From e4fb037dc22cd3e3fc7f3c31b2f8811a0786b158 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anatol=20Karalko=C5=AD?= <anatol1988@gmail.com>
Date: Tue, 26 Dec 2023 13:04:19 +0100
Subject: [PATCH] Add xxe apps charts

Add branch to GitHub Action

Update certificate issuer

Update charts version

working java-xxe app

Update Ingress

Update Ingess url

Implementation of templates

Java-xxe using template

Fix Ingress and Service

Add python and php
---
 .github/workflows/release.yml              |   1 -
 charts/java-xxe/Chart.lock                 |   6 ++
 charts/java-xxe/Chart.yaml                 |  15 ++++
 charts/java-xxe/charts/xxe-lab-0.0.1.tgz   | Bin 0 -> 1310 bytes
 charts/java-xxe/values.yaml                |  79 +++++++++++++++++++++
 charts/php-xxe/Chart.lock                  |   6 ++
 charts/php-xxe/Chart.yaml                  |  14 ++++
 charts/php-xxe/charts/xxe-lab-0.0.1.tgz    | Bin 0 -> 1310 bytes
 charts/php-xxe/values.yaml                 |  78 ++++++++++++++++++++
 charts/python-xxe/Chart.lock               |   6 ++
 charts/python-xxe/Chart.yaml               |  14 ++++
 charts/python-xxe/charts/xxe-lab-0.0.1.tgz | Bin 0 -> 1310 bytes
 charts/python-xxe/values.yaml              |  78 ++++++++++++++++++++
 xxe-lab/Chart.yaml                         |   5 ++
 xxe-lab/templates/deployment.yaml          |  35 +++++++++
 xxe-lab/templates/ingress.yaml             |  31 ++++++++
 xxe-lab/templates/service.yaml             |  14 ++++
 xxe-lab/values.yaml                        |   4 ++
 18 files changed, 385 insertions(+), 1 deletion(-)
 create mode 100644 charts/java-xxe/Chart.lock
 create mode 100644 charts/java-xxe/Chart.yaml
 create mode 100644 charts/java-xxe/charts/xxe-lab-0.0.1.tgz
 create mode 100644 charts/java-xxe/values.yaml
 create mode 100644 charts/php-xxe/Chart.lock
 create mode 100644 charts/php-xxe/Chart.yaml
 create mode 100644 charts/php-xxe/charts/xxe-lab-0.0.1.tgz
 create mode 100644 charts/php-xxe/values.yaml
 create mode 100644 charts/python-xxe/Chart.lock
 create mode 100644 charts/python-xxe/Chart.yaml
 create mode 100644 charts/python-xxe/charts/xxe-lab-0.0.1.tgz
 create mode 100644 charts/python-xxe/values.yaml
 create mode 100644 xxe-lab/Chart.yaml
 create mode 100644 xxe-lab/templates/deployment.yaml
 create mode 100644 xxe-lab/templates/ingress.yaml
 create mode 100644 xxe-lab/templates/service.yaml
 create mode 100644 xxe-lab/values.yaml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7fa5692..bc9fa47 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - oleg/dvwp
 
