From 380d1bc9c5a324d96dbd7d93c52eaba471f4fab9 Mon Sep 17 00:00:00 2001 From: lokiuox Date: Sat, 16 Nov 2024 19:42:23 +0100 Subject: [PATCH] Stylistic fixes --- .../cves/cve202434102/MagentoCosmicStingXxe.java | 15 ++++++++++++--- .../MagentoCosmicStingXxeBootstrapModule.java | 6 +----- .../cve202434102/MagentoCosmicStingXxeTest.java | 10 +++++++++- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxe.java b/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxe.java index 15bcb397c..ab18177b5 100644 --- a/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxe.java +++ b/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxe.java @@ -194,12 +194,21 @@ private boolean isMagento(NetworkService networkService) { } // Check status code 200 - if (response.status() != HttpStatus.OK) return false; + if (response.status() != HttpStatus.OK) { + return false; + } + // Check if body is JSON - if (response.bodyJson().isEmpty()) return false; + if (response.bodyJson().isEmpty()) { + return false; + } + JsonElement body = response.bodyJson().get(); // Check if JSON body is object - if (!body.isJsonObject()) return false; + if (!body.isJsonObject()) { + return false; + } + // If the body has a known key, e.g. "base_currency_code", it's Magento return body.getAsJsonObject().has("base_currency_code"); } diff --git a/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeBootstrapModule.java b/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeBootstrapModule.java index dd7aa4540..ec6545ffe 100644 --- a/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeBootstrapModule.java +++ b/doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeBootstrapModule.java @@ -20,15 +20,11 @@ import com.google.tsunami.plugin.PluginBootstrapModule; import com.google.tsunami.plugins.detectors.cves.cve202434102.Annotations.OobSleepDuration; -/** An example Guice module that bootstraps the {@link MagentoCosmicStingXxe}. */ +/** A Guice module that bootstraps the {@link MagentoCosmicStingXxe}. */ public final class MagentoCosmicStingXxeBootstrapModule extends PluginBootstrapModule { @Override protected void configurePlugin() { - // Tsunami relies heavily on Guice (https://github.com/google/guice). All Guice bindings for - // your plugin should be implemented here. - - // registerPlugin method is required in order for the Tsunami scanner to identify your plugin. registerPlugin(MagentoCosmicStingXxe.class); } diff --git a/doyensec/detectors/magento_cosmicsting_xxe/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeTest.java b/doyensec/detectors/magento_cosmicsting_xxe/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeTest.java index c4f42b427..880701de6 100644 --- a/doyensec/detectors/magento_cosmicsting_xxe/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeTest.java +++ b/doyensec/detectors/magento_cosmicsting_xxe/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeTest.java @@ -19,7 +19,15 @@ import static com.google.common.truth.Truth.assertThat; import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostname; import static com.google.tsunami.common.data.NetworkEndpointUtils.forHostnameAndPort; -import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.*; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.CURRENCY_ENDPOINT_PATH; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VERSION_ENDPOINT_PATH; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_DESCRIPTION_CALLBACK; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_DESCRIPTION_RESPONSE_MATCHING; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_ID; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_PUBLISHER; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_RECOMMENDATION; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABILITY_REPORT_TITLE; +import static com.google.tsunami.plugins.detectors.cves.cve202434102.MagentoCosmicStingXxe.VULNERABLE_ENDPOINT_PATH; import com.google.common.collect.ImmutableList; import com.google.inject.Guice;