#!/usr/bin/env pwsh <# .SYNOPSIS Sets up the Module 05 challenge environment for git blame investigation. .DESCRIPTION This script creates a challenge directory with a Git repository that contains a security vulnerability (hardcoded credentials) for students to investigate using git blame. #> Write-Host "`n=== Setting up Module 05 Challenge ===" -ForegroundColor Cyan # Remove existing challenge directory if it exists if (Test-Path "challenge") { Write-Host "Removing existing challenge directory..." -ForegroundColor Yellow Remove-Item -Recurse -Force "challenge" } # Create fresh challenge directory Write-Host "Creating challenge directory..." -ForegroundColor Green New-Item -ItemType Directory -Path "challenge" | Out-Null Set-Location "challenge" # Initialize Git repository Write-Host "Initializing Git repository..." -ForegroundColor Green git init | Out-Null # Commit 1: Initial project structure (by Alice) Write-Host "Creating initial project structure..." -ForegroundColor Green git config user.name "Alice Johnson" git config user.email "alice@example.com" $appContent = @" # app.py - Main application file def main(): print("Welcome to My App!") # Application initialization code here pass if __name__ == "__main__": main() "@ Set-Content -Path "app.py" -Value $appContent git add . git commit -m "Initial project structure" | Out-Null # Commit 2: Add authentication module (by Bob) Write-Host "Adding authentication module..." -ForegroundColor Green git config user.name "Bob Chen" git config user.email "bob@example.com" $authContent = @" # auth.py - Authentication module def login(username, password): # Authenticate user print(f"Logging in user: {username}") return True def logout(username): # Log out user print(f"Logging out user: {username}") return True "@ Set-Content -Path "auth.py" -Value $authContent $appContent = @" # app.py - Main application file from auth import login, logout def main(): print("Welcome to My App!") # Application initialization code here pass if __name__ == "__main__": main() "@ Set-Content -Path "app.py" -Value $appContent git add . git commit -m "Add authentication module" | Out-Null # Commit 3: Add database connection (by Carol) Write-Host "Adding database connection..." -ForegroundColor Green git config user.name "Carol Martinez" git config user.email "carol@example.com" $databaseContent = @" # database.py - Database connection module def connect(): # Connect to database print("Connecting to database...") return True def disconnect(): # Disconnect from database print("Disconnecting from database...") return True "@ Set-Content -Path "database.py" -Value $databaseContent $appContent = @" # app.py - Main application file from auth import login, logout from database import connect, disconnect def main(): print("Welcome to My App!") connect() # Application initialization code here pass if __name__ == "__main__": main() "@ Set-Content -Path "app.py" -Value $appContent git add . git commit -m "Add database connection" | Out-Null # Commit 4: Add hardcoded credentials (THE SECURITY ISSUE - by Suspicious Developer) Write-Host "Adding suspicious change..." -ForegroundColor Green git config user.name "Suspicious Developer" git config user.email "guilty@email.com" $appContent = @" # app.py - Main application file from auth import login, logout from database import connect, disconnect def main(): print("Welcome to My App!") connect() # Quick fix for testing - TODO: Remove before production! if login("admin", "admin123"): print("Admin logged in successfully") pass if __name__ == "__main__": main() "@ Set-Content -Path "app.py" -Value $appContent git add . git commit -m "Add quick test login for debugging" | Out-Null # Commit 5: Add logging (by David - innocent commit after the security issue) Write-Host "Adding logging module..." -ForegroundColor Green git config user.name "David Lee" git config user.email "david@example.com" $loggingContent = @" # logging_config.py - Logging configuration import logging def setup_logging(): logging.basicConfig( level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s' ) return logging.getLogger(__name__) "@ Set-Content -Path "logging_config.py" -Value $loggingContent git add . git commit -m "Add logging configuration" | Out-Null # Reset git config git config user.name "Workshop Student" git config user.email "student@example.com" # Create investigation.md template Write-Host "Creating investigation template..." -ForegroundColor Green $investigationTemplate = @" # Security Investigation Report ## Incident Overview A security vulnerability has been discovered in the codebase: hardcoded credentials in `app.py`. **Your task:** Use git blame and related Git commands to investigate this security issue and document your findings. --- ## Question 1: What line number contains the hardcoded password? Look at `app.py` and find the line with `"admin123"`. **Your Answer:** --- ## Question 2: Who added the hardcoded credentials? Use `git blame` to find the email address of the developer who wrote the line with the hardcoded credentials. **Suggested commands:** ``````bash # View blame with email addresses git blame -e app.py # Or focus on specific lines (if you know the line range) git blame -L 8,10 app.py # Look for the line containing login("admin", "admin123") `````` **Your Answer (provide the email address):** --- ## Question 3: What was the commit message for the change that introduced the hardcoded credentials? Once you've found the commit hash from git blame, use `git show` or `git log` to see the full commit message. **Suggested commands:** ``````bash # After finding the commit hash from git blame git show git log -1 `````` **Your Answer:** --- ## Question 4: How many files were modified in the commit that added the hardcoded credentials? Use `git show` with the `--stat` flag to see which files were changed. **Suggested commands:** ``````bash git show --stat git show --name-only `````` **Your Answer:** --- ## Question 5: When was this security vulnerability introduced? Use the timestamp from git blame to determine when the vulnerable code was committed. **Your Answer (date and time):** --- ## Recommendations Based on your investigation, what actions should the team take? **Your Recommendations:** --- ## Quick Reference - Investigation Commands **Finding Who Changed What:** ``````bash git blame # Show who last modified each line git blame -e # Show with email addresses git blame -L 10,20 # Blame specific line range `````` **Getting Commit Details:** ``````bash git show # See full commit details git show --stat # See files changed git log -1 # See commit message only git log -p # See commit with diff `````` **Searching History:** ``````bash git log --all --grep="keyword" # Search commit messages git log --author="name" # See commits by author git log --since="2 weeks ago" # Recent commits `````` --- When you're done with your investigation, run ``..\verify.ps1`` to check your answers! "@ Set-Content -Path "investigation.md" -Value $investigationTemplate # Return to module directory Set-Location .. Write-Host "`n=== Setup Complete! ===" -ForegroundColor Green Write-Host "`nYour investigation environment is ready in the 'challenge/' directory." -ForegroundColor Cyan Write-Host "`nScenario: Someone committed hardcoded credentials to app.py!" -ForegroundColor Yellow Write-Host "`nNext steps:" -ForegroundColor Cyan Write-Host " 1. cd challenge" -ForegroundColor White Write-Host " 2. Open 'investigation.md' to see the investigation questions" -ForegroundColor White Write-Host " 3. Use 'git blame -e app.py' to start your investigation" -ForegroundColor White Write-Host " 4. Fill in your findings in 'investigation.md'" -ForegroundColor White Write-Host " 5. Run '..\verify.ps1' to check your investigation" -ForegroundColor White Write-Host ""