This is the repository of a Django web app for the Cybersecurity base project I. The app is internally named "Doctor's notes" and has patient and doctor roles for users as well as adding, removing and viewing of doctor's notes. Doctors can write, view and remove notes in addition to viewing patients.
The repository is in two branches: the main
branch has five security flaws that are implemented on purpose as per the project assignment and the working
branch that has fixes to those security flaws. Working branch can be found here. The report can be read from the report.md file.
The app has been configured to be used with Docker as an extra exercise, but can be ran regularly with Django commands.
- Install Python 3.10.12 or later.
You can check your Python version by writing
python -V
into the Terminal on Linux or PowerShell on Windows. Note: Sometimes the Python command might be defined aspython3
. - Make sure pip is installed with
python -m pip -V
- Install Django with
python -m pip install Django
- Migrate databases by:
- First run
python manage.py makemigrations
- Then run
python manage.py migrate
- Then start the app with
python manage.py runserver
The app runs in the local address of 127.0.0.1:8000
.
- Download Docker.
- Build and run the app with
docker-compose up
The app runs in the local address of 0.0.0.0:8000
.
Note: Building and running the app with Docker might lock the SQLite database to a read-only status, so that running the app straight from the Terminal or PowerShell afterwards doesn't work.
Remember to remove the db.sqlite3
. Then run python manage.py makemigrations
and python manage.py migrate
to remigrate the database before running python manage.py runserver
.