Merge branch 'main' into unstable

charts/flood-testing/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/flood-testing/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: flood-testing
+description: A Helm chart for Kubernetes
+
+# To use chart you can use the following commands (small image size is default):
+# helm upgrade --install releaseName --set imageSize=small|medium|large --set ingress.url=something.k3s.brokencrystals.nexploit.app  . --namespace distributor --wait
+
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+keywords:
+  - flood-testing
+  - ft
+version: 1.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"

charts/flood-testing/templates/deployment.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: ghcr.io/neuralegion/floodtest_tgt:{{ .Values.imageSize }}
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 250m
+              memory: 512Mi
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          startupProbe:
+            httpGet:
+              path: /
+              port: 3000
+              scheme: HTTP
+      imagePullSecrets:
+        - name: pull-ghcr-io

charts/flood-testing/templates/ingress.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    {{ if eq .Values.ingress.cert "" }}
+    cert-manager.io/cluster-issuer: letsencrypt-cf-prod
+    {{ end }}
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - {{ .Values.ingress.url }}
+      secretName: {{ if eq .Values.ingress.cert "" }}distributorwildcard{{ else }}{{ .Values.ingress.cert }}{{ end }}
+  rules:
+    - host: {{ .Values.ingress.url }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  number: 3000

charts/flood-testing/templates/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+    - port: 3000
+  selector:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app: {{ .Release.Name }}

charts/flood-testing/values.yaml

@@ -0,0 +1,5 @@
+ingress:
+  url: dev.vuln.nexploit.app
+  cert: ""
+  authlevel: "."
+imageSize: "small"

charts/log4shell/Chart.yaml

@@ -4,7 +4,7 @@ description: log4shell app
 type: application
 keywords:
 - log4shell
-version: 0.0.2
+version: 0.0.3
 dependencies:
 - name: simple-service
   version: 0.0.1

charts/log4shell/values.yaml

@@ -4,11 +4,11 @@ simple-service:
     port: 8080
     resources:
       requests:
-        cpu: 50m
-        memory: 128Mi
-      limits:
-        cpu: 125m
+        cpu: 150m
         memory: 256Mi
+      limits:
+        cpu: 500m
+        memory: 768Mi
     livenessProbe:
       httpGet:
         path: /

charts/static-app-with-delay/Chart.yaml

@@ -0,0 +1,6 @@
+# static-app-with-delay/Chart.yaml
+apiVersion: v2
+name: static-app-with-delay
+description: A Helm chart for Kubernetes deployment with self-signed certificate
+version: 0.0.1
+appVersion: "1.0"

charts/static-app-with-delay/templates/_helpers.tpl

@@ -0,0 +1,8 @@
+# static-app-with-delay/templates/_helpers.tpl
+{{- define "static-app-with-delay.name" -}}
+static-app-with-delay
+{{- end -}}
+
+{{- define "static-app-with-delay.fullname" -}}
+{{- .Release.Name }}-static-app-with-delay
+{{- end -}}

