add portable fat jar support

tothi · Feb 4, 2022 · 993385b · 993385b
1 parent fbbc7af
commit 993385b
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 0 deletions.
diff --git a/src/main/java/launch/DefaultServlet.java b/src/main/java/launch/DefaultServlet.java
@@ -0,0 +1,26 @@
+package launch;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+import java.io.*;
+import java.io.Writer;
+import java.util.Map;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+public class DefaultServlet extends HttpServlet {
+  protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException {
+    try {
+      res.setContentType("text/html; charset=utf-8");
+      Writer writer = res.getWriter();
+      writer.write("<html>\n<body>\n<h2>Damn Vulnerable log4j Web Application</h2>\n");
+      writer.write("<p><a href='servlet'>Click here</a> to reach the vulnerable endpoint.</p>\n");
+      writer.write("<p>Use the HTTP Header 'x-log' for triggering the vulnerability.</p>\n");
+      writer.write("</p>\n</body>\n</html>\n");
+      writer.close();
+    } catch(Exception e) {
+      throw new ServletException(e.getMessage(), e);
+    }
+  }
+}
+
diff --git a/src/main/java/launch/Main.java b/src/main/java/launch/Main.java
@@ -0,0 +1,34 @@
+package launch;
+
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.Context;
+
+import java.io.File;
+import java.io.IOException;
+
+import dvl4wa.VulnServlet;
+import launch.DefaultServlet;
+
+public class Main {
+    private static final int PORT = 8888;
+
+    public static void main(String[] args) throws Exception {
+	String contextPath = "/app";
+	String appBase = ".";
+        Tomcat tomcat = new Tomcat();
+        tomcat.setPort(PORT);
+        tomcat.getHost().setAppBase(appBase);
+	File docBase = new File(System.getProperty("java.io.tmpdir"));
+	Context ctx = tomcat.addContext(contextPath, docBase.getAbsolutePath());
+
+	Class servletClass = VulnServlet.class;
+	Class servletClassDefault = DefaultServlet.class;
+	tomcat.addServlet(ctx, servletClass.getSimpleName(), servletClass.getName());
+	tomcat.addServlet(ctx, servletClassDefault.getSimpleName(), servletClassDefault.getName());
+	ctx.addServletMappingDecoded("/servlet/*", servletClass.getSimpleName());
+	ctx.addServletMappingDecoded("/", servletClassDefault.getSimpleName());
+
+        tomcat.start();
+        tomcat.getServer().await();
+    }
+}