cve-2021-22205-hash-generator

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205 (https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json).

Running The Tool

Prerequisites

This tool requires that docker be installed along with docker-compose on the machine executing the binary. It also requires connection to a mongodb instance of your choice.

Usage

• Clone the repository and type make build. Binaries are compiled to ./bin. Copy the binary to the root of the repo.
• Optionally change the password in the docker-compose.yml file unless you have your own mongodb you want to use.
• Edit the .env file in the root of this repository and set the environment variable "MONGODB_URI" to an appropriate connection string. Example: MONGODB_URI="mongodb://root: @localhost:27017/" . Alternatively, you can simply export/set this variable directly from a terminal and not use the .env file.
• Optionally run: docker-compose up -d to launch the mongodb instance and mongo express viewer. NOTE: this app requires a mongodb instance, whether in docker or elsewhere.
• Launch the mongo express viewer if you like at: http://localhost:8081/
• Run the tool with ./cve-2021-22205-hash-harvester making sure the executable is in the same directory as your .env file if you're using it.

Contributing

This project uses AngularJS commit message formatting to support automatic semantic versioning releases using semantic-release. For an MR to be accepted, each commit message must follow this format.

• Clone the project
• Run make init to initialize the local dev environment
• Run make test to run the tests
• Run make build to produce cross-platform binaries