STRLCPY/tsunami-security-scanner

Running tsunami with callback server to verify producing both types of payloads with callback server enabled.
```
PiperOrigin-RevId: 464001136
Change-Id: If39d2fe4bf15296910b2cf6cb36bed17982c4118
```
Shruti Gupta committed with Copybara-Service 2 years ago

816ec61f

1 parent 22fd3b7f

■ ■ ■ ■ ■ ■

plugin/src/main/java/com/google/tsunami/plugin/payload/PayloadGenerator.java

		skipped 62 lines
63	63		* @return the generated {@link Payload} based on the given {@code config}
64	64		*/
65	65		public Payload generate(PayloadGeneratorConfig config) {
	66	+	return generatePayload(config, /* enforceNoCallback= */ false);
	67	+	}
	68	+
	69	+	public Payload generateNoCallback(PayloadGeneratorConfig config) {
	70	+	return generatePayload(config, /* enforceNoCallback= */ true);
	71	+	}
	72	+
	73	+	private Payload generatePayload(PayloadGeneratorConfig config, boolean enforceNoCallback) {
66	74		PayloadDefinition selectedPayload = null;
67	75
68		-	if (tcsClient.isCallbackServerEnabled()) {
	76	+	if (tcsClient.isCallbackServerEnabled() && !enforceNoCallback) {
69	77		for (PayloadDefinition candidate : payloads) {
70	78		if (isMatchingPayload(candidate, config) && candidate.getUsesCallbackServer().getValue()) {
71	79		selectedPayload = candidate;
		skipped 71 lines

■ ■ ■ ■ ■ ■

plugin/src/test/java/com/google/tsunami/plugin/payload/PayloadGeneratorWithCallbackServerTest.java

		skipped 63 lines
64	64		PayloadGeneratorConfig.InterpretationEnvironment.INTERPRETATION_ANY)
65	65		.setExecutionEnvironment(PayloadGeneratorConfig.ExecutionEnvironment.EXEC_ANY)
66	66		.build();
	67	+	private static final String CORRECT_PRINTF =
	68	+	"printf %s%s%s TSUNAMI_PAYLOAD_START ffffffffffffffff TSUNAMI_PAYLOAD_END";
67	69
68	70		@Before
69	71		public void setUp() throws IOException {
		skipped 21 lines
91	93		assertThat(payload.getPayload()).contains(mockCallbackServer.getHostName());
92	94		assertThat(payload.getPayload()).contains(Integer.toString(mockCallbackServer.getPort(), 10));
93	95		assertTrue(payload.getPayloadAttributes().getUsesCallbackServer());
	96	+	}
	97	+
	98	+	@Test
	99	+	public void generate_withLinuxConfiguration_returnsPrintfPayload() {
	100	+	Payload payload = payloadGenerator.generateNoCallback(LINUX_REFLECTIVE_RCE_CONFIG);
	101	+
	102	+	assertThat(payload.getPayload()).isEqualTo(CORRECT_PRINTF);
	103	+	assertFalse(payload.getPayloadAttributes().getUsesCallbackServer());
94	104		}
95	105
96	106		@Test
		skipped 92 lines

■ ■ ■ ■ ■ ■

plugin/src/test/java/com/google/tsunami/plugin/payload/PayloadGeneratorWithoutCallbackServerTest.java

		skipped 86 lines
87	87		}
88	88
89	89		@Test
	90	+	public void getNonCallbackPayload_withLinuxConfiguration_returnsPrintfPayload() {
	91	+	Payload payload = payloadGenerator.generateNoCallback(LINUX_REFLECTIVE_RCE_CONFIG);
	92	+
	93	+	assertThat(payload.getPayload()).isEqualTo(CORRECT_PRINTF);
	94	+	assertFalse(payload.getPayloadAttributes().getUsesCallbackServer());
	95	+	}
	96	+
	97	+	@Test
90	98		public void getPayload_withLinuxConfiguration_returnsPrintfPayload() {
91	99		Payload payload = payloadGenerator.generate(LINUX_REFLECTIVE_RCE_CONFIG);
92	100
		skipped 120 lines