Add sample web task that uses gcsfuse (google#43)

* Add sample web task that uses gcsfuse

* unpublish task

* downscale to 3

* unpublish

* Add sample web task that uses gcsfuse

* unpublish task

* downscale to 3

* unpublish

* small refactor

* Move mount directory definitions

* set permissions in dockerfile

* Update launch-apache

* Update chal.conf

Author: sirdarckcat

infrastructure/kctf-samples/apache-php/challenge/Dockerfile

@@ -22,10 +22,16 @@ RUN ln -s /config/apache2-nsjail-php.conf /etc/apache2/conf-enabled/nsjail-php.c
 RUN rm -rf /var/www
 RUN ln -s /chroot/var/www /var/www
 
+RUN rm -rf /chroot/var/lib/php/sessions
+RUN chroot /chroot rm -rf /var/lib/php/sessions
+RUN chroot /chroot mkdir -p /mnt/disks/sessions /mnt/disks/uploads
+RUN chroot /chroot ln -s /mnt/disks/sessions /var/lib/php/sessions
+
 COPY files/html/ /chroot/var/www/html/
 COPY files/cgi-bin/ /usr/lib/cgi-bin/
 COPY files/root/ /root/
 
-RUN chmod 0755 /chroot/var/www/html /usr/lib/cgi-bin/nsjail-php-cgi /root/launch-apache
+RUN chmod 0755 /chroot/var/www/html /usr/lib/cgi-bin/
+RUN chmod 0755 /chroot/var/www/html/*.php /usr/lib/cgi-bin/nsjail-php-cgi /root/launch-apache
 
 CMD /root/launch-apache

infrastructure/kctf-samples/apache-php/challenge/config/apache2-nsjail-php.conf

@@ -1,5 +1,6 @@
 ServerName kctf-nsjail-php
 Listen 1337
+User user
 
 <Directory "/var/www/html">
  Options +ExecCGI

infrastructure/kctf-samples/apache-php/challenge/config/nsjail-php.cfg

@@ -5,7 +5,6 @@ mode: ONCE
 chroot_dir: "/chroot"
 log_level: ERROR
 uidmap {inside_id: "1000"}
-gidmap {inside_id: "1000"}
 mount_proc: true
 keep_env: true
 rlimit_as_type: HARD
@@ -28,6 +27,18 @@ mount: [
     dst: "/tmp"
     fstype: "tmpfs"
     rw: true
+  },
+  {
+    src: "/mnt/disks/sessions"
+    dst: "/mnt/disks/sessions"
+    is_bind: true
+    rw: true
+  },
+  {
+    src: "/mnt/disks/uploads"
+    dst: "/mnt/disks/uploads"
+    is_bind: true
+    rw: true
   }
 ]
 

infrastructure/kctf-samples/apache-php/challenge/files/cgi-bin/nsjail-php-cgi

@@ -1,2 +1,3 @@
 #!/bin/bash
-/usr/bin/nsjail --config /config/nsjail-php.cfg -- /usr/lib/cgi-bin/php $@
+
+/usr/bin/nsjail --config /config/nsjail-php.cfg -v -- /usr/lib/cgi-bin/php $@

infrastructure/kctf-samples/apache-php/challenge/files/html/session.php

@@ -0,0 +1,25 @@
+<?php
+session_start();
+
+if (isset($_REQUEST['foo'])) {
+   $_SESSION['foo'] = $_REQUEST['foo'];
+}
+echo $_SESSION['foo'];
+?>
+<hr/>
+<pre>
+<?php
+if (isset($_FILES['file'])) {
+   print_r($_FILES['file']);
+   $filename = uniqid('file_', true);
+   echo $filename;
+   move_uploaded_file($_FILES['file']['tmp_name'], '/mnt/disks/uploads/'. $filename);
+}
+?>
+</pre>
+<hr/>
+<form method=post enctype=multipart/form-data>
+<input name=foo>
+<input name=file type=file>
+<input type=submit>
+</form>

infrastructure/kctf-samples/apache-php/k8s/deployment/autoscaling.yaml

@@ -2,5 +2,6 @@ apiVersion: "autoscaling/v1"
 kind: "HorizontalPodAutoscaler"
 metadata:
   name: "chal"
-#spec:
-#  maxReplicas: 3
+spec:
+  minReplicas: 2
+  maxReplicas: 2

infrastructure/kctf-samples/apache-php/k8s/deployment/containers.yaml

@@ -2,3 +2,20 @@ apiVersion: "apps/v1"
 kind: "Deployment"
 metadata:
   name: "chal"
+spec:
+  template:
+    spec:
+      containers:
+      - name: challenge
+        volumeMounts:
+        - name: sessions
+          mountPath: /mnt/disks/sessions
+        - name: uploads
+          mountPath: /mnt/disks/uploads
+      volumes:
+      - name: sessions
+        hostPath:
+          path: /mnt/disks/gcs/apache-php/sessions
+      - name: uploads
+        hostPath:
+          path: /mnt/disks/gcs/apache-php/uploads