diff options
| author | Robby Zambito <contact@robbyzambito.me> | 2025-08-06 16:05:02 -0400 |
|---|---|---|
| committer | Robby Zambito <contact@robbyzambito.me> | 2025-08-06 16:15:12 -0400 |
| commit | 8e66913ef0fbe55acc79ba0e439bec0d527adbd1 (patch) | |
| tree | de472c2e8b06b68439b2332b124ed6cb832354a5 /main.go | |
| parent | 0107f684f16ed0a6722da3710bab1fdf905e75fc (diff) | |
Add exploitable log parsing
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 34 |
1 files changed, 28 insertions, 6 deletions
@@ -13,7 +13,7 @@ import ( ) // Example: -// curl 'http://localhost:8080/v1/auth/login' -X POST -H 'Content-Type: application/json' --data-raw $'{}}\n{"king": 5' +// curl 'http://localhost:8080/v1/auth/login' -X POST -H 'Content-Type: application/json' --data-raw $'{}}\n{"king": "key"' const log_length = 100 @@ -38,6 +38,11 @@ func main() { var logs [log_length]string n := 0 + king := "NOKING" + logChan := make(chan string) + + go parser(logChan, &king) + // Define a handler function for the root path http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { jsonData, _ := json.Marshal(accessLog{ @@ -46,7 +51,7 @@ func main() { RequestTime: time.Now().UTC(), HttpMethod: r.Method, }) - addRotLog(&logs, &n, string(jsonData)) + addRotLog(&logs, &n, logChan, string(jsonData)) // Serve the index.html file from the static directory http.StripPrefix("/", fs).ServeHTTP(w, r) }) @@ -63,19 +68,23 @@ func main() { var data map[string]any if json.Unmarshal(body, &data) != nil { - addRotLog(&logs, &n, fmt.Sprintf(`{"authRequest": %s}`, string(body))) + addRotLog(&logs, &n, logChan, fmt.Sprintf(`{"authRequest": %s}`, string(body))) http.Error(w, "Forbidden", http.StatusForbidden) return } if email, ok := data["email"].(string); ok { if rememberMe, ok := data["rememberMe"].(bool); ok { - addRotLog(&logs, &n, fmt.Sprintf(`{"authRequest": {"email": "%s", "password": "XXXXXXXX", "loginTime": "%s", "success": false, "rememberMe": %t}}`, email, time.Now().UTC(), rememberMe)) + addRotLog(&logs, &n, logChan, fmt.Sprintf(`{"authRequest": {"email": "%s", "password": "XXXXXXXX", "loginTime": "%s", "success": false, "rememberMe": %t}}`, email, time.Now().UTC(), rememberMe)) } } http.Error(w, "Forbidden", http.StatusForbidden) }) + http.HandleFunc("/v1/king", func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, king) + }) + // Start the server on port 8080 fmt.Println("Server is listening on port 8080...") err := http.ListenAndServe(":8080", nil) @@ -92,10 +101,10 @@ func createGetLogs(logs *[log_length]string) func(http.ResponseWriter, *http.Req } } -func addRotLog(logs *[log_length]string, last *int, value string) { +func addRotLog(logs *[log_length]string, last *int, parser chan string, value string) { if strings.Contains(value, "\n") { for _, v := range strings.Split(value, "\n") { - addRotLog(logs, last, v) + addRotLog(logs, last, parser, v) } } else { if *last == log_length { @@ -103,9 +112,22 @@ func addRotLog(logs *[log_length]string, last *int, value string) { logs[i] = logs[i+1] } logs[log_length-1] = value + parser <- value } else { logs[*last] = value *last++ + parser <- value + } + } +} + +func parser(input chan string, king *string) { + for value := range input { + var data map[string]any + if json.Unmarshal([]byte(value), &data) == nil { + if k, ok := data["king"].(string); ok { + *king = k + } } } } |