Airflow Exposed UI

[am0o0]

this PR is related to this PRP https://github.com/google/tsunami-security-scanner-plugins/issues/413 the testbed: https://github.com/google/security-testbeds/pull/56

[am0o0]

1. The plugin lacks of a fingerprint phase.

I'll check for the login page, this page is available for both the vulnerable and safe versions, we can't check for unauthenticated endpoints because the vulnerable instance doesn't have any authentication, they give anonymous users an admin rule. we have a similar mlflow fingerprint here google/fingerprinters/web/src/main/java/com/google/tsunami/plugins/fingerprinters/web/WebServiceFingerprinter.java in this method checkForMlflow, but as I said it is not useful to use here.

Ahh sorry, my eyes don't see correctly right now :))

[am0o0]

2. I'm noticing that the callback server receives a request even when the safe configuration is in place. This could be misleading since in the final result the number of vulnerability found is set to zero. Please fix this part.

I can't understand what is the issue after putting my time into testing the safe and vulnerable instances again and I see that the results are valid( the number of vulnerabilities and the vulnerability description which can be a response matching or an out-of-band callback checking)

[leonardo-doyensec]

2. I'm noticing that the callback server receives a request even when the safe configuration is in place. This could be misleading since in the final result the number of vulnerability found is set to zero. Please fix this part.

I can't understand what is the issue after putting my time into testing the safe and vulnerable instances again and I see that the results are valid( the number of vulnerabilities and the vulnerability description which can be a response matching or an out-of-band callback checking)

Hi @am0o0. My bad, i was having some issues on my side. This is working correctly