 jobs:
   packages:
diff --git a/charts/java-xxe/Chart.lock b/charts/java-xxe/Chart.lock
new file mode 100644
index 0000000..8974899
--- /dev/null
+++ b/charts/java-xxe/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: xxe-lab
+  repository: file://../../xxe-lab
+  version: 0.0.1
+digest: sha256:3e3f606aa1fc38c55f88a4f7be4591a74b1f71797f7768d9984385b31860f77c
+generated: "2023-10-09T19:08:04.18085+07:00"
diff --git a/charts/java-xxe/Chart.yaml b/charts/java-xxe/Chart.yaml
new file mode 100644
index 0000000..ebc7d8c
--- /dev/null
+++ b/charts/java-xxe/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: java-xxe
+description: |
+  Security vulnerability in Java applications that occurs when 
+  an attacker can manipulate the processing of XML input 
+  to include references to external entities.
+type: application
+keywords:
+- java-xxe
+version: 0.0.4
+appVersion: "1.0.0"
+dependencies:
+- name: xxe-lab
+  version: 0.0.1
+  repository: "file://../../xxe-lab"
diff --git a/charts/java-xxe/charts/xxe-lab-0.0.1.tgz b/charts/java-xxe/charts/xxe-lab-0.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2249c75f6fd0e23d212d9b50dd3ad4b576a2527d
GIT binary patch
literal 1310
zcmV+(1>yQ1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PLAxZ`(Eyz~!tDnf8*$Jsym{N|9VU8T6F4DX;=v5G+N}J$1Bn
zaR^hSMpCW~FF>F6x%SZpNt7*F&Jtj8(yaUe!RgQOc%*oDq%)tR$H@5b^%arYUyzhJ
z_f8N5!O?J7${+|fWe|>zoNzb_!@+3uVszvL;b1fzI1t>wD_wG>iFAVh+}Gydo(LqP
zA5bbPcm%V7OR{Wr8~TACxCyFQ(oC0+enyr;Tr3s16cRpud;^S(A;FA^MT%T2my;AD
zFw4rF)y4up@I&{pM{C)nj{g~9IjY?xfLr4~9B#({@v)8n2Z8d5M5Q7ZAeStH=?mqL
zrI;d*<w9w~l+SUVF+sIYvdjgDQR)c#eHVb_`ikKUSp<E*Z=?GOQpdl>G-E`gI$S67
z`^pBl#D6#%4L0I`baWKh_<snNOAjRB69oT5RRS8t9Imfj&-2{oCV^y`I-G^>l=38k
z)0MKDq9zH^q(~*zCSbXQ=l-wAkSO%eNQ!WM?Jbw!^Xl3ts*J?jw9Ds}8Y5$5Ws-uz
zfjgL18ODXaLWZ#xvTB<W9bdg`7`v-EfI2{op~hefSj*<!tpe1J7Q}*ULOIHYCC^M|
zm3(VxN+#8u`Q>G8t?~9eXY5=s8ZRPv$v%^XYG^2ob4m5$wcr}(I%>QEDAokM1pLEz
z+Mnf&E0i;o{dPwHG0Di7GO8)6wiN)9B%6<l@tnPR|LNuFFK^E}ogz=#_A?>%hFNbt
zOXs4fM8zBwdT@OW4NZwk<T7r1wOoQ0zmb%Izj_aU0;fDdt|1(>yJvKU9F;nkVvIM~
zY3X!qHAeN=k-nX7{x>^<d)x}%lK%%`c)Xea!;#JZ4?;Kpo9~ZXvp+}uS;#5n6My=X
z@~K#tg11$>oz?-uxzMCIi<+>W=3|r`HI}~AOE+djsR;Ol@_DINUezP>+l?|Q<_k|L
z=4Dc75eudw=)Zq=F$?_=Dmm!iYNjwCF`*LUVtaf^n8K>na%r;Z^NlI?i>);DS2?w~
z^-{vg1Z80|X1UTRJ*rfWG6IHLmHYBcd+}xAZc=w(a!g%JbX|))xDraY%E`8`v2t;1
z!Y}MIwfWUnz51oajiKd|t#hfuSfW0w7sIWykx->29p_re&y*!Gk;&SJZM~IE8!ov3
zGH2MDgzf8a$0NVeI$KYEM)Xyy9(m=X2o75%u6Xu-kzoYq5-;hz^>R$&De_KXEqtai
zcI)k(L$FOzQM<+fc%F`nwb-b-Uw@Ia+(@_no0ar%^*<O6N1ggVwDtc%=+=Mp{kN9?
zRk6RQly+F`w;$l{dai059K0%*wK7(f%QTS_)az5k`u^L=YIXekrx%|tw2-)iKK?!a
z!(k9~e*YaDk8J!u5WQD<5<1R-<2d_HC7r*vtL~e>4tuq&>hHjDm_r=xpraCXS3exb
z`MzwEI$5)Q%*I0O;Qx{qi^XEGeB<;gvH!zkJ7Td|zB-Eh07jk|`K6LQ^M23BXN@)o
zMuL$iMt-Se&*<$L`OL_DBM*!OBTtO{Qc07vdgk!aGd=gr38i;nBp7+Jo4K)Ao;u%E
z;-IMiZ*D&STP&9UF}-J}7pJe*2Z9cJW+U*s(fPY>c*90uulm98M`x{PHv<-n#bU8o
UERV=P0RRC1|7;a1a{xL3008}v<p2Nx

