Running

docker build . -t dsvw

Results in

Sending build context to Docker daemon 143.9kB
Step 1/7 : FROM alpine:latest
---> 7731472c3f2a
Step 2/7 : RUN apk --no-cache add git python3 py-lxml && rm -rf /var/cache/apk/*
---> Running in 14707f0cfe48
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
ERROR: unable to select packages:
py-lxml (no such package):
required by: world[py-lxml]
The command '/bin/sh -c apk --no-cache add git python3 py-lxml && rm -rf /var/cache/apk/*' returned a non-zero code: 1

Anything newer than alpine:3.12.3 seems to be missing the package

can you add it where this can be for a regular website... kinda like

python3 dsvw.py url=Mysite.com -i(info)

i wanna test my own site

Python says:

# python ./dsvw.py
Damn Small Vulnerable Web (DSVW) < 100 LoC (Lines of Code) #v0.1m
 by: Miroslav Stampar (@stamparm)

[i] running HTTP server at '127.0.0.1:65412'...
Traceback (most recent call last):
  File "./dsvw.py", line 90, in <module>
    ThreadingServer((LISTEN_ADDRESS, LISTEN_PORT), ReqHandler).serve_forever()
  File "/usr/lib/python2.7/SocketServer.py", line 417, in __init__
    self.server_bind()
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 108, in server_bind
    SocketServer.TCPServer.server_bind(self)
  File "/usr/lib/python2.7/SocketServer.py", line 431, in server_bind
    self.socket.bind(self.server_address)
  File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 98] Address already in use

lsb_release -a says:

# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.1 LTS
Release:	16.04
Codename:	xenial

Hello Miroslav,

I would like to use this sample application for educational purposes, but lack of a LICENSE file makes the project Copyrighted by default, even if that's not your purpose.

I see you've licensed other projects in your profile under the MIT license.
If you're interested in other people learning from this test-bed application, can you please add a LICENSE file with a license of your choice?

Thanks a lot

CM

Although DSVW is indeed small, calling it 100 lines of code might be a stretch, as it uses extremely long lines to achieve this.

The long lines are hard to understand and review.

This is a security problem; attacks mentioned in https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack relied on long lines to evade review.

autopep8 helps a little, but really, the code should be run through Black, which turns it into 500 lines of much more readable python.

Hello, can you put the container of this project to Docker Hub so the users can retrieve it directly by docker run command?