From b040c71036540e170b95ecb3339506ab700f4ed3 Mon Sep 17 00:00:00 2001
From: lixtelnis <lixtelnis@gmail.com>
Date: Sat, 27 Jul 2024 19:52:16 -0400
Subject: [PATCH] roll

---
 build.py                               | 19 +++++++++++++++++++
 src/main_layout.html                   |  9 +++++++--
 src/pages/home/body.html               |  3 +++
 src/pages/stimulusreflex-rce/body.html |  6 +++---
 src/pages/wkhtmltopdf-webkit/meta.json |  2 +-
 src/roll_li.html                       | 11 +++++++++++
 6 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/build.py b/build.py
index c7a5db2..60d6323 100644
--- a/build.py
+++ b/build.py
@@ -36,6 +36,7 @@ def build_page(page_meta):
     page_out = page_out.replace("[[MATH]]", math_head)
   else:
     page_out = page_out.replace("[[MATH]]", "")
+  page_out = page_out.replace("[[ROLLLI]]", post_roll)
 
   file_out = open(f"build/{page_name}/index.html","w")
   file_out.write(page_out)
@@ -51,6 +52,23 @@ def build_index(page_metas):
     index += '\n' + nav_li.replace("[[PAGENAME]]", page_name).replace("[[PAGELINK]]", f'/{page_name}/')
   return index
 
+def build_roll(page_metas):
+  page_metas = filter(lambda page_meta: not page_meta[1].get("ishome", False), page_metas)
+  page_metas = sorted(page_metas, key = lambda page_meta: page_meta[1].get("date", [0,0,0]), reverse=True)
+  roll = ''
+  for page, meta in page_metas:
+    page_dir = path.dirname(page)
+    page_name = path.basename(page_dir)
+    title = meta.get("title", "[[Add a title in meta.json]]")
+    description = meta.get("description", "[[Add a description in meta.json]]")
+    published_time = date(*meta.get("date", [2020, 1, 1]))
+    roll += roll_li
+    roll = roll.replace("[[PAGELINK]]", f'/{page_name}/')
+    roll = roll.replace("[[TITLE]]", title)
+    roll = roll.replace("[[DESCRIPTION]]", description)
+    roll = roll.replace("[[DATE]]", f'{published_time}')
+  return roll
+
 def build_rss(page_metas):
   page_metas = filter(lambda page_meta: not page_meta[1].get("ishome", False), page_metas)
 
@@ -108,6 +126,7 @@ def build_redirects(redirect_meta):
 page_metas = [(page, json.load(open(page))) for page in pages]
 
 site_index = build_index(page_metas)
+post_roll = build_roll(page_metas)
 