literal 0
HcmV?d00001

diff --git a/charts/java-xxe/values.yaml b/charts/java-xxe/values.yaml
new file mode 100644
index 0000000..ab6eb32
--- /dev/null
+++ b/charts/java-xxe/values.yaml
@@ -0,0 +1,79 @@
+xxe-lab:
+  deployments:
+    - name: attackerserver
+      image: brightsec/java-xxe:attackerserver
+      port: 8888
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8888
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: aws-metadata
+      image: brightsec/java-xxe:aws-metadata
+      port: 8111
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8111
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: vulnserver
+      image: brightsec/java-xxe:vulnserver
+      # entrypoint: ""
+      port: 8080
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8080
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+  services:
+    - name: attackerserver
+      port: 8888
+      targetPort: 8888
+
+    - name: aws-metadata
+      port: 8111
+      targetPort: 8111
+
+    - name: vulnserver
+      port: 8080
+      targetPort: 8080
+
+  ingresses:
+    - name: attackerserver
+      port: 8888
+
+    - name: aws-metadata
+      port: 8111
+
+    - name: vulnserver
+      port: 8080
diff --git a/charts/php-xxe/Chart.lock b/charts/php-xxe/Chart.lock
new file mode 100644
index 0000000..b1ab0b9
--- /dev/null
+++ b/charts/php-xxe/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: xxe-lab
+  repository: file://../../xxe-lab
+  version: 0.0.1
+digest: sha256:3e3f606aa1fc38c55f88a4f7be4591a74b1f71797f7768d9984385b31860f77c
+generated: "2023-10-11T11:41:50.6249+07:00"
diff --git a/charts/php-xxe/Chart.yaml b/charts/php-xxe/Chart.yaml
new file mode 100644
index 0000000..974e522
--- /dev/null
+++ b/charts/php-xxe/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: php-xxe
+description: |
+  Web application built with PHP that has a vulnerability allowing attackers
+  to exploit XML processing flaws for malicious purposes.
+type: application
+keywords:
+- php-xxe
+version: 0.0.4