charts/static-app-with-delay/templates/deployment.yaml

@@ -0,0 +1,103 @@
+# static-app-with-delay/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "static-app-with-delay.fullname" . }}
+  labels:
+    app: {{ include "static-app-with-delay.name" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ include "static-app-with-delay.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "static-app-with-delay.name" . }}
+    spec:
+      hostAliases:
+        - ip: "127.0.0.1"
+          hostnames:
+            - "target.local"
+      containers:
+        - name: static-app
+          image: "{{ .Values.staticApp.image }}"
+          ports:
+            - containerPort: 80
+          env:
+            - name: RESPONSE_SIZE
+              value: "{{ .Values.staticApp.responseSize }}"
+
+        - name: nginx
+          image: "{{ .Values.nginx.image }}"
+          ports:
+            - containerPort: 443
+          volumeMounts:
+            - name: tls-certs
+              mountPath: "/etc/nginx/tls"
+              readOnly: true
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              echo '
+              server {
+                  listen 443 ssl;
+                  server_name {{ .Values.nginx.serverName }};
+
+                  ssl_certificate /etc/nginx/tls/tls.crt;
+                  ssl_certificate_key /etc/nginx/tls/tls.key;
+
+                  location / {
+                      proxy_pass http://localhost:8080;
+                      proxy_set_header Host $host;
+                      proxy_set_header X-Real-IP $remote_addr;
+                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                      proxy_set_header X-Forwarded-Proto $scheme;
+                  }
+              }
+
+              server {
+                  listen 80;
+                  server_name {{ .Values.nginx.serverName }};
+
+                  location / {
+                      proxy_pass http://localhost:8080;
+                      proxy_set_header Host $host;
+                      proxy_set_header X-Real-IP $remote_addr;
+                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                      proxy_set_header X-Forwarded-Proto $scheme;
+                  }
+              }
+              ' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'
+
+        {{- if and .Values.repeaterID .Values.token .Values.cluster }}
+        {{- range $index, $repeaterID := .Values.repeaterID }}
+        - name: repeater-{{ $index }}
+          image: brightsec/cli{{ if $.Values.repeaterImageTag }}:{{ $.Values.repeaterImageTag }}{{ else }}:latest{{ end }}
+          command: ["bright-cli", "repeater"]
+          args:
+            - "--token=$(TOKEN)"
+            - "--id=$(REPEATER_ID)"
+            - "--cluster=$(CLUSTER)"
+            - "--timeout=$(TIMEOUT)"
+            - "--log-level=verbose"
+          resources:
+            requests:
+              cpu: 200m
+              memory: 100Mi
+          env:
+            - name: REPEATER_ID
+              value: "{{ $repeaterID }}"
+            - name: TOKEN
+              value: "{{ $.Values.token }}"
+            - name: CLUSTER
+              value: "{{ $.Values.cluster }}"
+            - name: TIMEOUT
+              value: "{{ $.Values.timeout | default "30000" }}"
+        {{- end }}
+        {{- end }}
+
+      volumes:
+        - name: tls-certs
+          secret:
+            secretName: {{ include "static-app-with-delay.fullname" . }}-tls

charts/static-app-with-delay/templates/secret.yaml

@@ -0,0 +1,9 @@
+# static-app-with-delay/templates/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "static-app-with-delay.fullname" . }}-tls
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.tls.crt  }}
+  tls.key: {{ .Values.tls.key  }}

charts/static-app-with-delay/templates/service.yaml

@@ -0,0 +1,18 @@
+# static-app-with-delay/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "static-app-with-delay.fullname" . }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+      protocol: TCP
+    - name: https
+      port: 443
+      targetPort: 443
+      protocol: TCP
+  selector:
+    app: {{ include "static-app-with-delay.name" . }}

