feat: split out git blame

2026-01-07 21:12:31 +01:00
parent 30b878fc67
commit 6b0e84934a
7 changed files with 633 additions and 92 deletions
--- a/03_advanced/05-blame/setup.ps1
+++ b/03_advanced/05-blame/setup.ps1
@@ -0,0 +1,323 @@
+#!/usr/bin/env pwsh
+<#
+.SYNOPSIS
+    Sets up the Module 05 challenge environment for git blame investigation.
+
+.DESCRIPTION
+    This script creates a challenge directory with a Git repository that
+    contains a security vulnerability (hardcoded credentials) for students
+    to investigate using git blame.
+#>
+
+Write-Host "`n=== Setting up Module 05 Challenge ===" -ForegroundColor Cyan
+
+# Remove existing challenge directory if it exists
+if (Test-Path "challenge") {
+    Write-Host "Removing existing challenge directory..." -ForegroundColor Yellow
+    Remove-Item -Recurse -Force "challenge"
+}
+
+# Create fresh challenge directory
+Write-Host "Creating challenge directory..." -ForegroundColor Green
+New-Item -ItemType Directory -Path "challenge" | Out-Null
+Set-Location "challenge"
+
+# Initialize Git repository
+Write-Host "Initializing Git repository..." -ForegroundColor Green
+git init | Out-Null
+
+# Commit 1: Initial project structure (by Alice)
+Write-Host "Creating initial project structure..." -ForegroundColor Green
+git config user.name "Alice Johnson"
+git config user.email "alice@example.com"
+
+$appContent = @"
+# app.py - Main application file
+
+def main():
+    print("Welcome to My App!")
+    # Application initialization code here
+    pass
+
+if __name__ == "__main__":
+    main()
+"@
+Set-Content -Path "app.py" -Value $appContent
+
+git add .
+git commit -m "Initial project structure" | Out-Null
+
+# Commit 2: Add authentication module (by Bob)
+Write-Host "Adding authentication module..." -ForegroundColor Green
+git config user.name "Bob Chen"
+git config user.email "bob@example.com"
+
+$authContent = @"
+# auth.py - Authentication module
+
+def login(username, password):
+    # Authenticate user
+    print(f"Logging in user: {username}")
+    return True
+
+def logout(username):
+    # Log out user
+    print(f"Logging out user: {username}")
+    return True
+"@
+Set-Content -Path "auth.py" -Value $authContent
+
+$appContent = @"
+# app.py - Main application file
+from auth import login, logout
+
+def main():
+    print("Welcome to My App!")
+    # Application initialization code here
+    pass
+
+if __name__ == "__main__":
+    main()
+"@
+Set-Content -Path "app.py" -Value $appContent
+
+git add .
+git commit -m "Add authentication module" | Out-Null
+
+# Commit 3: Add database connection (by Carol)
+Write-Host "Adding database connection..." -ForegroundColor Green
+git config user.name "Carol Martinez"
+git config user.email "carol@example.com"
+
+$databaseContent = @"
+# database.py - Database connection module
+
+def connect():
+    # Connect to database
+    print("Connecting to database...")
+    return True
+
+def disconnect():
+    # Disconnect from database
+    print("Disconnecting from database...")
+    return True
+"@
+Set-Content -Path "database.py" -Value $databaseContent
+
+$appContent = @"
+# app.py - Main application file
+from auth import login, logout
+from database import connect, disconnect
+
+def main():
+    print("Welcome to My App!")
+    connect()
+    # Application initialization code here
+    pass
+
+if __name__ == "__main__":
+    main()
+"@
+Set-Content -Path "app.py" -Value $appContent
+
+git add .
+git commit -m "Add database connection" | Out-Null
+
+# Commit 4: Add hardcoded credentials (THE SECURITY ISSUE - by Suspicious Developer)
+Write-Host "Adding suspicious change..." -ForegroundColor Green
+git config user.name "Suspicious Developer"
+git config user.email "guilty@email.com"
+
+$appContent = @"
+# app.py - Main application file
+from auth import login, logout
+from database import connect, disconnect
+
+def main():
+    print("Welcome to My App!")
+    connect()
+    # Quick fix for testing - TODO: Remove before production!
+    if login("admin", "admin123"):
+        print("Admin logged in successfully")
+    pass
+
+if __name__ == "__main__":
+    main()
+"@
+Set-Content -Path "app.py" -Value $appContent
+
+git add .
+git commit -m "Add quick test login for debugging" | Out-Null
+
+# Commit 5: Add logging (by David - innocent commit after the security issue)
+Write-Host "Adding logging module..." -ForegroundColor Green
+git config user.name "David Lee"
+git config user.email "david@example.com"
+
+$loggingContent = @"
+# logging_config.py - Logging configuration
+
+import logging
+
+def setup_logging():
+    logging.basicConfig(
+        level=logging.INFO,
+        format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+    )
+    return logging.getLogger(__name__)
+"@
+Set-Content -Path "logging_config.py" -Value $loggingContent
+
+git add .
