Интегрированный анализ уязвимостей

Исходный код (Python)

"""Демонстрационное Flask-приложение с намеренно внедренными уязвимостями.

Используется для иллюстрации работы интегрированной методики.
Каждая уязвимость соответствует записи (записям) в access.log,
что позволяет наблюдать кросс-верификацию между двумя компонентами.
"""

import os
import sqlite3
import subprocess

from flask import Flask, render_template_string, request, send_file

app = Flask(__name__)

@app.route("/search")
def search():
    # CWE-89: SQL injection — динамическая склейка с request.args
    query = request.args.get("query", "")
    conn = sqlite3.connect("app.db")
    cursor = conn.cursor()
    cursor.execute("SELECT id, title FROM products WHERE title LIKE '%" + query + "%'")
    rows = cursor.fetchall()
    return {"results": rows}

@app.route("/comment")
def comment():
    # CWE-79: XSS — render_template_string с пользовательскими данными
    text = request.args.get("text", "")
    return render_template_string("<div class='comment'>" + text + "</div>")

@app.route("/download")
def download():
    # CWE-22: Path traversal — путь из пользовательского ввода без проверки
    name = request.args.get("name", "")
    return send_file(open("/var/data/" + name, "rb"))

@app.route("/ping")
def ping():
    # CWE-78: OS command injection — shell=True с пользовательским вводом
    host = request.args.get("host", "127.0.0.1")
    result = subprocess.check_output("ping -c 1 " + host, shell=True)
    return {"output": result.decode()}

@app.route("/render")
def render():
    # CWE-94: code injection — eval с пользовательским вводом
    expr = request.args.get("expr", "1+1")
    return {"value": eval(expr)}

@app.route("/healthz")
def healthz():
    # Безопасный обработчик — параметризованный запрос
    conn = sqlite3.connect("app.db")
    cursor = conn.cursor()
    cursor.execute("SELECT COUNT(*) FROM products WHERE active = ?", (True,))
    return {"status": "ok", "count": cursor.fetchone()[0]}

if __name__ == "__main__":
    app.run(port=5000)

Логи доступа (Combined Log Format)

192.168.1.10 - - [25/Apr/2026:09:01:12 +0300] "GET /index.html HTTP/1.1" 200 4521 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.10 - - [25/Apr/2026:09:01:18 +0300] "GET /static/css/main.css HTTP/1.1" 200 12048 "https://example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.10 - - [25/Apr/2026:09:01:19 +0300] "GET /static/js/app.js HTTP/1.1" 200 38112 "https://example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.10 - - [25/Apr/2026:09:01:25 +0300] "GET /search?query=laptop HTTP/1.1" 200 2210 "https://example.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.11 - - [25/Apr/2026:09:02:30 +0300] "GET /index.html HTTP/1.1" 200 4521 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13.4) Safari/17.0"
192.168.1.11 - - [25/Apr/2026:09:02:45 +0300] "GET /search?query=phone HTTP/1.1" 200 1820 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13.4) Safari/17.0"
192.168.1.11 - - [25/Apr/2026:09:02:55 +0300] "GET /comment?text=Nice%20product HTTP/1.1" 200 312 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13.4) Safari/17.0"
192.168.1.11 - - [25/Apr/2026:09:03:10 +0300] "GET /healthz HTTP/1.1" 200 32 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13.4) Safari/17.0"
192.168.1.12 - - [25/Apr/2026:09:04:00 +0300] "GET /index.html HTTP/1.1" 200 4521 "-" "Mozilla/5.0 (X11; Linux x86_64) Firefox/122.0"
192.168.1.12 - - [25/Apr/2026:09:04:15 +0300] "GET /search?query=keyboard HTTP/1.1" 200 1450 "-" "Mozilla/5.0 (X11; Linux x86_64) Firefox/122.0"
203.0.113.55 - - [25/Apr/2026:09:10:01 +0300] "GET /search?query=admin'%20UNION%20SELECT%20password,email%20FROM%20users-- HTTP/1.1" 500 412 "-" "sqlmap/1.7.2"
203.0.113.55 - - [25/Apr/2026:09:10:03 +0300] "GET /search?query='%20OR%201=1-- HTTP/1.1" 500 412 "-" "sqlmap/1.7.2"
203.0.113.55 - - [25/Apr/2026:09:10:05 +0300] "GET /search?query=test'%3B%20DROP%20TABLE%20users-- HTTP/1.1" 500 412 "-" "sqlmap/1.7.2"
203.0.113.55 - - [25/Apr/2026:09:10:07 +0300] "GET /search?query=test%20UNION%20SELECT%20null,table_name%20FROM%20information_schema.tables-- HTTP/1.1" 500 412 "-" "sqlmap/1.7.2"
203.0.113.77 - - [25/Apr/2026:09:12:30 +0300] "GET /comment?text=%3Cscript%3Ealert('XSS')%3C/script%3E HTTP/1.1" 200 360 "-" "Mozilla/5.0 zaproxy"
203.0.113.77 - - [25/Apr/2026:09:12:32 +0300] "GET /comment?text=%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E HTTP/1.1" 200 360 "-" "Mozilla/5.0 zaproxy"
203.0.113.77 - - [25/Apr/2026:09:12:35 +0300] "GET /comment?text=%3Csvg%20onload%3Dalert(document.cookie)%3E HTTP/1.1" 200 360 "-" "Mozilla/5.0 zaproxy"
198.51.100.20 - - [25/Apr/2026:09:15:00 +0300] "GET /download?name=../../../etc/passwd HTTP/1.1" 200 1842 "-" "curl/7.85.0"
198.51.100.20 - - [25/Apr/2026:09:15:02 +0300] "GET /download?name=../../etc/shadow HTTP/1.1" 403 14 "-" "curl/7.85.0"
198.51.100.20 - - [25/Apr/2026:09:15:04 +0300] "GET /download?name=..%2F..%2F..%2Fetc%2Fhosts HTTP/1.1" 200 220 "-" "curl/7.85.0"
198.51.100.30 - - [25/Apr/2026:09:18:00 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:01 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:02 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:03 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:04 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:05 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:06 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:07 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:08 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:09 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:10 +0300] "POST /login HTTP/1.1" 401 24 "-" "python-requests/2.31"
198.51.100.30 - - [25/Apr/2026:09:18:11 +0300] "POST /login HTTP/1.1" 200 312 "-" "python-requests/2.31"
192.168.1.13 - - [25/Apr/2026:09:20:00 +0300] "GET /index.html HTTP/1.1" 200 4521 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.13 - - [25/Apr/2026:09:20:15 +0300] "GET /search?query=monitor HTTP/1.1" 200 1820 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.13 - - [25/Apr/2026:09:20:30 +0300] "POST /comment?text=Great%20deal HTTP/1.1" 200 360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0"
192.168.1.14 - - [25/Apr/2026:09:22:00 +0300] "GET /index.html HTTP/1.1" 200 4521 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Safari/17.0"
192.168.1.14 - - [25/Apr/2026:09:22:30 +0300] "GET /search?query=tablet HTTP/1.1" 200 1820 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Safari/17.0"
192.168.1.14 - - [25/Apr/2026:09:22:45 +0300] "GET /healthz HTTP/1.1" 200 32 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Safari/17.0"

Общий риск—

Уверенность—

Найдено—

Решение—

События логов

Аномалий

Преобладающий тип

—

Aggregate log score

0.00