Skip to content

Instantly share code, notes, and snippets.

@PatrickTulskie
Created December 4, 2023 12:04
resque-scheduler xss POC and fix
<h1>Delayed jobs scheduled for <%=h params[:klass] %> (<%= show_job_arguments(@args) %>)</h1>
<table class='jobs'>
<tr>
<th>Timestamp</th>
</tr>
<% @timestamps.each do |t| %>
<tr>
<td>
<%= Time.at(t) %>
</td>
</tr>
<% end %>
<% if @timestamps.empty? %>
<tr>
<td class='no-data'>There are no such jobs scheduled.</td>
</tr>
<% end %>
</table>
version: '3'
services:
web:
build: .
command: "bundle exec resque-web -F -L resque_config.rb"
ports:
- "5678:5678"
volumes:
- .:/usr/src/app
environment:
- QUEUE=*
- INTERVAL=5
depends_on:
- redis
redis:
image: redis:latest
ports:
- "6379:6379"
# Use an official Ruby runtime as a parent image
FROM ruby:latest
# Set the working directory in the container
WORKDIR /usr/src/app
# Copy the Gemfile and Gemfile.lock into the container
COPY Gemfile ./
COPY Gemfile.lock ./
# Install the gems specified in Gemfile
RUN bundle install
# Copy the rest of your app's source code from your host to your image filesystem.
COPY . .
COPY delayed_schedules.erb /usr/local/bundle/gems/resque-scheduler-4.10.0/lib/resque/scheduler/server/views/
# Expose the port the app runs on
EXPOSE 5678
# Define the command to run your app using CMD which defines your runtime
CMD ["resque-web"]
source 'https://rubygems.org'
gem 'webrick'
gem 'resque'
gem 'resque-scheduler'
GEM
remote: https://rubygems.org/
specs:
concurrent-ruby (1.2.2)
connection_pool (2.4.1)
et-orbi (1.2.7)
tzinfo
fugit (1.9.0)
et-orbi (~> 1, >= 1.2.7)
raabro (~> 1.4)
mono_logger (1.1.2)
multi_json (1.15.0)
mustermann (3.0.0)
ruby2_keywords (~> 0.0.1)
raabro (1.4.0)
rack (2.2.8)
rack-protection (3.1.0)
rack (~> 2.2, >= 2.2.4)
redis (5.0.8)
redis-client (>= 0.17.0)
redis-client (0.18.0)
connection_pool
redis-namespace (1.11.0)
redis (>= 4)
resque (2.6.0)
mono_logger (~> 1.0)
multi_json (~> 1.0)
redis-namespace (~> 1.6)
sinatra (>= 0.9.2)
resque-scheduler (4.10.0)
mono_logger (~> 1.0)
redis (>= 3.3)
resque (>= 1.27)
rufus-scheduler (~> 3.2, != 3.3)
ruby2_keywords (0.0.5)
rufus-scheduler (3.9.1)
fugit (~> 1.1, >= 1.1.6)
sinatra (3.1.0)
mustermann (~> 3.0)
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.1.0)
tilt (~> 2.0)
tilt (2.3.0)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
webrick (1.8.1)
PLATFORMS
x86_64-linux
DEPENDENCIES
resque
resque-scheduler
webrick
BUNDLED WITH
2.4.1
require 'resque'
require 'resque-scheduler'
require 'resque/scheduler/server'
Resque.redis = "redis:6379"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment