From 60acf3842d20a5a6641d9ae1a4c4b02e6622d031 Mon Sep 17 00:00:00 2001
From: Aaron Hine <aaron.hine@deliveroo.co.uk>
Date: Thu, 30 Jan 2025 10:48:08 +0000
Subject: [PATCH] add non-vulnerable dockerfile

---
 Dockerfile                                         | 14 +++-----------
 vulnerable_log4j_docker/Dockerfile                 | 11 +++++++++++
 pom.xml => vulnerable_log4j_docker/pom.xml         |  0
 .../src}/main/java/MyExample.java                  |  0
 4 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100644 vulnerable_log4j_docker/Dockerfile
 rename pom.xml => vulnerable_log4j_docker/pom.xml (100%)
 rename {src => vulnerable_log4j_docker/src}/main/java/MyExample.java (100%)

diff --git a/Dockerfile b/Dockerfile
index 624a543..d4ff707 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,3 @@
-# trigger test
-FROM public.ecr.aws/docker/library/maven:3.8.4-jdk-8
-
-COPY . /usr/src/poc
-WORKDIR /usr/src/poc
-RUN mvn clean && mvn package
-
-# set this to disable the exploit
-#ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
-ENV SECRET_VALUE='if you can read this this code is vulnerable'
-CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"]
+FROM scratch
+COPY hello /
+CMD ["/hello"]
diff --git a/vulnerable_log4j_docker/Dockerfile b/vulnerable_log4j_docker/Dockerfile
new file mode 100644
index 0000000..624a543
--- /dev/null
+++ b/vulnerable_log4j_docker/Dockerfile
@@ -0,0 +1,11 @@
+# trigger test
+FROM public.ecr.aws/docker/library/maven:3.8.4-jdk-8
+
+COPY . /usr/src/poc
+WORKDIR /usr/src/poc
+RUN mvn clean && mvn package
+
+# set this to disable the exploit
+#ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true
+ENV SECRET_VALUE='if you can read this this code is vulnerable'
+CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"]
diff --git a/pom.xml b/vulnerable_log4j_docker/pom.xml
similarity index 100%
rename from pom.xml
rename to vulnerable_log4j_docker/pom.xml
diff --git a/src/main/java/MyExample.java b/vulnerable_log4j_docker/src/main/java/MyExample.java
similarity index 100%
rename from src/main/java/MyExample.java
rename to vulnerable_log4j_docker/src/main/java/MyExample.java