crash.software
Projects
Pull Requests
Issues
Builds
tsunami-security-scanner
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY tsunami-security-scanner Commits 545fe11d
🤬
  • ■ ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/NotImplementedException.java
    skipped 19 lines
    20 20  import com.google.errorprone.annotations.FormatString;
    21 21   
    22 22  /**
    23  - * Thrown whenever a {@link PayloadGeneratorConfig} results in a combination that does not have a
    24  - * payload.
     23 + * Thrown whenever a {@link com.google.tsunami.proto.PayloadGeneratorConfig} results in a
     24 + * combination that does not have a payload.
    25 25   *
    26 26   * <p> To reduce the burden on callers, this is an unchecked exception. The goal is simply to
    27 27   * notify the developer that the payload generator cannot be used in the requested context. If the
    skipped 10 lines
  • ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/Payload.java
    skipped 40 lines
    41 41   this.config = config;
    42 42   }
    43 43   
    44  - /** Returns the actual payload command string */
     44 + /**
     45 + * Get the string representation of the payload.
     46 + *
     47 + * @return the actual payload string
     48 + */
    45 49   public final String getPayload() {
    46 50   logger.atInfo().log(
    47 51   "%s generated payload `%s`, %s use the callback server",
    skipped 4 lines
    52 56   /**
    53 57   * Checks if the supplied payload was executed based on a given input e.g. a reflective RCE.
    54 58   *
    55  - * @param input - an UTF-8 encoded string
     59 + * @param input - a UTF-8 encoded string
     60 + * @return whether this payload is executed on the scan target.
    56 61   */
    57 62   public final boolean checkIfExecuted(String input) {
    58 63   return this.validator.isExecuted(Optional.of(ByteString.copyFromUtf8(input)));
    59 64   }
    60 65   
    61  - /** Checks if the supplied payload was executed based on a given input e.g. a reflective RCE. */
     66 + /**
     67 + * Checks if the supplied payload was executed based on a given input e.g. a reflective RCE.
     68 + *
     69 + * @param input - a sequence of bytes in the {@link ByteString} format.
     70 + * @return whether this payload is executed on the scan target.
     71 + */
    62 72   public final boolean checkIfExecuted(ByteString input) {
    63 73   return this.validator.isExecuted(Optional.of(input));
    64 74   }
    65 75   
    66  - /** Checks if the supplied payload was executed based on a given input e.g. a reflective RCE. */
     76 + /**
     77 + * Checks if the supplied payload was executed based on a given input e.g. a reflective RCE.
     78 + *
     79 + * @param input - an optional sequence of bytes in the {@link ByteString} format.
     80 + * @return whether this payload is executed on the scan target.
     81 + */
    67 82   public final boolean checkIfExecuted(Optional<ByteString> input) {
    68 83   return this.validator.isExecuted(input);
    69 84   }
    skipped 1 lines
    71 86   /**
    72 87   * Checks if the supplied payload was executed without supplying an input e.g. validation against
    73 88   * the callback server does not require input.
     89 + *
     90 + * @return whether this payload is executed on the scan target.
    74 91   */
    75 92   public final boolean checkIfExecuted() {
    76 93   return this.validator.isExecuted(Optional.empty());
    77 94   }
    78 95   
    79  - /** Returns additional information about the paylaod to the caller. */
     96 + /**
     97 + * Get additional attributes about this payload.
     98 + *
     99 + * @return the {@link PayloadAttributes} about this payload
     100 + */
    80 101   public final PayloadAttributes getPayloadAttributes() {
    81 102   return this.attributes;
    82 103   }
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/PayloadGenerator.java
    skipped 57 lines
    58 58   *
    59 59   * <p>The framework prioritizes finding a callback server payload if callback server is enabled
    60 60   * and falls back to any payload that matches.
     61 + *
     62 + * @param config configurations to the payload generator
     63 + * @return the generated {@link Payload} based on the given {@code config}
    61 64   */
    62 65   public Payload generate(PayloadGeneratorConfig config) {
    63 66   PayloadDefinition selectedPayload = null;
    skipped 76 lines
  • ■ ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/PayloadSecretGenerator.java
    skipped 40 lines
    41 41   return BaseEncoding.base16().lowerCase().encode(randomBytes);
    42 42   }
    43 43   
    44  - public static Module getModule() {
    45  - return new Module();
     44 + public static PayloadSecretGeneratorModule getModule() {
     45 + return new PayloadSecretGeneratorModule();
    46 46   }
    47 47   
    48  - private static final class Module extends AbstractModule {
     48 + private static final class PayloadSecretGeneratorModule extends AbstractModule {
    49 49   @Provides
    50 50   @PayloadSecretRng
    51 51   @Singleton
    skipped 13 lines
  • ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/Validator.java
    skipped 21 lines
    22 22  @FunctionalInterface
    23 23  public interface Validator {
    24 24   /**
    25  - * Returns whether the associated payload was executed.
     25 + * Checks whether the payload is executed.
     26 + *
     27 + * @param input - an optional sequence of bytes in the {@link ByteString} format.
     28 + * @return whether a payload is executed on the scan target.
    26 29   */
    27 30   boolean isExecuted(Optional<ByteString> input);
    28 31  }
    skipped 1 lines
  • ■ ■ ■ ■ ■
    plugin/src/main/java/com/google/tsunami/plugin/payload/testing/FakePayloadGeneratorModule.java
    skipped 27 lines
    28 28   
    29 29  /**
    30 30   * Guice module for interacting with {@link PayloadGenerator} in tests. Use {@link
    31  - * FakePayloadGeneratorModuleBuilder} instead of this directly.
     31 + * FakePayloadGeneratorModule.Builder} instead of this directly.
    32 32   */
    33 33  public final class FakePayloadGeneratorModule extends AbstractModule {
    34 34   private final TcsConfigProperties tcsConfig = new TcsConfigProperties();
    skipped 20 lines
    55 55   bind(TcsConfigProperties.class).toInstance(tcsConfig);
    56 56   }
    57 57   
    58  - /** Returns a builder for configuring the module */
     58 + /**
     59 + * Creates a builder for the {@link FakePayloadGeneratorModule}.
     60 + *
     61 + * @return a builder for configuring the module
     62 + */
    59 63   public static Builder builder() {
    60 64   return Builder.builder();
    61 65   }
    skipped 22 lines
Please wait...
Page is in error, reload to recover