add plugin cve-2021-39316 #73
Conversation
tooryx
added
the
Contributor queue
|
Hi @hh-hunter, thank you for your contribution! Can you please submit a testbed for this detector in the https://github.com/google/security-testbeds repo? |
|
google/security-testbeds#122 Testbed PR |
|
Hi @hh-hunter, Thank you for your contribution! I noticed that the code isn't formatted properly. I recommend following the guidelines outlined in the Public Review Process and using google-java-format to properly format your Java source code. Additionally, I wasn't able to detect the vulnerability using your plugin on an actual vulnerable WordPress instance. It seems that the Lastly, the test you provided passes even though the implementation is incorrect. To improve this, you should return actual You can either define a constant in the test file or create a resource file, as demonstrated here: validRCEResponse.json. Thanks again for your work, and I look forward to seeing the updates! |
|
|
||
| @Test | ||
| public void detect_whenVulnerable_returnsVulnerability() throws IOException { | ||
| mockWebResponse(CVE202139316VulnDetector.DETECTION_STRING); |
There was a problem hiding this comment.
Return a full passwd file here instead of the CVE202139316VulnDetector.DETECTION_STRING
|
|
||
| @Test | ||
| public void detect_whenNotVulnerable_returnsVulnerability() throws IOException { | ||
| mockWebResponse("Hello Word"); |
There was a problem hiding this comment.
The test should simulate the behavior of a secure WordPress instance.
I would expect the WordPress service to return a 400 response (or something similar) rather than a response with a 'Hello World' message in the body.
| if (httpResponse.status().code() != 200) { | ||
| return false; | ||
| } else { | ||
| return httpResponse.status().code() == 200 && (httpResponse.bodyString().get()).contains(DETECTION_STRING); |
There was a problem hiding this comment.
Here you should use the regex "root:.*:0:0" to detect if the bodyString is an actual passwd file
|
@alessandro-Doyensec hi, I have made changes to the code as suggested. |
|
Hey @hh-hunter , thanks for the fixes, the plugin now correctly detects the vulnerability. I’ve got two more requests left:
|
Okay, I'm looking for an environment without loopholes, because it's too long and a little time-consuming. |
|
Hi @hh-hunter, I understand your frustration, however we cannot directly push changes to your PRs. Even small changes require your involvement. Regarding the introduction of testbeds, I believe that you've started contributing to this project before it was mandatory. Apologies for the change but over time we realized that testbeds are essential to ensure high-quality plugins. We hope that you will continue to contribute to Tsunami and we will certainly keep everything in consideration when evaluating your contribution. Thanks again. Cc: @maoning |
|
Hi @hh-hunter, This vulnerability is too old and the testbed is difficult to setup again. Closing this issue. ~tooryx |
5 participants
No description provided.