From f31186272f42252efe0d4c0c23758b834f054179 Mon Sep 17 00:00:00 2001
From: ophirharpazg <ophir.harpaz@guardicore.com>
Date: Tue, 1 Sep 2020 12:07:29 +0300
Subject: [PATCH] fixed logic and name in finding exploitable nodes

---
 monkey/infection_monkey/exploit/drupal.py | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py
index 63aa5fb97..b40a6476e 100644
--- a/monkey/infection_monkey/exploit/drupal.py
+++ b/monkey/infection_monkey/exploit/drupal.py
@@ -18,10 +18,8 @@ __author__ = 'Ophir Harpaz'
 LOG = logging.getLogger(__name__)
 
 
-def check_drupal_cache(r: requests.Response) -> bool:
-    """
-    Check if a response had the cache header.
-    """
+def is_response_cached(r: requests.Response) -> bool:
+    """ Check if a response had the cache header. """
     return 'X-Drupal-Cache' in r.headers and r.headers['X-Drupal-Cache'] == 'HIT'
 
 
@@ -29,12 +27,13 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 10)
     """ Find target articles that do not 404 and are not cached """
     articles = set()
     while lower < upper:
-        u = urljoin(base_url, str(lower))
-        r = requests.get(u)
-        if r.status_code == 200:  # found an article
-            articles.add(lower)
-        if check_drupal_cache(r):
-            LOG.info(f'Found a cached article at: {lower}, skipping')
+        node_url = urljoin(base_url, str(lower))
+        response = requests.get(node_url)
+        if response.status_code == 200:
+            if is_response_cached(response):
+                LOG.info(f'Found a cached article at: {node_url}, skipping')
+            else:
+                articles.add(lower)
         lower += 1
     return articles
 
@@ -109,7 +108,7 @@ class DrupalExploiter(WebRCE):
                                 json=payload,
                                 headers={"Content-Type": "application/hal+json"})
 
-        if check_drupal_cache(response):
+        if is_response_cached(response):
             LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
             return False
 
@@ -145,7 +144,7 @@ class DrupalExploiter(WebRCE):
 
         r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
 
-        if check_drupal_cache(r):
+        if is_response_cached(r):
             LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
 
         if ID_STRING not in r.text: