Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better detection is_logged_in #473

Merged
merged 1 commit into from
Aug 11, 2023
Merged

Better detection is_logged_in #473

merged 1 commit into from
Aug 11, 2023

Conversation

RMI78
Copy link
Contributor

@RMI78 RMI78 commented Aug 4, 2023

Answer to #317 @tarraschk
TL;DR: This commit raise a false flag as soon as it detects error messages from the response, and unit tests have been added.

This is only a small improvement, but we can only go little by little to improve this feature, since knowing if we are logged in regardless of which website we are on is a thought challenge.

Unless someone has a genuine idea, I leave here things that already have been explored:

  • Checking redirections by replaying the request on the login page: may not work because some websites doesn't redirect when you are logged in, and doesn't redirect either when you fail to log in
  • Checking cookies state before and after the attempt of login: may work but should be implemented cautiously by exploring a large amount of cases (some websites uses cookies for the sessions, some others don't + we should differentiate other cookies from the logging ones)

A good approach would be a smart combination of all those checks with a prioritizing system, but it might be a better idea to move this mechanism somewhere else than in the parser because a simple method in the html_parser wouldn't be enough. A full object might be required in the future to take advantages of all the information we can have on a higher scope

Again, we should be very cautious when improving this method since we want to minimize false negative but absolutely want to avoid false positive.

@codecov-commenter
Copy link

codecov-commenter commented Aug 4, 2023
edited
Loading

Codecov Report

Merging #473 (83193c5) into master (3acba90) will increase coverage by 0.00%.
The diff coverage is 100.00%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@           Coverage Diff           @@
##           master     #473   +/-   ##
=======================================
  Coverage   77.70%   77.71%           
=======================================
  Files         104      104           
  Lines        8786     8789    +3     
=======================================
+ Hits         6827     6830    +3     
  Misses       1959     1959
Files Changed Coverage Δ
wapitiCore/parsers/html_parser.py 92.59% <100.00%> (+0.06%) ⬆️

@RMI78 RMI78 force-pushed the better_is_logged_in branch 2 times, most recently from ec3ad71 to f0154e3 Compare August 4, 2023 11:22
@RMI78 RMI78 force-pushed the better_is_logged_in branch from f0154e3 to 83193c5 Compare August 4, 2023 13:26
@bretfourbe bretfourbe merged commit 239f002 into wapiti-scanner:master Aug 11, 2023
@RMI78 RMI78 deleted the better_is_logged_in branch August 11, 2023 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devl00p devl00p devl00p approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RMI78 @codecov-commenter @devl00p @bretfourbe