appsecco / dvna Goto Github PK

Hi,

I followed the instructions to setup the DVNA using the official docker file.

When I run the docker image I get the following error.

``wait-for-it.sh: waiting 300 seconds for mysql-db:3306
wait-for-it.sh: mysql-db:3306 is available after 0 seconds

[email protected] start /app
node server.js

Fri, 23 Mar 2018 12:05:06 GMT sequelize deprecated String based operators are now deprecated. Please use Symbol based operators for better security, read more at http://docs.sequelizejs.com/manual/tutorial/querying.html#operators at node_modules/sequelize/lib/sequelize.js:236:13
Unable to connect to the database: { SequelizeAccessDeniedError: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Utils.Promise.tap.then.catch.err (/app/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:141:19)
at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:512:31)
at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:569:18)
at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:689:18)
at Async._drainQueue (/app/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/app/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:789:20)
at tryOnImmediate (timers.js:751:5)
at processImmediate [as _immediateCallback] (timers.js:722:5)
name: 'SequelizeAccessDeniedError',
parent:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' },
original:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' } }
An error occurred while creating the table: { SequelizeAccessDeniedError: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Utils.Promise.tap.then.catch.err (/app/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:141:19)
at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:512:31)
at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:569:18)
at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:689:18)
at Async._drainQueue (/app/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/app/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:789:20)
at tryOnImmediate (timers.js:751:5)
at processImmediate [as _immediateCallback] (timers.js:722:5)
name: 'SequelizeAccessDeniedError',
parent:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' },
original:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' } }

The command in "Quick start" section in README.md starts DVNA with SQLite but the "Getting Started" section describes DVNA with MySQL. This leads to confusion when testing the application as the injection attacks are different for both versions. It would be very helpful if the README.md has clear and distinct instructions for starting DVNA with MySQL and SQLite.

Please let me know if you need help with modifying the README.md

The Carbon LTS release is now EOL.
It would be nice to push a new release to DockerHub based on a supported LTS version of node.

The carbon-slim base image used did not feature iputils-ping package. There broke the Connectivity test feature of the application which uses the ping OS command.

This link that is mentioned in the main readme is no longer working: https://appsecco.com/books/dvna-developers-security-guide/

Can we view the guide somewhere else now?

Thanks!

I've followed the commands to set up DVNA and it doesn't seem to be installing correctly.
I've tried all methods of installation.
The default credentials don't seem to have been set up and I get the following error when I try to log in:

Invalid Credentials

I've connected to the docker MySQL database and it's empty.
Can anybody tell me what I'm missing?