Add Datahub Fingerprint Database and update script

[timoles]

Reference to issue #289

Sorry for the delay, the PR is almost ready.

Open points (from my side):

• Include linkedin/datahub-frontend in the results (<v7.0)
• Remove volume from compose file
• Add complete and tested binproto file

[timoles]

Hey @maoning ,

the PR should be done. However, my local DataHub instance is not detected by the fingerprinter.

Do you know some decent way to debug why Tsunami doesn't detect DataHub?

I started the scan (as described in the Tsunami repo) with Tsunami running in docker. The only thing I changed in the Dockerfile was line 10 (https://github.com/google/tsunami-security-scanner/blob/master/Dockerfile#L10):

# Old Line 10
RUN git clone --depth 1 "https://github.com/google/tsunami-security-scanner-plugins"

# New line to pull from my fork
RUN git clone -b datahub-fingerprint --depth 1 "https://github.com/timoles/tsunami-security-scanner-plugins"

[timoles]

I just got a tip that I just need to run tsunami with the --uri-target args. This seems to do the trick, and Tsunami correctly identifies the webservice (and DataHub).

docker run --network="host" -v "$(pwd)/logs":/usr/tsunami/logs tsunami --uri-target=http://127.0.0.1:9002/

@maoning , you can review the PR if you have time, it should be complete.

[timoles]

Any updates regarding the merge of this PR?

[tooryx]

Hi @timoles,

Thank you for your contribution! I will be taking a look into this in a few days. But I see a few TODO comments and commented code portion in the docker-compose script. Are there things that you still want to implement before the PR is complete?

~tooryx

[tooryx]

Left a comment, the rest seems good. Thank you!

[tooryx]

Looks good overall, I expect to finalize the review and merge in a few days.

~tooryx