예제 #1
0
def suggestPayout(report: ReportWrapper) -> Optional[BountyInfo]:
    """ Returns a BountyInfo containing a suggested payout and the standard deviation for the given report """
    if xss.match(report.getReportBody(), report.getReportWeakness()):
        return suggestPayoutGivenType(config.payoutDB['xss'],
                                      report.getVulnDomains())
    if openRedirect.match(report.getReportBody(), report.getReportWeakness()):
        return suggestPayoutGivenType(config.payoutDB['open redirect'],
                                      report.getVulnDomains())
    if sqli.match(report.getReportBody(), report.getReportWeakness()):
        return suggestPayoutGivenType(config.payoutDB['sqli'],
                                      report.getVulnDomains())
    return None
예제 #2
0
def test_ReportWrapperGetters():
    r = ReportWrapper(openRedirectReproJson)
    assert r.getReportID() == '239981'
    assert r.getLatestActivity() == ("blah open_redirect\n\n[some](http://example.com/redir.php?QUERY_STRING="
                                     "https://google.com)")
    assert r.getReportBody() == ("blah open_redirect\n\n[some](http://example.com/redir.php?QUERY_STRING="
                                 "https://google.com)")
    assert r.getReportWeakness() == "Open Redirect"
    assert r.getReportTitle() == "open redirect"
    assert r.getVulnDomains() == ['example.com']
    r = ReportWrapper(openRedirectUnreproJson)
    assert r.getReportID() == '240035'
    assert r.getLatestActivity() == ("this is detected as an open redirect but there is no markdown link to it\n\n"
                                     "https://example.com/redir.php?QUERY_STRING=https://google.com")
    assert r.getReportBody() == ("this is detected as an open redirect but there is no markdown link to it\n\n"
                                 "https://example.com/redir.php?QUERY_STRING=https://google.com")
    assert r.getReportWeakness() == "Open Redirect"
    assert r.getReportTitle() == "malformed open redirect"
    assert r.getVulnDomains() == ['example.com']