#!perl
{
package MyWebServer;
{
$MyWebServer::VERSION = '1.132260';
}
use HTTP::Server::Simple::CGI;
use Getopt::Std;
use Data::Dumper;
use base qw(HTTP::Server::Simple::CGI);
use IPC::Transit;
my $opts = {};
getopt('Pd', $opts);
$| = 1;
my $debug = 0;
if($opts->{P}) {
$IPC::Transit::config_dir = $opts->{P};
print "Using alternative Transit config dir: $IPC::Transit::config_dir\n";
}
if($opts->{d}) {
$debug = $opts->{d};
print "Debug level $debug set\n";
}
my %dispatch = (
'/message' => \&resp_message,
);
sub handle_request {
my $self = shift;
my $cgi = shift;
my $path = $cgi->path_info();
my $handler = $dispatch{$path};
if (ref($handler) eq "CODE") {
print "HTTP/1.0 200 OK\r\n";
$handler->($cgi);
} else {
print "HTTP/1.0 404 Not found\r\n";
print $cgi->header,
$cgi->start_html('Not found'),
$cgi->h1('Not found'),
$cgi->end_html;
}
}
sub resp_message {
my $cgi = shift; # CGI.pm object
return if !ref $cgi;
eval {
my $serialized_message = $cgi->param('message');
print STDERR "$serialized_message\n" if $debug;
my $message = {
serialized_wire_data => $serialized_message,
};
IPC::Transit::unpack_data($message);
print STDERR Dumper $message if $debug;
my $qname = $message->{message}->{'.ipc_transit_meta'}->{destination_qname};
delete $message->{message}->{'.ipc_transit_meta'}->{destination_qname};
delete $message->{message}->{'.ipc_transit_meta'}->{destination};
IPC::Transit::send(qname => $qname, message => $message->{message});
print $cgi->header,
$cgi->start_html("Hello"),
$cgi->h1("Hello $serialized_message!"),
$cgi->end_html;
};
print "error: $@\n" if $@;
}
}
print "Note: as of now, you have just opened an enormous, externally exploitable security hole.\n";
print "This is a proof of concept server only. If you use it, make sure nobody you don't trust can get to it.\n";
# start the server on port 8080
MyWebServer->new(9816)->run;