crash.software
Projects
Pull Requests
Issues
Builds
tsunami-security-scanner
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY tsunami-security-scanner Commits 1888fb5a
🤬

  • Add helper methods for matching remote plugins with the targets.

    PiperOrigin-RevId: 464588286
Change-Id: Id420924a591ffccbb4ddfaaf0f9f8029486ba819
  • Loading...
  • John Y. Kim committed with Copybara-Service 2 years ago
    1888fb5a
    1 parent 9dc10b95
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/PluginManager.java
    skipped 16 lines
    17 17   
    18 18  import static com.google.common.collect.ImmutableList.toImmutableList;
    19 19  import static com.google.tsunami.common.data.NetworkServiceUtils.isWebService;
     20 +import static java.util.Arrays.stream;
    20 21   
    21 22  import com.google.auto.value.AutoValue;
    22 23  import com.google.common.base.Ascii;
    skipped 2 lines
    25 26  import com.google.tsunami.proto.MatchedPlugin;
    26 27  import com.google.tsunami.proto.NetworkService;
    27 28  import com.google.tsunami.proto.ReconnaissanceReport;
    28  -import java.util.Arrays;
    29 29  import java.util.List;
    30 30  import java.util.Map;
    31 31  import java.util.Optional;
    skipped 129 lines
    161 161   .addAllMatchedServices(reconnaissanceReport.getNetworkServicesList());
    162 162   for (com.google.tsunami.proto.PluginDefinition remotePluginDefinition :
    163 163   remoteVulnDetector.getAllPlugins()) {
    164  - var matchedPlugin =
    165  - MatchedPlugin.newBuilder()
    166  - // PluginDefinition proto of the language-specific detector.
    167  - .setPlugin(remotePluginDefinition)
    168  - // TODO(b/239439169): Add plugin matching logic for remote plugins.
    169  - .addAllServices(reconnaissanceReport.getNetworkServicesList())
    170  - .build();
    171  - remoteVulnDetector.addMatchedPluginToDetect(matchedPlugin);
     164 + var matchedPluginBuilder = MatchedPlugin.newBuilder();
     165 + if (!remotePluginDefinition.hasTargetServiceName()
     166 + && !remotePluginDefinition.hasTargetSoftware()
     167 + && !remotePluginDefinition.getForWebService()) {
     168 + matchedPluginBuilder
     169 + .setPlugin(remotePluginDefinition)
     170 + .addAllServices(reconnaissanceReport.getNetworkServicesList());
     171 + } else {
     172 + matchedPluginBuilder
     173 + .setPlugin(remotePluginDefinition)
     174 + .addAllServices(
     175 + reconnaissanceReport.getNetworkServicesList().stream()
     176 + .filter(
     177 + networkService ->
     178 + hasMatchingServiceName(networkService, remotePluginDefinition)
     179 + || hasMatchingSoftware(networkService, remotePluginDefinition))
     180 + .collect(toImmutableList()));
     181 + }
     182 + remoteVulnDetector.addMatchedPluginToDetect(matchedPluginBuilder.build());
    172 183   }
    173 184   return Optional.of(builder.build());
    174 185   }
    skipped 4 lines
    179 190   boolean hasServiceNameMatch =
    180 191   pluginDefinition.targetServiceName().isPresent()
    181 192   && (serviceName.isEmpty()
    182  - || Arrays.stream(pluginDefinition.targetServiceName().get().value())
     193 + || stream(pluginDefinition.targetServiceName().get().value())
    183 194   .anyMatch(
    184 195   targetServiceName ->
    185 196   Ascii.equalsIgnoreCase(targetServiceName, serviceName)));
    skipped 1 lines
    187 198   return hasServiceNameMatch || hasWebServiceMatch;
    188 199   }
    189 200   
     201 + private static boolean hasMatchingServiceName(
     202 + NetworkService networkService, com.google.tsunami.proto.PluginDefinition pluginDefinition) {
     203 + String serviceName = networkService.getServiceName();
     204 + boolean hasServiceNameMatch =
     205 + pluginDefinition.hasTargetServiceName()
     206 + && (serviceName.isEmpty()
