Feature/lab2

.github/pull_request_template.md

@@ -0,0 +1,74 @@
+# Lab Submission Pull Request
+
+## Goal
+
+**Lab Number:** <!-- e.g., Lab 1 -->  
+**Lab Title:** <!-- e.g., Setup OWASP Juice Shop & PR Workflow -->
+
+**Objective:**
+<!-- Brief description of what this lab accomplishes (1-2 sentences) -->
+
+---
+
+## Changes
+
+**Summary of modifications:**
+<!-- List the main changes made in this PR -->
+- 
+- 
+- 
+
+**Files Added/Modified:**
+<!-- List key files that were added or modified -->
+- 
+- 
+- 
+
+---
+
+## Testing
+
+**How were the changes verified?**
+<!-- Describe the testing steps performed -->
+- 
+- 
+- 
+
+**Test Results:**
+<!-- Summarize test outcomes or validation performed -->
+- 
+
+---
+
+## Artifacts & Screenshots
+
+**Evidence of completion:**
+<!-- Include links to screenshots, logs, or other artifacts demonstrating task completion -->
+- 
+- 
+- 
+
+**Key Deliverables:**
+<!-- List the main deliverables for this lab -->
+- [ ] Task 1: 
+- [ ] Task 2: 
+- [ ] Additional tasks: 
+
+---
+
+## Checklist
+
+Before submitting this PR, please verify:
+
+- [ ] PR title is clear and descriptive (e.g., "docs(lab1): add submission1 triage report")
+- [ ] Documentation has been updated if needed (README, submission files, etc.)
+- [ ] No secrets, credentials, or large temporary files are included in the commit
+- [ ] All required tasks from the lab assignment are completed
+- [ ] Screenshots and evidence are properly embedded or linked
+
+---
+
+## Additional Notes
+
+<!-- Any additional context, challenges faced, or questions for the reviewer -->
+

labs/lab1-cleanup.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+#
+# OWASP Juice Shop Cleanup Script for Lab 1
+#
+# This script removes the Juice Shop container and optionally the image.
+# Use this after completing the lab to free up system resources.
+#
+# Usage: bash labs/lab1-cleanup.sh [--remove-image]
+#
+
+set -e  # Exit on any error
+
+# Configuration
+CONTAINER_NAME="juice-shop"
+IMAGE_NAME="bkimminich/juice-shop"
+IMAGE_TAG="v19.0.0"
+FULL_IMAGE="${IMAGE_NAME}:${IMAGE_TAG}"
+REMOVE_IMAGE=false
+
+# Parse arguments
+if [ "$1" == "--remove-image" ]; then
+    REMOVE_IMAGE=true
+fi
+
+echo "================================================"
+echo "OWASP Juice Shop Cleanup Script"
+echo "================================================"
+echo ""
+
+# Check if Docker is available
+if ! command -v docker &> /dev/null; then
+    echo "ERROR: Docker is not installed or not in PATH"
+    exit 1
+fi
+
+# Stop and remove container
+echo "[1/2] Removing Juice Shop container..."
+if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+    echo "   Found container: ${CONTAINER_NAME}"
+
+    # Stop if running
+    if docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+        echo "   Stopping running container..."
+        docker stop "${CONTAINER_NAME}" &> /dev/null
+    fi
+
+    # Remove container
+    echo "   Removing container..."
+    docker rm "${CONTAINER_NAME}" &> /dev/null
+    echo "Container removed successfully"
+else
+    echo "No container named '${CONTAINER_NAME}' found (already clean)"
+fi
+echo ""
+
+# Remove image if requested
+if [ "$REMOVE_IMAGE" == true ]; then
+    echo "[2/2] Removing Juice Shop image..."
+    if docker images --format '{{.Repository}}:{{.Tag}}' | grep -q "^${FULL_IMAGE}$"; then
+        echo "   Found image: ${FULL_IMAGE}"
+        echo "   Removing image..."
+        docker rmi "${FULL_IMAGE}" &> /dev/null
+        echo "Image removed successfully"
+    else
+        echo "Image '${FULL_IMAGE}' not found (already removed or never pulled)"
+    fi
+else
+    echo "[2/2] Keeping Docker image"
+    echo "   Image '${FULL_IMAGE}' preserved for future use"
+    echo "   To remove image, run: bash labs/lab1-cleanup.sh --remove-image"
+fi
+echo ""
+
+echo "================================================"
+echo "Cleanup Complete!"
+echo "================================================"
+echo ""
+echo "What was cleaned:"
+if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+    echo "   Container: Still exists (unexpected)"
+else
+    echo "   Container: Removed"
+fi
+
+if [ "$REMOVE_IMAGE" == true ]; then
+    if docker images --format '{{.Repository}}:{{.Tag}}' | grep -q "^${FULL_IMAGE}$"; then
+        echo "   Image: Still exists (unexpected)"
+    else
+        echo "   Image: Removed"
+    fi
+else
+    echo "   Image: Preserved (not removed)"
+fi
+echo ""

