cisagov / gophish-tools

Helpful tools for interacting with a GoPhish phishing instance
Creative Commons Zero v1.0 Universal
42 stars 6 forks source link

Use Regular Expressions to validate Assessment Identifiers #51

Closed JCantu248 closed 3 years ago

JCantu248 commented 3 years ago

πŸ—£ Description

Gophish-export is modified to validate assessment_id input prior to processing. This corrects some errors in processing that can come from invalid or malformed input.

πŸ’­ Motivation and context

This change is in relation to https://github.com/cisagov/gophish-tools/issues/11 . A partial assessment_id like "RV" could be passed to gophish-export, resulting in it matching all campaigns beginning in RV (which is all campaigns for all assessments). A regex validator was added to validate that the assessment_id matches the known format of assessments.

Closes #11

πŸ§ͺ Testing

Gophish-export was run with assessment_id = "RV" and confirmed that an error message was shown to the user, and the process would exit.

Pytest cases were added to validate that the Regex matched a valid assessment ID format, and that it would not match an invalid value.

πŸ“· Screenshots (if appropriate)

βœ… Checklist