From ab278cc9b3c7a5e090ccb5e2c3c691eabd85851f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Ma=CC=88der?= <michael.maeder@hefr.ch>
Date: Wed, 26 Mar 2025 16:03:43 +0100
Subject: [PATCH] questions3 and some practical misc stuff

---
 docs/questions-part3.md | 10 ++++++++++
 misc/docker-compose.yml |  9 +++++++++
 misc/index.html         |  2 +-
 misc/start_juiceshop.sh |  4 ++++
 4 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 docs/questions-part3.md
 create mode 100644 misc/docker-compose.yml
 create mode 100755 misc/start_juiceshop.sh

diff --git a/docs/questions-part3.md b/docs/questions-part3.md
new file mode 100644
index 0000000..644a8d7
--- /dev/null
+++ b/docs/questions-part3.md
@@ -0,0 +1,10 @@
+# Questions
+
+## Part 3
+
+- **Q3.1**: Setup your CI/CD pipeline with an additional SAST solution. I propose that you use `semgrep` for this task. Get your inspiration here: https://semgrep.dev/for/gitlab and https://docs.gitlab.com/ee/user/application_security/sast/ 
+- **Q3.2**: Describe the found problems (alerts) in the `calculator app` (in the original code, git tag `v3.0`)
+- **Q3.3**: Install DAST OWASP ZAP on your host or in a Docker. Play with OWASP ZAP, analyze the calculator code
+- **Q3.4**: Implement a DAST solution in your pipeline. Get some inspiration here https://docs.gitlab.com/ee/user/application_security/dast/ . Describe what you have integrated in your pipeline. *Note: you must ensure that your application is running while you are testing!*
+- **Q3.5 (optional)**: Normally, the provided code has some bugs, which are discovered by SAST solution. Describe the found bugs (in the original code, git tag `v3.0`) and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code
+- **Q3.6 (optional)**: Describe the found bugs (in the original code, git tag `v3.0`) with DAST and provide solution to remediate the problems. Indicate which commit/tag contains the corrected code. Do corrections only in the provided code (no libraries)
diff --git a/misc/docker-compose.yml b/misc/docker-compose.yml
new file mode 100644
index 0000000..35a26f6
--- /dev/null
+++ b/misc/docker-compose.yml
@@ -0,0 +1,9 @@
+services:
+  nginx:
+    ports:
+      - "80:80"
+    container_name: nginx-1.20.0
+    image: nginx:1.20.0
+    volumes:
+      - .:/usr/share/nginx/html:ro
+
diff --git a/misc/index.html b/misc/index.html
index e965047..931722e 100644
--- a/misc/index.html
+++ b/misc/index.html
@@ -1 +1 @@
-Hello
+<h1>Hello class, TSM_Cybersec</h1>
diff --git a/misc/start_juiceshop.sh b/misc/start_juiceshop.sh
new file mode 100755
index 0000000..4aa3d83
--- /dev/null
+++ b/misc/start_juiceshop.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+docker run --rm -p 3000:3000 bkimminich/juice-shop
+