [
+            'packagePath' => 'typo3/sysext/filelist/',
+        ],
+        'impexp' => [
+            'packagePath' => 'typo3/sysext/impexp/',
+        ],
+        'form' => [
+            'packagePath' => 'typo3/sysext/form/',
+        ],
+        'install' => [
+            'packagePath' => 'typo3/sysext/install/',
+        ],
+        'recordlist' => [
+            'packagePath' => 'typo3/sysext/recordlist/',
+        ],
+        'backend' => [
+            'packagePath' => 'typo3/sysext/backend/',
+        ],
+        'setup' => [
+            'packagePath' => 'typo3/sysext/setup/',
+        ],
+        'rte_ckeditor' => [
+            'packagePath' => 'typo3/sysext/rte_ckeditor/',
+        ],
+        'about' => [
+            'packagePath' => 'typo3/sysext/about/',
+        ],
+        'adminpanel' => [
+            'packagePath' => 'typo3/sysext/adminpanel/',
+        ],
+        'belog' => [
+            'packagePath' => 'typo3/sysext/belog/',
+        ],
+        'beuser' => [
+            'packagePath' => 'typo3/sysext/beuser/',
+        ],
+        'extensionmanager' => [
+            'packagePath' => 'typo3/sysext/extensionmanager/',
+        ],
+        'felogin' => [
+            'packagePath' => 'typo3/sysext/felogin/',
+        ],
+        'info' => [
+            'packagePath' => 'typo3/sysext/info/',
+        ],
+        'lowlevel' => [
+            'packagePath' => 'typo3/sysext/lowlevel/',
+        ],
+        'redirects' => [
+            'packagePath' => 'typo3/sysext/redirects/',
+        ],
+        'reports' => [
+            'packagePath' => 'typo3/sysext/reports/',
+        ],
+        'seo' => [
+            'packagePath' => 'typo3/sysext/seo/',
+        ],
+        'sys_note' => [
+            'packagePath' => 'typo3/sysext/sys_note/',
+        ],
+        't3editor' => [
+            'packagePath' => 'typo3/sysext/t3editor/',
+        ],
+        'tstemplate' => [
+            'packagePath' => 'typo3/sysext/tstemplate/',
+        ],
+        'viewpage' => [
+            'packagePath' => 'typo3/sysext/viewpage/',
+        ],
+    ],
+    'version' => 5,
+];
diff --git a/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite b/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite