Exemplos de time_diff em Python

Exemplo n.º 1

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="json_depth_limit_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.HIGH,
                description=(
                    "The string(s): '{0}', is known to be commonly "
                    "returned after a successful overflow of the json"
                    " parsers depth limit. This could possibly "
                    "result in a dos vulnerability.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="json_depth_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=(_("The time it took to resolve a request "
                               "was too long compared to the "
                               "baseline request. This could indicate a "
                               "vulnerability to denial of service attacks.")))

Exemplo n.º 2

Arquivo: sql.py Projeto: wooyunyang/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="sql_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful SQL injection attack"
                             ", have been found in the response. This could "
                             "indicate a vulnerability to SQL injection "
                             "attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="sql_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=(_("A response to one of our payload requests has "
                               "taken too long compared to the baseline "
                               "request. This could indicate a vulnerability "
                               "to time-based SQL injection attacks")))

Exemplo n.º 3

Arquivo: command_injection.py Projeto: webshell520/syntribos

 def test_case(self):
     self.run_default_checks()
     self.test_signals.register(has_string(self))
     if "FAILURE_KEYS_PRESENT" in self.test_signals:
         failed_strings = self.test_signals.find(
             slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
         self.register_issue(
             defect_type="command_injection",
             severity=syntribos.HIGH,
             confidence=syntribos.MEDIUM,
             description=("A string known to be commonly returned after a "
                          "successful command injection attack was "
                          "included in the response. This could indicate "
                          "a vulnerability to command injection "
                          "attacks.").format(failed_strings))
     self.diff_signals.register(time_diff(self))
     if "TIME_DIFF_OVER" in self.diff_signals:
         self.register_issue(
             defect_type="command_injection",
             severity=syntribos.HIGH,
             confidence=syntribos.MEDIUM,
             description=("The time elapsed between the sending of "
                          "the request and the arrival of the res"
                          "ponse exceeds the expected amount of time, "
                          "suggesting a vulnerability to command "
                          "injection attacks."))

Exemplo n.º 4

Arquivo: user_defined.py Projeto: jfreeman812/SecurityTesting

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="user_defined_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', is in the list of "
                             "possible vulnerable keys. This may "
                             "indicate a vulnerability to this form of "
                             "user defined attack.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="user_defined_string_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=(_("A response to one of the payload requests has "
                               "taken too long compared to the baseline "
                               "request. This could indicate a vulnerability "
                               "to time-based injection attacks using the user"
                               " provided strings.")))

Exemplo n.º 5

Arquivo: user_defined.py Projeto: openstack/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="user_defined_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=(
                    "The string(s): '{0}', is in the list of "
                    "possible vulnerable keys. This may "
                    "indicate a vulnerability to this form of "
                    "user defined attack."
                ).format(failed_strings),
            )

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="user_defined_string_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=(
                    "A response to one of the payload requests has "
                    "taken too long compared to the baseline "
                    "request. This could indicate a vulnerability "
                    "to time-based injection attacks using the user "
                    "provided strings."
                ),
            )

Exemplo n.º 6

Arquivo: xml_external.py Projeto: jfreeman812/SecurityTesting

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="xml_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful XML external entity "
                             "attack, have been found in the response. This "
                             "could indicate a vulnerability to XML external "
                             "entity attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="xml_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=(
                    "The time it took to resolve a request with an "
                    "invalid URL in the DTD takes too long compared "
                    "to the baseline request. This could reflect a "
                    "vulnerability to an XML external entity attack."))

Exemplo n.º 7

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="bof_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful buffer overflow "
                             "attack, have been found in the response. This "
                             "could indicate a vulnerability to buffer "
                             "overflow attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="bof_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=(_("The time it took to resolve a request with a "
                               "long string was too long compared to the "
                               "baseline request. This could indicate a "
                               "vulnerability to buffer overflow attacks")))

Exemplo n.º 8

Arquivo: buffer_overflow.py Projeto: knangia/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="bof_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful buffer overflow "
                             "attack, have been found in the response. This "
                             "could indicate a vulnerability to buffer "
                             "overflow attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="bof_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=(_("The time it took to resolve a request with a "
                               "long string was too long compared to the "
                               "baseline request. This could indicate a "
                               "vulnerability to buffer overflow attacks")))

Exemplo n.º 9

Arquivo: json_depth_overflow.py Projeto: openstack/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="json_depth_limit_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.HIGH,
                description=(
                    "The string(s): '{0}', is known to be commonly "
                    "returned after a successful overflow of the json"
                    " parsers depth limit. This could possibly "
                    "result in a dos vulnerability.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="json_depth_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=("The time it took to resolve a request "
                             "was too long compared to the "
                             "baseline request. This could indicate a "
                             "vulnerability to denial of service attacks."))

