Skip to content

Commit

Permalink
Merge pull request #108 from OWASP/102-make-output-more-clear-if-the-…
Browse files Browse the repository at this point in the history 
…endpoint-is-or-not-vulnerable

rename result to vulnerable
  • Loading branch information
@dmdhrumilmistry
dmdhrumilmistry authored May 15, 2024
2 parents 0001c07 + ea9bee3 commit 9891bc3
Show file tree
Hide file tree
Showing 5 changed files with 90 additions and 92 deletions.
34 changes: 17 additions & 17 deletions src/offat/report/summary.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,26 +22,26 @@ def get_counts(results: list[dict], filter_errors: bool = False) -> dict[str, in
dict: name (str) as key and its associated count (int)
"""
if filter_errors:
results = list(filter(lambda result: result.get("error", False), results))
results = list(filter(lambda result: result.get('error', False), results))

error_count = 0
data_leak_count = 0
failed_count = 0
success_count = 0
immune_count = 0
vulnerable_count = 0
for result in results:
error_count += 1 if result.get("error", False) else 0
data_leak_count += 1 if result.get("data_leak", False) else 0
error_count += 1 if result.get('error', False) else 0
data_leak_count += 1 if result.get('data_leak', False) else 0

if result.get("result"):
success_count += 1
if result.get('vulnerable'):
vulnerable_count += 1
else:
failed_count += 1
immune_count += 1

count_dict = {
"errors": error_count,
"data_leaks": data_leak_count,
"failed": failed_count,
"success": success_count,
'errors': error_count,
'data_leaks': data_leak_count,
'immune': immune_count,
'vulnerable': vulnerable_count,
}

return count_dict
Expand All @@ -50,7 +50,7 @@ def get_counts(results: list[dict], filter_errors: bool = False) -> dict[str, in
def generate_count_summary(
results: list[dict],
filter_errors: bool = False,
output_format: str = "table",
output_format: str = 'table',
table_title: str | None = None,
) -> Table | str:
"""
Expand All @@ -70,8 +70,8 @@ def generate_count_summary(
results=results, filter_errors=filter_errors
)
match output_format:
case "markdown":
output = ""
case 'markdown':
output = ''
if table_title:
output += f"**{table_title}**\n"

Expand All @@ -80,8 +80,8 @@ def generate_count_summary(

case _: # table format
output = Table(
Column(header="⚔️", overflow="fold", justify="center"),
Column(header="Endpoints Count", overflow="fold"),
Column(header='⚔️', overflow='fold', justify='center'),
Column(header='Endpoints Count', overflow='fold'),
title=table_title,
)

Expand Down
11 changes: 7 additions & 4 deletions src/offat/report/templates/table.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,10 @@ def _sanitize_results(
):
if filter_passed_results:
results = list(
filter(lambda x: not x.get('result') or x.get('data_leak'), results)
filter(
lambda result: result.get('vulnerable') or result.get('data_leak'),
results,
)
)

keys_to_remove = [
Expand All @@ -68,10 +71,10 @@ def _sanitize_results(

# remove keys based on conditions or update their values
for result in results:
if result['result']:
result['result'] = '[bold green]Passed \u2713[/bold green]'
if result['vulnerable']:
result['vulnerable'] = '[bold red]True \u00d7[/bold red]'
else:
result['result'] = '[bold red]Failed \u00d7[/bold red]'
result['vulnerable'] = '[bold green]False \u2713[/bold green]'

if not is_leaking_data:
del result['response_headers']
Expand Down
70 changes: 35 additions & 35 deletions src/offat/tester/generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,9 @@ def check_unsupported_http_methods(
'malicious_payload': [],
'args': args,
'kwargs': kwargs,
'result_details': {
True: "Endpoint doesn't perform any HTTP verb which is not documented",
False: 'Endpoint performs HTTP verb which is not documented',
'vuln_details': {
True: 'Endpoint performs HTTP verb which is not documented',
False: "Endpoint doesn't perform any HTTP verb which is not documented",
},
'body_params': body_params,
'query_params': query_params,
Expand Down Expand Up @@ -297,9 +297,9 @@ def sqli_fuzz_params_test(

