def process(report: ReportWrapper) -> Optional[VulnTestInfo]:
""" Process the given report into a VulnTestInfo named tuple """
# If the user has not yet been prompted for automatic triaging
if not report.botHasCommented():
token = AutoTriageUtils.generateToken()
return VulnTestInfo(reproduced=False,
message=constants.initialMessage(token, 'redirect to a domain', 'Open Redirect'),
type='Open Redirect',
info={})
elif report.shouldBackoff():
if not report.hasPostedBackoffComment():
addFailureToDB(report.getReporterUsername(), report.getReportID())
return VulnTestInfo(reproduced=False,
message=('Automatic verification of vulnerability has failed, Backing off! Falling '
'back to human verification. '),
type='Open Redirect',
info={})
else:
return None
elif report.isVerified():
return None
try:
if isStructured(report.getLatestActivity()):
return processStructured(report, token=report.getToken())
else:
return processUnstructured(report, token=report.getToken())
except Exception as e:
print("Caught exception: %s" % str(e))
traceback.print_exc()
print("+" * 80)
return VulnTestInfo(reproduced=False,
message=('Internal error detected! Backing off...'),
type='Open Redirect',
info={})
def test_processUnstructured(monkeypatch):
from AutoTriageBot.modules import openRedirect # to clear out any monkey patching
monkeypatch.setattr(openRedirect, 'isProgramURL', lambda u: True)
monkeypatch.setattr(openRedirect.config, 'apiName', 'triagebot_username')
monkeypatch.setattr(openRedirect.config, 'timeout',
1) # To make the tests run faster
report = ReportWrapper()
monkeypatch.setattr(report, 'isVerified', lambda: False)
monkeypatch.setattr(report, 'botHasCommented', lambda: False)
monkeypatch.setattr(openRedirect.AutoTriageUtils, 'generateToken',
lambda: 'ABCDE')
assert openRedirect.process(report) == VulnTestInfo(
reproduced=False,
message=constants.initialMessage('ABCDE', 'redirect to a domain',
'Open Redirect'),
type='Open Redirect',
info={})
monkeypatch.setattr(report, 'botHasCommented', lambda: True)
monkeypatch.setattr(report, 'shouldBackoff', lambda: True)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: False)
monkeypatch.setattr(report, 'getReporterUsername',
lambda: 'TestFailureUser')
monkeypatch.setattr(report, 'getReportID', lambda: '-1')
oldCount = sqlite.countFailures("TestFailureUser")
assert openRedirect.process(report) == VulnTestInfo(
reproduced=False,
message=('Automatic verification of vulnerability has failed, '
'Backing off! '
'Falling back to human verification. '),
type='Open Redirect',
info={})
assert sqlite.countFailures("TestFailureUser") == (oldCount + 1)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: True)
assert openRedirect.process(report) is None
monkeypatch.setattr(report, 'shouldBackoff', lambda: False)
monkeypatch.setattr(report, 'getLatestActivity', lambda: "")
monkeypatch.setattr(report, 'getToken', lambda: "XYZ")
monkeypatch.setattr(report, 'isVerified', lambda: True)
assert openRedirect.process(report) is None
monkeypatch.setattr(report, 'isVerified', lambda: False)
assert (openRedirect.process(report) == openRedirect.processUnstructured(
report, token=report.getToken()) == VulnTestInfo(
reproduced=False,
message=constants.failedToFindURLsMessage,
type='Open Redirect',
info={'method': 'unstructured'}))
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/redir.php?q=http://XYZ.example.com/\n"
"```"))
vti = openRedirect.process(report)
assert vti.reproduced is True
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/noVulnerability.html"
"```\n"
"```\n"
"http://vulnserver/redir.php?q=http://XYZ.example.com/\n"
"```"))
vti = openRedirect.process(report)
assert openRedirect.process(report) == openRedirect.processUnstructured(
report, token=report.getToken()) == vti
assert vti.reproduced is True
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/redir.php?q=http://example.com/\n"
"```"))
vti = openRedirect.process(report)
assert vti.reproduced is False
assert vti.message == (
openRedirect.tokenNotFoundMessage %
("http://vulnserver/redir.php?q=http://example.com/",
'http://example.com/', 'XYZ', 'XYZ'))
def test_processUnstructured(monkeypatch):
monkeypatch.setattr(sqli, 'isProgramURL', lambda u: True)
report = ReportWrapper()
monkeypatch.setattr(report, 'isVerified', lambda: False)
monkeypatch.setattr(report, 'botHasCommented', lambda: False)
monkeypatch.setattr(sqli, 'getRandInt', lambda: '12')
assert sqli.process(report) == VulnTestInfo(reproduced=False,
message=sqli.initialMessage %
('12', '12', '12'),
type='SQLi',
info={})
monkeypatch.setattr(report, 'botHasCommented', lambda: True)
monkeypatch.setattr(report, 'shouldBackoff', lambda: True)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: False)
