STRLCPY/tsunami-security-scanner

Add fake RemoteVulnDetector and bootstap module implementations for testing purposes.
```
PiperOrigin-RevId: 461063692
Change-Id: Ic3b4b4d18379302af3324b0dfddaa27fc8bcce90
```
John Y. Kim committed with Copybara-Service 2 years ago

fbbc03cc

1 parent e442ccf3

■ ■ ■ ■ ■ ■

plugin/src/main/java/com/google/tsunami/plugin/testing/FakeRemoteVulnDetector.java

1	+	/*
2	+	* Copyright 2022 Google LLC
3	+	*
4	+	* Licensed under the Apache License, Version 2.0 (the "License");
5	+	* you may not use this file except in compliance with the License.
6	+	* You may obtain a copy of the License at
7	+	*
8	+	* http://www.apache.org/licenses/LICENSE-2.0
9	+	*
10	+	* Unless required by applicable law or agreed to in writing, software
11	+	* distributed under the License is distributed on an "AS IS" BASIS,
12	+	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	+	* See the License for the specific language governing permissions and
14	+	* limitations under the License.
15	+	*/
16	+	package com.google.tsunami.plugin.testing;
17	+
18	+	import static com.google.common.collect.ImmutableList.toImmutableList;
19	+
20	+	import com.google.common.collect.ImmutableList;
21	+	import com.google.common.collect.Sets;
22	+	import com.google.protobuf.util.Timestamps;
23	+	import com.google.tsunami.plugin.PluginType;
24	+	import com.google.tsunami.plugin.RemoteVulnDetector;
25	+	import com.google.tsunami.proto.DetectionReport;
26	+	import com.google.tsunami.proto.DetectionReportList;
27	+	import com.google.tsunami.proto.DetectionStatus;
28	+	import com.google.tsunami.proto.MatchedPlugin;
29	+	import com.google.tsunami.proto.NetworkService;
30	+	import com.google.tsunami.proto.PluginDefinition;
31	+	import com.google.tsunami.proto.PluginInfo;
32	+	import com.google.tsunami.proto.Severity;
33	+	import com.google.tsunami.proto.TargetInfo;
34	+	import com.google.tsunami.proto.Vulnerability;
35	+	import com.google.tsunami.proto.VulnerabilityId;
36	+	import java.util.Set;
37	+
38	+	/**
39	+	* Fake {@link RemoteVulnDetector} implementation that only contains one {@link PluginDefinition}
40	+	* proto available to run.
41	+	*/
42	+	@com.google.tsunami.plugin.annotations.PluginInfo(
43	+	type = PluginType.REMOTE_VULN_DETECTION,
44	+	name = "FakeRemoteVulnDetector",
45	+	version = "v0.1",
46	+	description = "fake description",
47	+	author = "fake",
48	+	bootstrapModule = FakeRemoteVulnDetectorBootstrapModule.class)
49	+	public final class FakeRemoteVulnDetector implements RemoteVulnDetector {
50	+
51	+	private final Set<MatchedPlugin> matchedPluginsToRun;
52	+
53	+	// Used when multiple instances of this {@link RemoteVulnDetector} are created.
54	+	private final int fakePluginId;
55	+
56	+	public FakeRemoteVulnDetector() {
57	+	this(0);
58	+	}
59	+
60	+	public FakeRemoteVulnDetector(int fakePluginId) {
61	+	this.fakePluginId = fakePluginId;
62	+	this.matchedPluginsToRun = Sets.newHashSet();
63	+	}
64	+
65	+	@Override
66	+	public DetectionReportList detect(TargetInfo target, ImmutableList<NetworkService> services) {
67	+	return DetectionReportList.newBuilder()
68	+	.addAllDetectionReports(
69	+	matchedPluginsToRun.stream()
70	+	.map(
71	+	plugin ->
72	+	DetectionReport.newBuilder()
73	+	.setTargetInfo(target)
74	+	.setNetworkService(plugin.getServices(0))
75	+	.setDetectionTimestamp(Timestamps.fromMillis(1234567890L))
76	+	.setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
77	+	.setVulnerability(
78	+	Vulnerability.newBuilder()
79	+	.setMainId(
80	+	VulnerabilityId.newBuilder()
81	+	.setPublisher("GOOGLE")
82	+	.setValue("FakeRemoteVuln"))
83	+	.setSeverity(Severity.CRITICAL)
84	+	.setTitle("FakeTitle")
85	+	.setDescription("FakeRemoteDescription"))
86	+	.build())
87	+	.collect(toImmutableList()))
88	+	.build();
89	+	}
90	+
91	+	@Override
92	+	public ImmutableList<PluginDefinition> getAllPlugins() {
93	+	return ImmutableList.of(
94	+	PluginDefinition.newBuilder()
95	+	.setInfo(
96	+	PluginInfo.newBuilder()
97	+	.setType(PluginInfo.PluginType.VULN_DETECTION)
98	+	.setName("FakeRemoteVuln" + fakePluginId)
99	+	.setVersion("v0.1")
100	+	.setDescription("FakeRemoteDescription" + fakePluginId)
101	+	.setAuthor("fake"))
102	+	.build());
103	+	}
104	+
105	+	@Override
106	+	public void addMatchedPluginToDetect(MatchedPlugin plugin) {
107	+	this.matchedPluginsToRun.add(plugin);
108	+	}
109	+	}
110	+

■ ■ ■ ■ ■ ■

plugin/src/main/java/com/google/tsunami/plugin/testing/FakeRemoteVulnDetectorBootstrapModule.java

1	+	/*
2	+	* Copyright 2022 Google LLC
3	+	*
4	+	* Licensed under the Apache License, Version 2.0 (the "License");
5	+	* you may not use this file except in compliance with the License.
6	+	* You may obtain a copy of the License at
7	+	*
8	+	* http://www.apache.org/licenses/LICENSE-2.0
9	+	*
10	+	* Unless required by applicable law or agreed to in writing, software
11	+	* distributed under the License is distributed on an "AS IS" BASIS,
12	+	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	+	* See the License for the specific language governing permissions and
14	+	* limitations under the License.
15	+	*/
16	+	package com.google.tsunami.plugin.testing;
17	+
18	+	import com.google.tsunami.plugin.PluginBootstrapModule;
19	+
20	+	/**
21	+	* Bootstrapping module for {@link FakeRemoteVulnDetector}. Use this if there is need for only one
22	+	* fake RemoteVulnDetector, otherwise prefer making a fake RemoteVulnDetectorLoadingModule to load
23	+	* multiple instances.
24	+	*/
25	+	public final class FakeRemoteVulnDetectorBootstrapModule extends PluginBootstrapModule {
26	+	@Override
27	+	protected void configurePlugin() {
28	+	registerPlugin(FakeRemoteVulnDetector.class);
29	+	}
30	+	}
31	+

Add fake RemoteVulnDetector and bootstap module implementations for testing purposes.