README.md
Rendering markdown...
# Use this docker compose file to test POC
# >> docker-compose up
#
# Run exploit
# >> python ../CVE-2020-11978.py http://127.0.0.1:8080 "touch test"
#
# Validate that /tmp/test was created
# >> docker-compose exec airflow-webserver /bin/ls /tmp
version: '3'
x-airflow-common:
&airflow-common
image: apache/airflow:1.10.10
environment:
&airflow-common-env
# config to add login to webserver
AIRFLOW__WEBSERVER__AUTHENTICATE: 'true'
AIRFLOW__WEBSERVER__AUTH_BACKEND: 'airflow.contrib.auth.backends.password_auth'
AIRFLOW__CORE__LOAD_EXAMPLES: 'true'
# config to remove vulnerabilities
# AIRFLOW__CORE__LOAD_EXAMPLES: 'false'
# AIRFLOW__API__AUTH_BACKEND: 'airflow.api.auth.backend.deny_all'
user: "${AIRFLOW_UID:-50000}:${AIRFLOW_GID:-50000}"
services:
airflow-webserver:
<<: *airflow-common
# Installing apache-airflow[password]==1.10.10 to add
entrypoint: ["/bin/bash", "-c", "pip install 'apache-airflow[password]==1.10.10' --user && airflow initdb && (airflow webserver & airflow scheduler)"]
ports:
- 8080:8080
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:8080/health"]
interval: 10s
timeout: 10s
retries: 5
restart: always