Prerequisites
Let’s verify our cred’s still work.
1ssh -T git@github.comVerify the struts2-fixme folder is completely deleted from GitHub and the local source.
Create the repository in GitHub
1gh repo create struts2-fixmeCopy all of the files from struts2-rce into struts2-fixed
1cp -R -n ~/Documents/struts2-rce/ ~/Documents/GitHub/struts2-fixme/Remove all of the .git folders and files from ~/Documents/GitHub/struts2-fixme/
Demo the Fix
As you’ve seen I have code that is exploitable. Again for the sake of time, I’ve made a copy of our bad code. To verify its not fixed, lets run the Snyk test again.
1cd ~/Documents/struts2-fixed/
2snyk test --file=pom.xml --severity-threshold=critical
Will the bad code still there, lets go ahead and fix it. Let’s push this into the repository.
1git add *
2git commit -m "Bad Code"
3git push
No comments:
Post a Comment