Closed secureness closed 1 month ago
I've also noticed that the issue that this PR is referring to is incorrect. I think this plugin is linked to https://github.com/google/tsunami-security-scanner-plugins/issues/433
I've also noticed that the issue that this PR is referring to is incorrect. I think this plugin is linked to #433
Yes you are right, sorry about this :))
Hi @secureness,
I'm noticing that after your changes the plugin still not working properly. I think that the root cause is the modelNamesJo.isEmpty()
method. Please remove it.
~ Leonardo (Doyensec)
@secureness could you check if the proposed change works? I would like to merge in this PR asap to unblock you from picking up the hive weak cred plugin.
@maoning @leonardo-doyensec I'm sorry if it took too long to fix the review suggestion.
Hi @secureness , thank you for your changes. However after the last commits, the plugin no longer builds. This is an issue related to gradlew. Please upgrade it to version 7. You can take a look at the solution adopted here https://github.com/google/tsunami-security-scanner-plugins/pull/456/commits/251cdd2e8877aefd4712cb4c10c0812997fbe74d
~ Leonardo (Doyensec)
@leonardo-doyensec thanks for the help. I just wanted to let you know that it is done now.
@leonardo-doyensec I made some changes according to the official Google(the google/
directory) tsunami plugins. I have the # of detected vulnerability: 1.
message after the scan results.
Also, I updated the testbed https://github.com/google/security-testbeds/pull/51.
LGTM - Approved @maoning you can merge it. We also need to merge the security testbed https://github.com/google/security-testbeds/pull/51
Reviewer: Leonardo, Doyensec
Plugin: Triton Inference Server Model Overwrite lead to RCE Feedback: The overall quality is below standard. The plugin was not working at first and several interactions were required to make it work properly. Furthermore, some elements of formatting were missing, which further hindered the review of the plugin. The security testbed was easy to deploy Drawbacks: None
Hi @secureness,
Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.
Thanks!
@tooryx After 27 days I didn't get any response yet. Is there anything wrong with this submission?
Hi @secureness,
I will check with the team and get back to you this week.
Cheers, ~tooryx
You will receive an update on the tracking bug soon. Sorry for the delay!
https://github.com/google/tsunami-security-scanner-plugins/issues/433