Polls is a simple Django app to conduct Web-based polls. For each question, visitors can choose between a fixed number of answers.

Based on the Django Polls tutorial, contains a few XSS/SQLi issues and turns off the built in protections to prevent that.

If you are building on a Mac, you will need to have MySQL and PostgreSQL installed to satisfy dependencies for the MySQL and Postgres client modules listed in requirements.txt.

brew install postgresql
brew install mysql

The default Docker Compose configuration builds an all-in-one container, including vuln_django, an Nginx front-end, and SQLite.

Build and run in foreground:

docker-compose up --build

Run as a daemon:

docker-compose up -d

Build:

docker-compose build

The docker-micro-pg Docker Compose configuration builds a microservice version of vuln_django, with separate containers running an Nginx front-end, and PostgreSQL database.

Build, run, and run data migrations:

docker-compose -f docker-micro.yml build
docker-compose -f docker-micro.yml up --detach
./scripts/migrations.sh

To bring the microservice stack up with migrations, a Django admin user, and seed data, run:

./scripts/build-and-run.sh

To do that plus run HawkScan against it, run:

./scripts/build-and-scan.sh

docker build -t vuln_django .

docker run -it -p 8020:8020 vuln_django:latest

• Browse to the polls with http://localhost:8020/polls/
• Administrator login http://localhost:8020/admin/
  • admin:adminpassword