Intentionally Vulnerable Node Applications
Make sure you have Node.js installed or install a version on node from nvm.
git clone https://github.com/Contrast-Security-OSS/NodeTestBench.git ExpressTestBench # or clone your own fork
cd ExpressTestBench
npm install
npm startYour app should now be running on localhost:3000.
See our documentation for installation instructions.
After installation, the agent can be run with npm run contrast.
For more information on configuration and which technologies the agent supports, see our documentation.
Once you have added shared functionality to
@contrast/test-bench-utils
and
@contrast/test-bench-content,
you are ready to add an endpoint in the test bench application.
Create a vulnerabilities/ruleName/index.js file and call the controllerFactory method:
const controllerFactory = require('../../utils/controllerFactory');
module.exports = controllerFactory('ruleName');Check the documentation for controllerFactory under utils/controllerFactory.js
usage information.
Add a vulnerabilities/ruleName/views/index.ejs file that includes the shared
template from @contrast/test-bench-content:
<% include ../../../node_modules/@contrast/test-bench-content/views/ruleName.ejs %>Now run the app and make sure everything works as expected!