Looks like a json file is missing in the src directory.

ERROR in ./src/utils/apiCaller.js
Module not found: Error: Can't resolve '../be-stack.json' in '/Volumes/5TB/Code/DVSA/client/src/utils'
@ ./src/utils/apiCaller.js 16:26-53
@ ./src/components/StorePage.js
@ ./src/routers/AppRouter.js
@ ./src/app.js

ERROR in ./src/aws-exports.js
Module not found: Error: Can't resolve './be-stack.json' in '/Volumes/5TB/Code/DVSA/client/src'
@ ./src/aws-exports.js 25:26-52
@ ./src/app.js

The README suggests that the first step in installing this application is running nom install. However I cannot find a package.json file or for that matter any JS code at all. Is the application code stored in another repository? Or is the code purposely not available as a matter of exercise?

Thanks in advance.

After deploy the application, I created a new user and logged in. After log in, the application shows a popup with the error message: "[ERROR] DVSA backend does not work properly. Try to delete cache and re-login."

I have investigated and this happens because the POST request to https://6u6eaiz6kk.execute-api.us-east-1.amazonaws.com/user/order return a 500 status code error, with the following response headers:

x-amzn-errortype: InternalServerErrorException
x-cache: Error from cloudfront

By examining the logs, it is caused by some nodejs missing dependencies. Has any other got this error? How to fix the missing dependencies error?

I think the issue has to do with this:

The runtime parameter of nodejs8.10 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (nodejs12.x) while creating or updating functions. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: ..................)

https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html

https://aws.amazon.com/blogs/compute/node-js-12-x-runtime-now-available-in-aws-lambda/

Any chance this can be fixed?

npm ERR! Linux 4.15.0-45-generic
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "i"
npm ERR! node v8.10.0
npm ERR! npm v3.5.2

npm ERR! Invalid Package: expected serverless-plugin-protego-fsp but found serverless-protego-plugin
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR! https://github.com/npm/npm/issues

npm ERR! Please include the following file with any support request:
npm ERR! /home/david/workspace/DVSA/backend/src/functions/order-api/npm-debug.log

npm ERR! Linux 4.15.0-45-generic
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "i"
npm ERR! node v8.10.0
npm ERR! npm v3.5.2
npm ERR! code ELIFECYCLE
npm ERR! [email protected] postinstall: cd client && npm i && cd ../backend/src/functions/order-api && npm i
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] postinstall script 'cd client && npm i && cd ../backend/src/functions/order-api && npm i'.
npm ERR! Make sure you have the latest version of node.js and npm installed.
npm ERR! If you do, this is most likely a problem with the dvsa package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR! cd client && npm i && cd ../backend/src/functions/order-api && npm i
npm ERR! You can get information on how to open an issue for this project with:
npm ERR! npm bugs dvsa
npm ERR! Or if that isn't available, you can get their info via:
npm ERR! npm owner ls dvsa
npm ERR! There is likely additional logging output above.

npm ERR! Please include the following file with any support request:
npm ERR! /home/david/workspace/DVSA/npm-debug.log

When you try to create feedback and attach the file is not being uploaded to the feedback S3 bucket
The fix still not working. It still failing

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)
Looks like there is error here: Uncaught (in promise) TypeError: Cannot read property 'key' of undefined at bundle.js:308

After successful login - application should send {"action": "profile"} and store the information received in the response in client localStorage

Create orders page in the application that shows the list of orders and their status in the ui.

backend already supports this information. simply call:

{"action": "orders"}

Returned json should be parsed into a table. Order-id should be clickable.

When clicked - end request {"action": "get", "order-id": id} and show data in the response json

If order has status "incomplete" - allow user to delete it using request: {"action": "cancel", "order-id": id}

Ok, I don't want to open multiple issues for something that may be completely my fault, so I'll add things here if you don't mind

• Broken Authentication Open - Api

POST /default/DVSA-PAYMENT-PROCESSOR HTTP/1.1

I always get {"message":"Forbidden"} although it doesn't require an Authorization header.

http://dvsa-website-686121694555.s3-website-us-east-2.amazonaws.com/

Hmm. We’re having trouble finding that site.

When you try to create feedback and attach the file is not being uploaded to the feedback S3 bucket

I have experienced this with two different linux distro (ubuntu and centos) and on mac os as well:
The issue looks similar to:
serverless/serverless#3882
sometimes it works after more than say 15 minutes hanging...

david@ubuntu:~/workspace/DVSA$ sls deploy
Running command: python backend/serverless/scripts/onstart.py
############################################################################

██████╗ ██╗ ██╗███████╗ █████╗

██╔══██╗██║ ██║██╔════╝██╔══██╗

██║ ██║██║ ██║███████╗███████║

██║ ██║╚██╗ ██╔╝╚════██║██╔══██║

██████╔╝ ╚████╔╝ ███████║██║ ██║

╚═════╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝

You are deploying DVSA: a Damn vulnerable Serverless Application

This project was donated to OWASP by Protego Labs (https://protego.io)

Make sure you read all the necessary information on the project page:

https://github.com/owasp/dvsa | online version: http://serverless.fail

############################################################################

Serverless: Packaging service...