labs/lab1-deploy.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+#
+# OWASP Juice Shop Deployment Script for Lab 1
+# 
+# This script deploys OWASP Juice Shop v19.0.0 locally for security testing.
+# The container is bound to 127.0.0.1 only to prevent external exposure.
+#
+# Usage: bash labs/lab1-deploy.sh
+#
+
+set -e  # Exit on any error
+
+# Configuration
+CONTAINER_NAME="juice-shop"
+IMAGE_NAME="bkimminich/juice-shop"
+IMAGE_TAG="v19.0.0"
+FULL_IMAGE="${IMAGE_NAME}:${IMAGE_TAG}"
+HOST_IP="127.0.0.1"
+HOST_PORT="3000"
+CONTAINER_PORT="3000"
+
+echo "================================================"
+echo "OWASP Juice Shop Deployment Script"
+echo "================================================"
+echo ""
+
+# Check if Docker is installed and running
+echo "[1/5] Checking Docker installation..."
+if ! command -v docker &> /dev/null; then
+    echo "ERROR: Docker is not installed or not in PATH"
+    echo "   Please install Docker Desktop from https://www.docker.com/products/docker-desktop"
+    exit 1
+fi
+
+if ! docker info &> /dev/null; then
+    echo "ERROR: Docker daemon is not running"
+    echo "   Please start Docker Desktop and try again"
+    exit 1
+fi
+echo "Docker is installed and running"
+echo ""
+
+# Check if container already exists
+echo "[2/5] Checking for existing Juice Shop container..."
+if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+    echo "Container '${CONTAINER_NAME}' already exists"
+    echo "   Removing existing container..."
+    docker rm -f "${CONTAINER_NAME}" &> /dev/null
+    echo "Existing container removed"
+else
+    echo "No existing container found"
+fi
+echo ""
+
+# Pull the image
+echo "[3/5] Pulling OWASP Juice Shop image..."
+echo "   Image: ${FULL_IMAGE}"
+docker pull "${FULL_IMAGE}"
+echo "Image pulled successfully"
+echo ""
+
+# Get image digest for triage report
+echo "[4/5] Retrieving image digest..."
+IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' "${FULL_IMAGE}" 2>/dev/null || echo "N/A")
+echo "   Digest: ${IMAGE_DIGEST}"
+echo ""
+
+# Deploy the container
+echo "[5/5] Deploying Juice Shop container..."
+echo "   Container name: ${CONTAINER_NAME}"
+echo "   Network binding: ${HOST_IP}:${HOST_PORT}"
+echo "   Security: Bound to localhost only (no external exposure)"
+echo ""
+
+docker run -d \
+  --name "${CONTAINER_NAME}" \
+  -p "${HOST_IP}:${HOST_PORT}:${CONTAINER_PORT}" \
+  "${FULL_IMAGE}"
+
+# Wait for container to start
+echo "Waiting for container to start (5 seconds)..."
+sleep 5
+
+# Verify container is running
+if docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+    echo "Container deployed successfully!"
+else
+    echo "ERROR: Container failed to start"
+    echo "   Check logs with: docker logs ${CONTAINER_NAME}"
+    exit 1
+fi
+
+echo ""
+echo "================================================"
+echo "Deployment Complete!"
+echo "================================================"
+echo ""
+echo "Deployment Summary:"
+echo "   • Container: ${CONTAINER_NAME}"
+echo "   • Image: ${FULL_IMAGE}"
+echo "   • Digest: ${IMAGE_DIGEST}"
+echo "   • Access URL: http://${HOST_IP}:${HOST_PORT}"
+echo "   • Status: Running"
+echo ""