From 8a87426f05bb666dc48123c24e23cfb66ea018fd Mon Sep 17 00:00:00 2001 From: dub-flow <89262088+dub-flow@users.noreply.github.com> Date: Thu, 16 May 2024 13:56:57 +0200 Subject: [PATCH] Added Spring Boot example --- README.md | 2 +- java-spring-boot/.gitignore | 4 ++ java-spring-boot/Dockerfile | 28 +++++++++++++ java-spring-boot/docker-compose.yml | 26 +++++++++++++ java-spring-boot/pom.xml | 39 +++++++++++++++++++ .../com/example/my/tests/HomeController.java | 17 ++++++++ .../com/example/my/tests/TestApplication.java | 12 ++++++ .../src/main/resources/application.properties | 1 + 8 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 java-spring-boot/.gitignore create mode 100644 java-spring-boot/Dockerfile create mode 100644 java-spring-boot/docker-compose.yml create mode 100644 java-spring-boot/pom.xml create mode 100644 java-spring-boot/src/main/java/com/example/my/tests/HomeController.java create mode 100644 java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java create mode 100644 java-spring-boot/src/main/resources/application.properties diff --git a/README.md b/README.md index 642f278..9ec8c2f 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ This repository contains different scenarios for bypassing 403s leverage path no ### Flask * Flask removes the characters `\x85`, `\xA0`, `\x1F`, `\x1E`, `\x1D`, `\x1C`, `\x0C`, `\x0B`, and `\x09` from the URL path, but Nginx doesn't (note that it massively depends on the version of Nginx - newer version remove different characters) -* On `nginx@1.25.5`, the following two still aren't removed: +* On `nginx@1.25.5`, the following two are still working: - `\x85` - `\xa0` * Bypass: Visit `GET /admin\x85` or `GET /admin\xa0` (note that you actually need to send the hex character, not e.g. the string `\x85`) diff --git a/java-spring-boot/.gitignore b/java-spring-boot/.gitignore new file mode 100644 index 0000000..2c1ca5e --- /dev/null +++ b/java-spring-boot/.gitignore @@ -0,0 +1,4 @@ +target +.DS_Store +.idea +.vscode diff --git a/java-spring-boot/Dockerfile b/java-spring-boot/Dockerfile new file mode 100644 index 0000000..1aa7355 --- /dev/null +++ b/java-spring-boot/Dockerfile @@ -0,0 +1,28 @@ +# Use the official Maven image to create a build artifact. +# This uses Maven and OpenJDK 17, adjusted to match your project requirements +FROM maven:3.8.4-openjdk-17-slim AS build + +# Copy the pom.xml file and download all dependencies. +COPY pom.xml /home/app/pom.xml +RUN mvn -f /home/app/pom.xml dependency:resolve + +# Copy the project source +COPY src /home/app/src + +# Build the application +RUN mvn -f /home/app/pom.xml clean package + +# Use the official OpenJDK image for a base image. +FROM openjdk:17.0.1-jdk-slim + +# Copy the jar file from the build stage into the /opt/app directory +COPY --from=build /home/app/target/some-test-0.0.1-SNAPSHOT.jar /opt/app/app.jar + +# Set the working directory to /opt/app +WORKDIR /opt/app + +# Expose the port the app runs on +EXPOSE 5000 + +# Set the container to execute the application on start +ENTRYPOINT ["java","-jar","app.jar"] diff --git a/java-spring-boot/docker-compose.yml b/java-spring-boot/docker-compose.yml new file mode 100644 index 0000000..7bd7e3a --- /dev/null +++ b/java-spring-boot/docker-compose.yml @@ -0,0 +1,26 @@ +version: '3.8' + +services: + app: + build: . + container_name: springboot_app + ports: + - "5000:5000" + networks: + - app-network + + nginx: + image: nginx:alpine + container_name: nginx_reverse_proxy + ports: + - "80:80" + volumes: + - ../nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + networks: + - app-network + +networks: + app-network: + driver: bridge diff --git a/java-spring-boot/pom.xml b/java-spring-boot/pom.xml new file mode 100644 index 0000000..6d1eeea --- /dev/null +++ b/java-spring-boot/pom.xml @@ -0,0 +1,39 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.2.5 + + + com.example + some-test + 0.0.1-SNAPSHOT + some-test + Demo project for Spring Boot + + + + org.springframework.boot + spring-boot-starter + + + + org.springframework.boot + spring-boot-starter-web + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + + diff --git a/java-spring-boot/src/main/java/com/example/my/tests/HomeController.java b/java-spring-boot/src/main/java/com/example/my/tests/HomeController.java new file mode 100644 index 0000000..12d4338 --- /dev/null +++ b/java-spring-boot/src/main/java/com/example/my/tests/HomeController.java @@ -0,0 +1,17 @@ +package com.example.my.tests; + +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.RequestMapping; + +@RestController +public class HomeController { + @RequestMapping("/") + public String index() { + return "Greetings from Spring Boot!"; + } + + @RequestMapping("/admin") + public String admin() { + return "Spring Boot Admin Area!"; + } +} diff --git a/java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java b/java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java new file mode 100644 index 0000000..4006687 --- /dev/null +++ b/java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java @@ -0,0 +1,12 @@ +package com.example.my.tests; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class TestApplication { + + public static void main(String[] args) { + SpringApplication.run(TestApplication.class, args); + } +} diff --git a/java-spring-boot/src/main/resources/application.properties b/java-spring-boot/src/main/resources/application.properties new file mode 100644 index 0000000..888dcec --- /dev/null +++ b/java-spring-boot/src/main/resources/application.properties @@ -0,0 +1 @@ +server.port=5000 \ No newline at end of file