Home Original page

GitHub - Armor-test/api-service: Node.js API service with vulnerable dependencies for Harness CI security scanning demo

Node.js Express API with intentionally vulnerable dependencies for Harness CI security scanning demo.

Vulnerable Dependencies

  • lodash@4.17.19 - Prototype pollution (CVE-2021-23337)
  • axios@0.21.1 - SSRF (CVE-2021-3749)
  • jsonwebtoken@8.5.1 - Algorithm confusion
  • node-forge@0.10.0 - Multiple CVEs
  • minimist@1.2.5 - Prototype pollution
  • qs@6.5.2 - Prototype poisoning
  • moment@2.29.1 - Path traversal

Docker

docker build -t api-service .
docker run -p 3000:3000 api-service

Endpoints

  • GET /health - Health check
  • POST /api/users/login - Get JWT token
  • GET /api/users - List users (requires auth)