+git commit -m "Add logging configuration" | Out-Null
+
+# Reset git config
+git config user.name "Workshop Student"
+git config user.email "student@example.com"
+
+# Create investigation.md template
+Write-Host "Creating investigation template..." -ForegroundColor Green
+$investigationTemplate = @"
+# Security Investigation Report
+
+## Incident Overview
+
+A security vulnerability has been discovered in the codebase: hardcoded credentials in `app.py`.
+
+**Your task:** Use git blame and related Git commands to investigate this security issue and document your findings.
+
+---
+
+## Question 1: What line number contains the hardcoded password?
+
+Look at `app.py` and find the line with `"admin123"`.
+
+**Your Answer:**
+
+<!-- Write the line number here -->
+
+---
+
+## Question 2: Who added the hardcoded credentials?
+
+Use `git blame` to find the email address of the developer who wrote the line with the hardcoded credentials.
+
+**Suggested commands:**
+``````bash
+# View blame with email addresses
+git blame -e app.py
+
+# Or focus on specific lines (if you know the line range)
+git blame -L 8,10 app.py
+
+# Look for the line containing login("admin", "admin123")
+``````
+
+**Your Answer (provide the email address):**
+
+<!-- Write the email address here -->
+
+---
+
+## Question 3: What was the commit message for the change that introduced the hardcoded credentials?
+
+Once you've found the commit hash from git blame, use `git show` or `git log` to see the full commit message.
+
+**Suggested commands:**
+``````bash
+# After finding the commit hash from git blame
+git show <commit-hash>
+git log -1 <commit-hash>
+``````
+
+**Your Answer:**
+
+<!-- Write the commit message here -->
+
+---
+
+## Question 4: How many files were modified in the commit that added the hardcoded credentials?
+
+Use `git show` with the `--stat` flag to see which files were changed.
+
+**Suggested commands:**
+``````bash
+git show <commit-hash> --stat
+git show <commit-hash> --name-only
+``````
+
+**Your Answer:**
+
+<!-- Write the number or list the files here -->
+
+---
+
+## Question 5: When was this security vulnerability introduced?
+
+Use the timestamp from git blame to determine when the vulnerable code was committed.
+
+**Your Answer (date and time):**
+
+<!-- Write the date/time here -->
+
+---
+
+## Recommendations
+
+Based on your investigation, what actions should the team take?
+
+**Your Recommendations:**
+
+<!-- Write your recommendations here, for example:
+- Remove hardcoded credentials
+- Implement proper environment variables
+- Add pre-commit hooks to prevent secrets
+- Review with the developer who made the change
+-->
+
+---
+
+## Quick Reference - Investigation Commands
+
+**Finding Who Changed What:**
+``````bash
+git blame <file>                    # Show who last modified each line
+git blame -e <file>                 # Show with email addresses
+git blame -L 10,20 <file>           # Blame specific line range
+``````
+
+**Getting Commit Details:**
+``````bash
+git show <commit-hash>              # See full commit details
+git show <commit-hash> --stat       # See files changed
+git log -1 <commit-hash>            # See commit message only
+git log -p <commit-hash>            # See commit with diff
+``````
+
+**Searching History:**
+``````bash
+git log --all --grep="keyword"      # Search commit messages
+git log --author="name"             # See commits by author
+git log --since="2 weeks ago"       # Recent commits
+``````
+
+---
+
+When you're done with your investigation, run ``..\verify.ps1`` to check your answers!
+"@
+
+Set-Content -Path "investigation.md" -Value $investigationTemplate
+
+# Return to module directory
+Set-Location ..
+
+Write-Host "`n=== Setup Complete! ===" -ForegroundColor Green
+Write-Host "`nYour investigation environment is ready in the 'challenge/' directory." -ForegroundColor Cyan
+Write-Host "`nScenario: Someone committed hardcoded credentials to app.py!" -ForegroundColor Yellow
+Write-Host "`nNext steps:" -ForegroundColor Cyan
+Write-Host "  1. cd challenge" -ForegroundColor White
+Write-Host "  2. Open 'investigation.md' to see the investigation questions" -ForegroundColor White
+Write-Host "  3. Use 'git blame -e app.py' to start your investigation" -ForegroundColor White
+Write-Host "  4. Fill in your findings in 'investigation.md'" -ForegroundColor White
+Write-Host "  5. Run '..\verify.ps1' to check your investigation" -ForegroundColor White
+Write-Host ""