cve-2021-22205-hash-generator
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205 (https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json).
Running The Tool
Prerequisites
This tool requires that docker be installed along with docker-compose on the machine executing the binary. It also requires connection to a mongodb instance of your choice.
Usage
- Clone the repository and type
make build
. Binaries are compiled to./bin
. Copy the binary to the root of the repo. - Optionally change the password in the docker-compose.yml file unless you have your own mongodb you want to use.
- Edit the
.env
file in the root of this repository and set the environment variable "MONGODB_URI" to an appropriate connection string. Example:MONGODB_URI="mongodb://root:
. Alternatively, you can simply export/set this variable directly from a terminal and not use the .env file.@localhost:27017/" - Optionally run:
docker-compose up -d
to launch the mongodb instance and mongo express viewer. NOTE: this app requires a mongodb instance, whether in docker or elsewhere. - Launch the mongo express viewer if you like at: http://localhost:8081/
- Run the tool with
./cve-2021-22205-hash-harvester
making sure the executable is in the same directory as your .env file if you're using it.
Contributing
This project uses AngularJS commit message formatting to support automatic semantic versioning releases using semantic-release. For an MR to be accepted, each commit message must follow this format.
- Clone the project
- Run
make init
to initialize the local dev environment - Run
make test
to run the tests - Run
make build
to produce cross-platform binaries