Added Spring Boot example

2024-05-16 13:56:57 +02:00 · 2024-05-16 13:56:57 +02:00 · 8a87426f05
parent 587fbd1a06
commit 8a87426f05
8 changed files with 128 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -14,7 +14,7 @@ This repository contains different scenarios for bypassing 403s leverage path no
 ### Flask

 * Flask removes the characters `\x85`, `\xA0`, `\x1F`, `\x1E`, `\x1D`, `\x1C`, `\x0C`, `\x0B`, and `\x09` from the URL path, but Nginx doesn't (note that it massively depends on the version of Nginx - newer version remove different characters)
-* On `nginx@1.25.5`, the following two still aren't removed: 
+* On `nginx@1.25.5`, the following two are still working: 
    - `\x85`
    - `\xa0`
 * Bypass: Visit `GET /admin\x85` or `GET /admin\xa0` (note that you actually need to send the hex character, not e.g. the string `\x85`)
--- a/java-spring-boot/.gitignore
+++ b/java-spring-boot/.gitignore
@ -0,0 +1,4 @@
+target
+.DS_Store
+.idea
+.vscode
--- a/java-spring-boot/Dockerfile
+++ b/java-spring-boot/Dockerfile
@ -0,0 +1,28 @@
+# Use the official Maven image to create a build artifact.
+# This uses Maven and OpenJDK 17, adjusted to match your project requirements
+FROM maven:3.8.4-openjdk-17-slim AS build
+
+# Copy the pom.xml file and download all dependencies.
+COPY pom.xml /home/app/pom.xml
+RUN mvn -f /home/app/pom.xml dependency:resolve
+
+# Copy the project source
+COPY src /home/app/src
+
+# Build the application
+RUN mvn -f /home/app/pom.xml clean package
+
+# Use the official OpenJDK image for a base image.
+FROM openjdk:17.0.1-jdk-slim
+
+# Copy the jar file from the build stage into the /opt/app directory
+COPY --from=build /home/app/target/some-test-0.0.1-SNAPSHOT.jar /opt/app/app.jar
+
+# Set the working directory to /opt/app
+WORKDIR /opt/app
+
+# Expose the port the app runs on
+EXPOSE 5000
+
+# Set the container to execute the application on start
+ENTRYPOINT ["java","-jar","app.jar"]
--- a/java-spring-boot/docker-compose.yml
+++ b/java-spring-boot/docker-compose.yml
@ -0,0 +1,26 @@
+version: '3.8'
+
+services:
+  app:
+    build: .
+    container_name: springboot_app
+    ports:
+      - "5000:5000"
+    networks:
+      - app-network
+
+  nginx:
+    image: nginx:alpine
+    container_name: nginx_reverse_proxy
+    ports:
+      - "80:80"
+    volumes:
+      - ../nginx.conf:/etc/nginx/nginx.conf:ro
+    depends_on:
+      - app
+    networks:
+      - app-network
+
+networks:
+  app-network:
+    driver: bridge
--- a/java-spring-boot/pom.xml
+++ b/java-spring-boot/pom.xml
@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>3.2.5</version>
+		<relativePath/> <!-- lookup parent from repository -->
+	</parent>
+	<groupId>com.example</groupId>
+	<artifactId>some-test</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<name>some-test</name>
+	<description>Demo project for Spring Boot</description>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
--- a/java-spring-boot/src/main/java/com/example/my/tests/HomeController.java
+++ b/java-spring-boot/src/main/java/com/example/my/tests/HomeController.java
@ -0,0 +1,17 @@
+package com.example.my.tests;
+
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@RestController
+public class HomeController {
+	@RequestMapping("/")
+	public String index() {
+		return "Greetings from Spring Boot!";
+	}
+
+	@RequestMapping("/admin")
+	public String admin() {
+		return "Spring Boot Admin Area!";
+	}
+}
--- a/java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java
+++ b/java-spring-boot/src/main/java/com/example/my/tests/TestApplication.java
@ -0,0 +1,12 @@
+package com.example.my.tests;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class TestApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(TestApplication.class, args);
+	}
+}
--- a/java-spring-boot/src/main/resources/application.properties
+++ b/java-spring-boot/src/main/resources/application.properties
@ -0,0 +1 @@
+server.port=5000