OWASP · pypalkar23 · Dec 7, 2022 · Dec 7, 2022 · Dec 7, 2022 · Dec 7, 2022
diff --git a/src/SUMMARY.md b/src/SUMMARY.md
@@ -24,6 +24,7 @@ Summary
 * [Communication Security](communication-security/README.md)
     * [HTTP/TLS](communication-security/http-tls.md)
     * [WebSockets](communication-security/websockets.md)
+    * [gRPC](communication-security/grpc.md)
 * [System Configuration](system-configuration/README.md)
 * [Database Security](database-security/README.md)
     * [Connections](database-security/connections.md)
@@ -32,6 +33,7 @@ Summary
     * [Stored Procedures](database-security/stored-procedures.md)
 * [File Management](file-management/README.md)
 * [Memory Management](memory-management/README.md)
+* [Process Management](process-management/README.md)
 * General Coding Practices
     * [Cross-Site Request Forgery](general-coding-practices/cross-site-request-forgery.md)
     * [Regular Expressions](general-coding-practices/regular-expressions.md)

diff --git a/src/communication-security/README.md b/src/communication-security/README.md
@@ -13,5 +13,6 @@ The scope of this section covers the following communication channels:
 
 * HTTP/HTTPS
 * Websockets
+* gRPC
 
 [1]: https://www.owasp.org/index.php/Man-in-the-middle_attack
diff --git a/src/communication-security/grpc-code/grpc_client_secured/client.go b/src/communication-security/grpc-code/grpc_client_secured/client.go
@@ -0,0 +1,57 @@
+package main
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	pb "pentest/grpc/samplebuff"
+	"time"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"flag"
-	"fmt"
-	"io/ioutil"
-	"log"
-	pb "pentest/grpc/samplebuff"
-	"time"
-
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-)
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"time"
+
+	pb "pentest/grpc/samplebuff"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"flag"
-	"fmt"
-	"io/ioutil"
-	"log"
-	pb "pentest/grpc/samplebuff"
-	"time"
-
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-)
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"time"
+
+	pb "pentest/grpc/samplebuff"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+const (
+	defaultName = "Art Rosenbaum"
+)
+
+var (
+	addr = flag.String("addr", "localhost:10001", "Address of Server")
+	name = flag.String("name", defaultName, "Name to greet")
+)
+
+func main() {
+	flag.Parse()
+	b, _ := ioutil.ReadFile("../cert/ca.cert")
-	b, _ := ioutil.ReadFile("../cert/ca.cert")
+	b, err := ioutil.ReadFile("../cert/ca.cert")
+	if err != nil {
+		log.Fatalf("Could read ca.cert: %v", err)
+	}
-	b, _ := ioutil.ReadFile("../cert/ca.cert")
+	b, err := ioutil.ReadFile("../cert/ca.cert")
+	if err != nil {
+		log.Fatalf("Could read ca.cert: %v", err)
+	}
+	cp := x509.NewCertPool()
+	if !cp.AppendCertsFromPEM(b) {
+		fmt.Println("credentials: failed to append certificates")
+	}
+
+	config := &tls.Config{
+		InsecureSkipVerify: false,
+		RootCAs:            cp,
+	}
+
+	creds := credentials.NewTLS(config)
+	// Set up a connection to the server.
+	conn, err := grpc.Dial(*addr, grpc.WithTransportCredentials(creds))
+	if err != nil {
+		log.Fatalf("Could not connect to server: %v", err)
+	}
+	defer conn.Close()
+	c := pb.NewSampleServiceClient(conn)
+
+	// Contact the server and print out its response.
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+	r, err := c.Greet(ctx, &pb.SendMsg{Name: *name})
-	defer cancel()
-	r, err := c.Greet(ctx, &pb.SendMsg{Name: *name})
+	defer cancel()
+
+	r, err := c.Greet(ctx, &pb.SendMsg{Name: *name})
-	defer cancel()
