Closed AlessandroZ closed 7 years ago
What version of Tomcat did you install? I think I've only tested against older versions like 5.5.
I like the idea of adding making the body a list instead of a string. It should be straight forward to change in in the schema.py, mkcred.py and then in the check_success method.
I'd be fine with not making the body text required as long as any supplied success criteria is "required" for that credential. So if you supplied both body and status, then we'd need to check both. So in your tomcat example, status and one of the body strings would need to match. But if you had a success like the code below, it would only check the status.
success:
status: 200
How does that sound?
Yes I agree, if you add these two criteria, it has to check both. I will try to do it soon and push you a pull request.
For the tomcat version, I have installed this one: 6.0.48.
Want to add the body string that matches your install of Tomcat?
Thanks for merging my pull request.
I think to avoid false positive, it's better to match only the reponse code 200 without matching strings. If you prefer to match strings, you can add it, but more tests with other instances has to be done. For me, the response code is sufficient.
I let you close this issue if you agree.
@AlessandroZ can you verify this bug is fixed with the master branch?
Hi,
I have installed a Tomcat server to test this module. However, the password has not been found. I have checked why and it is because the string "Tomcat Web Application Manager" is not present, but I have some other string such as "Welcome to Tomcat" that I can add
I think if you put that string is because it was present on your tomcat instance. So my idea was to change the schema of "body" to use list and not string. The user could add many trigger string and if one match the credentials are ok:
Moreover, I think this field should not be always required. For example only the status code could be checked for Tomcat (if it's equal to 200 it's ok). It could avoid false positive for this module (and maybe others).
If your ok to these modification I could do it. However, it will affect all yaml files so I want to be sure that you're ok about that.