I’ve been wanting to learn Go, and I learn by doing, so I decided to write a POC for CVE-2021-22205, which is fairly straightforward RCE in Gitlab that dropped a few weeks ago. My process in developing this went like this.
- Do thirty seconds of research to find a prior Golang POC for this CVE. I didn’t find one, but I’m sure they exist somewhere. I still would have written this, even if I found one. It would make for something to compare my poorly written code to.
- Start writing code. My thoughts the whole time while I was writing this were some variation of the following, “There must be a better way to do this.”
- Test.
- Rewrite.
- Repeat above for about 6 hours.
- Success!
I’m going to need more practice. I’ve been so used to python for the last ten years, moving to Golang is going to take some work.
Anyway, here is a link to my POC.