├── .dockerignore ├── .env.example ├── .env.production ├── .github └── workflows │ └── ci-cd.yml ├── .gitignore ├── .npmrc ├── .vscode └── settings.json ├── 2-missing-authentication.png ├── 4-missing-authorization.png ├── 5-secrets-exposure.png ├── 6-cross-site-scripting.png ├── Dockerfile ├── app ├── (auth) │ ├── api │ │ └── login │ │ │ └── route.ts │ ├── login │ │ ├── LoginForm.tsx │ │ └── page.tsx │ └── logout │ │ └── route.ts ├── LinkIfNotCurrent.tsx ├── api │ ├── example-1-missing-authentication-route-handler │ │ ├── solution-1 │ │ │ └── route.ts │ │ ├── solution-2 │ │ │ └── route.ts │ │ └── vulnerable │ │ │ └── route.ts │ ├── example-3-missing-authorization-route-handler │ │ ├── solution-1 │ │ │ └── route.ts │ │ ├── solution-2 │ │ │ └── route.ts │ │ └── vulnerable-1 │ │ │ └── route.ts │ └── example-5-secrets-exposure │ │ └── solution-2 │ │ └── route.ts ├── example-1-missing-authentication-route-handler │ └── [exampleType] │ │ ├── MissingAuthenticationApiRoute.tsx │ │ └── page.tsx ├── example-2-missing-authentication-server-component │ ├── common.tsx │ ├── solution-1 │ │ └── page.tsx │ ├── solution-2 │ │ └── page.tsx │ └── vulnerable │ │ └── page.tsx ├── example-3-missing-authorization-route-handler │ ├── [exampleType] │ │ ├── MissingAuthorizationApiRoute.tsx │ │ └── page.tsx │ └── vulnerable-2 │ │ ├── MissingAuthorizationApiRoute.tsx │ │ └── page.tsx ├── example-4-missing-authorization-server-component │ ├── common.tsx │ ├── solution-1 │ │ └── page.tsx │ ├── solution-2 │ │ └── page.tsx │ ├── vulnerable-1 │ │ ├── MissingAuthorizationServerComponent.tsx │ │ └── page.tsx │ └── vulnerable-2 │ │ ├── MissingAuthorizationServerComponent.tsx │ │ └── page.tsx ├── example-5-secrets-exposure │ ├── common.tsx │ ├── solution-1 │ │ └── page.tsx │ ├── solution-2 │ │ ├── SecretsExposure.tsx │ │ └── page.tsx │ └── vulnerable │ │ ├── SecretsExposure.tsx │ │ └── page.tsx ├── example-6-cross-site-scripting │ ├── common.tsx │ ├── solution-1 │ │ └── page.tsx │ ├── solution-2 │ │ └── page.tsx │ ├── solution-3 │ │ └── page.tsx │ └── vulnerable │ │ └── page.tsx ├── global.scss ├── layout.tsx └── page.tsx ├── database ├── blogPosts.ts ├── connect.ts ├── sessions.ts └── users.ts ├── eslint.config.js ├── fly.toml ├── ley.config.js ├── migrations ├── 001-create-table-users.ts ├── 002-create-table-sessions.ts └── 003-create-table-blog-posts.ts ├── next-env.d.ts ├── next.config.ts ├── package.json ├── pnpm-lock.yaml ├── prettier.config.js ├── public └── favicon.ico ├── readme.md ├── renovate.json ├── scripts └── fly-io-start.sh ├── stylelint.config.js ├── tsconfig.json └── util ├── cookies.ts └── validation.ts /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.dockerignore -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.env.example -------------------------------------------------------------------------------- /.env.production: -------------------------------------------------------------------------------- 1 | # Public environment variables is ok they are on GitHub 2 | FLY_IO=true 3 | -------------------------------------------------------------------------------- /.github/workflows/ci-cd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.github/workflows/ci-cd.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.gitignore -------------------------------------------------------------------------------- /.npmrc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.npmrc -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /2-missing-authentication.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/2-missing-authentication.png -------------------------------------------------------------------------------- /4-missing-authorization.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/4-missing-authorization.png -------------------------------------------------------------------------------- /5-secrets-exposure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/5-secrets-exposure.png -------------------------------------------------------------------------------- /6-cross-site-scripting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/6-cross-site-scripting.png -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/Dockerfile -------------------------------------------------------------------------------- /app/(auth)/api/login/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/(auth)/api/login/route.ts -------------------------------------------------------------------------------- /app/(auth)/login/LoginForm.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/(auth)/login/LoginForm.tsx -------------------------------------------------------------------------------- /app/(auth)/login/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/(auth)/login/page.tsx -------------------------------------------------------------------------------- /app/(auth)/logout/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/(auth)/logout/route.ts -------------------------------------------------------------------------------- /app/LinkIfNotCurrent.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/LinkIfNotCurrent.tsx -------------------------------------------------------------------------------- /app/api/example-1-missing-authentication-route-handler/solution-1/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-1-missing-authentication-route-handler/solution-1/route.ts -------------------------------------------------------------------------------- /app/api/example-1-missing-authentication-route-handler/solution-2/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-1-missing-authentication-route-handler/solution-2/route.ts -------------------------------------------------------------------------------- /app/api/example-1-missing-authentication-route-handler/vulnerable/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-1-missing-authentication-route-handler/vulnerable/route.ts -------------------------------------------------------------------------------- /app/api/example-3-missing-authorization-route-handler/solution-1/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-3-missing-authorization-route-handler/solution-1/route.ts -------------------------------------------------------------------------------- /app/api/example-3-missing-authorization-route-handler/solution-2/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-3-missing-authorization-route-handler/solution-2/route.ts -------------------------------------------------------------------------------- /app/api/example-3-missing-authorization-route-handler/vulnerable-1/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-3-missing-authorization-route-handler/vulnerable-1/route.ts -------------------------------------------------------------------------------- /app/api/example-5-secrets-exposure/solution-2/route.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/api/example-5-secrets-exposure/solution-2/route.ts -------------------------------------------------------------------------------- /app/example-1-missing-authentication-route-handler/[exampleType]/MissingAuthenticationApiRoute.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-1-missing-authentication-route-handler/[exampleType]/MissingAuthenticationApiRoute.tsx -------------------------------------------------------------------------------- /app/example-1-missing-authentication-route-handler/[exampleType]/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-1-missing-authentication-route-handler/[exampleType]/page.tsx -------------------------------------------------------------------------------- /app/example-2-missing-authentication-server-component/common.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-2-missing-authentication-server-component/common.tsx -------------------------------------------------------------------------------- /app/example-2-missing-authentication-server-component/solution-1/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-2-missing-authentication-server-component/solution-1/page.tsx -------------------------------------------------------------------------------- /app/example-2-missing-authentication-server-component/solution-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-2-missing-authentication-server-component/solution-2/page.tsx -------------------------------------------------------------------------------- /app/example-2-missing-authentication-server-component/vulnerable/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-2-missing-authentication-server-component/vulnerable/page.tsx -------------------------------------------------------------------------------- /app/example-3-missing-authorization-route-handler/[exampleType]/MissingAuthorizationApiRoute.