Setup

Preparing Your Environment

Welcome, security engineer! Before you can start investigating security issues in DaBeastApp, you’ll need to set up your local environment. This guide will walk you through:

✅ Forking and cloning the repository
✅ Creating a feature branch for your work
✅ Setting up dependencies using Docker
✅ Running the application locally

Step 1: Fork the Repository

Since you’ll be making changes and submitting a pull request (PR) later, you need your own copy of the DaBeastApp repository.

1. Navigate to the DaBeastApp repository:
   👉 https://github.com/tiger-dojo/DaBeastApp
2. Click the Fork button (top-right of the GitHub page) to create a copy under your GitHub account.

Step 2: Clone Your Fork Locally

Once you’ve forked the repository, it’s time to clone it to your local machine.

1. Open a terminal and run:

   git clone https://github.com/YOUR-GITHUB-USERNAME/DaBeastApp.git
   

2. Navigate into the project directory:

   cd DaBeastApp
   

Step 3: Create a Feature Branch

To keep your work organized, create a feature branch before making any changes.

git checkout -b lets-git-sum

This branch will be used for your work in this module.

Step 4: Install Prerequisites

Ensure you have the following installed on your machine:

• Docker Desktop (or Docker Engine) → Download here
• Git → Download here

Step 5: Understanding the App’s Docker Configuration

The application runs inside a Docker container, and its setup is defined in two key files:

Dockerfile

FROM node:18-bullseye

RUN mkdir /usr/src/dabeastapp
RUN mkdir /tmp/extracted_files
COPY . /usr/src/dabeastapp
WORKDIR /usr/src/dabeastapp

RUN npm update
RUN npm install
EXPOSE 3001
EXPOSE 9229
ENTRYPOINT ["npm", "start"]

• Uses Node.js 18 as the base image.
• Copies the project files into the container.
• Installs dependencies with npm install.
• Exposes ports 3001 (app) and 9229 (debugging).
• Starts the application with npm start.

docker-compose.yml

version: "3.8"
services:
  dabeastapp:
    build: .
    container_name: dabeastapp
    environment:
      - DOCKER=1
      - MONGO_URI=mongodb://dabeastapp-mongo:27017/express-todo
    ports:
      - "3001:3001"
      - "9229:9229"
    links:
      - dabeastapp-mongo
    depends_on:
      dabeastapp-mongo:
        condition: service_healthy

  dabeastapp-mongo:
    container_name: dabeastapp-mongo
    image: mongo
    ports:
      - "27017:27017"
    healthcheck:
      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
      interval: 10s
      timeout: 5s
      retries: 5

• Runs MongoDB as a service.
• Defines a health check to ensure MongoDB is running before launching the app.
• Connects the application to MongoDB via MONGO_URI.

Step 6: Running the App Locally

Once everything is set up, start the application with:

docker-compose up --build

This will:

• Build and start the DaBeastApp container.
• Start the MongoDB service.
• Automatically restart the services if necessary.

Step 7: Verify the App is Running

Once Docker is finished setting up, open your browser and go to:

👉 http://localhost:3001/

You should see the DaBeastApp running! 🎉

Next Steps

Now that your environment is ready, you’ll start investigating DaBeastApp using Aikido Security to uncover vulnerabilities and secure the system. Keep your feature branch updated with your changes, as you’ll be submitting PRs throughout the workshop to earn your Certifier Badges. 🏆

🚀 Let’s go!