1. add profile page and show response from localStorage allow user to update "email", "shipping", "billing", "avatar".

2. when updating - send request to: {"action": "account", "data": }

3. for avatar upload. convert to base64 using code from here: https://stackoverflow.com/questions/6150289/how-to-convert-image-into-base64-string-using-javascript

and send to imgur: POST "https://api.imgur.com/3/image", headers={"Authorization": "Client-ID {}".format(clientid) (coming from the server) data: "image="

(clientID: b05581f073b24c4)

4. the response is a json. if res["success"] url= res["link"]. the link should be sent in the "account" update request

I am trying to deploy DVSA from serverless repository, every time it throws create failed error, can anyone help me through this?

Dear DVSA Team,

Hope you are doing well. Thank you for providing the DVSA application. We were wondering if there's a way to deploy the DVSA on OpenFaaS or OpenWhisk in private deployments?

^ I have a very limited knowledge in serverless, so might be a stupid question to ask. On the other hand, does deploying applications on serverless platform increases the security of the application in some way? I believe the benefits are more in terms of cost? We would really appreciate a bit of insight.

Thank you
bitvijays

when filling in shipping and billing have a check button to copy from account default.

this information is stored (insecurely) in the localStorage

When trying to deploy DVSA I encountered an error with the S3 Bucket Permissions, I kept getting 403s, I believe I have fixed the issue by fixing the references to the S3 buckets. I believe since the buckets referenced in the policies were done by a function there was a race condition where the permission policy would attempt to be created before the S3 bucket was finished creating.

I swapped the reference to the actual buckets in the Cloudformation template and it appears to be working now.

The creation process fails and rollbacks with no specific errors.

npm ERR! herror
npm ERR! make: *** [Release/obj.target/binding/src/binding.o] Error 1
npm ERR! gyp ERR! build error
npm ERR! gyp ERR! stack Error: make failed with exit code: 2
npm ERR! gyp ERR! stack at ChildProcess.onExit (/home/ec2-user/environment/dvsa-repo/client/node_modules/node-gyp/lib/build.js:194:23)
npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:513:28)
npm ERR! gyp ERR! stack at Process.ChildProcess._handle.onexit (node:internal/child_process:293:12)
npm ERR! gyp ERR! System Linux 4.14.296-222.539.amzn2.x86_64
npm ERR! gyp ERR! command "/home/ec2-user/.nvm/versions/node/v16.18.1/bin/node" "/home/ec2-user/environment/dvsa-repo/client/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
npm ERR! gyp ERR! cwd /home/ec2-user/environment/dvsa-repo/client/node_modules/node-sass
npm ERR! gyp ERR! node -v v16.18.1
npm ERR! gyp ERR! node-gyp -v v7.1.2
npm ERR! gyp ERR! not ok
npm ERR! Build failed with error code: 1

npm ERR! A complete log of this run can be found in:
npm ERR! /home/ec2-user/.npm/_logs/2022-12-10T22_03_04_213Z-debug-0.log
npm ERR! code 1
npm ERR! path /home/ec2-user/environment/dvsa-repo
npm ERR! command failed
npm ERR! command sh -c -- cd client && npm i && cd ../backend/src/functions/order-api && npm i

npm ERR! A complete log of this run can be found in:
npm ERR! /home/ec2-user/.npm/_logs/2022-12-10T22_02_55_450Z-debug-0.log

Createa a SAM template to allow one-click deployment of the application.

Hello,

When I am trying to install DVSA on AWS from the repository:
https://serverlessrepo.aws.amazon.com/applications/arn:aws:serverlessrepo:us-east-1:889485553959:applications~DVSA

The InitializeApplication function is taking a lot of time and the request fails, this results in a rollback of the complete application.
I have tried doing this with 3 different accounts and have failed to deploy the serverless application.

When I deploy backend,I get the error "The CloudFormation template is invalid: Template format error: Unrecognized resource types: [AWS::Cognito::UserPool, AWS::Cognito::IdentityPoolRoleAttachment, AWS::Cognito::UserPoolClient, AWS::Cognito::IdentityPool]".

The error part is following:

My region is cn-north-1.It is my first time to use aws cli to build a application in Lambda.I don't know where is wrong.

My serverless.yml different is following: