Fix overeager requests update incompatible with python 2.7

Python 2.7 was very sad with dependabot's change.  Fixed!

Also three docker improvements:

- Make development easier with docker by using the
  files from the current directory instead of checking out
  a fresh copy.  This clutters the top level directory a bit,
  but it feels like a good tradeoff.

- Have the docker app listen on port 8080 by default, as fiddling with port 80 is a bit scary

- Have the docker app accept commandline parameters

And, finally, a README.md improvement:

- Show an example script to tickle three vulnerabilities in vuln_apps

Author: dkegel-fastly

docker/Dockerfile Dockerfiledocker/Dockerfile renamed to Dockerfile

@@ -4,13 +4,12 @@ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositori
 RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories
 RUN apk update && apk add mongodb git
 
-RUN git clone https://github.com/codingo/NoSQLMap.git /root/NoSqlMap
-
-WORKDIR /root/NoSqlMap
+WORKDIR /work
+COPY . /work
 
 RUN python setup.py install
 
-RUN python -m pip install requests 'certifi<=2020.4.5.1'
+RUN python -m pip install 'requests<2.28' 'certifi<=2020.4.5.1'
 
 COPY entrypoint.sh /tmp/entrypoint.sh
 RUN chmod +x /tmp/entrypoint.sh

README.md

@@ -46,7 +46,7 @@ There are some various other libraries required that a normal Python installatio
 python setup.py install
 ```
 
-Alternatively you can build a Docker image by changing to the docker directory and entering:
+Alternatively you can build a Docker image by entering:
 
 ```
 docker build -t nosqlmap .
@@ -102,4 +102,45 @@ This repo also includes an intentionally vulnerable web application to test NoSQ
 docker-compose build && docker-compose up
 ```
 
-Once that is complete, you should be able to access the vulnerable application by visiting: https://127.0.0.1/index.html
+Once that is complete, you should be able to access the vulnerable application by visiting: https://127.0.0.1:8080/index.html
+
+## Scripting
+
+The cli can also be scripted.  Here's an example script using NoSQLMap to detect the vulnerabilities in vuln_apps:
+
+```
+$ echo  "1. Account Lookup (acct.php)"
+$ docker-compose run --remove-orphans nosqlmap \
+    --attack 2 \
+    --victim host.docker.internal \
+    --webPort 8080 \
+    --uri "/acct.php?acctid=test" \
+    --httpMethod GET \
+    --params 1 \
+    --injectSize 4 \
+    --injectFormat 2 \
+    --doTimeAttack n
+
+$ echo "2. User Data Lookup (userdata.php) - JavaScript Injection"
+$ docker-compose run --remove-orphans nosqlmap \
+    --attack 2 \
+    --victim host.docker.internal \
+    --webPort 8080 \
+    --uri "/userdata.php?usersearch=test" \
+    --httpMethod GET \
+    --params 1 \
+    --injectSize 4 \
+    --injectFormat 2 \
+    --doTimeAttack n
+
+$ echo "3. Order Data Lookup (orderdata.php) - JavaScript Injection"
+$ docker-compose run --remove-orphans nosqlmap \
+    --attack 2 \
+    --victim host.docker.internal \
+    --webPort 8080 \
+    --uri "/orderdata.php?ordersearch=test" \
+    --httpMethod GET \
+    --params 1 \
+    --injectSize 4 \
+    --injectFormat 2 \
+    --doTimeAttack n

docker/docker-compose.yml docker-compose.ymldocker/docker-compose.yml renamed to docker-compose.yml

@@ -0,0 +1,2 @@
+#!/bin/ash
+python nosqlmap.py "$@"

docker/entrypoint.sh

@@ -16,7 +16,7 @@
 
 			install_requires = [ "CouchDB==1.0", "httplib2==0.19.0", "ipcalc==1.1.3",\
 								 "NoSQLMap==0.7", "pbkdf2==1.3", "pymongo==2.7.2",\
-								 "requests==2.32.4"],
+								 "requests<2.28"],
 
 			author = "tcstool",
 			author_email = "codingo@protonmail.com",

entrypoint.sh

@@ -6,7 +6,7 @@ services:
         links:
             - php
         ports:
-            - "80:80"
+            - "8080:80"
         volumes:
             - ./src:/usr/local/apache2/htdocs
     php: