Skip to content

Commit

Permalink
Merge pull request #1656 from blacklanternsecurity/closest-host-option
Browse files Browse the repository at this point in the history
Add 'path' attribute for FINDING and VULNERABILITY
  • Loading branch information
TheTechromancer authored Aug 16, 2024
2 parents f8f0115 + 35a737b commit 9250fa5
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 5 deletions.
33 changes: 28 additions & 5 deletions bbot/core/event/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,15 @@ def host_original(self):
return self.host
return self._host_original

@property
def closest_host(self):
"""
Walk up the chain of parents events until we hit the first one with a host
"""
if self.host is not None or self.parent is None or self.parent is self:
return self.host
return self.parent.closest_host

@property
def port(self):
self.host
Expand Down Expand Up @@ -572,7 +581,7 @@ def get_parents(self, omit=False, include_self=False):
return parents

def _host(self):
return ""
return None

def _sanitize_data(self, data):
"""
Expand Down Expand Up @@ -923,6 +932,18 @@ def _host(self):
return make_ip_type(parsed.hostname)


class ClosestHostEvent(DictHostEvent):
# if a host isn't specified, this event type uses the host from the closest parent
# inherited by FINDING and VULNERABILITY
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if "host" not in self.data:
closest_host = self.closest_host
if closest_host is None:
raise ValueError("No host was found in event parents. Host must be specified!")
self.data["host"] = str(closest_host)


class DictPathEvent(DictEvent):
_path_keywords = ["path", "filename"]

Expand Down Expand Up @@ -1300,7 +1321,7 @@ def redirect_location(self):
return location


class VULNERABILITY(DictHostEvent):
class VULNERABILITY(ClosestHostEvent):
_always_emit = True
_quick_emit = True
severity_colors = {
Expand All @@ -1316,10 +1337,11 @@ def sanitize_data(self, data):
return data

class _data_validator(BaseModel):
host: str
host: Optional[str] = None
severity: str
description: str
url: Optional[str] = None
path: Optional[str] = None
_validate_url = field_validator("url")(validators.validate_url)
_validate_host = field_validator("host")(validators.validate_host)
_validate_severity = field_validator("severity")(validators.validate_severity)
Expand All @@ -1328,14 +1350,15 @@ def _pretty_string(self):
return f'[{self.data["severity"]}] {self.data["description"]}'


class FINDING(DictHostEvent):
class FINDING(ClosestHostEvent):
_always_emit = True
_quick_emit = True

class _data_validator(BaseModel):
host: str
host: Optional[str] = None
description: str
url: Optional[str] = None
path: Optional[str] = None
_validate_url = field_validator("url")(validators.validate_url)
_validate_host = field_validator("host")(validators.validate_host)

Expand Down
32 changes: 32 additions & 0 deletions bbot/test/test_step_1/test_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -771,3 +771,35 @@ async def test_event_web_spider_distance(bbot_scanner):
assert url_event_5.web_spider_distance == 1
assert "spider-danger" in url_event_5.tags
assert not "spider-max" in url_event_5.tags


def test_event_closest_host():
scan = Scanner()
# first event has a host
event1 = scan.make_event("evilcorp.com", "DNS_NAME", parent=scan.root_event)
assert event1.host == "evilcorp.com"
assert event1.closest_host == "evilcorp.com"
# second event has no host
event2 = scan.make_event("wat", "ASDF", parent=event1)
assert event2.host == None
assert event2.closest_host == "evilcorp.com"
# finding automatically uses the host from the first event
finding = scan.make_event({"path": "/tmp/asdf.txt", "description": "test"}, "FINDING", parent=event2)
assert finding.data["host"] == "evilcorp.com"
assert finding.host == "evilcorp.com"
# same with vuln
vuln = scan.make_event(
{"path": "/tmp/asdf.txt", "description": "test", "severity": "HIGH"}, "VULNERABILITY", parent=event2
)
assert vuln.data["host"] == "evilcorp.com"
assert vuln.host == "evilcorp.com"

# no host == not allowed
event3 = scan.make_event("wat", "ASDF", parent=scan.root_event)
assert event3.host == None
with pytest.raises(ValueError):
finding = scan.make_event({"path": "/tmp/asdf.txt", "description": "test"}, "FINDING", parent=event3)
with pytest.raises(ValueError):
vuln = scan.make_event(
{"path": "/tmp/asdf.txt", "description": "test", "severity": "HIGH"}, "VULNERABILITY", parent=event3
)

0 comments on commit 9250fa5

Please sign in to comment.