Adding the option of remote code execution in a container

Author: SimpleMethod

src/main/java/pl/simplemethod/codebin/srv/SrvRestController.java

@@ -39,19 +39,53 @@ public class SrvRestController {
  @Autowired
  private UsersRepository usersRepository;
 
+ /**
+ * Check if server port is taken and if so, change it to another port
+ * @param hostPorts Original server port
+ * @return Server port
+ */
+ private Integer checkPort(Integer hostPorts)
+ {
+ Containers containers = containersRepository.getByHostPorts(hostPorts);
+ Random rand = new Random();
+ try
+ {
+ if(containers.getHostPorts()!=null)
+ {
+ if(containers.getHostPorts().equals(hostPorts))
+ {
+ return checkPort(hostPorts + rand.nextInt((9999 - 1) + 1) + 1);
+ }
+ else
+ {
+ return hostPorts;
+ }
+ }
+ else
+ {
+ return hostPorts;
+ }
+ }
+ catch (NullPointerException e)
+ {
+ return hostPorts;
+ }
+ }
+
+
  /**
  * Method is used to get data on the container from the database.
  * @param hostPort Server port
  * @return Object JSON with data
  */
  @GetMapping("users/container/info/{hostPort}")
  public @ResponseBody
- ResponseEntity checkports(@PathVariable(value = "hostPort") String hostPort) {
+ ResponseEntity checkPorts(@PathVariable(value = "hostPort") String hostPort) {
  HttpHeaders httpHeaders = new HttpHeaders();
  httpHeaders.setContentType(MediaType.APPLICATION_JSON);
  org.json.JSONObject body = new org.json.JSONObject();
 
- /* Containers containers = containersRepository.getByHostPorts(Integer.valueOf(hostPort));
+ Containers containers = containersRepository.getByHostPorts(Integer.valueOf(hostPort));
  try{
  if(containers.getId()!=null)
  {
@@ -76,9 +110,6 @@ ResponseEntity checkports(@PathVariable(value = "hostPort") String hostPort) {
  body.put("error",e);
  return new ResponseEntity<>(body.toString(),httpHeaders,HttpStatus.valueOf(404));
  }
- */
- return new ResponseEntity<>(checkPort(Integer.valueOf(hostPort)),httpHeaders,HttpStatus.valueOf(200));
-
  }
 
  /**
@@ -137,34 +168,7 @@ ResponseEntity userContainerCheck(@RequestParam("dockergithubid") String dockerG
  }
  }
 
- private Integer checkPort(Integer hostPorts)
- {
- Containers containers = containersRepository.getByHostPorts(hostPorts);
- Random rand = new Random();
- try
- {
- if(containers.getHostPorts()!=null)
- {
- if(containers.getHostPorts().equals(hostPorts))
- {
- return checkPort(hostPorts + rand.nextInt((9999 - 1) + 1) + 1);
- }
- else
- {
- return hostPorts;
- }
 
- }
- else
- {
- return hostPorts;
- }
- }
- catch (NullPointerException e)
- {
- return hostPorts;
- }
- }
 
  /**
  * REST for container creation

src/main/resources/public/app.js

@@ -214,6 +214,24 @@ app.controller('ContainersController', ['$filter', '$routeParams', '$scope', '$h
  }
  );
  };
+
+
+ $scope.execCommands = function (path, args) {
+ $http({
+ url: 'http://127.0.0.1/srv/container/' + $scope.containersId + '/exec',
+ method: 'POST',
+ params: {
+ path: path,
+ argument: args
+ }
+ }).then(
+ function () {
+ },
+ function () {
+ }
+ );
+ };
+
  $http({
  url: 'http://127.0.0.1/srv/container/' + $scope.containersId + '/logs',
  method: 'GET'
@@ -309,7 +327,7 @@ app.controller('CheckLoginStatus', function ($scope, $http, $cookies) {
 });
 
 
-app.controller('dashboardGithub', function ($scope, $http, $cookies, $window) {
+app.controller('dashboardGithub', function ($scope, $http, $cookies) {
  $scope.lastVal = $cookies.get('token');
  $http({
  url: 'http://127.0.0.1/github/user',
@@ -319,6 +337,8 @@ app.controller('dashboardGithub', function ($scope, $http, $cookies, $window) {
  $scope.passCheck = response;
  $scope.avatar = response.data.avatar_url;
  $scope.name = response.data.name;
+ $scope.urlHtml = response.data.html_url;
+
  },
  function () {
  $scope.passCheck = false;

src/main/resources/public/dashboard.html

@@ -88,7 +88,7 @@
  <span class="d-none d-md-inline-block">{{name}}</span>
  </a>
  <div class="dropdown-menu dropdown-menu-small">
- <a class="dropdown-item" href="dashboard/dashboard-profile.html">
+ <a class="dropdown-item" href="{{urlHtml}}">
  <i class="material-icons">&#xE7FD;</i> Profile</a>
  <div class="dropdown-divider"></div>
  <a class="dropdown-item text-danger" ng-click="logout()">

src/main/resources/public/dashboard/container.html

@@ -74,9 +74,12 @@ <h6 class="m-0">General view</h6>
  <span class="d-flex mb-2"><i class="material-icons mr-1">calendar_today</i><strong
  class="mr-1">Creation time:</strong> <mydate>{{creationTime * 1000 | date:'dd-MM-yyyy HH:mm:ss'}}</mydate> </span>
 
+
  <span class="d-flex mb-2">
  <button type="button" class="mb-2 btn btn-danger mr-2" data-toggle="modal"
  data-target="#remove">Remove container</button>
+ <button type="button" class="mb-2 btn btn-success mr-2" data-toggle="modal"
+ data-target="#exec">Execute commands</button>
  <button type="button" class=" ml-auto mb-2 btn btn-warning mr-2" ng-click="dockerRestart()">Restart container</button>
  </span>
  </ul>
@@ -152,4 +155,29 @@ <h5 class="modal-title">Warning!</h5>
  </div>
  </div>
  </div>
+</div>
+
+
+<div class="modal" tabindex="-1" role="dialog" id="exec">
+ <div class="modal-dialog modal-sm" role="document">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5 class="modal-title">Execute commands</h5>
+ <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span>
+ </button>
+ </div>
+ <div class="modal-body">
+ <div class="form-group">
+ <input type="text" class="form-control" id="path" placeholder="Path" ng-model="execPath" required>
+ </div>
+ <div class="form-group">
+ <input type="text" class="form-control" id="args" placeholder="Arguments" ng-model="execArgs" required>
+ </div>
+ <div style="text-align: center"> <button type="button" class="mb-2 btn btn-success mr-2" ng-click="execCommands(execPath,execArgs)">Execute</button></div>
+ </div>
+ <div class="modal-footer">
+ <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
+ </div>
+ </div>
+ </div>
 </div>