+appVersion: "1.0.0"
+dependencies:
+- name: xxe-lab
+  version: 0.0.1
+  repository: "file://../../xxe-lab"
diff --git a/charts/php-xxe/charts/xxe-lab-0.0.1.tgz b/charts/php-xxe/charts/xxe-lab-0.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..cf4ffb3f502d6f027a4b420b126b9c2f30058eac
GIT binary patch
literal 1310
zcmV+(1>yQ1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PLAxZ`(Eyz~!tDnf8*$Jsym{N|78p8T6F4DX;=v5G+N}J$1Bn
zaR^hSMpCW~FF>F6x%SZpNt7*F&Jtj8(ysgg!RgQOc%*oDq%)tR$H@5b)isgYUyzhJ
z4^9vS!SQfd${+|fWe|>zop3k`!{OlQI6QHJa4<SLaUghjSGwd%6X^v1xv$N^eI<~L
zzDKF3;1SFQF3GahZRiJn;3lYINi$tO`WaaYaj{h3N=W$d;WaQah6FPv7AbPATuxGq
zz$`0wRvQcazz^N09<61QI{s&b<*0U(0Pc+caJU)&C&xDa9|g)M5|xTvfLyW&rbo&j
zOEE<r%Z1W}DWBs!V}fd*WSI*Pqtp@f`z`><^)<s8vIzQq-$wUWNFDzg(~J>~>TsRR
zA1WK%5&z+6G}ws$(eY?x<Nq;OE<KQhPZ0d~RS9SmbGW&2J<oHSn*@?&>TnjiQ_7PF
z&Q{89ikc)ulOmN=n}FpKp8LNdL!!_>Cn>_sjkjEa&#P;rs4^07(=MM^YK)ALl}QQ;
z2kv27Wf&Lw3K_;)$f|8hbbS4`VeG!<0O|lSh8lw{U@e>Xw+c`@S`Z7a3FRmomOL|=
zRr0N&DVbDr=9ibXwZ_|voUseRXuOEv1^Yx6s-dAU&L!20SAuJt>!|SxpjZ?13h)o(
zX@8b8u29ZU_S+o+#3UnQ%BZHO+ExHal59RI#&iDq-NzSazq~o`bc#G_+s}m58)m)r
zEM17A5*2e$=)uhmG&ChDk;}O4)p7}1{6<m+{^~va37ql-xrT7i?w-*Za#ZR<iZR||
zr=`=e)fm-NNBVZU`QPja9&jsoNB$p#;mKzH4~I7YKMLLaZ@xcn&HfzqCn2YlPyFdm
z%BNyo3f@%hc3KAr=R%X>ENa4fnvYR()L8mbFWs0Cr6S-H%IBq8c~y_hZ#T-Mm@hn~
zn3qYRMJ$+#p#Sde<t+3=sN|r3r<uZl#Dq$Wi|z3hVG65O%caSt&o`#nFSgRqU**)|
z)=LQ|6O@I?nB_{N^r%uf$_N;0Rqo3(?ZsDxyGh-F$uV^?(RD5I;94l%Dks~%#>&O5
z3BRz<)aF-P_3D=vH-?r=w$7yrV~P5_UJQ56MnaXAbewA;KT(#%L?&w=w)IvvZMftD
z$edwo61K0y9gqB4>uf#w8PV6RdgPUlA~<Z7xZ>HnMTQYvNW7x+*2^)8r^q{nweXq7
z*sZts4#74>MeP~`;CVVO)?%aTe)&btax2~XZ&uRd)&F2P9Chmdk*)uaLbv{#@4vPD
zuZsO;rL@Chzx@Dr-*Z*t;NVrctd+5<T&9VfpkALM*7x5|R;%ORKfC;RsfENH^zrZU
z9}a_{^ZW1MWMJd}k?6h5lhAPv9LL#rD(U>SU3K65b=a$IReuML!yMvh2OX8D`}*NH
z&i7@T)XAFdV>T9I2mhC}SS%Kc<r}A0iTxj*+7XMz^2Jf)2Qc!~$j_DRnfH4}K5Mi&
zFcOSBHS%*Mdq!{1$Y)0G8+l+P7<p>s=SrHS)iZ~Wp6R(~PAI(tBf-ei-OP=}^0o6_
zB@T-E|N8dxzr|wtAJcnwc6s)4eIV$tXEp-A8=b%FhPP}4_NpHYe{|M*b~9kHSS%Kc
U#qxyw6954J|7|Yl0024w0FsEERR910

literal 0
HcmV?d00001

diff --git a/charts/php-xxe/values.yaml b/charts/php-xxe/values.yaml
new file mode 100644
index 0000000..fbfa929
--- /dev/null
+++ b/charts/php-xxe/values.yaml
@@ -0,0 +1,78 @@
+xxe-lab:
+  deployments:
+    - name: attackerserver
+      image: brightsec/php-xxe:attackerserver
+      port: 8888
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8888
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: aws-metadata
+      image: brightsec/php-xxe:aws-metadata
+      port: 8111
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8111
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: vulnserver
+      image: brightsec/php-xxe:vulnserver
+      port: 80
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 80
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+  services:
+    - name: attackerserver
+      port: 8888
+      targetPort: 8888
+
+    - name: aws-metadata
+      port: 8111
+      targetPort: 8111
+
+    - name: vulnserver
+      port: 80
+      targetPort: 80
+
+  ingresses:
+    - name: attackerserver
+      port: 8888
+
+    - name: aws-metadata
+      port: 8111
+
+    - name: vulnserver
+      port: 80
diff --git a/charts/python-xxe/Chart.lock b/charts/python-xxe/Chart.lock
new file mode 100644
index 0000000..1198fa8
--- /dev/null
+++ b/charts/python-xxe/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: xxe-lab
+  repository: file://../../xxe-lab
+  version: 0.0.1
+digest: sha256:3e3f606aa1fc38c55f88a4f7be4591a74b1f71797f7768d9984385b31860f77c
+generated: "2023-10-11T11:57:30.763802+07:00"
diff --git a/charts/python-xxe/Chart.yaml b/charts/python-xxe/Chart.yaml
new file mode 100644
index 0000000..cb3824d
--- /dev/null
+++ b/charts/python-xxe/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: python-xxe
+description: |
+  App built with python that has a vulnerability allowing attackers
+  to exploit XML processing flaws for malicious purposes.
+type: application
+keywords:
+- python-xxe
+version: 0.0.4
+appVersion: "1.0.0"
+dependencies:
+- name: xxe-lab
+  version: 0.0.1
+  repository: "file://../../xxe-lab"
diff --git a/charts/python-xxe/charts/xxe-lab-0.0.1.tgz b/charts/python-xxe/charts/xxe-lab-0.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c574cf0b8f650d2252f8df8b7e0f7331f5af4f82
GIT binary patch
literal 1310
zcmV+(1>yQ1iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PLAxZ`(Eyz~!tDnf8*$Jsym{N|9W<8T6F4DX;=v5G+N}J$1Bn
zaR^hSMpCW~FF>F6x%SZpNt7*F&Jtj;)2{ph!RgQOc%*oDq%)tR$H@5j)isgYUyzhJ
z4^9vS!Sms;ltB<|${-v)cf#Q)42Of!@Z^~jgoDvAbRc+mSGwd%6X^v1xv$N^eI<~L
zzDKF3;1SFQF3GahZRiJn;3lYINi$tO`WaaYaj{h3N=W$d;WaQah6FPv7AbPATuxGq
zz$`0wRvQcazz^NW9<61QI{s&b<*0U(0Pc+caJU)&Cnq-k_X6b;iAqH-KrUGX(`U*b
zOEE<r%Z1W}DWBs!V}fd*WSI*Pqtp@f`z`><^)<s8vIzQq-$wUWNFDzg(~J>~>Uf>Z
zA1WK%5&z+6G}ws$(eu%XjsJbHTzVi0pCI_}s}j&C=5TZ4dY<PtHwh%m)bT8Ir<5lV
zoUN4I6g5eRCPgZ#HUY~eJoSG?hD4!%PEv%M8*jM;pI6sLQDr3Frd>X-)EF5fE0Yuy
z4&1}E$}leU6*7#qkX751==l0=!`OYz0n`Cv3^fK@z*;u%Zxx_+v>+B-6UtFGEO}-!
ztK?flQ!=UM%r7r%YmK)TIb#=s(RdNT3-*aDR6|2yoJ*<~uLRdP*HPmYK(Qw172qGn
z)BY@HT%nwy?6*4th)G7qlu=DlwXFb<B-wmajOYCIyN@r<etC1==@fa=wx0>9H_UqL
zS-KEKB`W5i(1V*BXlP1QBA0R7tK|~3_>H6t{MCE-6FB7wat-02-94i-<fznz6l1)_
zPD`g_t1+s_j`Zzx^S{{<Jm6OFj{H9e!;{VY9}aE)-wWORZ@xcn&HfzqCn2YlPyFdm
z%BNyo3f@%hc3KAr=R%X>ENa4fnvYR()L8mbFWs0Cr6S-H%IBq8c~y_hZ#T-Mm@hn~
zn3qYRMJ$+#p#Sde<t+3=sN|r3r<uZl#Dq$Wi|z3hVG65O%caStPdBF6FSgRqU**)|
z)=LQ|6O@I?nB_{N^r%uf$_N;0Rqo3(?ZsDxyGh-F$uV^?(RD5I;94l%Dks~%#>&O5
z3BRz<)aF-P_3D=vH-?r=w$7yrV~P5_UJQ56MnaXAbewA;KT(#%L?&w=w)IvvZMftD
z$edwo61K0y9gqB4>uf#w8PV6RdgPUlA~<f9xZ>HnMTQYvNW7x+*2^)8r^q{nweXq7
z*sZts4#74>MeP~`;CVVO)?%aTe)&btax2~XZ&uR&>VGgCjym=KnXUhOp<DmW_upFn
zSH=FaQrcm$-+q9*@42dRaPX>J*2-8_F4II#P_IuB>-%pftJU%EpIv^u)I#D8`uO+w
z4~Id}`TcirGPLo(CwedQBy^l3$8ipwN;-dSS3NX;9S&++)!&ihFo!tWK}RL(zJ554
z^L^PSb+Tsrn2m+l!T%*K7K_DV`Nrv0;_!#ZcEn<_d~p={0gOB~@^dA7=KX<@Pa18G
zj07W3jr?56p3yrn@`;g$MjjanMxGk^xsoPn^~~X;XL|0L6H4#MNHFqrH*;gLeC>Q!
ziKC+azrOwaZ?RbZ$Ml|@U7o#M9|$@en2o^iM(6Lk;Vm11gX#yvADy+H-3(YP7K_DV
Uu{<LG1ONd4|HvftT>v@&0G#EOC;$Ke

