search

rapid7 / recog

Pattern recognition for hosts, services, and content
Other
671 stars 199 forks source link

Eliminate warnings when no examples are present in fingerprints #402

Closed dabdine closed 2 years ago

dabdine commented 2 years ago

Description

A simple change to eliminate spurious warnings produced by Ruby recog_verify when no examples are present. In other words, instead of emitting these warnings:

xml/smtp_help.xml:49: WARN: 'IBM VM' has no test cases
xml/smtp_help.xml:49: WARN: 'IBM VM' is missing an example that checks for parameter 'host.name' which is derived from a capture group

The code will now emit:

xml/smtp_help.xml:49: WARN: 'IBM VM' has no test cases

For this fingerprint:

  <fingerprint pattern="^214[ -]([^ ]+) is running the IBM VM operating system$">
    <description>IBM VM</description>
    <param pos="0" name="service.vendor" value="IBM"/>
    <param pos="0" name="service.family" value="VM"/>
    <param pos="0" name="service.product" value="VM"/>
    <param pos="1" name="host.name"/>
  </fingerprint>

It will still emit the "checks for parameter" warnings when it should, however. For example, in the case where there's a legitimate missing attribute:

  <fingerprint pattern="^502[ -]5\.3\.0 Sendmail ([^ ]+) -- HELP not implemented$">
    <description>Sendmail - help not implemented variant</description>
    <example>502 5.3.0 Sendmail 8.11.2 -- HELP not implemented</example>
    <param pos="0" name="service.family" value="Sendmail"/>
    <param pos="0" name="service.product" value="Sendmail"/>
    <param pos="1" name="service.version"/>
  </fingerprint>

You'll get:

xml/smtp_help.xml:149: WARN: 'Sendmail - help not implemented variant' is missing an example that checks for parameter 'service.version' which is derived from a capture group

Motivation and Context

This clutters recog_verify output unnecessarily. As there are no examples to begin with, there's no point in mentioning whether any attributes aren't tested.

How Has This Been Tested?

  1. A run of recog_verify
  2. A run of bundle exec rake tests

Types of changes

Checklist:

mkienow-r7 commented 2 years ago

I appreciate the output being free of the spurious warnings. Thank you for the contribution @dabdine!