monkeypatch.setattr(report, 'getReporterUsername',
lambda: 'TestFailureUser')
monkeypatch.setattr(report, 'getReportID', lambda: '-1')
oldCount = sqlite.countFailures("TestFailureUser")
assert sqli.process(report) == VulnTestInfo(
reproduced=False,
message=('Automatic verification of vulnerability has failed, Backing '
'off! Falling '
'back to human verification. '),
type='SQLi',
info={})
assert sqlite.countFailures("TestFailureUser") == (oldCount + 1)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: True)
assert sqli.process(report) is None
monkeypatch.setattr(report, 'shouldBackoff', lambda: False)
monkeypatch.setattr(report, 'getLatestActivity', lambda: "")
monkeypatch.setattr(report, 'getToken', lambda: "12")
monkeypatch.setattr(report, 'isVerified', lambda: True)
assert sqli.process(report) is None
monkeypatch.setattr(report, 'isVerified', lambda: False)
assert (sqli.process(report) == sqli.processUnstructured(
report, token=report.getToken()) == VulnTestInfo(
reproduced=False,
message=constants.failedToFindURLsMessage,
type='SQLi',
info={'method': 'unstructured'}))
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/sqli.php?q=12\n"
"```"))
vti = sqli.process(report)
assert vti.reproduced is True
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/noVulnerability.html"
"```\n"
"```\n"
"http://vulnserver/sqli.php?q=12\n"
"```"))
vti = sqli.process(report)
assert sqli.process(report) == sqli.processUnstructured(
report, token=report.getToken()) == vti
assert vti.reproduced is True
monkeypatch.setattr(
report, 'getLatestActivity', lambda:
("```\n"
"http://vulnserver/sqli.php?q=15\n"
"```"))
vti = sqli.process(report)
assert vti.reproduced is False
assert vti.message == (sqli.wrongDelayMessage % ('15', '12', '12'))
def test_processUnstructured(monkeypatch):
monkeypatch.setattr(xss.AutoTriageUtils, 'isProgramURL', lambda u: True)
r = ReportWrapper(domXSSInitReport)
monkeypatch.setattr(r, 'isVerified', lambda: False)
monkeypatch.setattr(AutoTriageUtils, 'generateToken', lambda: 'ABCDE')
assert xss.process(r) == VulnTestInfo(reproduced=False,
info={},
message=constants.initialMessage('ABCDE', 'pop up an alert box', 'XSS'),
type='XSS')
report = ReportWrapper()
monkeypatch.setattr(report, 'isVerified', lambda: False)
monkeypatch.setattr(report, 'botHasCommented', lambda: False)
assert xss.process(report) == VulnTestInfo(reproduced=False,
message=constants.initialMessage('ABCDE', 'pop up an alert box', 'XSS'),
type='XSS',
info={})
monkeypatch.setattr(report, 'botHasCommented', lambda: True)
monkeypatch.setattr(report, 'shouldBackoff', lambda: True)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: False)
monkeypatch.setattr(report, 'getReporterUsername', lambda: 'TestFailureUser')
monkeypatch.setattr(report, 'getReportID', lambda: '-1')
oldCount = sqlite.countFailures("TestFailureUser")
assert xss.process(report) == VulnTestInfo(reproduced=False,
message=('Automatic verification of vulnerability has failed, Backing '
'off! Falling '
'back to human verification. '),
type='XSS',
info={})
assert sqlite.countFailures("TestFailureUser") == (oldCount + 1)
monkeypatch.setattr(report, 'hasPostedBackoffComment', lambda: True)
assert xss.process(report) is None
monkeypatch.setattr(report, 'shouldBackoff', lambda: False)
monkeypatch.setattr(report, 'getLatestActivity', lambda: "")
monkeypatch.setattr(report, 'getToken', lambda: "ABCDE")
monkeypatch.setattr(report, 'isVerified', lambda: True)
assert xss.process(report) is None
monkeypatch.setattr(report, 'isVerified', lambda: False)
assert (xss.process(report) == xss.processUnstructured(report, token=report.getToken()) ==
VulnTestInfo(reproduced=False,
message=constants.failedToFindURLsMessage,
type='XSS',
info={'method': 'unstructured'}))
monkeypatch.setattr(report, 'getLatestActivity', lambda: ("```"
"http://vulnserver/xss.php?q="
"<script>alert(\"ABCDE\")</script>"
"```"))
vti = xss.process(report)
assert xss.process(report) == xss.processUnstructured(report, token=report.getToken()) == vti
assert vti.reproduced is True
monkeypatch.setattr(report, 'getLatestActivity', lambda: ("```\n"
"http://vulnserver/noVulnerability.html"
"```\n"
"```\n"
"http://vulnserver/xss.php?q="
"<script>alert(\"ABCDE\")</script>\n"
"```"))
vti = xss.process(report)
assert xss.process(report) == xss.processUnstructured(report, token=report.getToken()) == vti
assert vti.reproduced is True
monkeypatch.setattr(report, 'getLatestActivity', lambda: ("```\n"
"http://vulnserver/xss.php?q="
"<script>alert(\"WRONG\")</script>\n"
"```"))
vti = xss.process(report)
assert vti.reproduced is False
assert 'Failed to confirm the vulnerability! Detected an alert' in vti.message