Skip to content

Commit

Permalink
Corrected issue with get_scope_{web,host} not properly determining co…
Browse files Browse the repository at this point in the history
…nnected target
  • Loading branch information
bamhm182 committed Apr 16, 2023
1 parent d877eb6 commit f6ab276
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 4 deletions.
2 changes: 1 addition & 1 deletion checks.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ diff_arrays() {
local -n _one=$1
local -n _two=$2
echo "Alphabetical Order Current Order"
echo "---------------------------------------------------------------"
echo "------------------------------------------------------------------------------------------------"
for ((i=0; i<${#_one[@]}; i++)); do
_two[$i]="${_two[$i]} "
#echo -e "${t:0:50}${_one[$i]}"
Expand Down
14 changes: 11 additions & 3 deletions src/synack/plugins/targets.py
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,11 @@ def get_scope(self, add_to_db=False, **kwargs):
def get_scope_host(self, target=None, add_to_db=False, **kwargs):
"""Get the scope of a Host target"""
if target is None:
targets = self.db.find_targets(**kwargs)
if len(kwargs) > 0:
targets = self.db.find_targets(**kwargs)
else:
curr = self.get_connected()
targets = self.db.find_targets(slug=curr.get('slug'))
if targets:
target = next(iter(targets), None)

Expand Down Expand Up @@ -281,7 +285,11 @@ def get_scope_host(self, target=None, add_to_db=False, **kwargs):
def get_scope_web(self, target=None, add_to_db=False, **kwargs):
"""Get the scope of a Web target"""
if target is None:
targets = self.db.find_targets(**kwargs)
if len(kwargs) > 0:
targets = self.db.find_targets(**kwargs)
else:
curr = self.get_connected()
targets = self.db.find_targets(slug=curr.get('slug'))
if targets:
target = next(iter(targets), None)

Expand All @@ -307,7 +315,7 @@ def get_scope_web(self, target=None, add_to_db=False, **kwargs):
if add_to_db:
self.db.add_urls(self.build_scope_web_db(scope))
if self.db.use_scratchspace:
self.scratchspace.set_web_file(self.build_scope_web_burp(scope), target=target)
self.scratchspace.set_burp_file(self.build_scope_web_burp(scope), target=target)

return scope

Expand Down
53 changes: 53 additions & 0 deletions test/test_targets.py
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,28 @@ def test_get_scope_host_add_to_db(self):
self.targets.build_scope_host_db.assert_called_with('213h89h3', ips)
self.targets.db.add_ips.assert_called_with('host_db_return_value')

def test_get_scope_host_current(self):
"""Should get the scope for the currenly connected Host if not specified"""
ips = {'1.1.1.1/32', '2.2.2.2/32'}
self.targets.get_connected = MagicMock()
self.targets.get_connected.return_value = {'slug': '213h89h3'}
self.targets.get_assets = MagicMock()
self.targets.get_assets.return_value = [
{
'active': True,
'location': '1.1.1.1/32'
},
{
'active': True,
'location': '2.2.2.2/32'
}
]
self.targets.db.find_targets.return_value = [Target(slug='213h89h3', codename='SASSYSQUIRREL')]
out = self.targets.get_scope_host()
self.assertEqual(ips, out)
self.targets.get_connected.assert_called_with()
self.targets.db.find_targets.assert_called_with(slug='213h89h3')

def test_get_scope_host_not_ip(self):
"""Should get the scope for a Host"""
ips = {'1.1.1.1/32'}
Expand Down Expand Up @@ -645,6 +667,37 @@ def test_get_scope_web_add_to_db(self):
self.targets.db.find_targets.assert_called_with(codename='SASSYSQUIRREL')
self.targets.db.add_urls.assert_called_with(self.targets.build_scope_web_db.return_value)

def test_get_scope_web_current(self):
"""Should get the scope for the currently connected Web Application if not specified"""
self.targets.build_scope_web_burp = MagicMock()
scope = [{
'listing': 'uewqhuiewq',
'location': 'https://good.things.com',
'rule': '*.good.things.com/*',
'status': 'in'
}]
self.targets.get_connected = MagicMock()
self.targets.get_connected.return_value = {'slug': '93g8eg8'}
self.targets.get_assets = MagicMock()
self.targets.get_assets.return_value = [
{
'active': True,
'listings': [{'listingUid': 'uewqhuiewq', 'scope': 'in'}],
'location': 'https://good.things.com (https://good.things.com)',
'scopeRules': [
{'rule': '*.good.things.com/*'}
]
}
]
tgt = Target(slug='213h89h3', organization='93g8eh8', codename='SASSYSQUIRREL')
self.targets.db.find_targets.return_value = [tgt]
out = self.targets.get_scope_web()
self.assertEqual(scope, out)
self.targets.build_scope_web_burp.assert_called_with(scope)
self.targets.get_connected.assert_called_with()
self.targets.db.find_targets.assert_called_with(slug='93g8eg8')
self.targets.get_assets.assert_called_with(target=tgt, active='true', asset_type='webapp')

def test_get_submissions(self):
"""Should return the accepted vulnerabilities for a target given a slug"""
return_data = {
Expand Down

0 comments on commit f6ab276

Please sign in to comment.