Exemplo n.º 10

Arquivo: sql.py Projeto: openstack/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="sql_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful SQL injection attack"
                             ", have been found in the response. This could "
                             "indicate a vulnerability to SQL injection "
                             "attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="sql_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.MEDIUM,
                description=("A response to one of our payload requests has "
                             "taken too long compared to the baseline "
                             "request. This could indicate a vulnerability "
                             "to time-based SQL injection attacks"))

Exemplo n.º 11

Arquivo: command_injection.py Projeto: rahulunair/syntribos

 def test_case(self):
     self.run_default_checks()
     self.test_signals.register(has_string(self))
     if "FAILURE_KEYS_PRESENT" in self.test_signals:
         failed_strings = self.test_signals.find(
             slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
         self.register_issue(
             defect_type="command_injection",
             severity=syntribos.HIGH,
             confidence=syntribos.MEDIUM,
             description=("A string known to be commonly returned after a "
                          "successful command injection attack was "
                          "included in the response. This could indicate "
                          "a vulnerability to command injection "
                          "attacks.").format(failed_strings))
     self.diff_signals.register(time_diff(self))
     if "TIME_DIFF_OVER" in self.diff_signals:
         self.register_issue(
             defect_type="command_injection",
             severity=syntribos.HIGH,
             confidence=syntribos.MEDIUM,
             description=(_("The time elapsed between the sending of "
                            "the request and the arrival of the res"
                            "ponse exceeds the expected amount of time, "
                            "suggesting a vulnerability to command "
                            "injection attacks.")))

Exemplo n.º 12

Arquivo: xml_external.py Projeto: rahulunair/syntribos

    def test_case(self):
        self.run_default_checks()
        self.test_signals.register(has_string(self))
        if "FAILURE_KEYS_PRESENT" in self.test_signals:
            failed_strings = self.test_signals.find(
                slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
            self.register_issue(
                defect_type="xml_strings",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The string(s): '{0}', known to be commonly "
                             "returned after a successful XML external entity "
                             "attack, have been found in the response. This "
                             "could indicate a vulnerability to XML external "
                             "entity attacks.").format(failed_strings))

        self.diff_signals.register(time_diff(self))
        if "TIME_DIFF_OVER" in self.diff_signals:
            self.register_issue(
                defect_type="xml_timing",
                severity=syntribos.MEDIUM,
                confidence=syntribos.LOW,
                description=("The time it took to resolve a request with an "
                             "invalid URL in the DTD takes too long compared "
                             "to the baseline request. This could reflect a "
                             "vulnerability to an XML external entity attack.")
            )

Exemplo n.º 13

Arquivo: integer_overflow.py Projeto: webshell520/syntribos

 def test_case(self):
     self.diff_signals.register(time_diff(self))
     if "TIME_DIFF_OVER" in self.diff_signals:
         self.register_issue(
             defect_type="int_timing",
             severity=syntribos.MEDIUM,
             confidence=syntribos.MEDIUM,
             description=("The time it took to resolve a request with an "
                          "invalid integer was too long compared to the "
                          "baseline request. This could indicate a "
                          "vulnerability to buffer overflow attacks"))

Exemplo n.º 14

 def test_case(self):
     self.run_default_checks()
     self.diff_signals.register(time_diff(self))
     if "TIME_DIFF_OVER" in self.diff_signals:
         self.register_issue(
             defect_type="redos_timing",
             severity=syntribos.MEDIUM,
             confidence=syntribos.LOW,
             description=("A response to one of our payload requests has "
                          "taken too long compared to the baseline "
                          "request. This could indicate a vulnerability "
                          "to time-based Regex DoS attacks"))

Exemplo n.º 15

Arquivo: redos.py Projeto: rahulunair/syntribos

 def test_case(self):
     self.run_default_checks()
     self.diff_signals.register(time_diff(self))
     if "TIME_DIFF_OVER" in self.diff_signals:
         self.register_issue(
             defect_type="redos_timing",
             severity=syntribos.MEDIUM,
             confidence=syntribos.LOW,
             description=("A response to one of our payload requests has "
                          "taken too long compared to the baseline "
                          "request. This could indicate a vulnerability "
                          "to time-based Regex DoS attacks"))