     207 + || pluginDefinition.getTargetServiceName().getValueList().stream()
     208 + .anyMatch(
     209 + targetServiceName ->
     210 + Ascii.equalsIgnoreCase(targetServiceName, serviceName)));
     211 + boolean hasWebServiceMatch =
     212 + pluginDefinition.getForWebService() && isWebService(networkService);
     213 + return hasServiceNameMatch || hasWebServiceMatch;
     214 + }
     215 + 
    190 216   private static boolean hasMatchingSoftware(
    191 217   NetworkService networkService, PluginDefinition pluginDefinition) {
    192 218   String softwareName = networkService.getSoftware().getName();
    skipped 1 lines
    194 220   && (softwareName.isEmpty()
    195 221   || Ascii.equalsIgnoreCase(
    196 222   pluginDefinition.targetSoftware().get().name(), softwareName));
     223 + }
     224 + 
     225 + private static boolean hasMatchingSoftware(
     226 + NetworkService networkService, com.google.tsunami.proto.PluginDefinition pluginDefinition) {
     227 + String softwareName = networkService.getSoftware().getName();
     228 + return pluginDefinition.hasTargetSoftware()
     229 + && (softwareName.isEmpty()
     230 + || Ascii.equalsIgnoreCase(
     231 + pluginDefinition.getTargetSoftware().getName(), softwareName));
    197 232   }
    198 233   
    199 234   /** Matched {@link TsunamiPlugin}s based on certain criteria. */
    skipped 38 lines
  • ■ ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/testing/FakeRemoteVulnDetector.java
    skipped 63 lines
    64 64   
    65 65   @Override
    66 66   public DetectionReportList detect(TargetInfo target, ImmutableList<NetworkService> services) {
    67  - return DetectionReportList.newBuilder()
    68  - .addAllDetectionReports(
    69  - matchedPluginsToRun.stream()
    70  - .map(
    71  - plugin ->
    72  - DetectionReport.newBuilder()
    73  - .setTargetInfo(target)
    74  - .setNetworkService(plugin.getServices(0))
    75  - .setDetectionTimestamp(Timestamps.fromMillis(1234567890L))
    76  - .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
    77  - .setVulnerability(
    78  - Vulnerability.newBuilder()
    79  - .setMainId(
    80  - VulnerabilityId.newBuilder()
    81  - .setPublisher("GOOGLE")
    82  - .setValue("FakeRemoteVuln"))
    83  - .setSeverity(Severity.CRITICAL)
    84  - .setTitle("FakeTitle")
    85  - .setDescription("FakeRemoteDescription"))
    86  - .build())
    87  - .collect(toImmutableList()))
     67 + ImmutableList<ImmutableList<DetectionReport>> detectionReports =
     68 + matchedPluginsToRun.stream()
     69 + .map(
     70 + plugin ->
     71 + plugin.getServicesList().stream()
     72 + .map(service -> getFakeDetectionReport(target, service))
     73 + .collect(toImmutableList()))
     74 + .collect(toImmutableList());
     75 + var reportListBuilder = DetectionReportList.newBuilder();
     76 + detectionReports.forEach(reportListBuilder::addAllDetectionReports);
     77 + return reportListBuilder.build();
     78 + }
     79 + 
     80 + public static DetectionReport getFakeDetectionReport(
     81 + TargetInfo targetInfo, NetworkService networkService) {
     82 + return DetectionReport.newBuilder()
     83 + .setTargetInfo(targetInfo)
     84 + .setNetworkService(networkService)
     85 + .setDetectionTimestamp(Timestamps.fromMillis(1234567890L))
     86 + .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
     87 + .setVulnerability(
     88 + Vulnerability.newBuilder()
     89 + .setMainId(
     90 + VulnerabilityId.newBuilder().setPublisher("GOOGLE").setValue("FakeRemoteVuln"))
     91 + .setSeverity(Severity.CRITICAL)
     92 + .setTitle("FakeTitle")
     93 + .setDescription("FakeRemoteDescription"))
    88 94   .build();
    89 95   }
    90 96   
    skipped 20 lines
Please wait...
Page is in error, reload to recover