 for page_meta in page_metas:
   build_page(page_meta)
diff --git a/src/main_layout.html b/src/main_layout.html
index 81e35c4..baf6acd 100644
--- a/src/main_layout.html
+++ b/src/main_layout.html
@@ -34,8 +34,13 @@
       blockquote { background-color: #d0c0fe7f; padding: 10px; }
       pre { white-space: pre-wrap; overflow-wrap: anywhere; }
       pre { background-color: #d0c0fe7f; }
-      #nowrap { text-wrap: nowrap; overflow: scroll; width: 100%; }
-      #wrap { overflow-wrap: anywhere; }
+      .nowrap { text-wrap: nowrap; overflow: scroll; width: 100%; }
+      .wrap { overflow-wrap: anywhere; }
+      .roll { list-style: none; padding: 0; }
+      .rollanchor { text-decoration: none; color: inherit; }
+      .rolldate { float: right; }
+      .rolldesc { padding: 5px 5px 5px 20px; }
+      .rolltitle { font-weight: bold; }
       @media (max-width: 900px) {
         nav { width: 15px; }
         nav #navhide { visibility: hidden; }
diff --git a/src/pages/home/body.html b/src/pages/home/body.html
index 66925b9..6b13b3e 100644
--- a/src/pages/home/body.html
+++ b/src/pages/home/body.html
@@ -6,3 +6,6 @@
   <li><a href="https://github.com/FelixMartel">github</a></li>
   <li><a href="mailto:lix@hackin.ca">email</a></li>
 </ul>
+<ul class="roll">
+  [[ROLLLI]]
+</ul>
\ No newline at end of file
diff --git a/src/pages/stimulusreflex-rce/body.html b/src/pages/stimulusreflex-rce/body.html
index 6f3b7b0..99df848 100644
--- a/src/pages/stimulusreflex-rce/body.html
+++ b/src/pages/stimulusreflex-rce/body.html
@@ -9,7 +9,7 @@ <h3>exploration</h3>
 {"command":"message","identifier":"{\"channel\":\"StimulusReflex::Channel\"}","data":"{\"attrs\":{\"data-reflex\":\"change->DocumentReflex#change_name\",\"data-reflex-dataset\":\"ancestors\",\"class\":\"form-control\",\"value\":\"rename.me.me\",\"data-controller\":\"folders\",\"data-action\":\"change->folders#__perform\",\"checked\":false,\"selected\":false,\"tag_name\":\"INPUT\"},\"dataset\":{\"dataset\":{\"data-reflex\":\"change->DocumentReflex#change_name\",\"data-reflex-dataset\":\"ancestors\",\"data-controller\":\"folders\",\"data-action\":\"change->folders#__perform\",\"data-reflex-root\":\"#folder\",\"data-document-id\":\"543884\"},\"datasetAll\":{}},\"selectors\":[\"#folder\"],\"id\":\"84abfdb3-a58d-4248-a9a2-ad7aa619056a\",\"resolveLate\":false,\"suppressLogging\":false,\"xpathController\":\"//*[@id='document_543884']/div[1]/div[3]/form[1]/input[1]\",\"xpathElement\":\"//*[@id='document_543884']/div[1]/div[3]/form[1]/input[1]\",\"inner_html\":\"\",\"text_content\":\"\",\"reflexController\":\"folders\",\"permanentAttributeName\":\"data-reflex-permanent\",\"target\":\"DocumentReflex#change_name\",\"args\":[],\"url\":\"http://localhost/\",\"tabId\":\"69415f36-c3ce-4922-abb3-1739fcfe77e9\",\"version\":\"3.5.0-pre10\",\"formData\":\"\"}"}
 </pre>
 <p>
-There is a lot of stuff in this message and I don't know what it is all used for but you can see interesting target and args fields: <span id="wrap">\"target\":\"DocumentReflex#change_name\",\"args\":[]</span>. This corresponds to a server-side class and method that will be invoked. Even before reviewing how this invocation is implemented, you can try to change the #method part with a method from the <a href="https://ruby-doc.org/3.2.2/Object.html">object class</a>. Promisingly, this would lead to responses such as "wrong number of arguments (given [], expected [[:req]], optional [])".
+There is a lot of stuff in this message and I don't know what it is all used for but you can see interesting target and args fields: <span class="wrap">\"target\":\"DocumentReflex#change_name\",\"args\":[]</span>. This corresponds to a server-side class and method that will be invoked. Even before reviewing how this invocation is implemented, you can try to change the #method part with a method from the <a href="https://ruby-doc.org/3.2.2/Object.html">object class</a>. Promisingly, this would lead to responses such as "wrong number of arguments (given [], expected [[:req]], optional [])".
