Code Samples

Overview

See below for code samples you can use to test Jit's suite of security requirements.

Scan code for vulnerabilities (Python)

File name: test.py

import subprocess
output = subprocess.check_output(f"nslookup2 {my_domain}", shell=True, encoding='UTF-8')

Expected output:

Scan code for vulnerabilities (GO)

File name: test.go

package testutil // import "github.com/docker/docker/testutil"

import "math/rand"

// GenerateRandomAlphaOnlyString generates an alphabetical random string with length n.
func GenerateRandomAlphaOnlyString(n int) string {
    // make a really long string
    letters := []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
    b := make([]byte, n)
    for i := range b {
        b[i] = letters[rand.Intn(len(letters))] //nolint: gosec // G404: Use of weak random number generator (math/rand instead of crypto/rand)
    }
    return string(b)
}

Expected output:

Scan code dependencies for vulnerabilities (Node)

File name: package.json

{
  "name": "dependencygoat2",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "minimist": "0.0.8"
  }
}

Expected output:

Scan code dependencies for vulnerabilities (Python)

File name: requirements.txt

requests==2.18.2
urllib3==1.26.4

Expected output:

Scan code for hard-coded secrets (Multi-languages)

File name: secret.txt

MY_AWS_SECRET="AKIAIOSFODNN7EXAMPLE"

Expected output:

Scan IaC for static misconfigurations (Terraform)

Code sample: EC2 instance has Public IP

File name: public-ip.tf

//test public ip
data "aws_ami" "ubuntu1" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "web2" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
  }
}

resource "aws_instance" "web3" {
  ami           = data.aws_ami.ubuntu.id
  associate_public_ip_address = true
  instance_type = "t3.micro"

  tags = {
    Name = "HelloWorld"
  }
}

Expected output:

Code sample: S3 Bucket without restriction of Public Bucket

File Name: public-bucket.tf

//test public bucket
resource "aws_s3_bucket" "positive1" {
  bucket = "example"
}

// comment
resource "aws_s3_bucket_public_access_block" "positive2" {
  bucket = aws_s3_bucket.example.id

  block_public_acls   = true
  block_public_policy = true
  restrict_public_buckets = false
}

resource "aws_s3_bucket_public_access_block" "positive3" {
  bucket = aws_s3_bucket.example.id

  block_public_acls   = true
  block_public_policy = true
}

Expected output:

Code sample: ALB listening on HTTP

File Name: alb-http.tf

resource "aws_lb_listener" "listener6" {
  load_balancer_arn = aws_lb.test3.arn
  port = 80
  default_action {
    type = "redirect"

    redirect {
      port        = "80"
      protocol    = "HTTP"
      status_code = "HTTP_301"
    }
  }
}

resource "aws_lb" "test3" {
  name = "test123"
  load_balancer_type = "application"
  subnets = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
  internal = true
}

Expected output:


Did this page help you?