Add odoo-mysql containerized sample app

sample-apps/odoo-mysql/Dockerfile

@@ -0,0 +1,42 @@
+FROM odoo:16.0
+
+USER root
+
+# Install system dependencies for MySQL client and Python packages
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    default-libmysqlclient-dev \
+    build-essential \
+    pkg-config \
+    python3-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Python packages
+RUN pip3 install --no-cache-dir \
+    mysqlclient \
+    requests \
+    sentry-sdk
+
+# Copy custom addons from the correct path
+COPY ./sample-apps/odoo-mysql/addons /mnt/extra-addons
+
+# Copy Odoo configuration
+COPY ./sample-apps/odoo-mysql/odoo.conf /etc/odoo/
+
+# Copy entrypoint script
+COPY ./sample-apps/odoo-mysql/entrypoint.sh /usr/local/bin/aikido-entrypoint.sh
+RUN chmod +x /usr/local/bin/aikido-entrypoint.sh
+
+USER odoo
+
+# Initialize Aikido protection environment variables
+ENV AIKIDO_DEBUG=true \
+    AIKIDO_BLOCK=true \
+    AIKIDO_TOKEN="AIK_secret_token" \
+    AIKIDO_REALTIME_ENDPOINT="http://localhost:5000/" \
+    AIKIDO_ENDPOINT="http://localhost:5000/" \
+    AIKIDO_DISABLE=0
+
+# Use custom entrypoint that initializes Aikido
+ENTRYPOINT ["/usr/local/bin/aikido-entrypoint.sh"]
+CMD ["odoo"]

sample-apps/odoo-mysql/Makefile

@@ -0,0 +1,56 @@
+PORT = 8114
+PORT_DISABLED = 8115
+
+.PHONY: build
+build:
+	@echo "Building Odoo Docker image..."
+	docker-compose build
+
+.PHONY: run
+run: build
+	@echo "Running Odoo with Aikido on port $(PORT)"
+	docker-compose up odoo
+
+.PHONY: runZenDisabled
+runZenDisabled: build
+	@echo "Running Odoo without Aikido on port $(PORT_DISABLED)"
+	docker-compose --profile disabled up odoo_disabled
+
+.PHONY: up
+up: build
+	@echo "Starting all services in detached mode..."
+	docker-compose up -d
+
+.PHONY: down
+down:
+	@echo "Stopping all services..."
+	docker-compose down
+
+.PHONY: logs
+logs:
+	@echo "Showing logs..."
+	docker-compose logs -f odoo
+
+.PHONY: clean
+clean:
+	@echo "Cleaning up containers and volumes..."
+	docker-compose down -v
+
+.PHONY: restart
+restart: down up
+
+.PHONY: shell
+shell:
+	@echo "Opening shell in Odoo container..."
+	docker-compose exec odoo /bin/bash
+
+.PHONY: install
+install:
+	@echo "Installation handled via Docker - run 'make build' to build the image"
+
+.PHONY: health-check
+health-check:
+	@echo "Checking Odoo health on port $(PORT)..."
+	@curl -f http://localhost:$(PORT) > /dev/null 2>&1 && echo "Port $(PORT): OK" || echo "Port $(PORT): FAILED"
+	@echo "Checking Odoo health on port $(PORT_DISABLED) (if running)..."
+	@curl -f http://localhost:$(PORT_DISABLED) > /dev/null 2>&1 && echo "Port $(PORT_DISABLED): OK" || echo "Port $(PORT_DISABLED): Not running or FAILED"

