Closed merry-degaga closed 1 year ago
Merging #94 (fa9ac1c) into main (d0822ef) will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## main #94 +/- ##
=======================================
Coverage 86.66% 86.66%
=======================================
Files 9 9
Lines 150 150
Branches 41 41
=======================================
Hits 130 130
Misses 18 18
Partials 2 2
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
@merry-degaga I tried using /scanner/sast and it is showing following response:
{"VulnerableApp-php":/VulnerableApp-php/scanner/sast is not available}
can you please check and fix this. Also, there is one more bug, we can use /scanner/dast or /scanner/dast<anything here>
and it will still route to same page. is there a way to fix it?
@merry-degaga I tried using /scanner/sast and it is showing following response:
{"VulnerableApp-php":/VulnerableApp-php/scanner/sast is not available}
can you please check and fix this.
What is the expected response for /scanner/sast? Should it be { "VulnerableApp":/VulnerableApp/scanner/sast is not available "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/sast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/sast is not available } ?
Likewise for scanner/dast? { "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/dast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/dast is not available } ?
From the logs it looks like it is always calling /VulnerableApp-php from any of the endpoints(/scanner/sast, /scanner/dast, and /VulnerabilityDefinitions), I just inserted the logs from the /scanner/sast endpoint as example:
vulnerableapp-facade-VulnerableApp-facade-1 | 172.20.0.1 - - [29/Nov/2022:17:26:56 +0000] "GET /scanner/sast HTTP/1.1" 200 82 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
vulnerableapp-facade-VulnerableApp-php-1 | 172.20.0.5 - - [29/Nov/2022:17:26:56 +0000] "GET /VulnerableApp-php/scanner/sast HTTP/1.0" 200 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
Also, there is one more bug, we can use /scanner/dast or /scanner/dast and it will still route to same page. is there a way to fix it?
Would like clarification on this, /scanner/dast or /scanner/dast should route to the same page?
What is the expected response for /scanner/sast? Should it be { "VulnerableApp":/VulnerableApp/scanner/sast is not available "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/sast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/sast is not available } ?
it should be empty {}
. If you look at the method definition, you will find that we are catching error codes and not merging the responses.
Likewise for scanner/dast? { "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/dast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/dast is not available } ?
No, we want to ignore failures.
From the logs it looks like it is always calling /VulnerableApp-php from any of the endpoints(/scanner/sast, /scanner/dast, and /VulnerabilityDefinitions), I just inserted the logs from the /scanner/sast endpoint as example:
vulnerableapp-facade-VulnerableApp-facade-1 | 172.20.0.1 - - [29/Nov/2022:17:26:56 +0000] "GET /scanner/sast HTTP/1.1" 200 82 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
vulnerableapp-facade-VulnerableApp-php-1 | 172.20.0.5 - - [29/Nov/2022:17:26:56 +0000] "GET /VulnerableApp-php/scanner/sast HTTP/1.0" 200 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
it should not, VulnerabilityDefinitions should be calling all three and merging the responses and same should be true for others as well.
Also, there is one more bug, we can use /scanner/dast or /scanner/dast and it will still route to same page. is there a way to fix it?
Would like clarification on this, /scanner/dast or /scanner/dast should route to the same page?
Github has removed anything in the angle braces. question was:
there is one more bug, we can use /scanner/dast or /scanner/dast<anything here>
and it will still route to same page. is there a way to fix it?
What is the expected response for /scanner/sast? Should it be { "VulnerableApp":/VulnerableApp/scanner/sast is not available "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/sast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/sast is not available } ?
it should be empty
{}
. If you look at the method definition, you will find that we are catching error codes and not merging the responses.Likewise for scanner/dast? { "VulnerableApp-jsp":/VulnerableApp-jsp/scanner/dast is not available "VulnerableApp-php":/VulnerableApp-php/scanner/dast is not available } ?
No, we want to ignore failures.
From the logs it looks like it is always calling /VulnerableApp-php from any of the endpoints(/scanner/sast, /scanner/dast, and /VulnerabilityDefinitions), I just inserted the logs from the /scanner/sast endpoint as example:
vulnerableapp-facade-VulnerableApp-facade-1 | 172.20.0.1 - - [29/Nov/2022:17:26:56 +0000] "GET /scanner/sast HTTP/1.1" 200 82 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
vulnerableapp-facade-VulnerableApp-php-1 | 172.20.0.5 - - [29/Nov/2022:17:26:56 +0000] "GET /VulnerableApp-php/scanner/sast HTTP/1.0" 200 48 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.62"
it should not, VulnerabilityDefinitions should be calling all three and merging the responses and same should be true for others as well.
Also, there is one more bug, we can use /scanner/dast or /scanner/dast and it will still route to same page. is there a way to fix it?
Would like clarification on this, /scanner/dast or /scanner/dast should route to the same page?
Github has removed anything in the angle braces. question was: there is one more bug, we can use /scanner/dast or
/scanner/dast<anything here>
and it will still route to same page. is there a way to fix it?
@preetkaran20 When commenting out the endpoint /VulnerableApp-php and testing locally in docker, I receive the expected empty {} for /scanner/sast and /scanner/dast only shows for VulnerableApp (whereas before, when the endpoint /VulnerableApp-php was available, it was also including the /VulnerableApp-php/scanner/dast is not available in the return object). When VulnerableApp-php gets called with these none existing endpoints, it returns a 200 response ... tested this in postman as well via http://localhost/VulnerableApp-php/scanner/dast and response is /VulnerableApp-php/scanner/dast is not available with a status 200.
Do you want me to edit the lua file to handle this, instead of just 200, if 200 and doesn't contain 'is not available' for the VulnerableAppPhpResponse? Or should the VulnerableApp-php return 404 instead of 200 for a non existing page?
Added 'scanner' to nginx.conf. Used nginx regex capture location to reduce duplication.