From 19bc0df9683d435b10de862e46fed3125a385c32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Abdelkader=20Mart=C3=ADnez=20P=C3=A9rez?=
 <robertomartinezp@gmail.com>
Date: Tue, 12 Nov 2019 13:16:30 +0100
Subject: [PATCH] Old poc examples were full of injections due to migration
 strategy. Will be rewritten in doc.

---
 poc/examples/eval.pow                 | 19 ---------
 poc/examples/eval.testme              |  8 ----
 poc/examples/nmap-web.html            | 35 -----------------
 poc/examples/nmap-web.pow             | 55 ---------------------------
 poc/examples/nmap/Dockerfile          |  7 ----
 poc/examples/nmap/nmap.pow            | 19 ---------
 poc/examples/operator.pow             | 41 --------------------
 poc/examples/pandoc/pandoc.pow        | 26 -------------
 poc/examples/pandoc/testme            |  8 ----
 poc/examples/pdfeditor/pdfeditor.html | 41 --------------------
 poc/examples/pdfeditor/pdfeditor.pow  | 20 ----------
 poc/examples/pdfeditor/topdf          | 28 --------------
 poc/examples/tcpdump/README.md        | 16 --------
 poc/examples/tcpdump/tcpdump.pow      |  1 -
 poc/examples/torrent.pow              | 43 ---------------------
 15 files changed, 367 deletions(-)
 delete mode 100755 poc/examples/eval.pow
 delete mode 100755 poc/examples/eval.testme
 delete mode 100644 poc/examples/nmap-web.html
 delete mode 100755 poc/examples/nmap-web.pow
 delete mode 100644 poc/examples/nmap/Dockerfile
 delete mode 100755 poc/examples/nmap/nmap.pow
 delete mode 100755 poc/examples/operator.pow
 delete mode 100755 poc/examples/pandoc/pandoc.pow
 delete mode 100755 poc/examples/pandoc/testme
 delete mode 100644 poc/examples/pdfeditor/pdfeditor.html
 delete mode 100755 poc/examples/pdfeditor/pdfeditor.pow
 delete mode 100755 poc/examples/pdfeditor/topdf
 delete mode 100644 poc/examples/tcpdump/README.md
 delete mode 100644 poc/examples/tcpdump/tcpdump.pow
 delete mode 100755 poc/examples/torrent.pow

diff --git a/poc/examples/eval.pow b/poc/examples/eval.pow
deleted file mode 100755
index acc18bd..0000000
--- a/poc/examples/eval.pow
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST '/eval' -c '$($(kapow get /request/body) | kapow set /response/stream)'
diff --git a/poc/examples/eval.testme b/poc/examples/eval.testme
deleted file mode 100755
index a17bfc9..0000000
--- a/poc/examples/eval.testme
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-
-curl -X POST --data-binary @- http://localhost:8080/eval <<EOF
-touch /tmp/kapow_was_here
-EOF
-
-echo 'Proof of success:'
-ls -l /tmp/kapow_was_here
diff --git a/poc/examples/nmap-web.html b/poc/examples/nmap-web.html
deleted file mode 100644
index 7a3f8f2..0000000
--- a/poc/examples/nmap-web.html
+++ /dev/null
@@ -1,35 +0,0 @@
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta charset="UTF-8">
-        <title>Nmap</title>
-    </head>
-    <body>
-        <form id="nmap-params" method="post" action="nmap.xml">
-            <fieldset>
-                <legend>Nmap parameters</legend>
-                <div>
-                    <label for="target_spec">Target Specification:</label>
-                    <input name="target_spec" type="text" placeholder="ip, domain, network, range" value="127.0.0.1" required autofocus>
-                    <p>
-                        Can pass hostnames, IP addresses, networks, etc. e.g.:
-                        scanme.nmap.org, microsoft.com/24, 192.168.0.1;
-                        10.0.0-255.1-254
-                    </p>
-                </div>
-                <div>
-                    <label for="port_ranges">Port Ranges:</label>
-                    <input name="port_ranges" type="text" placeholder="port, range, list" value="8080" required>
-                    <p>
-                        Only scan specified ports. e.g.: 22; 1-65535;
-                        U:53,111,137,T:21-25,80,139,8080,S:9
-                    </p>
-                </div>
-                <div>
-                    <input name="scan" type="submit" value="Scan">
-                    <input name="reset" type="reset" value="Reset">
-                </div>
-            </fieldset>
-        </form>
-    </body>
-</html>
diff --git a/poc/examples/nmap-web.pow b/poc/examples/nmap-web.pow
deleted file mode 100755
index 6fb0755..0000000
--- a/poc/examples/nmap-web.pow
