Skip to content

Commit

Permalink
add fake fingerprint
Browse files Browse the repository at this point in the history
  • Loading branch information
@grandsilva
grandsilva committed Nov 27, 2024
1 parent 2d82edb commit b4029d7
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 6 deletions.
9 changes: 3 additions & 6 deletions .../credentials/genericweakcredentialdetector/testers/kubeflow/KubeflowCredentialTester.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,11 @@
import com.google.common.collect.ImmutableList;
import com.google.common.flogger.GoogleLogger;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import com.google.protobuf.ByteString;
import com.google.tsunami.common.data.NetworkServiceUtils;
import com.google.tsunami.common.net.http.HttpClient;
import com.google.tsunami.common.net.http.HttpHeaders;
import com.google.tsunami.common.net.http.HttpResponse;
import com.google.tsunami.common.net.http.HttpStatus;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential;
import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester;
import com.google.tsunami.proto.NetworkService;
Expand Down Expand Up @@ -73,12 +70,12 @@ public String description() {

@Override
public boolean canAccept(NetworkService networkService) {
return NetworkServiceUtils.isWebService(networkService);
return NetworkServiceUtils.getWebServiceName(networkService).equals("kubeflow");
}

@Override
public boolean batched() {
return false;
return true;
}

@Override
Expand All @@ -95,7 +92,7 @@ public ImmutableList<TestCredential> testValidCredentials(

private boolean isKubeflowAccessible(NetworkService networkService, TestCredential credential) {
final String rootUri = buildWebApplicationRootUrl(networkService);
// logger.atWarning().log("======================= '%s'", credential.username());
logger.atWarning().log("======================= '%s'", credential.username());
try {
HttpResponse rsp =
httpClient.send(
Expand Down
13 changes: 13 additions & 0 deletions ...dentials/genericweakcredentialdetector/testers/kubeflow/KubeflowCredentialTesterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@
import java.util.Objects;
import java.util.Optional;
import javax.inject.Inject;
import com.google.tsunami.proto.ServiceContext;
import com.google.tsunami.proto.Software;
import com.google.tsunami.proto.WebServiceContext;
import okhttp3.mockwebserver.Dispatcher;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
Expand All @@ -50,6 +53,10 @@ public class KubeflowCredentialTesterTest {
TestCredential.create("[email protected]", Optional.of("12341234"));
private static final TestCredential WRONG_CRED_1 =
TestCredential.create("wrong", Optional.of("wrong"));
private static final ServiceContext.Builder kubeServiceContext =
ServiceContext.newBuilder()
.setWebServiceContext(
WebServiceContext.newBuilder().setSoftware(Software.newBuilder().setName("jenkins")));

@Before
public void setup() {
Expand All @@ -64,6 +71,9 @@ public void detect_weakCredentialsExist_returnsFirstWeakCredentials() throws Exc
NetworkService.newBuilder()
.setNetworkEndpoint(
forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
.setServiceName("http")
.setServiceContext(kubeServiceContext)
.setSoftware(Software.newBuilder().setName("http"))
.build();

assertThat(tester.testValidCredentials(targetNetworkService, ImmutableList.of(WEAK_CRED_1)))
Expand All @@ -77,6 +87,9 @@ public void detect_noWeakCredentials_returnsNoCredentials() throws Exception {
NetworkService.newBuilder()
.setNetworkEndpoint(
forHostnameAndPort(mockWebServer.getHostName(), mockWebServer.getPort()))
.setServiceName("http")
.setServiceContext(kubeServiceContext)
.setSoftware(Software.newBuilder().setName("http"))
.build();
assertThat(tester.testValidCredentials(targetNetworkService, ImmutableList.of(WRONG_CRED_1)))
.isEmpty();
Expand Down
16 changes: 16 additions & 0 deletions .../src/main/java/com/google/tsunami/plugins/fingerprinters/web/WebServiceFingerprinter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,7 @@ private ImmutableSet<DetectedSoftware> detectSoftwareByCustomHeuristics(

checkForMlflow(detectedSoftware, networkService, startingUrl);
checkForZenMl(detectedSoftware, networkService, startingUrl);
checkForKubeflow(detectedSoftware, networkService, startingUrl);
return ImmutableSet.copyOf(detectedSoftware);
}

Expand Down Expand Up @@ -372,4 +373,19 @@ private void checkForZenMl(
logger.atWarning().withCause(e).log("Unable to query '%s'.", loginUrl);
}
}

private void checkForKubeflow(
HashSet<DetectedSoftware> detectedSoftware,
NetworkService networkService,
String startingUrl) {

logger.atInfo().log("probing Kubeflow login page and login api - custom fingerprint phase");

detectedSoftware.add(
DetectedSoftware.builder()
.setSoftwareIdentity(SoftwareIdentity.newBuilder().setSoftware("kubeflow").build())
.setRootPath(startingUrl)
.setContentHashes(ImmutableMap.of())
.build());
}
}

0 comments on commit b4029d7

Please sign in to comment.