Skip to content

Commit

Permalink
reformat some code
Browse files Browse the repository at this point in the history
  • Loading branch information
devl00p committed Sep 22, 2024
1 parent 48479c4 commit c4d1e08
Show file tree
Hide file tree
Showing 11 changed files with 199 additions and 167 deletions.
40 changes: 20 additions & 20 deletions tests/integration/test_mod_log4shell/assertions/smart_checker.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/python3
import re
import sys
import sys
import json

# This python script will check reports with urls in it
Expand All @@ -9,21 +9,20 @@
# similar needs

KEY_NOT_FOUND_STR = "Key {key} doesn't exist in the report"
CONTENT_MISTMATCH_STR= "Content {content_report} mismatch with the assertion {content_assertion}"
CONTENT_MISTMATCH_STR = "Content {content_report} mismatch with the assertion {content_assertion}"
RAND_URL_PART = re.compile(r"(/[0-9a-z]+){4}-")
JSESSIONID_REG=re.compile(r"JSESSIONID=[0-9A-z]{32}")
PAYLOAD_REG=re.compile(r"jndi.*\.l")
JSESSIONID_REG = re.compile(r"JSESSIONID=[0-9A-z]{32}")
PAYLOAD_REG = re.compile(r"jndi.*\.l")



def match_trim(string_1: str, string_2: str, reg: str)-> tuple[str,str]:
def match_trim(string_1: str, string_2: str, reg: str) -> tuple[str, str]:
# Find the first match of the regex in both string, ensure that they
# are at the same positions, and remove them, regexes MUST exist in the string
# and MUST be at the same position
assert (match_1 := reg.search(string_1)) and (match_2 := reg.search(string_2)), \
"Regex: no match found"
return string_1[:match_1.start()]+string_1[match_1.end():],\
string_2[:match_2.start()]+string_2[match_2.end():]
"Regex: no match found"
return string_1[:match_1.start()] + string_1[match_1.end():], \
string_2[:match_2.start()] + string_2[match_2.end():]


def static_checking(report, assertion):
Expand All @@ -37,7 +36,8 @@ def static_checking(report, assertion):
static_checking(item_report, item_assertion)
else:
assert report == assertion, \
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)


def main():
assert len(sys.argv) == 3, "wrong number of arguments"
Expand All @@ -50,22 +50,22 @@ def main():

static_checking(json_report, json_assertion)

#"http_requrest" contain some non-static data
infos={
"assertion":json_assertion["vulnerabilities"]["Log4Shell"][0]["http_request"],
# "http_requrest" contain some non-static data
infos = {
"assertion": json_assertion["vulnerabilities"]["Log4Shell"][0]["http_request"],
"report": json_report["vulnerabilities"]["Log4Shell"][0]["http_request"]
}

if JSESSIONID_REG.search(infos["report"]) is not None:
infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
JSESSIONID_REG)
infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
PAYLOAD_REG)

infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
JSESSIONID_REG)
infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
PAYLOAD_REG)

return 0


if __name__ == "__main__":
sys.exit(main())
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/python3
import re
import sys
import sys
import json

# This python script will check reports with urls in it
Expand All @@ -9,24 +9,23 @@
# similar needs

KEY_NOT_FOUND_STR = "Key {key} doesn't exist in the report"
CONTENT_MISTMATCH_STR= "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
CONTENT_MISTMATCH_STR = "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
RAND_PAYLOAD_PART = re.compile(r"%28.*%29")



def match_trim(string_1: str, string_2: str, reg: str)-> tuple[str,str]:
def match_trim(string_1: str, string_2: str, reg: str) -> tuple[str, str]:
# Find the first match of the regex in both string, ensure that they
# are at the same positions, and remove them, regexes MUST exist in the string
# and MUST be at the same position
assert (match_1 := reg.search(string_1)) and (match_2 := reg.search(string_2)), \
"Regex: no match found"
return string_1[:match_1.start()]+string_1[match_1.end():],\
string_2[:match_2.start()]+string_2[match_2.end():]
"Regex: no match found"
return string_1[:match_1.start()] + string_1[match_1.end():], \
string_2[:match_2.start()] + string_2[match_2.end():]


def static_checking(report, assertion, regex):
if isinstance(report, dict) and isinstance(assertion, dict):
for key,_ in report.items():
for key, _ in report.items():
assert key in assertion, KEY_NOT_FOUND_STR.format(key=key)
if key == "http_request":
report[key], assertion[key] = match_trim(report[key], assertion[key], regex)
Expand All @@ -36,7 +35,8 @@ def static_checking(report, assertion, regex):
static_checking(item_report, item_assertion, regex)
else:
assert report == assertion, \
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)


def main():
assert len(sys.argv) == 3, "wrong number of arguments"
Expand All @@ -51,5 +51,6 @@ def main():

return 0


if __name__ == "__main__":
sys.exit(main())
19 changes: 10 additions & 9 deletions tests/integration/test_mod_sql/assertions/smart_checker.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/python3
import re
import sys
import sys
import json

