⚰️ refactor: Remove commented-out code, unneeded files

README.md

@@ -32,7 +32,7 @@ Unguard is composed of eight microservices written in different languages that t
 | [proxy-service](./src/proxy-service)                       | Java Spring     | unguard-proxy   | Serves REST API for proxying requests from frontend (vulnerable to SSRF; no sanitization on the entered URL).                               |
 | [profile-service](./src/profile-service)                   | Java Spring     | default         | Serves REST API for updating biography information in a H2 database; vulnerable to SQL injection attacks                                    |
 | [membership-service](./src/membership-service)             | .NET 7          | default         | Serves REST API for updating user memberships in a MariaDB; vulnerable to SQL injection attacks                                             |
-| [like-service](./src/like-service)                         | PHP             | default         | Serves REST API for liking and unliking posts using MariaDB; vulnerable to an SQL injection attack for removing other users' likes          |
+| [like-service](./src/like-service)                         | PHP             | default         | Serves REST API for adding likes to posts using MariaDB; vulnerable to SQL injection attacks                                                |
 | [user-auth-service](./src/user-auth-service)               | Node.js Express | default         | Serves REST API for authenticating users with JWT tokens (vulnerable to JWT key confusion).                                                 |
 | [status-service](./src/status-service)                     | Go              | unguard-status  | Serves REST API for Kubernetes deployments health, as well as a user and user role list (vulnerable to SQL injection)                       |
 | jaeger                                                     |                 | default         | The [Jaeger](https://www.jaegertracing.io/) stack for distributed tracing.                                                                  |

chart/templates/ingress.yaml

@@ -51,11 +51,4 @@ spec:
                 name: unguard-envoy-proxy
                 port:
                   number: 8080
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: unguard-envoy-proxy
-                port:
-                  number: 8000
 {{end}}

chart/values.yaml

@@ -404,7 +404,7 @@ likeService:
       ports:
         containerPort: 8000
       env:
-        JAEGER_COLLECTOR_HOST: collector # PHP OpenTelemetry sends data to jaeger-collector instead of jaeger-agent
+        JAEGER_COLLECTOR_HOST: collector  # PHP OpenTelemetry sends data to jaeger-collector instead of jaeger-agent
         JAEGER_DISABLED: true
         JAEGER_PORT: 4318
         SERVICE_NAME: unguard-like-service
@@ -455,4 +455,3 @@ frontend:
         LIKE_SERVICE_BASE_PATH: /like-service
         MEMBERSHIP_SERVICE_BASE_PATH: /membership-service
         STATUS_SERVICE_BASE_PATH: /status-service
-

docs/TRACING.md

@@ -30,13 +30,13 @@ This document explains how to install Jaeger tracing using Helm to the cluster.
 1. For local development
     1. Install Jaeger (takes a couple of minutes)
        ```sh
-        helm install jaeger jaegertracing/jaeger --version 0.71.14 --wait --namespace unguard --create-namespace --values ./chart/jaeger-otlp-values.yaml
+        helm install jaeger jaegertracing/jaeger --version 0.71.14 --wait --namespace unguard --create-namespace --values ./docs/jaeger/jaeger-otlp-values.yaml
        ```
     2. Install the Jaeger-Operator
        ```sh
         helm install jaeger-operator jaegertracing/jaeger-operator --version 2.22.0 --wait --namespace unguard --create-namespace
        ```
-    2. Deploy the AllInOne image for local development
+    3. Deploy the AllInOne image for local development
        ```sh
         kubectl apply -f ./k8s-manifests/jaeger/jaeger.yaml
        ```

exploit-toolkit/exploit.py

@@ -378,7 +378,7 @@ def sql_inject_unlike_post(post, user, target):
         click.echo("Not logged in. Run login command first.")
         return
 
-    r = session.get(f'http://{target + frontend_base_path}/post', params={'postId': [post, user], 'like_delete': ''}, allow_redirects=False)
+    r = session.get(f'http://{target + frontend_base_path}/unlike', params={'postId': [post, user]}, allow_redirects=False)
 
     # should always be status code 404
     click.echo('Request returned status code %s.' % str(r.status_code))

exploit-toolkit/exploits/sql-injection/README.md

@@ -3,4 +3,4 @@
 Unguard has three SQL injection vulnerabilities:
 * [One in the Java `profile-service`](./SQLI-PROFILE-SERVICE-H2.md), which is exploitable through the user biography and allows you to access the h2 database.
 * [One in the Golang `status-service`](./SQLI-STATUS-SERVICE-MARIADB.md), which is exploitable through the search bar on the Users page and allows you to access the MariaDB database.
-* [One in the PHP `like-service`](./SQLI-LIKE-SERVICE-REMOVE-LIKE.md), which allows you to remove another user's like on a given post if you send the right parameters.
+* [One in the PHP `like-service`](./SQLI-LIKE-SERVICE-REMOVE-LIKE.md), which allows you to remove another user's like on a given post.

exploit-toolkit/exploits/sql-injection/SQLI-LIKE-SERVICE-REMOVE-LIKE.md

@@ -2,7 +2,6 @@
 
 Utilizing [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) can lead to sensitive data being read
 and/or databases to be modified (Insert/Update/Delete).
-In addition, administrative operations such as shutting down the DBMS can also be completed.
 
 Unguard has a PHP microservice for handling likes that uses an unsafe version of Laravel, allowing you to remove another user's like on a post. When liking/unliking, normally, the PHP service would receive a post ID and a user ID, but with the right parameters, you can send two post IDs, leading to the latter one being misinterpreted as the user ID by Laravel ([see more details](https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-1060045)).
 
@@ -20,9 +19,9 @@ This ID is exposed indirectly through the Users page. The admanager user always
 The user shown below the admanager has the ID 2, the one below that has the ID 3 etc.
 
 ### w/o Toolkit CLI
-Once you have the ID of the user whose like on a particular post you want to remove, head over to the frontend page for that post, e.g. http://unguard.kube/ui/post?postId=1.
-You can get to that page by liking the post yourself. Then, in the search bar, modify the parameters thusly:
-`http://unguard.kube/ui/post?postId=[POST_ID]&postId=[USER_ID]&like_delete`.
+Once you have the ID of the user whose like on a particular post you want to remove, head over to the frontend page for that post, e.g. http://unguard.kube/ui/post/1.
+You can get to that page by liking the post yourself. From the address bar, you can now see the post id (1 in the example). Then open the following in your browser:
+`http://unguard.kube/ui/unlike?postId=[POST_ID]&postId=[USER_ID]`.
 The second `postId` parameter is misinterpreted by Laravel as the user ID, and the like for that user will be deleted. After you load the site with these parameters,
 you should see a 404 error.
 

src/envoy-proxy/config/envoy-config.yaml

@@ -62,10 +62,6 @@ static_resources:
                             prefix: /ad-service
                           route:
                             cluster: ad_service_cluster
-                        - match:
-                            prefix: /like-service
-                          route:
-                            cluster: like_service_cluster
   clusters:
     - name: frontend_cluster
       dns_lookup_family: V4_ONLY
@@ -91,15 +87,3 @@ static_resources:
                     socket_address:
                       address: unguard-ad-service
                       port_value: 80
-    - name: like_service_cluster
-      dns_lookup_family: V4_ONLY
-      type: STRICT_DNS
-      load_assignment:
-        cluster_name: like_service_cluster
-        endpoints:
-          - lb_endpoints:
-              - endpoint:
-                  address:
-                    socket_address:
-                      address: unguard-like-service
-                      port_value: 80