charts/static-app-with-delay/values.yaml

@@ -0,0 +1,15 @@
+# static-app-with-delay/values.yaml
+staticApp:
+  image: "454884832027.dkr.ecr.us-east-1.amazonaws.com/static-app-with-delay:latest"  # Replace with your app image if different
+  responseSize: ""
+nginx:
+  image: "nginx:latest"
+  serverName: "static.local"  # Replace with your actual domain name if needed
+repeaterID: ""
+token: ""
+cluster: ""
+timeout: "30000"
+repeaterImageTag: ""
+tls:
+  crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUROVENDQWgyZ0F3SUJBZ0lVY1B5K2VpWjgyZTY0WEt6aUpLQWZKbTRWNTYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0tqRVZNQk1HQTFVRUF3d01jM1JoZEdsakxteHZZMkZzTVJFd0R3WURWUVFLREFoWmIzVnlJRTl5WnpBZQpGdzB5TkRFeE1UTXhNREl4TlRSYUZ3MHlOVEV4TVRNeE1ESXhOVFJhTUNveEZUQVRCZ05WQkFNTURITjBZWFJwCll5NXNiMk5oYkRFUk1BOEdBMVVFQ2d3SVdXOTFjaUJQY21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNldtTDJwdmtyYkhQY2JiRkRUeWF1Y1ptUnV1aHFjZFZXREVkc3dQTkkxbm9XS3cxZwpoZWQzRDIrUG5EWHZxRFh3c2NvKzVEdG43SllKU2dKVXpxQ1BkOWdVWWMrZTBGWkZyRWt6bnpnVXdOc1VpbUh3Cmt2ejd2REdtNGs3V3lLa3JXTEc3MTE1V2hIYmRWWjF5UWJjZ2hoOFRXQ1pjZFNqbmxuS0F4OTV2eXl3bzFVcG0Ka1ZzdTgzWm91NTQ2TCtSV0Q3VkNmMlZQclQ1MVVCV08vMFNySTNaUFVhMkpUK2V2UEhWRi8wS2ZibWRqVTlGagpZdmgrRWhHUWhXdHIzUWxsbmlGMis4Z0lDM3o3ckl5ays3K1hQZW5nNnE2cmVBVmU3WmlLU2VjMk0rNFc5NHBrCmx6VThXQWM2YStTSitnOVFudGo3UFZ4MkxSM2lZWVBZT0VJeEFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCU1oKZjArK3JZSHlXeU1TdklMZm1MZElpN3EyN2pBZkJnTlZIU01FR0RBV2dCU1pmMCsrcllIeVd5TVN2SUxmbUxkSQppN3EyN2pBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBMTl6NnVEakRqCngrWXRqSEpONThuVStiUTIxWnZ2OFNJekhuUjFTUS9TcUJnZ0RQY2NFa0dONHJJVjVmMDA0U1g4UmthbG5EMEYKNG1oSGRwclpGdE9abndyR2FrRTF6NGJWTXA4cnZwME40T3BsKzhKWENybzBTYzlwL3grY2ZBN1B1TFFUNW0rLwp1WVpjRDE3aG1oZlppVlZ2RTAzZ2ovKzFmSnpxZTNYUGhxME1OaWJnTjBIWkRDdUtBZ3RmOEJ1REVBNjljM092CnMwOXYxeERnaWZidXNLRHpaTHZJMzA3WVNCMEIxMFY4QVFXZ0Z1Sk8ydFBhWnBOczFnNkVRNnFOMmxkMFVvTFkKSmIzd0ZvMjVSVUV5Y080c0pneDdLSmdoSHBkODdueHkwMEdxMGNzSU5lK3dHNnk1TUlhN0RlLzJsb0trcFgvdQo3WUtHWExPSTlvWUQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
+  key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQzZXbUwycHZrcmJIUGMKYmJGRFR5YXVjWm1SdXVocWNkVldERWRzd1BOSTFub1dLdzFnaGVkM0QyK1BuRFh2cURYd3Njbys1RHRuN0pZSgpTZ0pVenFDUGQ5Z1VZYytlMEZaRnJFa3puemdVd05zVWltSHdrdno3dkRHbTRrN1d5S2tyV0xHNzExNVdoSGJkClZaMXlRYmNnaGg4VFdDWmNkU2pubG5LQXg5NXZ5eXdvMVVwbWtWc3U4M1pvdTU0NkwrUldEN1ZDZjJWUHJUNTEKVUJXTy8wU3JJM1pQVWEySlQrZXZQSFZGLzBLZmJtZGpVOUZqWXZoK0VoR1FoV3RyM1FsbG5pRjIrOGdJQzN6NwpySXlrKzcrWFBlbmc2cTZyZUFWZTdaaUtTZWMyTSs0Vzk0cGtselU4V0FjNmErU0orZzlRbnRqN1BWeDJMUjNpCllZUFlPRUl4QWdNQkFBRUNnZ0VBREZYeDRaNTFkWXFwRThFZUlCVEQvSDJ3R3YyNnAxc3dNbEUvUkNOMHAxQnQKUmZ6bEZvdmVvZHEvZVl2dlpSVW5OdTdwOHFaVWlXRlhvRGRLTnJkejJQTm50aGV3Y1BTZEZXRWRlbUdTaW9zbQpwWEl3b0FaMjRTb1l4bEdLUXYwRzk4UFlCaFZ3WFAxSlNnY0NGRjlsd2kwbXJ2YmhtVEszT2JkVGpwTk1kZTFwCnpNSXRvSlhhRklBczRzcTZVK0d2dW9YUE1pU0Nwa0hWUVFxdnZQVjJWNnRiSGErdCtNeGt1SFg0TEtwWkRBV2EKb3Z1NjhvZVM1bi9TbjRTZ01mWTRHMnRselZKWVlZN3FId3hGM21PWmZiR2pMMzF2SGxVN0MraHYxM2RIUzBHdgp0UFMweGtTdUNiR1V5UTV3am0zem05d0VHYVRsWVRmZlVCcFNKOHczZlFLQmdRREcrMkdaNjhSbUlDRUhSSkRhCm1NNCsrVElRUk5VeFEzb2M0bkhMTHdvMllqdmEyOEl0VnV1aTJZZTU3MnJtN2dQYytYcW4wZXo5ZSt4ckJ3TzIKc0FoM0RxRm9ndXhNWlh4MC93MjRLajBsLy9ZRDJKeWdmQUtkaEJrTFVidUJzVjF4ODZ0eHI0QmxUWC91dUNhVwo1YkN6UGtadlp2R1JaZjBCckV6VjgwdnNUUUtCZ1FEdndKZzFZbFBVWEQ0bUZzQVU5RlYzK01TVTlTOU1QWjhpCks5TmZOaWJRSENuWUJjeWdNa0NKaCs4ejR6cDgrM3JDVWZ5U2k5NVFjMVJzYUM1TUxYbFBCQmU0b1hBVnhsU3cKY3AzNnNaRVE2OWxzbktZZkUzUFpXakNFeWNtVlBidGpBWWl2cUFrdGVLUGZodERpZk1PZ1JOSXVqMU1mc1FqRApjbXppU2IvUGRRS0JnUUNOWkVscFgyQVNsWmdDbXhVM1Q4ZVdkZXErSnJzN0kxQ2RQOGRPY3VHVjNWM2MyYlYwCkZFU2lWbUtjbStUaHJaV3ZLdE9lZG93cFh5cVNyc3hUdjJoMGVULzJqTG11VzVzQlk4OXk0d2pLZk1ScTNUd0cKeWJmdUI5VG45eTcvTEhKVEs2dlN2N3ZEd0RzOC9Udm1rOVpvdDhMREhHcGhRQkIxWk9MQVVQN05MUUtCZ1FETQpvdlRIekErRldONXJJRXYvRnJYRTJ2N2ZyWThiWWhWcjAwQnRLZ2xpNUVjSzdaaEV1OSsrQTlxMXpTTmsvamsvCmx6OGZ6bWFKQUlkMHFFK3NFYnhUSjBrZi9CdHhXb0Y2d2JuNStvbTVpYlZoTVN2UnBvYmhaRXU1YTRxMTZhVUIKMHBOYWF2QzZjUmhlZC9IZS8yTHlid3QvVmpJN0FKNWNSRlNQcVNjZzZRS0JnRjNpd2pxaGNjNG1mdktOZStFdwpUN1lhOEp0cERjOThIVHNlUWhybi9JT1hHL0pEY3hNVG9CTUxpYmhNQllTMDlrU0EzVzV2UURuT1JqYm9UcXQrCitSU3gydVlMUzhxa0VCbFdjTC81RFJjeDB5TmRJL3AvaDZMK2h2WWNQMlhBcDdHajl5ZWNFVFRhZEFqYkw3bE0KRHFKdmcyaGJvR1ZpYXlBcjNtWkJkYkR5Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"

charts/stress-nonweb/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/stress-nonweb/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: stress-nonweb
+description: A Helm chart for Kubernetes
+
+# To use chart you can use the following commands (small image size is default):
+# helm upgrade --install releaseName --set imageSize=small|medium|large --set ingress.url=something.k3s.brokencrystals.nexploit.app  . --namespace distributor --wait
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+keywords:
+- stress-nonweb
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"