-	r, err := c.Greet(ctx, &pb.SendMsg{Name: *name})
+	defer cancel()
+
+	r, err := c.Greet(ctx, &pb.SendMsg{Name: *name})
+	if err != nil {
+		log.Fatalf("could not send message: %v", err)
+	}
+	log.Printf("Sending message: %s", r.GetMessage())
+}
diff --git a/src/communication-security/grpc-code/grpc_server_secured/server.go b/src/communication-security/grpc-code/grpc_server_secured/server.go
@@ -0,0 +1,51 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"net"
+
+	pb "pentest/grpc/samplebuff"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+var (
+	port = flag.Int("port", 10001, "The server port")
+)
+
+// server is used to implement sample.GreeterServer.
+type server struct {
+	pb.UnimplementedSampleServiceServer
+}
-// server is used to implement sample.GreeterServer.
-type server struct {
-	pb.UnimplementedSampleServiceServer
-}
+// Verify interface implementation on compile.
+var _ pb.UnimplementedSampleServiceServer = (*server)(nil)
+
+// server implements sample.GreeterServer interface.
+type server struct {}
-// server is used to implement sample.GreeterServer.
-type server struct {
-	pb.UnimplementedSampleServiceServer
-}
+// Verify interface implementation on compile.
+var _ pb.UnimplementedSampleServiceServer = (*server)(nil)
+
+// server implements sample.GreeterServer interface.
+type server struct {}
+
+// Greet implements sample.GreeterServer
+func (s *server) Greet(ctx context.Context, in *pb.SendMsg) (*pb.SendResp, error) {
+	log.Printf("Received msg: %v", in.GetName())
+	return &pb.SendResp{Message: "Hey " + in.GetName()}, nil
+}
+
+func main() {
+	flag.Parse()
+	lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *port))
+	if err != nil {
+		log.Fatalf("Could not start the server: %v", err)
+	}
+
+	//Configuring the certificates
+	creds, err := credentials.NewServerTLSFromFile("../cert/service.pem", "../cert/service.key")
+
+	if err != nil {
+		log.Fatalf("TLS setup failed: %v", err)
+	}
-	//Configuring the certificates
-	creds, err := credentials.NewServerTLSFromFile("../cert/service.pem", "../cert/service.key")
-
-	if err != nil {
-		log.Fatalf("TLS setup failed: %v", err)
-	}
+	// Configuring the certificates.
+	creds, err := credentials.NewServerTLSFromFile("../cert/service.pem", "../cert/service.key")
+	if err != nil {
+		log.Fatalf("TLS setup failed: %v", err)
+	}
-	//Configuring the certificates
-	creds, err := credentials.NewServerTLSFromFile("../cert/service.pem", "../cert/service.key")
-
-	if err != nil {
-		log.Fatalf("TLS setup failed: %v", err)
-	}
+	// Configuring the certificates.
+	creds, err := credentials.NewServerTLSFromFile("../cert/service.pem", "../cert/service.key")
+	if err != nil {
+		log.Fatalf("TLS setup failed: %v", err)
+	}
+
+	s := grpc.NewServer(grpc.Creds(creds))
+	pb.RegisterSampleServiceServer(s, &server{})
+	log.Printf("Server started at: %v", lis.Addr())
+	if err := s.Serve(lis); err != nil {
+		log.Fatalf("Could not start the server: %v", err)
+	}
+}
diff --git a/src/communication-security/grpc-code/samplebuff/sample.pb.go b/src/communication-security/grpc-code/samplebuff/sample.pb.go
diff --git a/src/communication-security/grpc-code/samplebuff/sample.proto b/src/communication-security/grpc-code/samplebuff/sample.proto
@@ -0,0 +1,18 @@
+syntax = "proto3";
+
+option go_package = "github.com/pypalkar23/go-rpc-cis5209/sample";
+
+package sample;
+
+
+service SampleService {
+    rpc Greet (SendMsg) returns (SendResp);
+}
+
+message SendMsg {
+    string name = 1;
+}
+
+message SendResp{
+    string message = 1;
+}