Add agentscope CVE 2024-8438 detector #595
Conversation
There was a problem hiding this comment.
Hello @crackatoa.
Thank you for your contribution. I confirm that the plugin is working, however there are some things to address:
- The plugin lacks of a fingerprint phase, you should implement it in order to develop a robust plugin. The fingerprint phase should detect firmly that the server we are trying to exploit is Agentscope
- You can find some comments regarding minor issue to address down below
Feel free to reach out
~ Leonardo (Doyensec)
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
There was a problem hiding this comment.
Please add an empty line before the package instruction.
| import com.google.tsunami.proto.TargetInfo; | ||
| import com.google.tsunami.proto.Vulnerability; | ||
| import com.google.tsunami.proto.VulnerabilityId; | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
| this.utcClock = checkNotNull(utcClock); | ||
| this.httpClient = checkNotNull(httpClient); |
There was a problem hiding this comment.
Please correct the indentation level.
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
There was a problem hiding this comment.
Please add an empty line before the package instruction.
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
There was a problem hiding this comment.
Please add an empty line before the package instruction.
| import com.google.tsunami.proto.TransportProtocol; | ||
| import com.google.tsunami.proto.Vulnerability; | ||
| import com.google.tsunami.proto.VulnerabilityId; | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
|
|
||
| import okhttp3.mockwebserver.MockResponse; | ||
| import okhttp3.mockwebserver.MockWebServer; | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
| import java.io.IOException; | ||
| import java.time.Instant; | ||
| import javax.inject.Inject; | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
| public final class Cve20248438Detector implements VulnDetector { | ||
|
|
||
| @VisibleForTesting | ||
| static final String DETECTION_STRING = "root:"; |
There was a problem hiding this comment.
Ideally you should provide a more robust DETECTION_STRING, that certifies the fact that we have leaked the /etc/passwd file.
There was a problem hiding this comment.
Hi @leonardo-doyensec,
Thanks for the feedback, please review the changes.
I will back to you after add fingerprint phase
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
| import com.google.tsunami.proto.TargetInfo; | ||
| import com.google.tsunami.proto.Vulnerability; | ||
| import com.google.tsunami.proto.VulnerabilityId; | ||
|
|
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.cve.cve20248438; |
| import com.google.tsunami.proto.TransportProtocol; | ||
| import com.google.tsunami.proto.Vulnerability; | ||
| import com.google.tsunami.proto.VulnerabilityId; | ||
|
|
|
|
||
| import okhttp3.mockwebserver.MockResponse; | ||
| import okhttp3.mockwebserver.MockWebServer; | ||
|
|
| import java.io.IOException; | ||
| import java.time.Instant; | ||
| import javax.inject.Inject; | ||
|
|
| public final class Cve20248438Detector implements VulnDetector { | ||
|
|
||
| @VisibleForTesting | ||
| static final String DETECTION_STRING = "root:"; |
| this.utcClock = checkNotNull(utcClock); | ||
| this.httpClient = checkNotNull(httpClient); |
Hi,
This PR contains implementation of agentscope CVE 2024-8438
Below it is possible to find the necessary information for review:
PR Testbed: google/security-testbeds#124
Issue: #588