115 lines
4.9 KiB
PowerShell
115 lines
4.9 KiB
PowerShell
#!/usr/bin/env pwsh
|
|
<#
|
|
.SYNOPSIS
|
|
Verifies the Module 05 challenge solution.
|
|
|
|
.DESCRIPTION
|
|
This script checks that:
|
|
- The challenge directory exists
|
|
- A Git repository exists
|
|
- investigation.md exists with correct findings about the security issue
|
|
#>
|
|
|
|
Write-Host "`n=== Verifying Module 05 Solution ===" -ForegroundColor Cyan
|
|
|
|
$allChecksPassed = $true
|
|
|
|
# Check if challenge directory exists
|
|
if (-not (Test-Path "challenge")) {
|
|
Write-Host "[FAIL] Challenge directory not found. Did you run setup.ps1?" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
|
|
Set-Location "challenge"
|
|
|
|
# Check if git repository exists
|
|
if (-not (Test-Path ".git")) {
|
|
Write-Host "[FAIL] Not a git repository. Did you run setup.ps1?" -ForegroundColor Red
|
|
Set-Location ..
|
|
exit 1
|
|
}
|
|
|
|
# Check if investigation.md exists
|
|
if (-not (Test-Path "investigation.md")) {
|
|
Write-Host "[FAIL] investigation.md not found. Did you run setup.ps1?" -ForegroundColor Red
|
|
Write-Host "[HINT] The setup script should have created investigation.md for you" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
} else {
|
|
Write-Host "[PASS] investigation.md exists" -ForegroundColor Green
|
|
|
|
# Read the investigation file
|
|
$investigation = Get-Content "investigation.md" -Raw
|
|
$investigationLower = $investigation.ToLower()
|
|
|
|
# Check 1: Line number (line 8 contains the hardcoded password)
|
|
if ($investigationLower -match "8") {
|
|
Write-Host "[PASS] Correct line number identified" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[FAIL] Line number not found or incorrect" -ForegroundColor Red
|
|
Write-Host "[HINT] Look at app.py to find which line contains 'admin123'" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
}
|
|
|
|
# Check 2: Email address (guilty@email.com)
|
|
if ($investigationLower -match "guilty@email\.com") {
|
|
Write-Host "[PASS] Correct email address found using git blame!" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[FAIL] Developer's email address not found" -ForegroundColor Red
|
|
Write-Host "[HINT] Use 'git blame -e app.py' to see who changed each line with email addresses" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
}
|
|
|
|
# Check 3: Commit message (contains "test" or "debug" or "quick")
|
|
if ($investigationLower -match "test|debug|quick") {
|
|
Write-Host "[PASS] Commit message identified" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[FAIL] Commit message not found" -ForegroundColor Red
|
|
Write-Host "[HINT] Use 'git show <commit-hash>' to see the commit message" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
}
|
|
|
|
# Check 4: Number of files (1 file - only app.py)
|
|
if ($investigationLower -match "1|one|app\.py") {
|
|
Write-Host "[PASS] Number of files modified identified" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[FAIL] Number of files modified not found" -ForegroundColor Red
|
|
Write-Host "[HINT] Use 'git show <commit-hash> --stat' to see which files were changed" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
}
|
|
|
|
# Check 5: Some mention of timestamp/date (flexible check)
|
|
# We're just checking they attempted to answer this
|
|
if ($investigationLower -match "202|date|time|\d{4}-\d{2}-\d{2}") {
|
|
Write-Host "[PASS] Timestamp/date documented" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[FAIL] Timestamp/date not documented" -ForegroundColor Red
|
|
Write-Host "[HINT] The git blame output shows the date and time of each change" -ForegroundColor Yellow
|
|
$allChecksPassed = $false
|
|
}
|
|
}
|
|
|
|
Set-Location ..
|
|
|
|
# Final summary
|
|
if ($allChecksPassed) {
|
|
Write-Host "`n" -NoNewline
|
|
Write-Host "=====================================" -ForegroundColor Green
|
|
Write-Host " INVESTIGATION COMPLETE!" -ForegroundColor Green
|
|
Write-Host "=====================================" -ForegroundColor Green
|
|
Write-Host "`nExcellent detective work! You've successfully used git blame to track down the security issue." -ForegroundColor Cyan
|
|
Write-Host "`nYou now know how to:" -ForegroundColor Cyan
|
|
Write-Host " - Use git blame to find who modified each line" -ForegroundColor White
|
|
Write-Host " - Read and interpret git blame output" -ForegroundColor White
|
|
Write-Host " - Use git blame with -e flag to show email addresses" -ForegroundColor White
|
|
Write-Host " - Find commit details after identifying changes with blame" -ForegroundColor White
|
|
Write-Host " - Conduct code archaeology to understand code history" -ForegroundColor White
|
|
Write-Host "`nRemember: git blame is for understanding, not blaming!" -ForegroundColor Yellow
|
|
Write-Host "`nReady for the next module!" -ForegroundColor Green
|
|
Write-Host ""
|
|
} else {
|
|
Write-Host "`n[SUMMARY] Some checks failed. Review the hints above and try again." -ForegroundColor Red
|
|
Write-Host "[INFO] You can run this verification script as many times as needed." -ForegroundColor Yellow
|
|
Write-Host ""
|
|
exit 1
|
|
}
|