Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skills/secure-code-game

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
https://github.com/skills/secure-code-game

code-scanning code-security codeql skills-course

Last synced: 2 days ago
JSON representation

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

Awesome Lists containing this project

README

        

# Secure Code Game

📣 **SEASON 2 JUST DROPPED! READY TO PLAY?** 📣

_A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code. At the same time, this is an open source project that welcomes your [contributions](https://github.com/skills/secure-code-game/blob/main/CONTRIBUTING.md) as a way to give back to the community._

## Welcome

- **Who is this for**: Developers, students.
- **What you'll learn**: How to spot and fix vulnerable patterns in real-world code, build security into your workflows, and understand security alerts generated against your code.
- **What you'll build**: You will develop fixes on functional but vulnerable code.
- **Prerequisites**: For the first season, you will need some knowledge of `python3` for most levels and `C` for Level 2. For the second season, you will need some knowledge of `GitHub Actions` for level 1, `go` for level 2, `python3` for level 3, and `javascript` for levels 4 and 5.
- **How long**: Each season is five levels long and takes 2-9 hours to complete. The complete course has 2 seasons.

### How to start this course

[![start-course](https://user-images.githubusercontent.com/1221423/235727646-4a590299-ffe5-480d-8cd5-8194ea184546.svg)](https://github.com/new?template_owner=skills&template_name=secure-code-game&owner=%40me&name=skills-secure-code-game&description=My+clone+repository&visibility=public)

1. Right-click **Start course** and open the link in a new tab.
1. In the new tab, most of the prompts will automatically fill in for you.
- For owner, choose your personal account or an organization to host the repository.
- We recommend creating a public repository, as private repositories will [use Actions minutes](https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions).
- Scroll down and click the **Create repository** button at the bottom of the form.
1. You can now proceed to the 🛠️ set up section.

## 🛠️ The set up

#### 🖥️ Using codespaces

All levels are configured to run instantly with GitHub Codespaces. If you chose to use codespaces, be aware that this course **will count towards your 60 hours of monthly free allowance**. For more information about GitHub Codespaces, see the "[GitHub Codespaces overview](https://docs.github.com/en/codespaces/overview)." If you prefer to work locally, please follow the local installation guide in the next section.

1. To create a codespace, click the **Code** drop down button in the upper-right of your repository navigation bar.
1. Click **Create codespace on main**.
1. After creating a codespace, relax and wait for VS Code extensions and background installations to complete. This should take less than three minutes.
1. At this point, you can get started with Season-1 or Season-2 by navigating on the respective folders and reading the `README.md` file.
1. Once you click on individual levels, a banner might appear on the bottom right asking you if you want to create a virtual environment. Dismiss this notification as you _don't_ need to create a virtual environment.

Optional: We recommend these free-of-charge additional extensions, but we haven't pre-installed them for you:

1. `github.copilot-labs` to receive AI-generated code explanations.
1. `alexcvzz.vscode-sqlite` to visualize the SQL database created in Season-1/Level-4 and the effects of our exploits on its content.

If you need assistance, don't hesitate to ask for help in our [GitHub Discussions](https://github.com/skills/secure-code-game/discussions) or on our [Slack](https://gh.io/securitylabslack), at the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.

#### 💻 Local installation

Please note: You don't need a local installation if you are using GitHub Codespaces.

The following local installation guide is adapted to Debian/Ubuntu and CentOS/RHEL.

1. Open your terminal.
1. Install OpenLDAP headers needed to compile `python-ldap`, depending on your Linux distribution. Check by running:

```bash
uname -a
```
- For Debian/Ubuntu, run:
```bash
sudo apt-get update
sudo apt-get install libldap2-dev libsasl2-dev
```

- For CentOS/RHEL, run:

```bash
sudo yum install python-devel openldap-devel
```

- For Archlinux, run:

```bash
sudo pacman -Sy libldap libsasl
```

- Then, for all of the above Linux distributions install `pyOpenSSL` by running:

```bash
pip3 install pyOpenSSL
```

Once installation has completed, clone your repository to your local machine and install required dependencies.

1. From your repository, click the **Code** drop down button in the upper-right of your repository navigation bar.
1. Select the `Local` tab from the menu.
1. Copy your preferred URL.
1. In your terminal, change the working directory to the location where you want the cloned directory.
1. Type `git clone` and paste the copied URL.

```
$ git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY
```

6. Press **Enter** to create your local clone.
7. Change the working directory to the cloned directory.
8. Install dependencies by running:

```bash
pip3 install -r requirements.txt
```

- Programming Languages

1. To play Season 1, you will need to have `python3` and `c` installed.
1. To play Season 2, you will need to have `yaml`, `go`, `python3` and `node` installed.

If you are using VS Code locally, you can install the above programming languages through the editor extensions with these identifiers:

1. `ms-python.python`
1. `ms-python.vscode-pylance`
1. `ms-vscode.cpptools-extension-pack`
1. `redhat.vscode-yaml`
1. `golang.go`

Please note that for the `go` programming language, you need to perform an extra step, which is to visit the [official website](https://go.dev/dl/) and download the driver corresponding to your operating system.

Now, it's necessary to install `node` to get the `npm` packages we have provided. To do so:

1. Start by installing a package manager like `homebrew` by running:

```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```

2. Install `node`:

```bash
brew install node
```
Adapt the command to the package manager you have chosen if it's not homebrew.

3. The `npm` packages needed are specified in `package.json` and `package-lock.json`. Navigate to the `secure-code-game` repository and install them by running:

```bash
npm install --prefix Season-2/Level-4/ Season-2/Level-4/ && npm install --global mocha
```

4. At this point, you can get started with Season-1 or Season-2 by navigating on the respective folders and reading the `README.md` file.

We recommend these free-of-charge additional extensions:

1. `github.copilot-labs` to receive AI-generated code explanations.
1. `alexcvzz.vscode-sqlite` to visualize the SQL database created and the effects of our exploits on its content.

For more information about cloning repositories, see "[Cloning a repository](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository)."

---

Get help: Email us at [email protected] • [Review the GitHub status page](https://www.githubstatus.com/)

© 2024 GitHub • [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) • [MIT License](https://gh.io/mit)