# This python script will check reports with urls in it
Expand All @@ -9,24 +9,23 @@
# similar needs

KEY_NOT_FOUND_STR = "Key {key} doesn't exist in the report"
CONTENT_MISTMATCH_STR= "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
CONTENT_MISTMATCH_STR = "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
RAND_PAYLOAD_PART = re.compile(r"Linda[A-Z0-9%]*")



def match_trim(string_1: str, string_2: str, reg: str)-> tuple[str,str]:
def match_trim(string_1: str, string_2: str, reg: str) -> tuple[str, str]:
# Find the first match of the regex in both string, ensure that they
# are at the same positions, and remove them, regexes MUST exist in the string
# and MUST be at the same position
assert (match_1 := reg.search(string_1)) and (match_2 := reg.search(string_2)), \
"Regex: no match found"
return string_1[:match_1.start()]+string_1[match_1.end():],\
string_2[:match_2.start()]+string_2[match_2.end():]
"Regex: no match found"
return string_1[:match_1.start()] + string_1[match_1.end():], \
string_2[:match_2.start()] + string_2[match_2.end():]


def static_checking(report, assertion, regex):
if isinstance(report, dict) and isinstance(assertion, dict):
for key,_ in report.items():
for key, _ in report.items():
assert key in assertion, KEY_NOT_FOUND_STR.format(key=key)
if key == "http_request":
report[key], assertion[key] = match_trim(report[key], assertion[key], regex)
Expand All @@ -36,7 +35,8 @@ def static_checking(report, assertion, regex):
static_checking(item_report, item_assertion, regex)
else:
assert report == assertion, \
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)


def main():
assert len(sys.argv) == 3, "wrong number of arguments"
Expand All @@ -51,5 +51,6 @@ def main():

return 0


if __name__ == "__main__":
sys.exit(main())
36 changes: 19 additions & 17 deletions tests/integration/test_mod_ssrf/assertions/smart_checker.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/python3
import re
import sys
import sys
import json

# This python script will check reports with different dates, IP and random numbers in it
Expand All @@ -10,20 +10,20 @@

ALL_KEYS = {"method", "path", "info", "level", "parameter", "wstg", "http_request"}
KEY_NOT_FOUND_STR = "Key {key} doesn't exist in the report"
CONTENT_MISTMATCH_STR= "Content {content_report} mismatch with the assertion {content_assertion}"
CONTENT_MISTMATCH_STR = "Content {content_report} mismatch with the assertion {content_assertion}"
DATE_REG = re.compile(r"[0-9]{4}(-[0-9]{2}){2}T([0-9]{2}:){2}[0-9]{2}\+[0-9]{2}:[0-9]{2}")
IP_REG = re.compile(r"([0-9]{1,3}\.){3}[0-9]{1,3}")
RAND_URL_PART = re.compile(r"(/[0-9a-z]+){4}-")


def match_trim(string_1: str, string_2: str, reg: str)-> tuple[str,str]:
def match_trim(string_1: str, string_2: str, reg: str) -> tuple[str, str]:
# Find the first match of the regex in both string, ensure that they
# are at the same positions, and remove them, regexes MUST exist in the string
# and MUST be at the same position
assert (match_1 := reg.search(string_1)) and (match_2 := reg.search(string_2)), \
"Regex: no match found"
return string_1[:match_1.start()]+string_1[match_1.end():],\
string_2[:match_2.start()]+string_2[match_2.end():]
"Regex: no match found"
return string_1[:match_1.start()] + string_1[match_1.end():], \
string_2[:match_2.start()] + string_2[match_2.end():]


def static_structure_checking(report: dict):
Expand All @@ -33,12 +33,13 @@ def static_structure_checking(report: dict):
for key in ALL_KEYS:
assert key in report["vulnerabilities"]["Server Side Request Forgery"][0], KEY_NOT_FOUND_STR.format(key=key)


def static_content_checking(report, assertions):
for key in ALL_KEYS-{"info"}:
for key in ALL_KEYS - {"info"}:
content_report = report["vulnerabilities"]["Server Side Request Forgery"][0][key]
content_assertion = assertions["vulnerabilities"]["Server Side Request Forgery"][0][key]
assert content_report == \
content_assertion, \
content_assertion = assertions["vulnerabilities"]["Server Side Request Forgery"][0][key]
assert content_report == \
content_assertion, \
CONTENT_MISTMATCH_STR.format(content_report=content_report, content_assertion=content_assertion)


