codetainerapp / codetainer Goto Github PK
View Code? Open in Web Editor NEWA Docker container in your browser.
License: MIT License
A Docker container in your browser.
License: MIT License
error says:
Codetainer 19:41:28 [FATAL] Unable to create codetainer: API error (400): {"message":"starting container with HostConfig was deprecated since v1.10 and removed in v1.12"}
Use the APIs to fetch file contents and save them back to the server from within the codetainer widget.
The following is the error I got from running go get github.com/codetainerapp/codetainer
# github.com/codetainerapp/codetainer
root/go/src/github.com/codetainerapp/codetainer/http-helpers.go:60: undefined: Asset
root/go/src/github.com/codetainerapp/codetainer/http-helpers.go:61: undefined: Asset
root/go/src/github.com/codetainerapp/codetainer/http-helpers.go:62: undefined: Asset
root/go/src/github.com/codetainerapp/codetainer/http-server.go:37: undefined: Asset
root/go/src/github.com/codetainerapp/codetainer/http-server.go:38: undefined: AssetDir
Support TLS auth for Docker API
release is not working
==> Building packages codetainer cp: cannot stat ‘pkg/linux-amd64/codetainer’: No such file or directory make: *** [setup] Error 1
Need:
Support a terminal only
mode (e.g., add flags terminal-only=1 to the view route)
that hides the code editor and other features and just displays a raw terminal.
use swagger for this
Need to figure out how to do both unit + integration tests.
Add the ability to apply a custom --security-opts configuration to sandbox a container's actions.
It is a bad idea to encourage people expose Docker over the network.
Create an API so that you can fetch a file inside of a codetainer.
There seems to be a compatibility issue with newer versions of docker. When I run
codetainer create ubuntu:14.04 test --debug
I get the error:
Codetainer 00:56:04 [FATAL] Unable to create codetainer: API error (400): {"message":"starting container with non-empty request body was deprecated since API v1.22 and removed in v1.24"}
I am using:
This seems to be an issue with a docker update since googling the errors returns a bunch of links about docker api
Hello,
I am writing to report a potential Regular Expression Denial of Service (ReDoS) vulnerability or Inefficient Regular Expression in the project. This issue arises when specially crafted input strings are used in the context of distributed, high-volume requests, potentially leading to a denial-of-service attack.
Location of Issue:
The vulnerability is related to a regular expression used in the following validation file, which may result in significantly prolonged execution times under certain conditions.
PoC Files and Comparisons:
// Proof of concept
filename := os.Args[1]
content, err := ioutil.ReadFile(filename)
re := regexp.MustCompile("(?s)<(?:style|script)[^<>]*>.*?</(?:style|script)>|</?[a-z][a-z0-9]*[^<>]*>|<!--.*?-->")
re.ReplaceAllString(string(content), "")
PoC Files Here:
poc.zip
To evaluate the performance of this inefficient regular expression matching with varying input contents, the following commands can be executed within the PoC folder:
time ./poc AttackString10MB.txt
# real 72m38.173s
# user 72m30.083s
# sys 0m5.653s
time ./poc RandomString10MB.txt
# real 0m0.029s
# user 0m0.016s
# sys 0m0.026s
time ./poc AttackString1MB.txt
# real 0m54.028s
# user 0m53.917s
# sys 0m0.088s
time ./poc RandomString1MB.txt
# real 0m0.011s
# user 0m0.007s
# sys 0m0.011s
The significant difference in processing time between random strings and malicious strings highlights the potential effectiveness of this regex for malicious exploitation. And as string length grows, the nonlinear increase in processing time reflects potentially greater risks.
Proposed Solution:
A possible mitigation strategy could include limiting the input length to prevent excessive processing times. If the corresponding function or feature is not in use, it is recommended to clean up risky third-party packages or code content to prevent malicious exploitation through methods such as code injection.
Additional Considerations:
Historically, it was believed that using regex engines with non-backtracking implementations (such as those in Rust or Go) would not lead to ReDoS vulnerabilities. However, recent studies have shown that this is not always the case. I recommend an assessment of how this issue might impact this project.
Thank you for your attention to this matter. Your evaluation and response to this potential security concern would be greatly appreciated.
Best regards,
Add a license (MIT?)
Provide an API to upload files to support the code editing ability in the widget.
Depends upon fsouza/go-dockerclient#352 addition of support for Docker /archive API.
add an API to create and start a container from an image.
Add a TestConfig check for Docker API >= 1.17
Add API route that stops / removes a codetainer.
I did not try it yet, but the project seems really nice. However, I was thinking about the possibility to package it as a Docker image so that it is easier to give it a try (by simply mounting a few volumes, config file, and mapping some ports). I am not sure though, what would be involved in doing so or if there are any hurdles.
The container can display Chinese, Web pages can also display Chinese, But the page can not enter Chinese
Use a policy to restrict network access to the codetainer.
Is running codetainer still possible? Seems that godep and dep have been deprecated in favor of Go modules. I'm not well versed in Go so not sure if this makes codetainers unusable. Would love help setting it up if its still possible.
The app should have the ability to register Docker images that can serve as codetainer images within a database. The image should have relevant Docker
information associated with it (such as the apparmor profile, any Docker flags to sandbox the container when it is started).
It should also track running Docker "codetainers".
If I execute codetainer server outside the path _where_codetainer_placed_/bin
, the path of utils will be detected in a wrong result.
I found the issue here:
https://github.com/codetainerapp/codetainer/blob/master/config.go#L124
Need to add HTTPs support for the codetainer api server.
I use VirtualBox (via Docker Machine) to host Docker daemon in OS X, and always set $DOCKER_TLS_VERIFY
, $DOCKER_HOST
and $DOCKER_CERT_PATH
env vars to specify the destination Docker client accesses to.
I think these variables can be alternative to TOML.
In the section Profiles
, creating with profile file should pass codetainer-config-id
in the request, not container-config-id
.
Make Godep vendor dependencies compatible with GO15VENDOREXPERIMENT
Currently, the api route /api/v1/codetainer/{id}/files
will list files in a container at a given path; however the files listing needs to be modified to return useful metadata about the file, including:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.