{"id":24678700,"url":"https://github.com/contrast-security-oss/go-test-bench","last_synced_at":"2025-04-06T08:13:29.412Z","repository":{"id":37078652,"uuid":"283799538","full_name":"Contrast-Security-OSS/go-test-bench","owner":"Contrast-Security-OSS","description":"Intentionally vulnerable Go web app.","archived":false,"fork":false,"pushed_at":"2025-01-31T17:26:50.000Z","size":260,"stargazers_count":43,"open_issues_count":0,"forks_count":49,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-04-05T18:06:04.669Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-30T14:37:43.000Z","updated_at":"2025-01-31T17:26:43.000Z","dependencies_parsed_at":"2023-02-09T16:30:26.761Z","dependency_job_id":"145df11d-4023-4e6a-b64f-f98983d837b2","html_url":"https://github.com/Contrast-Security-OSS/go-test-bench","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fgo-test-bench","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fgo-test-bench/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fgo-test-bench/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2Fgo-test-bench/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/go-test-bench/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247451665,"owners_count":20940944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T13:17:59.641Z","updated_at":"2025-04-06T08:13:29.395Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go Test Bench\n\n[![CI](https://github.com/Contrast-Security-OSS/go-test-bench/workflows/CI/badge.svg)](https://github.com/Contrast-Security-OSS/go-test-bench/actions)\n[![Go Report Card](https://goreportcard.com/badge/github.com/Contrast-Security-OSS/go-test-bench)](https://goreportcard.com/report/github.com/Contrast-Security-OSS/go-test-bench)\n[![GoDoc](https://godoc.org/github.com/Contrast-Security-OSS/go-test-bench?status.svg)](https://pkg.go.dev/github.com/Contrast-Security-OSS/go-test-bench)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nAn intentionally vulnerable go app, now available in these refreshing flavors:\n* `cmd/std` uses Go's standard library, [`net/http`](https://golang.org/pkg/net/http/).\n* `cmd/gin` uses [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin)\n* `cmd/chi` uses [github.com/go-chi/chi](https://github.com/go-chi/chi)\n* `cmd/go-swagger` uses [github.com/go-openapi](https://github.com/go-openapi).\n* `cmd/julienschmidt` uses [github.com/julienschmidt/httprouter](https://github.com/julienschmidt/httprouter)\n\nThe go-test-bench application includes vulnerabilities from the OWASP Top\n10 and is intended to be used as an educational tool for developers and\nsecurity professionals. PRs welcome!\n\n\u003e For customer demonstrations [click here to follow the Demo.md readme](./Demo.md).\n\n## Installation Requirements\n\n- [Go 1.16 or higher](https://golang.org/dl/)\n\n- *Optional* [Docker for Mac](https://www.docker.com/docker-mac)\n\n## How to Run Locally\n\nTo run with the standard library,\n```bash\n    go build -o app ./cmd/std\n    ./app\n```\n\nTo run with gin instead, substitute `gin` for `std` in the build command,\nand likewise for `chi`, `go-swagger`, or `julienschmidt`.\n\nThe app can be viewed in your browser at [http://localhost:8080](http://localhost:8080)\n\nNote that the app loads resources from subdirs, so you _will_ need to run from\nthe dir this README.md is in.\n\n## How to Run Using Docker\n\n```bash\n    # To stand up application with standard library\n    docker-compose up std -d\n    # Alternative: To stand up application with Gin framework\n    # docker-compose up gin -d\n    # To stand up application with Julienschmidt/httprouter:\n    # docker-compose up julienschmidt -d\n\n    # To stop app container and related service containers\n    docker-compose down\n```\n\nView app at [http://0.0.0.0:8080](http://0.0.0.0:8080)\n\n## Acknowledgements\n\nThe development [team](docs/acknowledgements.md).\n\n\n## Experimenting with the code\n\n### organization\n\n* code for vulnerable functions is located in `internal/`\n  * exception: vulnerable functions from a particular framework (see below)\n* framework-specific code is located under `cmd/` and `pkg/`\n* html templates and css are under `views/`\n* vulnerability and route data is in go structs,\n  located in the relevant package under `internal/`\n\n### quirks\n\nEach framework is different. We've tried to separate framework logic from\nvulnerability logic so that adding a framework necessitates a minimum of\nchanges to vulnerability logic, and vice versa.\n\n#### swagger\nSwagger is a bit unique, in that it has a lot of generated code and requires a\nswagger spec. To maintain a single source of truth, we generate the swagger\nspec from our route data. We also generate boilerplate tying a route handler to\neach swagger endpoint.\n\nFor details, see [cmd/go-swagger/README.md](cmd/go-swagger/README.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fgo-test-bench","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrast-security-oss%2Fgo-test-bench","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fgo-test-bench/lists"}