 </p>
 <pre>
 {"identifier":"{\"channel\":\"StimulusReflex::Channel\"}","message":{"cableReady":true,"operations":[{"name":"stimulus-reflex:morph-error","payload":{},"stimulusReflex":{"attrs":{"data-reflex":"change-\u003eDocumentReflex#change_name","data-reflex-dataset":"ancestors","class":"form-control","value":"rename.me.me","data-controller":"folders","data-action":"change-\u003efolders#__perform","checked":false,"selected":false,"tagName":"INPUT"},"dataset":{"dataset":{"data-reflex":"change-\u003eDocumentReflex#change_name","data-reflex-dataset":"ancestors","data-controller":"folders","data-action":"change-\u003efolders#__perform","data-reflex-root":"#folder","data-document-id":"543884"},"datasetAll":{}},"selectors":["#folder"],"id":"84abfdb3-a58d-4248-a9a2-ad7aa619056a","resolveLate":false,"suppressLogging":false,"xpathController":"//*[@id='document_543884']/div[1]/div[3]/form[1]/input[1]","xpathElement":"//*[@id='document_543884']/div[1]/div[3]/form[1]/input[1]","innerHtml":"","textContent":"","reflexController":"folders","permanentAttributeName":"data-reflex-permanent","target":"DocumentReflex#method","args":[],"url":"http://localhost/","tabId":"69415f36-c3ce-4922-abb3-1739fcfe77e9","version":"3.5.0-pre10","formData":"","morph":"page"},"error":"wrong number of arguments (given [], expected [[:req]], optional []) ","reflexId":"84abfdb3-a58d-4248-a9a2-ad7aa619056a","operation":"dispatchEvent"}],"version":"5.0.0.pre10"}}
@@ -19,7 +19,7 @@ <h3>exploration</h3>
 </p>
 <h3>vulnerability</h3>
 <p>
-In this case, finding the relevant security-sensitive code is as simple as searching for "wrong number of arguments (given [], expected [[:req]], optional [])". It is found in <span id="wrap">stimulus_reflex/app/channels/stimulus_reflex/channel.rb</span>
+In this case, finding the relevant security-sensitive code is as simple as searching for "wrong number of arguments (given [], expected [[:req]], optional [])". It is found in <span class="wrap">stimulus_reflex/app/channels/stimulus_reflex/channel.rb</span>
 </p>
 <pre>
 def delegate_call_to_reflex(reflex)
@@ -47,7 +47,7 @@ <h3>vulnerability</h3>
   run_callbacks(:process) { public_send(name, *args) }
 end
 </pre>
-The crux of the matter is to find what counts as a method with arguments according to the ReflexMethodInvocationPolicy in <span id="wrap">stimulus_reflex/lib/stimulus_reflex/policies/reflex_invocation_policy.rb</span>
+The crux of the matter is to find what counts as a method with arguments according to the ReflexMethodInvocationPolicy in <span class="wrap">stimulus_reflex/lib/stimulus_reflex/policies/reflex_invocation_policy.rb</span>
 <pre>
 module StimulusReflex
   class ReflexMethodInvocationPolicy
diff --git a/src/pages/wkhtmltopdf-webkit/meta.json b/src/pages/wkhtmltopdf-webkit/meta.json
index 4a4aec2..5cfde19 100644
--- a/src/pages/wkhtmltopdf-webkit/meta.json
+++ b/src/pages/wkhtmltopdf-webkit/meta.json
@@ -1,5 +1,5 @@
 {
   "title": "client-supplied server-run javascript again",
-  "description": "exploiting an outdated webkit version in wkhtmltopdf",
+  "description": "Exploiting an outdated webkit version in wkhtmltopdf.",
   "date": [2024,6,12]
 }
diff --git a/src/roll_li.html b/src/roll_li.html
index e69de29..b07862f 100644
--- a/src/roll_li.html
+++ b/src/roll_li.html
@@ -0,0 +1,11 @@
+<li>
+  <a class="rollanchor" href="[[PAGELINK]]">
+    <div>
+      <span class="rolltitle">[[TITLE]]</span>
+      <span class="rolldate">[[DATE]]</span>
+    </div>
+    <div class="rolldesc">
+      <span>[[DESCRIPTION]]</span>
+    </div>
+  </a>
+</li>
\ No newline at end of file