Added Ruby use case

2024-05-16 15:03:45 +02:00 · 2024-05-16 15:03:45 +02:00 · 57158826f2
parent 52d0eb21d2
commit 57158826f2
6 changed files with 94 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -34,7 +34,9 @@ This repository contains different scenarios for bypassing 403s leverage path no
    - `GET /admin;` also works here
    - Moreover, `GET /admin\x09` (fancy hex character again!) works

-### Golang (Gin) - No Known Ways :|
+### Golang (Gin) - No Known Ways (AFAIK) :|

 * I couldn't find any research about this online
-* Also, I wasn't able to find any ways to bypass this myself
+* Also, I wasn't able to find any ways to bypass this myself
+
+### Ruby (Sinatra) - No Known Ways (AFAIK) :|
--- a/ruby-sinatra/Dockerfile
+++ b/ruby-sinatra/Dockerfile
@ -0,0 +1,21 @@
+FROM ruby:3.1-alpine
+
+# Install build tools and libraries needed to build native extensions
+RUN apk add --no-cache build-base
+
+# Set the working directory in the container
+WORKDIR /usr/src/app
+
+# Copy the Gemfile and Gemfile.lock into the working directory
+COPY Gemfile Gemfile.lock ./
+
+# Install the gems defined in the Gemfile
+RUN bundle install
+
+# Copy the current directory contents into the container
+COPY . .
+
+EXPOSE 5000
+
+# Run app.rb when the container launches
+CMD ["ruby", "app.rb"]
--- a/ruby-sinatra/Gemfile
+++ b/ruby-sinatra/Gemfile
@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gem 'sinatra'
+gem 'puma'
--- a/ruby-sinatra/Gemfile.lock
+++ b/ruby-sinatra/Gemfile.lock
@ -0,0 +1,26 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base64 (0.2.0)
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    rack (2.2.9)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    ruby2_keywords (0.0.5)
+    sinatra (3.2.0)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.2.0)
+      tilt (~> 2.0)
+    tilt (2.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  sinatra
+
+BUNDLED WITH
+   1.17.2
--- a/ruby-sinatra/app.rb
+++ b/ruby-sinatra/app.rb
@ -0,0 +1,14 @@
+require 'sinatra'
+
+set :port, 5000
+set :bind, '0.0.0.0'
+
+# Root route - Hello World
+get '/' do
+  'Hello World from Ruby!'
+end
+
+# Admin route
+get '/admin' do
+  'Ruby Admin area'
+end
--- a/ruby-sinatra/docker-compose.yml
+++ b/ruby-sinatra/docker-compose.yml
@ -0,0 +1,26 @@
+version: '3.8'
+
+services:
+  app:
+    build: .
+    container_name: ruby-sinatra
+    ports:
+      - "5000:5000"
+    networks:
+      - app-network
+
+  nginx:
+    image: nginx
+    container_name: nginx_ruby
+    ports:
+      - "80:80"
+    volumes:
+      - ../nginx.conf:/etc/nginx/nginx.conf:ro
+    depends_on:
+      - app
+    networks:
+      - app-network
+
+networks:
+  app-network:
+    driver: bridge