Skip to content

Commit

Permalink
Change: Extend invalid URL plugin and relevant tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
cfi-gb committed Oct 25, 2024
1 parent 14224f0 commit 0ff1791
Show file tree
Hide file tree
Showing 2 changed files with 180 additions and 5 deletions.
121 changes: 120 additions & 1 deletion tests/plugins/test_script_xref_url.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,15 @@ def test_ok(self):
' script_xref(name:"URL", value:"http://speedtouch.sourceforge.io/index.php?/news.en.html");\n'
' script_xref(name:"URL", value:"https://support.k7computing.com/index.php?/Knowledgebase/Article/View/173/41/advisory-issued-on-6th-november-2017");\n'
' script_xref(name:"URL", value:"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10077872.htm");\n'
' script_xref(name:"URL", value:"https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671,-incomplete-fix-for-CVE-2016-6887.html");\n'
' script_xref(name:"URL", value:"http://www.scaprepo.com/view.jsp?id=oval:org.secpod.oval:def:701638");\n'
' script_xref(name:"URL", value:"https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html");\n'
' script_xref(name:"URL", value:"http://forum.wampserver.com/read.php?2,153491");\n'
' script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-10:04.jail.asc");\n'
' script_xref(name:"URL", value:"http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-004-turboftp-server-1-00-712-dos/");\n'
' script_xref(name:"URL", value:"http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[flash_player]_10.1.x_insecure_dll_hijacking_(dwmapi.dll)");\n'
' script_xref(name:"URL", value:"http://mail-archives.apache.org/mod_mbox/perl-advocacy/200904.mbox/<ad28918e0904011458h273a71d4x408f1ed286c9dfbc@mail.gmail.com>");\n'
' script_xref(name:"URL", value:"https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html");\n'
# pylint: enable=line-too-long
)
fake_context = self.create_file_plugin_context(
Expand All @@ -69,7 +78,7 @@ def test_exclude_inc_file(self):

self.assertEqual(len(results), 0)

def test_invalid_url(self):
def test_generic_invalid_url(self):
content = ' script_xref(name:"URL", value:"www.example.com");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
Expand All @@ -85,3 +94,113 @@ def test_invalid_url(self):
" value",
results[0].message,
)

def test_invalid_url_trailing_angle_bracket(self):
content = ' script_xref(name:"URL", value:"https://docs.docker.com/engine/release-notes/24.0/#2407>");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"https://docs.docker.com/engine/'
'release-notes/24.0/#2407>");: Invalid URL'
" value (trailing '>')",
results[0].message,
)

def test_invalid_url_trailing_comma(self):
content = ' script_xref(name:"URL", value:"https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html,");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"https://dev.mysql.com/doc/refman/5.7/en/'
'mysql-stmt-fetch.html,");: Invalid URL'
" value (trailing ',')",
results[0].message,
)

def test_invalid_url_trailing_punctuation_mark(self):
content = ' script_xref(name:"URL", value:"http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt:");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"http://isec.pl/vulnerabilities/'
'isec-0017-binfmt_elf.txt:");: Invalid URL'
" value (trailing ':')",
results[0].message,
)

def test_invalid_url_trailing_square_bracket(self):
content = (
' script_xref(name:"URL", value:"https://example.com/foo/bar]");\n'
)
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"https://example.com/foo/bar]");: Invalid URL'
" value (trailing ']')",
results[0].message,
)

def test_invalid_url_trailing_round_bracket(self):
content = (
' script_xref(name:"URL", value:"https://example.com/foo/bar)");\n'
)
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"https://example.com/foo/bar)");: Invalid URL'
" value (trailing ')')",
results[0].message,
)

def test_invalid_url_wrong_ending(self):
content = ' script_xref(name:"URL", value:"https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.htmll");\n'
fake_context = self.create_file_plugin_context(
nasl_file=self.path, file_content=content
)
plugin = CheckScriptXrefUrl(fake_context)

results = list(plugin.run())

self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], LinterError)
self.assertEqual(
'script_xref(name:"URL", value:"https://confluence.atlassian.com/security/'
'security-bulletin-may-21-2024-1387867145.htmll");: Invalid URL'
" value (wrong file extension)",
results[0].message,
)
64 changes: 60 additions & 4 deletions troubadix/plugins/script_xref_url.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,67 @@ def check_content(
)
for match in matches:
if match:
if match.group("value") not in ALLOWED_URLS and not url(
match.group("value"), strict_query=False
):
url_value = match.group("value")
if url_value in ALLOWED_URLS:
continue

full_xref = match.group(0)

# First a few possible malformed URLs introduced by e.g. some automatic
# extraction or by copy'n'paste
if url_value.endswith(">") and "<" not in url_value:
yield LinterError(
f"{full_xref}: Invalid URL value (trailing '>')",
file=nasl_file,
plugin=self.name,
)
continue

if url_value.endswith(","):
yield LinterError(
f"{full_xref}: Invalid URL value (trailing ',')",
file=nasl_file,
plugin=self.name,
)
continue

if url_value.endswith(":"):
yield LinterError(
f"{full_xref}: Invalid URL value (trailing ':')",
file=nasl_file,
plugin=self.name,
)
continue

if url_value.endswith("]") and "[" not in url_value:
yield LinterError(
f"{full_xref}: Invalid URL value (trailing ']')",
file=nasl_file,
plugin=self.name,
)
continue

if url_value.endswith(")") and "(" not in url_value:
yield LinterError(
f"{full_xref}: Invalid URL value (trailing ')')",
file=nasl_file,
plugin=self.name,
)
continue

if url_value.endswith(".htmll"):
yield LinterError(
f"{full_xref}: Invalid URL value (wrong file extension)",
file=nasl_file,
plugin=self.name,
)
continue

# Additional standard check via the validators package
if not url(url_value, strict_query=False):
yield LinterError(
f"{match.group(0)}: Invalid URL value",
f"{full_xref}: Invalid URL value",
file=nasl_file,
plugin=self.name,
)
continue

0 comments on commit 0ff1791

Please sign in to comment.