Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add CVE-2022-36804 Detector #267

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

add CVE-2022-36804 Detector #267

wants to merge 4 commits into from

Conversation

SuperX-SIR
Copy link

Hey,

this PR for the Vuln Detector Plugin for issue: #266

prepare the vulnerability enviroment

  1. download image and run the container

use the official docker image

docker pull atlassian/bitbucket:8.3.0

docker run  --name="tsunami-bitbucket-8-3" -d -p 37990:7990 -p 37999:7999 atlassian/bitbucket:8.3.0
  1. install bitbucket and fill license code

Installing bitbucket requires a license code. After using docker to start the bitbucket environment, you need to access port 37990 and fill in your test license code.Log in to the URL "my.atlassian.com" to generate a trial license code.

  1. setup administrator account and create a public repo
  • create administrator and login admin:123456
  • create a project, name public or whatever
  • create a repository or import repositories, just as a example import from git and fill the Clone URL : https://github.com/google/tsunami-security-scanner-plugins
  • In Repository settings -> Repository permissions -> public access , enable allow users without Bitbucket account to clone and browse this repository

@google-cla
Copy link

google-cla bot commented Sep 16, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@nttran8 nttran8 self-assigned this May 16, 2023
@nttran8 nttran8 self-requested a review May 16, 2023 18:05
@nttran8
Copy link
Collaborator

nttran8 commented May 23, 2023

Hi @SuperX-SIR! Please run https://github.com/google/google-java-format against your Java files before starting the code review, this would greatly reduce review overhead due to linter errors. Thanks! :)

@nttran8 nttran8 removed their assignment Jan 8, 2024
@nttran8 nttran8 removed their request for review January 8, 2024 12:41
@tooryx tooryx linked an issue Feb 1, 2024 that may be closed by this pull request
PRP: Request Atlassian Bitbucket Server and Data Center RCE (CVE-2022-36804) #266
Open
@tooryx tooryx added PRP:Inactive Contributor main The main issue a contributor is working on (top of the contribution queue). labels Feb 1, 2024
@tooryx
Copy link
Member

tooryx commented Feb 2, 2024

Hi @SuperX-SIR,

I see that there was no activity on this PR for a while. Are you still willing to contribute?
Otherwise I will close this PR.

~tooryx

@SuperX-SIR
Copy link
Author

SuperX-SIR commented May 21, 2024
edited

Hi,It's stuck in the state:
Pending — Waiting for internal safe review approval
Should I do something ,Or what tips do I need to modify?
I have update the project as nttran8 says, could you remove the Inactive lable @tooryx

I have run https://github.com/google/google-java-format against My Java files community/detectors/bitbucket_cve_2022_36804/
@nttran8 Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Contributor main The main issue a contributor is working on (top of the contribution queue). PRP:Inactive
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PRP: Request Atlassian Bitbucket Server and Data Center RCE (CVE-2022-36804)
3 participants
@SuperX-SIR @nttran8 @tooryx