search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4k stars 366 forks source link

Generic_SSRF tests sometimes fail #1500

Open TheTechromancer opened 6 days ago

TheTechromancer commented 6 days ago

The Generic_SSRF test fails occasionally (maybe once every 30 or 40 times).

https://github.com/blacklanternsecurity/bbot/actions/runs/9664760054/job/26660228261?pr=1499

Detailed failed test report:
Test Name: test_module_run (bbot/test/test_step_2/module_tests/base.py:113)
Location: bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py::TestGeneric_SSRF::test_module_run at bbot/test/test_step_2/module_tests/base.py:113
Failure details:
self = <bbot.test.test_step_2.module_tests.test_module_generic_ssrf.TestGeneric_SSRF object at 0x7feefc20dc10>
module_test = <bbot.test.test_step_2.module_tests.base.ModuleTestBase.ModuleTest object at 0x7fea81f7fdc0>

    @pytest.mark.asyncio
    async def test_module_run(self, module_test):
>       self.check(module_test, module_test.events)

bbot/test/test_step_2/module_tests/base.py:116: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <bbot.test.test_step_2.module_tests.test_module_generic_ssrf.TestGeneric_SSRF object at 0x7feefc20dc10>
module_test = <bbot.test.test_step_2.module_tests.base.ModuleTestBase.ModuleTest object at 0x7fea81f7fdc0>
events = [SCAN("testgeneric_ssrf_test_p5uh4bttgr (SCAN:18483ad8cc553a63f0eb282250bb66fc3a1fb3d6)", module=TARGET, tags={'in-sco...200', 'in-scope', 'ip-127-0-0-1'}), IP_ADDRESS("127.0.0.1", module=host, tags={'private-ip', 'ipv4', 'in-scope'}), ...]

    def check(self, module_test, events):
        assert any(
            e.type == "VULNERABILITY" and "Out-of-band interaction: [Generic SSRF (GET)]" in e.data["description"]
            for e in events
        ), "Failed to detect Generic SSRF (GET)"
        assert any(
            e.type == "VULNERABILITY" and "Out-of-band interaction: [Generic SSRF (POST)]" in e.data["description"]
            for e in events
        ), "Failed to detect Generic SSRF (POST)"
>       assert any(
            e.type == "VULNERABILITY" and "Out-of-band interaction: [Generic XXE] [HTTP]" in e.data["description"]
            for e in events
        ), "Failed to detect Generic SSRF (XXE)"
E       AssertionError: Failed to detect Generic SSRF (XXE)
E       assert False
E        +  where False = any(<generator object TestGeneric_SSRF.check.<locals>.<genexpr> at 0x7fea71010d60>)

bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py:56: AssertionError

---------- coverage: platform linux, python 3.9.19-final-0 -----------
Coverage XML written to file cov.xml

=========================== short test summary info ============================
FAILED bbot/test/test_step_2/module_tests/test_module_generic_ssrf.py::TestGeneric_SSRF::test_module_run - AssertionError: Failed to detect Generic SSRF (XXE)
assert False