jordan/stemedb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
stemedb/docs/demo/vulnbank/go/crypto.go
jordan b3e8a9a058 feat: Multi-application expansion with chaos testing and community UI 
Major additions:
- Community Next.js app (port 18187) for browsing claims with API docs
- stemedb-chaos crate: Fault injection, chaos testing, CRDT properties
- Latent ingestion system: Reddit/FDA ingesters with ADK-Go agents
- Disputed claims handling: Manual review workflows and validation
- Aphoria security scanner: New extractors (SQL injection, command
  injection, weak crypto, TLS version), policy-based ignores, UAT reports
- Docker infrastructure: Dockerfile, docker-compose.yml for full stack
- VulnBank demo: Intentionally vulnerable multi-language test corpus

SDK & API enhancements:
- Source registry handlers for tracking data provenance
- Metrics endpoint
- Skeptic filtering improvements

Code quality:
- Split 14 large files (>500 lines) into focused modules
- All files now under 500-line limit per project guidelines

Documentation:
- Chaos testing guide, circuit breakers, observability docs
- Phase 7 UAT documentation updates
- Martin Kleppmann technical writer agent

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 01:24:14 -07:00

54 lines
1.5 KiB
Go
Raw Permalink Blame History

// VulnBank - Cryptography with intentional vulnerabilities
//
// Vulnerabilities:
// - MD5 for hashing (collision attacks)
// - SHA1 for hashing (collision attacks)
// - RC4 stream cipher (multiple attacks)
package main
import (
"crypto/md5"
"crypto/rc4"
"crypto/sha1"
"encoding/hex"
)
// HashPasswordMD5 uses broken MD5 algorithm
// VULNERABILITY: MD5 has practical collision attacks since 2004
func HashPasswordMD5(password string) string {
// BLOCK: MD5 is cryptographically broken - use SHA-256 or better
hash := md5.New()
hash.Write([]byte(password))
return hex.EncodeToString(hash.Sum(nil))
}
// HashDocumentSHA1 uses broken SHA1 algorithm
// VULNERABILITY: SHA1 has practical collision attacks (SHAttered, 2017)
func HashDocumentSHA1(data []byte) string {
// BLOCK: SHA1 is cryptographically broken - use SHA-256 or better
hash := sha1.Sum(data)
return hex.EncodeToString(hash[:])
}
// EncryptRC4 uses broken RC4 stream cipher
// VULNERABILITY: RC4 has multiple known attacks
func EncryptRC4(key, plaintext []byte) ([]byte, error) {
// BLOCK: RC4 has known weaknesses - use AES-GCM instead
cipher, err := rc4.NewCipher(key)
if err != nil {
return nil, err
}
ciphertext := make([]byte, len(plaintext))
cipher.XORKeyStream(ciphertext, plaintext)
return ciphertext, nil
}
// GenerateChecksum uses MD5 for file integrity
// VULNERABILITY: MD5 allows collision attacks on file integrity
func GenerateChecksum(data []byte) string {
// BLOCK: MD5 for checksums allows malicious file substitution
hash := md5.Sum(data)
return hex.EncodeToString(hash[:])
}
Reference in New Issue View Git Blame Copy Permalink