■ ■ ■ ■ ■ ■
plugin/src/main/java/com/google/tsunami/plugin/testing/FakeRemoteVulnDetector.java
| 1 | + | /* |
| 2 | + | * Copyright 2022 Google LLC |
| 3 | + | * |
| 4 | + | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | + | * you may not use this file except in compliance with the License. |
| 6 | + | * You may obtain a copy of the License at |
| 7 | + | * |
| 8 | + | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | + | * |
| 10 | + | * Unless required by applicable law or agreed to in writing, software |
| 11 | + | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | + | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | + | * See the License for the specific language governing permissions and |
| 14 | + | * limitations under the License. |
| 15 | + | */ |
| 16 | + | package com.google.tsunami.plugin.testing; |
| 17 | + | |
| 18 | + | import static com.google.common.collect.ImmutableList.toImmutableList; |
| 19 | + | |
| 20 | + | import com.google.common.collect.ImmutableList; |
| 21 | + | import com.google.common.collect.Sets; |
| 22 | + | import com.google.protobuf.util.Timestamps; |
| 23 | + | import com.google.tsunami.plugin.PluginType; |
| 24 | + | import com.google.tsunami.plugin.RemoteVulnDetector; |
| 25 | + | import com.google.tsunami.proto.DetectionReport; |
| 26 | + | import com.google.tsunami.proto.DetectionReportList; |
| 27 | + | import com.google.tsunami.proto.DetectionStatus; |
| 28 | + | import com.google.tsunami.proto.MatchedPlugin; |
| 29 | + | import com.google.tsunami.proto.NetworkService; |
| 30 | + | import com.google.tsunami.proto.PluginDefinition; |
| 31 | + | import com.google.tsunami.proto.PluginInfo; |
| 32 | + | import com.google.tsunami.proto.Severity; |
| 33 | + | import com.google.tsunami.proto.TargetInfo; |
| 34 | + | import com.google.tsunami.proto.Vulnerability; |
| 35 | + | import com.google.tsunami.proto.VulnerabilityId; |
| 36 | + | import java.util.Set; |
| 37 | + | |
| 38 | + | /** |
| 39 | + | * Fake {@link RemoteVulnDetector} implementation that only contains one {@link PluginDefinition} |
| 40 | + | * proto available to run. |
| 41 | + | */ |
| 42 | + | @com.google.tsunami.plugin.annotations.PluginInfo( |
| 43 | + | type = PluginType.REMOTE_VULN_DETECTION, |
| 44 | + | name = "FakeRemoteVulnDetector", |
| 45 | + | version = "v0.1", |
| 46 | + | description = "fake description", |
| 47 | + | author = "fake", |
| 48 | + | bootstrapModule = FakeRemoteVulnDetectorBootstrapModule.class) |
| 49 | + | public final class FakeRemoteVulnDetector implements RemoteVulnDetector { |
| 50 | + | |
| 51 | + | private final Set<MatchedPlugin> matchedPluginsToRun; |
| 52 | + | |
| 53 | + | // Used when multiple instances of this {@link RemoteVulnDetector} are created. |
| 54 | + | private final int fakePluginId; |
| 55 | + | |
| 56 | + | public FakeRemoteVulnDetector() { |
| 57 | + | this(0); |
| 58 | + | } |
| 59 | + | |
| 60 | + | public FakeRemoteVulnDetector(int fakePluginId) { |
| 61 | + | this.fakePluginId = fakePluginId; |
| 62 | + | this.matchedPluginsToRun = Sets.newHashSet(); |
| 63 | + | } |
| 64 | + | |
| 65 | + | @Override |
| 66 | + | public DetectionReportList detect(TargetInfo target, ImmutableList<NetworkService> services) { |
| 67 | + | return DetectionReportList.newBuilder() |
| 68 | + | .addAllDetectionReports( |
| 69 | + | matchedPluginsToRun.stream() |
| 70 | + | .map( |
| 71 | + | plugin -> |
| 72 | + | DetectionReport.newBuilder() |
| 73 | + | .setTargetInfo(target) |
| 74 | + | .setNetworkService(plugin.getServices(0)) |
| 75 | + | .setDetectionTimestamp(Timestamps.fromMillis(1234567890L)) |
| 76 | + | .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED) |
| 77 | + | .setVulnerability( |
| 78 | + | Vulnerability.newBuilder() |
| 79 | + | .setMainId( |
| 80 | + | VulnerabilityId.newBuilder() |
| 81 | + | .setPublisher("GOOGLE") |
| 82 | + | .setValue("FakeRemoteVuln")) |
| 83 | + | .setSeverity(Severity.CRITICAL) |
| 84 | + | .setTitle("FakeTitle") |
| 85 | + | .setDescription("FakeRemoteDescription")) |
| 86 | + | .build()) |
| 87 | + | .collect(toImmutableList())) |
| 88 | + | .build(); |
| 89 | + | } |
| 90 | + | |
| 91 | + | @Override |
| 92 | + | public ImmutableList<PluginDefinition> getAllPlugins() { |
| 93 | + | return ImmutableList.of( |
| 94 | + | PluginDefinition.newBuilder() |
| 95 | + | .setInfo( |
| 96 | + | PluginInfo.newBuilder() |
| 97 | + | .setType(PluginInfo.PluginType.VULN_DETECTION) |
| 98 | + | .setName("FakeRemoteVuln" + fakePluginId) |
| 99 | + | .setVersion("v0.1") |
| 100 | + | .setDescription("FakeRemoteDescription" + fakePluginId) |
| 101 | + | .setAuthor("fake")) |
| 102 | + | .build()); |
| 103 | + | } |
| 104 | + | |
| 105 | + | @Override |
| 106 | + | public void addMatchedPluginToDetect(MatchedPlugin plugin) { |
| 107 | + | this.matchedPluginsToRun.add(plugin); |
| 108 | + | } |
| 109 | + | } |
| 110 | + | |