request_obj['malicious_payload'] = sqli_payload

request_obj['result_details'] = {
True: 'Parameters are not vulnerable to SQLi Payload', # passed
False: 'One or more parameter is vulnerable to SQL Injection Attack', # failed
request_obj['vuln_details'] = {
True: 'One or more parameter is vulnerable to SQL Injection Attack',
False: 'Parameters are not vulnerable to SQLi Payload',
}
request_obj['success_codes'] = success_codes
request_obj[
Expand Down Expand Up @@ -404,9 +404,9 @@ def sqli_in_uri_path_fuzz_test(
'malicious_payload': sqli_payload,
'args': args,
'kwargs': kwargs,
'result_details': {
True: 'Endpoint is not vulnerable to SQLi', # passed
False: 'Endpoint might be vulnerable to SQli', # failed
'vuln_details': {
True: 'Endpoint might be vulnerable to SQli',
False: 'Endpoint is not vulnerable to SQLi',
},
'success_codes': success_codes,
'response_filter': PostTestFiltersEnum.STATUS_CODE_FILTER.name,
Expand Down Expand Up @@ -498,9 +498,9 @@ def bola_fuzz_path_test(
'malicious_payload': path_params,
'args': args,
'kwargs': kwargs,
'result_details': {
True: 'Endpoint is not vulnerable to BOLA', # passed
False: 'Endpoint might be vulnerable to BOLA', # failed
'vuln_details': {
True: 'Endpoint might be vulnerable to BOLA',
False: 'Endpoint is not vulnerable to BOLA',
},
'success_codes': success_codes,
'response_filter': PostTestFiltersEnum.STATUS_CODE_FILTER.name,
Expand Down Expand Up @@ -594,9 +594,9 @@ def bola_fuzz_trailing_slash_path_test(
'malicious_payload': malicious_payload,
'args': args,
'kwargs': kwargs,
'result_details': {
True: 'Endpoint might not vulnerable to BOLA', # passed
False: 'Endpoint might be vulnerable to BOLA', # failed
'vuln_details': {
True: 'Endpoint might be vulnerable to BOLA',
False: 'Endpoint might not vulnerable to BOLA',
},
'success_codes': success_codes,
'response_filter': PostTestFiltersEnum.STATUS_CODE_FILTER.name,
Expand Down Expand Up @@ -721,9 +721,9 @@ def bopla_fuzz_test(
'malicious_payload': response_body_params,
'args': args,
'kwargs': kwargs,
'result_details': {
True: 'Endpoint might not vulnerable to BOPLA', # passed
False: 'Endpoint might be vulnerable to BOPLA', # failed
'vuln_details': {
True: 'Endpoint might be vulnerable to BOPLA',
False: 'Endpoint might not vulnerable to BOPLA',
},
'success_codes': success_codes,
'response_filter': PostTestFiltersEnum.STATUS_CODE_FILTER.name,
Expand Down Expand Up @@ -777,7 +777,7 @@ def __generate_injection_fuzz_params_test(
self,
openapi_parser: SwaggerParser | OpenAPIv3Parser,
test_name: str,
result_details: dict,
vuln_details: dict,
payloads_data: list[dict],
*args,
**kwargs,
Expand Down Expand Up @@ -829,7 +829,7 @@ def __generate_injection_fuzz_params_test(

request_obj['malicious_payload'] = payload

request_obj['result_details'] = result_details
request_obj['vuln_details'] = vuln_details
request_obj[
'response_filter'
] = PostTestFiltersEnum.BODY_REGEX_FILTER.name
Expand Down Expand Up @@ -868,15 +868,15 @@ def os_command_injection_fuzz_params_test(
{'request_payload': 'ls -la', 'response_match_regex': r'total\s\d+'},
]

result_details = {
True: 'Parameters are not vulnerable to OS Command Injection', # passed
False: 'One or more parameter is vulnerable to OS Command Injection Attack', # failed
vuln_details = {
True: 'One or more parameter is vulnerable to OS Command Injection Attack',
False: 'Parameters are not vulnerable to OS Command Injection',
}

return self.__generate_injection_fuzz_params_test(
openapi_parser=openapi_parser,
test_name=test_name,
result_details=result_details,
vuln_details=vuln_details,
payloads_data=payloads_data,
)

Expand Down Expand Up @@ -915,15 +915,15 @@ def xss_html_injection_fuzz_params_test(
},
]

result_details = {
True: 'Parameters are not vulnerable to XSS/HTML Injection Attack', # passed
False: 'One or more parameter is vulnerable to XSS/HTML Injection Attack', # failed
vuln_details = {
False: 'Parameters are not vulnerable to XSS/HTML Injection Attack',
True: 'One or more parameter is vulnerable to XSS/HTML Injection Attack',
}

return self.__generate_injection_fuzz_params_test(
openapi_parser=openapi_parser,
test_name=test_name,
result_details=result_details,
vuln_details=vuln_details,
payloads_data=payloads_data,
)

Expand Down Expand Up @@ -971,15 +971,15 @@ def ssti_fuzz_params_test(self, openapi_parser: SwaggerParser | OpenAPIv3Parser)
{'request_payload': r'*{7*7}', 'response_match_regex': r'49'},
]

result_details = {
True: 'Parameters are not vulnerable to SSTI Attack', # passed
False: 'One or more parameter is vulnerable to SSTI Attack', # failed
vuln_details = {
True: 'One or more parameter is vulnerable to SSTI Attack',
False: 'Parameters are not vulnerable to SSTI Attack',
}

return self.__generate_injection_fuzz_params_test(
openapi_parser=openapi_parser,
test_name=test_name,
result_details=result_details,
vuln_details=vuln_details,
payloads_data=payloads_data,
)

Expand Down Expand Up @@ -1072,9 +1072,9 @@ def missing_auth_fuzz_test(
'malicious_payload': 'Security Payload Missing',
'args': args,
'kwargs': kwargs,
'result_details': {
True: 'Endpoint implements security authentication as defined', # passed
False: 'Endpoint fails to implement security authentication as defined', # failed
'vuln_details': {
True: 'Endpoint fails to implement security authentication as defined',
False: 'Endpoint implements security authentication as defined',
},
'success_codes': success_codes,
'response_filter': PostTestFiltersEnum.STATUS_CODE_FILTER.name,
Expand Down
2 changes: 1 addition & 1 deletion src/offat/tester/handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ def generate_and_run_tests(
)

console.print(
"The columns for 'data_leak' and 'result' in the table represent independent aspects. It's possible for there to be a data leak in the endpoint, yet the result for that endpoint may still be marked as 'Success'. This is because the 'result' column doesn't necessarily reflect the overall test result; it may indicate success even in the presence of a data leak."
"The columns for 'data_leak' and 'vulnerable' in the table represent independent aspects. It's possible for there to be a data leak in the endpoint, yet the result for that endpoint may still be marked as 'Success'. This is because the 'vulnerable' column doesn't necessarily reflect the overall test result; it may indicate success even in the presence of a data leak."
)

console.rule()
Expand Down
Loading

0 comments on commit 9891bc3

Please sign in to comment.