literal 0
HcmV?d00001

diff --git a/charts/python-xxe/values.yaml b/charts/python-xxe/values.yaml
new file mode 100644
index 0000000..9154930
--- /dev/null
+++ b/charts/python-xxe/values.yaml
@@ -0,0 +1,78 @@
+xxe-lab:
+  deployments:
+    - name: attackerserver
+      image: brightsec/python-xxe:attackerserver
+      port: 8888
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8888
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: aws-metadata
+      image: brightsec/python-xxe:aws-metadata
+      port: 8111
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 8111
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+    - name: vulnserver
+      image: brightsec/python-xxe:vulnserver
+      port: 5000
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 150m
+          memory: 512Mi
+      livenessProbe:
+        httpGet:
+          path: /
+          port: 5000
+          scheme: HTTP
+        initialDelaySeconds: 120
+        periodSeconds: 30
+
+  services:
+    - name: attackerserver
+      port: 8888
+      targetPort: 8888
+
+    - name: aws-metadata
+      port: 8111
+      targetPort: 8111
+
+    - name: vulnserver
+      port: 5000
+      targetPort: 5000
+
+  ingresses:
+    - name: attackerserver
+      port: 8888
+
+    - name: aws-metadata
+      port: 8111
+
+    - name: vulnserver
+      port: 5000
diff --git a/xxe-lab/Chart.yaml b/xxe-lab/Chart.yaml
new file mode 100644
index 0000000..d5da33d
--- /dev/null
+++ b/xxe-lab/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: xxe-lab
+description: Helm chart for XXE lab deployments
+version: 0.0.1
+appVersion: "1.0.0"
diff --git a/xxe-lab/templates/deployment.yaml b/xxe-lab/templates/deployment.yaml
new file mode 100644
index 0000000..a03f141
--- /dev/null
+++ b/xxe-lab/templates/deployment.yaml
@@ -0,0 +1,35 @@
+{{- range .Values.deployments }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $.Release.Name }}-{{ .name }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: {{ $.Release.Name }}-{{ .name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ $.Release.Name }}-{{ .name }}
+  template:
+    metadata:
+      labels:
+        app: {{ $.Release.Name }}-{{ .name }}
+    spec:
+      containers:
+        - name: app
+          image: {{ .image }}
+          imagePullPolicy: Always
+          securityContext:
+            {{- if eq .name "vulnserver" }}
+            capabilities:
+              add:
+                - NET_ADMIN
+            {{- end }}
+          ports:
+            - containerPort: {{ .port }} 
+          resources:
+          {{ toYaml .resources | nindent 12 }}
+          livenessProbe:
+          {{ toYaml .livenessProbe | nindent 12 }}
+{{- end }}
diff --git a/xxe-lab/templates/ingress.yaml b/xxe-lab/templates/ingress.yaml
new file mode 100644
index 0000000..eac2fd3
--- /dev/null
+++ b/xxe-lab/templates/ingress.yaml
@@ -0,0 +1,31 @@
+{{- range .Values.ingresses }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $.Release.Name }}-{{ .name }}
+  namespace: {{ $.Release.Namespace }}
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-ssl-protocols: "TLSv1.1 TLSv1.2"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    {{ if eq $.Values.ingress.cert "" }}
+    cert-manager.io/cluster-issuer: letsencrypt-cf-prod
+    {{ end }}
+spec:
+  tls:
+    - hosts:
+        - {{ $.Release.Name }}{{ if eq .name "vulnserver" }}{{ else }}-{{ .name }}{{ end }}.{{ $.Values.ingress.url }}
+      secretName: {{ if eq $.Values.ingress.cert "" }}distributorwildcard{{ else }}{{ $.Values.ingress.cert }}{{ end }}
+  rules:
+    - host: {{ $.Release.Name }}{{ if eq .name "vulnserver" }}{{ else }}-{{ .name }}{{ end }}.{{ $.Values.ingress.url }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $.Release.Name }}-{{ .name }}
+                port:
+                  number: {{ .port }}
+{{- end }}
diff --git a/xxe-lab/templates/service.yaml b/xxe-lab/templates/service.yaml
new file mode 100644
index 0000000..5412db8
--- /dev/null
+++ b/xxe-lab/templates/service.yaml
@@ -0,0 +1,14 @@
+{{- range .Values.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $.Release.Name }}-{{ .name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  selector:
+    app: {{ $.Release.Name }}-{{ .name }}
+  ports:
+    - port: {{ .port }}
+      targetPort: {{ .targetPort }}
+{{- end }}
diff --git a/xxe-lab/values.yaml b/xxe-lab/values.yaml
new file mode 100644
index 0000000..8bf52d7
--- /dev/null
+++ b/xxe-lab/values.yaml
@@ -0,0 +1,4 @@
+ingress:
+  url: k3s.brokencrystals.nexploit.app
+  cert: ""
+  authlevel: "."