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Nmap produces an XML report, suitable for rendering in a web browser
-#
-
-# Call examples:
-#
-# $ browser http://localhost:8080
-#
-# $ curl -v http://localhost:8080/nmap.xml -d 'target_spec=127.0.0.1&port_ranges=9000'
-#
-
-kapow route add -X GET / - <<-'EOF'
-	cat nmap-web.html | kapow set /response/body
-EOF
-
-kapow route add -X GET /nmap.xsl - <<-'EOF'
-	curl --silent https://svn.nmap.org/nmap/docs/nmap.xsl	\
-	| kapow set /response/body
-EOF
-
-kapow route add -X POST /nmap.xml - <<-'EOF'
-
-	TARGET_SPEC=$(kapow get /request/form/target_spec)
-	: ${TARGET_SPEC:=127.0.0.1}
-
-	PORT_RANGES=$(kapow get /request/form/port_ranges)
-	: ${PORT_RANGES:=8080}
-
-	nmap					\
-		-Pn				\
-		-n				\
-		-p "$PORT_RANGES"		\
-		-oX -				\
-		--stylesheet /nmap.xsl		\
-		"$TARGET_SPEC"			\
-	| kapow set /response/body
-EOF
diff --git a/poc/examples/nmap/Dockerfile b/poc/examples/nmap/Dockerfile
deleted file mode 100644
index 5fe5224..0000000
--- a/poc/examples/nmap/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM bbvalabsci/kapow:latest
-
-RUN apk add nmap
-
-COPY nmap.pow /tmp/
-
-CMD ["server", "/tmp/nmap.pow"]
diff --git a/poc/examples/nmap/nmap.pow b/poc/examples/nmap/nmap.pow
deleted file mode 100755
index ef42eb9..0000000
--- a/poc/examples/nmap/nmap.pow
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X GET '/list/{ip}' -c 'nmap -sL "$(kapow get /request/matches/ip)" | kapow set /response/body'
diff --git a/poc/examples/operator.pow b/poc/examples/operator.pow
deleted file mode 100755
index 27bca22..0000000
--- a/poc/examples/operator.pow
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add /list/files -c 'ls -la $(kapow get /request/params/path) | kapow set /response/body'
-
-kapow route add /list/processes -c 'ps -aux | kapow set /response/body'
-
-kapow route add /show/cpuinfo -c 'kapow set /response/body < /proc/cpuinfo'
-
-kapow route add /show/memory -c 'free -m | kapow set /response/body'
-
-kapow route add /show/disk -c 'df -h | kapow set /response/body'
-
-kapow route add /show/connections -c 'ss -pluton | kapow set /response/body'
-
-kapow route add /show/mounts -c 'mount | kapow set /response/body'
-
-kapow route add /tail/dmesg - <<-'EOF'
-	kapow set /response/headers/Content-Type text/plain
-	dmesg -w | kapow set /response/stream
-EOF
-
-kapow route add /tail/journal - <<-'EOF'
-	kapow set /response/headers/Content-Type text/plain
-	journalctl -f | kapow set /response/stream
-EOF
diff --git a/poc/examples/pandoc/pandoc.pow b/poc/examples/pandoc/pandoc.pow
deleted file mode 100755
index 5558cd3..0000000
--- a/poc/examples/pandoc/pandoc.pow
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST --entrypoint '/bin/zsh -c' '/convert/{from}/{to}' - <<-'EOF'
-	pandoc --from="$(kapow get /request/matches/from)" \
-	       --to="$(kapow get /request/matches/to)" \
-	       --output=>(kapow set /response/body) \
-	       =(kapow get /request/body)
-EOF
-kapow route add -X GET '/formats/input' -c 'pandoc --list-input-formats | kapow set /response/body'
-kapow route add -X GET '/formats/output' -c 'pandoc --list-output-formats | grep -v pdf | kapow set /response/body'
diff --git a/poc/examples/pandoc/testme b/poc/examples/pandoc/testme
deleted file mode 100755
index e2fabd3..0000000
--- a/poc/examples/pandoc/testme
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env sh
-
-curl -X POST --data-binary @- http://localhost:8080/convert/markdown/man <<EOF
-# This is not a pipe
-
-1. hello
-1. goodbye
-EOF
diff --git a/poc/examples/pdfeditor/pdfeditor.html b/poc/examples/pdfeditor/pdfeditor.html
deleted file mode 100644
index 378898b..0000000
--- a/poc/examples/pdfeditor/pdfeditor.html
+++ /dev/null
@@ -1,41 +0,0 @@
-<html>
-  <head>
-  <title>PDF Editor</title>
-  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/siimple/dist/siimple.min.css">
-  <head>
-  <body>
-    <div class="siimple-content siimple-content--extra-large">
-      <div class="siimple-grid">
-	<div class="siimple-grid-row">
-	  <div class="siimple-grid-col siimple-grid-col--12">
-	    <div class="siimple-grid-col siimple-grid-col--6">
-	      <div class="siimple-form">
-		<form action="/editor/pdf" method="post" target="result" id="editor">
-		  <div class="siimple-form-title">AWYSIWYG PDF Editor</div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-form-field-label">InputFormat</div>