sample-apps/odoo-mysql/README.md

@@ -0,0 +1,136 @@
+# Odoo MySQL Sample App
+
+A containerized Odoo application demonstrating Aikido security protection with MySQL database integration.
+
+## Overview
+
+This sample app uses:
+- **Odoo 16.0** - Popular open-source ERP/web framework
+- **PostgreSQL** - Required by Odoo core
+- **MySQL** - Used by the custom dog management module
+- **Docker** - Containerized deployment following official Odoo on-premise guidelines
+
+## Architecture
+
+The app consists of:
+- Custom Odoo addon module (`dog_management`) with HTTP controllers
+- Vulnerable endpoints for testing security features (SQL injection, command injection, path traversal, SSRF)
+- Aikido firewall integration via Python middleware
+
+## Getting Started
+
+### Prerequisites
+- Docker and Docker Compose installed
+- Ports 8114 and 8115 available
+
+### Build and Run
+
+```bash
+# Build the Docker image
+make build
+
+# Run with Aikido protection (port 8114)
+make run
+
+# Run without Aikido protection (port 8115)
+make runZenDisabled
+
+# Run in background
+make up
+
+# View logs
+make logs
+
+# Stop services
+make down
+```
+
+## Accessing the Application
+
+- **With Aikido**: http://localhost:8114
+- **Without Aikido**: http://localhost:8115 (use `make runZenDisabled`)
+
+On first access, you'll need to create an Odoo database:
+1. Set master password: `admin`
+2. Database name: `odoo_demo`
+3. Email: any email
+4. Password: any password
+5. Demo data: optional
+
+The `dog_management` module will be automatically installed.
+
+## Testing Vulnerabilities
+
+### SQL Injection
+- Create a dog with name: `Malicious dog", 1); -- `
+- Visit: http://localhost:8114/create/via_query?dog_name=test%22%20OR%201=1--
+
+### Command Injection
+- Visit: http://localhost:8114/shell
+- Enter command: `ls -la`
+
+### Path Traversal
+- Visit: http://localhost:8114/open_file
+- Enter filepath: `/etc/passwd`
+
+### SSRF
+- Visit: http://localhost:8114/request
+- Enter URL: `http://localhost:5000`
+
+## Endpoints
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/` | GET | Homepage - lists all dogs |
+| `/dogpage/<id>` | GET | View specific dog details |
+| `/create` | GET/POST | Create new dog form/handler |
+| `/create/via_query?dog_name=X` | GET | Create dog via query parameter |
+| `/multiple_queries` | POST | Execute 20 queries (performance test) |
+| `/shell` | GET/POST | Execute shell commands |
+| `/open_file` | GET/POST | Read files from filesystem |
+| `/request` | GET/POST | Make HTTP requests (SSRF test) |
+| `/test_ratelimiting_1` | GET | Rate limiting test endpoint |
+
+## Development
+
+### Project Structure
+```
+odoo-mysql/
+├── addons/
+│   └── dog_management/          # Custom Odoo module
+│       ├── __init__.py
+│       ├── __manifest__.py      # Module metadata
+│       └── controllers/
+│           ├── __init__.py
+│           └── main.py          # HTTP controllers
+├── docker-compose.yml           # Multi-container setup
+├── Dockerfile                   # Custom Odoo image
+├── odoo.conf                    # Odoo configuration
+├── Makefile                     # Build/run commands
+└── README.md
+```
+
+### Useful Commands
+
+```bash
+# Access Odoo container shell
+make shell
+
+# Clean up everything (including volumes)
+make clean
+
+# Restart services
+make restart
+
+# Check application health
+make health-check
+```
+
+## Notes
+
+- Odoo requires PostgreSQL for its core functionality
+- The dog management module uses MySQL to demonstrate multi-database scenarios
+- Aikido protection is configured via environment variables
+- The app auto-installs the `dog_management` module on first run
+- Port 8114 runs **with** Aikido protection
+- Port 8115 runs **without** Aikido protection (for comparison)

sample-apps/odoo-mysql/addons/dog_management/__init__.py

@@ -0,0 +1 @@
+from . import controllers

sample-apps/odoo-mysql/addons/dog_management/__manifest__.py

@@ -0,0 +1,18 @@
+{
+    'name': 'sample app aikido-zen',
+    'version': '0.0.1',
+    'category': 'Tools',
+    'summary': 'Sample application for testing Aikido security',
+    'description': 'This is used for testing Aikido Zen',
+    'author': 'Aikido Security',
+    'website': 'https://aikido.dev',
+    'license': 'AGPL',
+    'depends': ['base', 'web'],
+    'external_dependencies': {
+        'python': ['MySQLdb', 'aikido_zen', 'sentry_sdk', 'requests'],
+    },
+    'data': [],
+    'installable': True,
+    'application': True,
+    'auto_install': False,
+}

sample-apps/odoo-mysql/addons/dog_management/controllers/__init__.py

@@ -0,0 +1 @@
+from . import main