99 lines
3.4 KiB
JavaScript
99 lines
3.4 KiB
JavaScript
const db = require('./src/config/database');
|
|
const lessonQueries = require('./src/models/queries/lesson.queries');
|
|
|
|
/**
|
|
* Seed the four new offensive security lessons into the database
|
|
*/
|
|
const seedNewLessons = async () => {
|
|
const lessons = [
|
|
{
|
|
lessonKey: 'xss-deeplink-demo',
|
|
title: 'Cross-Site Scripting (XSS) - Deeplink Injection',
|
|
description: 'Learn how XSS attacks work through URL parameter manipulation and deeplink injection',
|
|
modulePath: 'xss-deeplink-demo',
|
|
configPath: 'xss-deeplink-demo.yaml',
|
|
difficultyLevel: 'intermediate',
|
|
estimatedDuration: 20
|
|
},
|
|
{
|
|
lessonKey: 'script-injection-forum',
|
|
title: 'Stored XSS - Forum Comment Injection',
|
|
description: 'Learn how script injection in user-generated content can compromise entire platforms through stored XSS attacks',
|
|
modulePath: 'script-injection-forum',
|
|
configPath: 'script-injection-forum.yaml',
|
|
difficultyLevel: 'intermediate',
|
|
estimatedDuration: 25
|
|
},
|
|
{
|
|
lessonKey: 'social-engineering-password',
|
|
title: 'Social Engineering - Passwortsicherheit',
|
|
description: 'Lernen Sie, wie persönliche Informationen aus sozialen Medien zu schwachen Passwörtern führen können',
|
|
modulePath: 'social-engineering-password',
|
|
configPath: 'social-engineering-password.yaml',
|
|
difficultyLevel: 'beginner',
|
|
estimatedDuration: 20
|
|
},
|
|
{
|
|
lessonKey: 'idor-demo',
|
|
title: 'IDOR - Insecure Direct Object Reference',
|
|
description: 'Learn how insecure direct object references allow unauthorized access to other users\' data through URL manipulation',
|
|
modulePath: 'idor-demo',
|
|
configPath: 'idor-demo.yaml',
|
|
difficultyLevel: 'intermediate',
|
|
estimatedDuration: 22
|
|
}
|
|
];
|
|
|
|
console.log('🌱 Seeding new offensive security lessons...\n');
|
|
|
|
for (const lesson of lessons) {
|
|
try {
|
|
// Check if lesson already exists
|
|
const existing = await lessonQueries.getLessonByKey(lesson.lessonKey);
|
|
|
|
if (existing) {
|
|
console.log(`⏭️ Lesson "${lesson.lessonKey}" already exists, skipping...`);
|
|
continue;
|
|
}
|
|
|
|
// Create lesson
|
|
await lessonQueries.createLesson(
|
|
lesson.lessonKey,
|
|
lesson.title,
|
|
lesson.description,
|
|
lesson.modulePath,
|
|
lesson.configPath,
|
|
lesson.difficultyLevel,
|
|
lesson.estimatedDuration
|
|
);
|
|
|
|
console.log(`✅ Created lesson: ${lesson.title}`);
|
|
} catch (error) {
|
|
console.error(`❌ Error creating lesson "${lesson.lessonKey}":`, error.message);
|
|
}
|
|
}
|
|
};
|
|
|
|
// Run if called directly
|
|
if (require.main === module) {
|
|
seedNewLessons()
|
|
.then(() => {
|
|
console.log('\n✅ Lesson seeding complete!');
|
|
console.log('\nYou can now:');
|
|
console.log('1. Login to the admin panel (username: admin, password: admin123)');
|
|
console.log('2. Create or edit an event');
|
|
console.log('3. Add these lessons to your event:');
|
|
console.log(' - Cross-Site Scripting (XSS) - Deeplink Injection');
|
|
console.log(' - Stored XSS - Forum Comment Injection');
|
|
console.log(' - Social Engineering - Passwortsicherheit');
|
|
console.log(' - IDOR - Insecure Direct Object Reference');
|
|
process.exit(0);
|
|
})
|
|
.catch(error => {
|
|
console.error('\n❌ Lesson seeding failed:', error);
|
|
process.exit(1);
|
|
});
|
|
}
|
|
|
|
module.exports = { seedNewLessons };
|