Fix malicious load generator and bump version to 0.11.0 (#109)

* 🐛 fix(malicious-load-generator): Fix login exploit

* 🔖 chore: Bump version to 0.11.0

Author: KraProgrammer

chart/Chart.yaml

@@ -2,9 +2,9 @@ annotations:
   licenses: Apache-2.0
 apiVersion: v2
 name: unguard
-version: 0.10.1
+version: 0.11.0
 description: Unguard is an insecure cloud-native microservices demo application.
 type: application
 home: https://github.com/dynatrace-oss/unguard
 icon: https://github.com/dynatrace-oss/unguard/blob/main/docs/images/logo/unguard-logo-red-small.png
-appVersion: 0.10.1
+appVersion: 0.11.0

chart/README.md

@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
 To install Unguard in a specific version provide the `--version` flag with the version you want to install:
 
 ```sh
-helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.10.1
+helm install unguard  oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --version 0.11.0
 ```
 
 ## Parameters

chart/values.yaml

@@ -54,7 +54,7 @@ maliciousLoadGenerator:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-malicious-load-generator
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -113,7 +113,7 @@ userSimulator:
       container:
         image:
           repository: ghcr.io/dynatrace-oss/unguard/unguard-user-simulator
-          tag: 0.10.1
+          tag: 0.11.0
           pullPolicy: IfNotPresent
 
         env:
@@ -144,7 +144,7 @@ membershipService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-membership-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -174,7 +174,7 @@ userAuthService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-user-auth-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 9091
@@ -209,7 +209,7 @@ adService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-ad-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8082
@@ -243,7 +243,7 @@ envoyProxy:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-envoy-proxy
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         - name: http
@@ -267,7 +267,7 @@ microblogService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-microblog-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8080
@@ -320,7 +320,7 @@ statusService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-status-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8083
@@ -375,7 +375,7 @@ proxyService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-proxy-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8081
@@ -402,7 +402,7 @@ likeService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-like-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 8000
@@ -438,7 +438,7 @@ paymentService:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-payment-service
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       env:
         API_PATH: /payment-service
@@ -468,7 +468,7 @@ frontend:
     container:
       image:
         repository: ghcr.io/dynatrace-oss/unguard/unguard-frontend
-        tag: 0.10.1
+        tag: 0.11.0
         pullPolicy: IfNotPresent
       ports:
         containerPort: 3000

src/malicious-load-generator/locustfile.py

@@ -179,9 +179,11 @@ def get_sql_golang(self):
     def post_sql_login_injection_nodejs(self):
         parameters = {'name': random.choice(SQL_CMDS_LOGIN_USERNAME), 'password': 'user'}
 
-        # post with the malicious SQL command
-        self.client.post("/login", data=parameters, headers=self.get_random_x_forwarded_for_header())
+        # get with the malicious SQL command
+        self.client.get("/login", params=parameters, headers=self.get_random_x_forwarded_for_header())
+
         time.sleep(1)
+        self.on_start()
 
     @task()
     def post_sql_php(self):