Expand All @@ -54,21 +55,22 @@ def main():
static_structure_checking(json_report)
static_content_checking(json_report, json_assertion)

#"info" contain some non-static data
infos={
"assertion":json_assertion["vulnerabilities"]["Server Side Request Forgery"][0]["info"],
# "info" contain some non-static data
infos = {
"assertion": json_assertion["vulnerabilities"]["Server Side Request Forgery"][0]["info"],
"report": json_report["vulnerabilities"]["Server Side Request Forgery"][0]["info"]
}

#there are 2 times the IP address
# there are 2 times the IP address
seq = [DATE_REG, IP_REG, IP_REG, RAND_URL_PART]
for reg in seq:
infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
reg)
infos["assertion"], infos["report"] = match_trim(infos["assertion"],
infos["report"],
reg)
assert infos["assertion"] == infos["report"]

return 0


if __name__ == "__main__":
sys.exit(main())
18 changes: 10 additions & 8 deletions tests/integration/test_mod_xxe/assertions/smart_checker.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/python3
import re
import sys
import sys
import json

# This python script will check reports with urls in it
Expand All @@ -9,25 +9,25 @@
# similar needs

KEY_NOT_FOUND_STR = "Key {key} doesn't exist in the report"
CONTENT_MISTMATCH_STR= "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
CONTENT_MISTMATCH_STR = "CONTENT:\n\n{content_report} \n\nMISMATCH WITH THE ASSERTION:\n\n {content_assertion}"
RAND_URL_PART = re.compile(r"endpoint(/[0-9a-zA-Z_]*){5}")
DATE_REG = re.compile(r"[0-9]{4}(-[0-9]{2}){2}T([0-9]{2}:){2}[0-9]{2}\+[0-9]{2}:[0-9]{2}")
IP_REG = re.compile(r"([0-9]{1,3}\.){3}[0-9]{1,3}")


def match_trim(string_1: str, string_2: str, reg)-> tuple[str,str]:
def match_trim(string_1: str, string_2: str, reg) -> tuple[str, str]:
# Find the first match of the regex in both string, ensure that they
# are at the same positions, and remove them, regexes MUST exist in the string
# and MUST be at the same position
assert (match_1 := reg.search(string_1)) and (match_2 := reg.search(string_2)), \
"Regex: no match found"
return string_1[:match_1.start()]+string_1[match_1.end():],\
string_2[:match_2.start()]+string_2[match_2.end():]
"Regex: no match found"
return string_1[:match_1.start()] + string_1[match_1.end():], \
string_2[:match_2.start()] + string_2[match_2.end():]


def static_checking(report, assertion):
if isinstance(report, dict) and isinstance(assertion, dict):
for key,_ in report.items():
for key, _ in report.items():
assert key in assertion, KEY_NOT_FOUND_STR.format(key=key)
if key == "http_request" and "http://endpoint" in report[key]:
report[key], assertion[key] = match_trim(report[key], assertion[key], RAND_URL_PART)
Expand All @@ -40,7 +40,8 @@ def static_checking(report, assertion):
static_checking(item_report, item_assertion)
else:
assert report == assertion, \
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)
CONTENT_MISTMATCH_STR.format(content_report=report, content_assertion=assertion)


def main():
assert len(sys.argv) == 3, "wrong number of arguments"
Expand All @@ -55,5 +56,6 @@ def main():

return 0


if __name__ == "__main__":
sys.exit(main())
13 changes: 6 additions & 7 deletions tests/integration/wapiti/misc_functions.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,12 @@
from re import findall, MULTILINE
from json import dumps

from templates_and_data import TREE_CHECKER


def purge_irrelevant_data(data) -> None:
"""
Look recursively for any pattern matching a 2 lenght sized list with
"date", "last-modified", "keep-alive" or "etag" in a dictionnary containing lists,
dictionnaries, and other non-collections structures. Removing them because those
Look recursively for any pattern matching a 2 length sized list with
"date", "last-modified", "keep-alive" or "etag" in a dictionary containing lists,
dictionaries, and other non-collections structures. Removing them because those
datas can change from one test to another and aren't really relevant
"""
if isinstance(data, dict):
Expand All @@ -30,8 +28,9 @@ def purge_irrelevant_data(data) -> None:

def filter_data(data, filter):
"""
Filter recursively data from report using a filter, is sensitive to report changes and don't check if the filter is correct
make sure to write filter correctly or reinforce this function
Filter recursively data from report using a filter, is sensitive to report changes and don't check
if the filter is correct.
Make sure to write filter correctly or reinforce this function
"""
# Another check, type based, also considering if filter and data order match
assert (type(data) is type(filter)) or (type(data) is type(None)), \
Expand Down
Loading

0 comments on commit c4d1e08

Please sign in to comment.