Hard Reset functionality for AspGoat

[Soham7-dev]

🚨 Help Wanted: Implement a Hard Reset Feature for AspGoat

Context:
AspGoat’s Unrestricted File Upload / File Overwrite lab lets learners deface the actual homepage as part of the challenge.
While that’s intentional, it means the application can be left in a broken state.
Currently, we simply display a warning and ask users to manually redeploy the container or clone the repo to restore the app.

Goal:
Create a one-click “Hard Reset” capability that restores the application to its original state.

---

Requirements & Ideas

• Reset Scope

  • Restore the entire wwwroot (or equivalent) directory to a clean snapshot.
  • Re-seed the SQLite database (users, comments, seeded labs, etc.).
  • Ensure uploaded/overwritten files are removed or replaced with pristine copies.

• Implementation Thoughts

  • Container-level approach (e.g., Docker volume snapshot, ephemeral overlay).
  • Application-level endpoint (/admin/reset) that:
    • Drops and recreates the DB schema.
    • Copies a baseline of static assets from a protected location.
  • Cross-platform: should work both in local dev and containerized environments.

• Security Considerations

  • Restricted to authorized roles (e.g., Admin or in dev mode only).
  • Prevent abuse—avoid becoming an unintended DoS vector.

---

Tech Stack

• Backend: ASP.NET Core 8 (MVC + Razor)
• Database: SQLite (seeded via EF Core)
• Deployment: Docker (multi-stage build)

---

What We’re Looking For

• .NET / DevOps / Security engineers who can:
  • Propose a clean architecture for snapshot/restore.
  • Implement and document the solution.
  • Provide automated tests to verify reset integrity.

---

💡 How to Contribute

• Start a conversation in GitHub Discussions → Ideas
• Or open a draft PR with an implementation proposal.

This feature will make AspGoat more learner-friendly while showcasing a real-world secure recovery pattern.

Recognition: Major contributors will be highlighted in the README “Hall of Fame” and future release notes.

[toyesh0]

Check if we can do :

We'll add a “factory reset” button for the app. When an admin clicks it, the app will wipe the current public files and copy back a clean set of originals, then recreate the database with the default users and data. This reset action will be protected so only admins can run it, will require a real POST request (with CSRF protection), and won’t allow multiple resets at once. It will work the same on your laptop and in Docker. After it finishes, the app looks and works exactly like a fresh install.

[Soham7-dev]

Hi @toyesh0 , can you provide a psuedo code for this solution. It would be helpful if you have an idea of C# Programming Language and a Solid idea of ASP.NET MVC 👍