def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="json_depth_limit_strings", severity=syntribos.MEDIUM, confidence=syntribos.HIGH, description=( "The string(s): '{0}', is known to be commonly " "returned after a successful overflow of the json" " parsers depth limit. This could possibly " "result in a dos vulnerability.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="json_depth_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=(_("The time it took to resolve a request " "was too long compared to the " "baseline request. This could indicate a " "vulnerability to denial of service attacks.")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="sql_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', known to be commonly " "returned after a successful SQL injection attack" ", have been found in the response. This could " "indicate a vulnerability to SQL injection " "attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="sql_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=(_("A response to one of our payload requests has " "taken too long compared to the baseline " "request. This could indicate a vulnerability " "to time-based SQL injection attacks")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="command_injection", severity=syntribos.HIGH, confidence=syntribos.MEDIUM, description=("A string known to be commonly returned after a " "successful command injection attack was " "included in the response. This could indicate " "a vulnerability to command injection " "attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="command_injection", severity=syntribos.HIGH, confidence=syntribos.MEDIUM, description=("The time elapsed between the sending of " "the request and the arrival of the res" "ponse exceeds the expected amount of time, " "suggesting a vulnerability to command " "injection attacks."))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="user_defined_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', is in the list of " "possible vulnerable keys. This may " "indicate a vulnerability to this form of " "user defined attack.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="user_defined_string_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=(_("A response to one of the payload requests has " "taken too long compared to the baseline " "request. This could indicate a vulnerability " "to time-based injection attacks using the user" " provided strings.")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find(slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="user_defined_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=( "The string(s): '{0}', is in the list of " "possible vulnerable keys. This may " "indicate a vulnerability to this form of " "user defined attack." ).format(failed_strings), ) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="user_defined_string_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=( "A response to one of the payload requests has " "taken too long compared to the baseline " "request. This could indicate a vulnerability " "to time-based injection attacks using the user " "provided strings." ), )
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="xml_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', known to be commonly " "returned after a successful XML external entity " "attack, have been found in the response. This " "could indicate a vulnerability to XML external " "entity attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="xml_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=( "The time it took to resolve a request with an " "invalid URL in the DTD takes too long compared " "to the baseline request. This could reflect a " "vulnerability to an XML external entity attack."))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="bof_strings", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=("The string(s): '{0}', known to be commonly " "returned after a successful buffer overflow " "attack, have been found in the response. This " "could indicate a vulnerability to buffer " "overflow attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="bof_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=(_("The time it took to resolve a request with a " "long string was too long compared to the " "baseline request. This could indicate a " "vulnerability to buffer overflow attacks")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="bof_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', known to be commonly " "returned after a successful buffer overflow " "attack, have been found in the response. This " "could indicate a vulnerability to buffer " "overflow attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="bof_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=(_("The time it took to resolve a request with a " "long string was too long compared to the " "baseline request. This could indicate a " "vulnerability to buffer overflow attacks")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="json_depth_limit_strings", severity=syntribos.MEDIUM, confidence=syntribos.HIGH, description=( "The string(s): '{0}', is known to be commonly " "returned after a successful overflow of the json" " parsers depth limit. This could possibly " "result in a dos vulnerability.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="json_depth_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=("The time it took to resolve a request " "was too long compared to the " "baseline request. This could indicate a " "vulnerability to denial of service attacks."))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="sql_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', known to be commonly " "returned after a successful SQL injection attack" ", have been found in the response. This could " "indicate a vulnerability to SQL injection " "attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="sql_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=("A response to one of our payload requests has " "taken too long compared to the baseline " "request. This could indicate a vulnerability " "to time-based SQL injection attacks"))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="command_injection", severity=syntribos.HIGH, confidence=syntribos.MEDIUM, description=("A string known to be commonly returned after a " "successful command injection attack was " "included in the response. This could indicate " "a vulnerability to command injection " "attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="command_injection", severity=syntribos.HIGH, confidence=syntribos.MEDIUM, description=(_("The time elapsed between the sending of " "the request and the arrival of the res" "ponse exceeds the expected amount of time, " "suggesting a vulnerability to command " "injection attacks.")))
def test_case(self): self.run_default_checks() self.test_signals.register(has_string(self)) if "FAILURE_KEYS_PRESENT" in self.test_signals: failed_strings = self.test_signals.find( slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"] self.register_issue( defect_type="xml_strings", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The string(s): '{0}', known to be commonly " "returned after a successful XML external entity " "attack, have been found in the response. This " "could indicate a vulnerability to XML external " "entity attacks.").format(failed_strings)) self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="xml_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("The time it took to resolve a request with an " "invalid URL in the DTD takes too long compared " "to the baseline request. This could reflect a " "vulnerability to an XML external entity attack.") )
def test_case(self): self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="int_timing", severity=syntribos.MEDIUM, confidence=syntribos.MEDIUM, description=("The time it took to resolve a request with an " "invalid integer was too long compared to the " "baseline request. This could indicate a " "vulnerability to buffer overflow attacks"))
def test_case(self): self.run_default_checks() self.diff_signals.register(time_diff(self)) if "TIME_DIFF_OVER" in self.diff_signals: self.register_issue( defect_type="redos_timing", severity=syntribos.MEDIUM, confidence=syntribos.LOW, description=("A response to one of our payload requests has " "taken too long compared to the baseline " "request. This could indicate a vulnerability " "to time-based Regex DoS attacks"))