-		    <select name="from">
-		      <option value="markdown">Markdown</option>
-		      <option value="rst">ReStructuredText</option>
-		    </select>
-		  </div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-form-field-label">InputFormat</div>
-		    <textarea class="siimple-textarea siimple-textarea--fluid" rows="25" name="content">Example text</textarea>
-		  </div>
-		  <div class="siimple-form-field">
-		    <div class="siimple-btn siimple-btn--blue" onclick="document.getElementById('editor').submit();">Preview!</div>
-		  </div>
-		</form>
-	      </div>
-	    </div>
-	    <div class="siimple-grid-col siimple-grid-col--6">
-	      <iframe name="result" src="" style="height: 100%; width: 100%;"></iframe>
-	    </div>
-	  </div>
-	</div>
-      </div>
-    </div>
-  </body>
-</html>
-
diff --git a/poc/examples/pdfeditor/pdfeditor.pow b/poc/examples/pdfeditor/pdfeditor.pow
deleted file mode 100755
index 06eb815..0000000
--- a/poc/examples/pdfeditor/pdfeditor.pow
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add -X POST --entrypoint ./topdf '/editor/pdf'
-kapow route add / -c 'kapow set /response/headers/Content-Type text/html && kapow set /response/body < pdfeditor.html'
diff --git a/poc/examples/pdfeditor/topdf b/poc/examples/pdfeditor/topdf
deleted file mode 100755
index f89d0c0..0000000
--- a/poc/examples/pdfeditor/topdf
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/zsh
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-tmpfile=$(mktemp --suffix=.pdf)
-pandoc --from="$(kapow get /request/form/from)" --to=pdf --output=${tmpfile} -t latex =(kapow get /request/form/content)
-if [ $? -eq 0 ]; then
-	kapow set /response/headers/Content-Type application/pdf
-	kapow set /response/body < ${tmpfile}
-	kapow set /response/status 200
-else
-	kapow set /response/status 500
-fi
-rm -f ${tmpfile}
diff --git a/poc/examples/tcpdump/README.md b/poc/examples/tcpdump/README.md
deleted file mode 100644
index de84f51..0000000
--- a/poc/examples/tcpdump/README.md
+++ /dev/null
@@ -1,16 +0,0 @@
-Remote tcpdump sniffer with source filtering
-============================================
-
-1. Add any filter you want to the `tcpdump` command inside `tcpdump.pow` to filter
-   any traffic you don't want to be sniffed!
-2. For the sake of simplicity, run `sudo -E kapow server tcpdump.pow`. In a
-   production environment, `tcpdump` should be run with the appropiate permissions,
-   but kapow can (and should) run as an unprivileged user.
-3. In your local machine run:
-   ```bash
-   curl http://localhost:8080/sniff/<network-interface> | sudo -E wireshark -k -i -
-   ```
-   Again, for the sake of simplicity, `Wireshark` is running as root. If you don't want
-   to run it this way, follow this guide:
-   https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
-4. Profit!
diff --git a/poc/examples/tcpdump/tcpdump.pow b/poc/examples/tcpdump/tcpdump.pow
deleted file mode 100644
index 36b83d9..0000000
--- a/poc/examples/tcpdump/tcpdump.pow
+++ /dev/null
@@ -1 +0,0 @@
-kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" | kapow set /response/stream'
diff --git a/poc/examples/torrent.pow b/poc/examples/torrent.pow
deleted file mode 100755
index ee31e7d..0000000
--- a/poc/examples/torrent.pow
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-#
-# Copyright 2019 Banco Bilbao Vizcaya Argentaria, S.A.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-kapow route add / - <<-'EOF'
-	kapow set /response/headers/Content-Type text/html
-	kapow set /response/body <<-HTML
-		<html>
-		<body>
-		<a href='javascript: Array.from(document.querySelectorAll("a")).filter(x => x.href.indexOf("magnet") != -1 ).map(x => x.href = "http://localhost:8080/save/magnet?link="+encodeURI(x.href))'>Add me to your bookmarks!</a>
-		</body>
-		</html>
-	HTML
-EOF
-
-kapow route add /save/magnet -e '/bin/bash -c' - <<-'EOF'
-	link=$(kapow get /request/params/link)
-	[ -z $link ] && kapow set /response/status 400 && exit 0
-
-	watch_folder=/tmp
-	cd $watch_folder
-	[[ "$link" =~ xt=urn:btih:([^&/]+) ]] || exit;
-	echo "d10:magnet-uri${#link}:${link}e" > "meta-${BASH_REMATCH[1]}.torrent"
-
-	kapow set /response/status 302
-	kapow set /response/headers/Location /torrent/list
-EOF
-
-kapow route add /torrent/list -c 'kapow set /response/body "Not Implemented Yet"'