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-3-missing-authorization-route-handler/[exampleType]/MissingAuthorizationApiRoute.tsx -------------------------------------------------------------------------------- /app/example-3-missing-authorization-route-handler/[exampleType]/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-3-missing-authorization-route-handler/[exampleType]/page.tsx -------------------------------------------------------------------------------- /app/example-3-missing-authorization-route-handler/vulnerable-2/MissingAuthorizationApiRoute.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-3-missing-authorization-route-handler/vulnerable-2/MissingAuthorizationApiRoute.tsx -------------------------------------------------------------------------------- /app/example-3-missing-authorization-route-handler/vulnerable-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-3-missing-authorization-route-handler/vulnerable-2/page.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/common.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/common.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/solution-1/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/solution-1/page.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/solution-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/solution-2/page.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/vulnerable-1/MissingAuthorizationServerComponent.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/vulnerable-1/MissingAuthorizationServerComponent.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/vulnerable-1/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/vulnerable-1/page.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/vulnerable-2/MissingAuthorizationServerComponent.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/vulnerable-2/MissingAuthorizationServerComponent.tsx -------------------------------------------------------------------------------- /app/example-4-missing-authorization-server-component/vulnerable-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-4-missing-authorization-server-component/vulnerable-2/page.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/common.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/common.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/solution-1/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/solution-1/page.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/solution-2/SecretsExposure.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/solution-2/SecretsExposure.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/solution-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/solution-2/page.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/vulnerable/SecretsExposure.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/vulnerable/SecretsExposure.tsx -------------------------------------------------------------------------------- /app/example-5-secrets-exposure/vulnerable/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-5-secrets-exposure/vulnerable/page.tsx -------------------------------------------------------------------------------- /app/example-6-cross-site-scripting/common.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-6-cross-site-scripting/common.tsx -------------------------------------------------------------------------------- /app/example-6-cross-site-scripting/solution-1/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-6-cross-site-scripting/solution-1/page.tsx -------------------------------------------------------------------------------- /app/example-6-cross-site-scripting/solution-2/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-6-cross-site-scripting/solution-2/page.tsx -------------------------------------------------------------------------------- /app/example-6-cross-site-scripting/solution-3/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-6-cross-site-scripting/solution-3/page.tsx -------------------------------------------------------------------------------- /app/example-6-cross-site-scripting/vulnerable/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/example-6-cross-site-scripting/vulnerable/page.tsx -------------------------------------------------------------------------------- /app/global.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/global.scss -------------------------------------------------------------------------------- /app/layout.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/layout.tsx -------------------------------------------------------------------------------- /app/page.tsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/app/page.tsx -------------------------------------------------------------------------------- /database/blogPosts.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/database/blogPosts.ts -------------------------------------------------------------------------------- /database/connect.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/database/connect.ts -------------------------------------------------------------------------------- /database/sessions.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/database/sessions.ts -------------------------------------------------------------------------------- /database/users.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/database/users.ts -------------------------------------------------------------------------------- /eslint.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/eslint.config.js -------------------------------------------------------------------------------- /fly.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/fly.toml -------------------------------------------------------------------------------- /ley.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/ley.config.js -------------------------------------------------------------------------------- /migrations/001-create-table-users.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/migrations/001-create-table-users.ts -------------------------------------------------------------------------------- /migrations/002-create-table-sessions.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/migrations/002-create-table-sessions.ts -------------------------------------------------------------------------------- /migrations/003-create-table-blog-posts.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/migrations/003-create-table-blog-posts.ts -------------------------------------------------------------------------------- /next-env.d.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/next-env.d.ts -------------------------------------------------------------------------------- /next.config.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/next.config.ts -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/package.json -------------------------------------------------------------------------------- /pnpm-lock.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/pnpm-lock.yaml -------------------------------------------------------------------------------- /prettier.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/prettier.config.js -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/public/favicon.ico -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/readme.md -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/renovate.json -------------------------------------------------------------------------------- /scripts/fly-io-start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/scripts/fly-io-start.sh -------------------------------------------------------------------------------- /stylelint.config.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/stylelint.config.js -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/tsconfig.json -------------------------------------------------------------------------------- /util/cookies.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/util/cookies.ts -------------------------------------------------------------------------------- /util/validation.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/upleveled/security-vulnerability-examples-next-js-postgres/HEAD/util/validation.ts --------------------------------------------------------------------------------