dollav · dollav · Jun 20, 2024 · Sep 20, 2024 · Sep 23, 2024 · Sep 23, 2024
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+    "java.configuration.updateBuildConfiguration": "automatic"
+}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,6 @@
+From python:3.10.12-slim
+
+RUN apt-get update
+RUN apt-get install libkrb5support0 -y
+
+RUN ["sleep", "1"]
diff --git a/log4shell-goof/log4shell-server/pom.xml b/log4shell-goof/log4shell-server/pom.xml
@@ -4,18 +4,40 @@
 
   <groupId>io.snyk</groupId>
   <artifactId>log4shell-server</artifactId>
-  <version>0.0.1-SNAPSHOT</version>
+  <version>0.0.2-SNAPSHOT</version>
   <packaging>jar</packaging>
+  <distributionManagement>
+      <snapshotRepository>
+          <id>privatedeps</id>
+          <name>snapshots</name>
+          <url>http://52.207.113.17:8081/nexus/content/repositories/snapshots</url>
+      </snapshotRepository>
 
+      <repository>
+          <id>privatedeps</id>
+          <url>http://52.207.113.17:8081/nexus/content/repositories/releases</url>
+      </repository>
+
+</distributionManagement>
   <name>Java Goof :: Log4Shell Goof :: Log4Shell Server</name>
   <url>https://snyk.io</url>
-
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <maven.compiler.source>8</maven.compiler.source>
     <maven.compiler.target>8</maven.compiler.target>
   </properties>
-
+<repositories>
+        <repository>
+            <id>privatedeps</id>
+            <name>Aspose Java API</name>
+            <url>http://52.207.113.17:8081/nexus/content/repositories/releases</url>
+        </repository>
+        <repository>
+            <id>2</id>
+            <name>All apart from Aspose</name>
+            <url>http://52.207.113.17:8081/nexus/content/repositories/snapshots</url>
+        </repository>
+    </repositories>
   <dependencies>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
@@ -27,10 +49,15 @@
       <artifactId>unboundid-ldapsdk</artifactId>
       <version>3.1.1</version>
     </dependency>
+    <dependency>
+      <groupId>io.snyk</groupId>
+      <artifactId>log4shell-server</artifactId>
+      <version>0.0.1-SNAPSHOT</version>
+    </dependency>
     <dependency>
       <groupId>io.undertow</groupId>
       <artifactId>undertow-core</artifactId>
-      <version>2.2.13.Final</version>
+      <version>2.3.14.Final</version>
     </dependency>
     <dependency>
       <groupId>commons-collections</groupId>
@@ -81,4 +108,5 @@
     </plugins>
 
   </build>
+
 </project>
diff --git a/log4shell-goof/pom.xml b/log4shell-goof/pom.xml
@@ -19,4 +19,19 @@
     <module>log4shell-server</module>
     <module>log4shell-client</module>
   </modules>
+
+<distributionManagement>
+    <snapshotRepository>
+        <id>my-snapshots</id>
+        <name>My internal repository</name>
+        <url>http://52.207.113.17/:8081/nexus/content/repositories/snapshots</url>
+    </snapshotRepository>
+
+    <repository>
+        <id>my-releases</id>
+        <name>My internal repository</name>
+        <url>http://52.207.113.17/:8081/nexus/content/repositories/releases</url>
+    </repository>
+
+</distributionManagement>
 </project>
diff --git a/pom.xml b/pom.xml
@@ -13,6 +13,8 @@
         <module>todolist-goof</module>
         <module>log4shell-goof</module>
     </modules>
+
+
     <packaging>pom</packaging>
 
 

diff --git a/todolist-goof/exploits/zip-slip.py b/todolist-goof/exploits/zip-slip.py
@@ -11,3 +11,6 @@
 files = {'upload': ('zip-slip.zip', open(malicious_zip, 'rb'), 'application/zip')}
 
 requests.post(url, files=files)
+requests.post(url, files=files)
+requests.post(url, files=files)
+requests.post(url, files=files)
diff --git a/todolist-goof/todolist-core/pom.xml b/todolist-goof/todolist-core/pom.xml
@@ -9,7 +9,19 @@
 
     <artifactId>todolist-core</artifactId>
     <packaging>jar</packaging>
-
+  <distributionManagement>
+      <snapshotRepository>
+          <id>privatedeps</id>
+          <name>snapshots</name>
+          <url>http://52.207.113.17:8081/nexus/content/repositories/snapshots</url>
+      </snapshotRepository>
+
+      <repository>
+          <id>privatedeps</id>
+          <url>http://52.207.113.17:8081/nexus/content/repositories/releases</url>
+      </repository>
+
+</distributionManagement>
     <name>Java Goof :: Todolist Goof :: Todolist Core</name>
 
     <dependencies>
@@ -26,12 +38,16 @@
             <artifactId>spring-orm</artifactId>
             <version>${spring.version}</version>
         </dependency>
-
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-aspects</artifactId>
-            <version>${spring.version}</version>
-        </dependency>
+    <dependency>
+      <groupId>io.snyk</groupId>
+      <artifactId>log4shell-server</artifactId>
+      <version>0.2.3</version>
+    </dependency>
+    <dependency>
+        <groupId>org.springframework</groupId>
+        <artifactId>spring-aspects</artifactId>
+        <version>${spring.version}</version>
+    </dependency>
 
         <!-- AOP dependency -->
         <dependency>

diff --git a/...st-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java b/...st-web-common/src/main/java/io/github/benas/todolist/web/common/tags/PriorityIconTag.java
@@ -23,6 +23,7 @@
  */
 
 package io.github.benas.todolist.web.common.tags;
+package io.github.benas.todolist.web.common.tags2;
 
 import io.github.benas.todolist.web.common.util.TodoListUtils;
 import io.github.todolist.core.domain.Priority;