Skip to content

Commit

Permalink
additional test + black
Browse files Browse the repository at this point in the history
  • Loading branch information
@liquidsec
liquidsec committed Nov 27, 2023
1 parent bf88791 commit 1a05798
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 8 deletions.
6 changes: 5 additions & 1 deletion badsecrets/examples/cli.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,11 @@ def report(self):
class ReportIdentify(BaseReport):
def report(self):
self.print_report(
print_status("Cryptographic Product Identified (no vulnerability, or not confirmed vulnerable)\n", color=Fore.YELLOW, passthru=True)
print_status(
"Cryptographic Product Identified (no vulnerability, or not confirmed vulnerable)\n",
color=Fore.YELLOW,
passthru=True,
)
)
if self.x["hashcat"] is not None:
print_hashcat_results(self.x["hashcat"])
Expand Down
2 changes: 1 addition & 1 deletion badsecrets/modules/aspnet_vstate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,4 @@ def check_secret(self, compressed_vstate):
uncompressed = self.attempt_decompress(compressed_vstate)
if uncompressed and ASPNET_Viewstate.valid_preamble(uncompressed):
r = {"source": compressed_vstate, "info": "ASP.NET Vstate (Unprotected, Compressed)"}
return {"secret": "UNPROTECTED (compressed)", "details": r}
return {"secret": "UNPROTECTED (compressed)", "details": r}
31 changes: 25 additions & 6 deletions tests/all_modules_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,8 @@ def test_carve_all_cookies():
r_list = carve_all_modules(requests_response=res)
assert len(r_list) == 7

def test_carve_multiple_vulns():


def test_carve_multiple_vulns():
multiple_vuln_html = """
<div class="aspNetHidden">
<input type="hidden" name="__VSTATE" id="__VSTATE" value="H4sIAAAAAAAA/81VXW/TMBRNltZNsnVsCBCMFwvxAFrVde3G2EORpo6PagJNZOJlqpib3LURiT0cRyg888p/4Q/xW4Zv6w6GG" />
Expand All @@ -138,11 +137,31 @@ def test_carve_multiple_vulns():

with requests_mock.Mocker() as m:
m.get(
f"http://multiplevulns.carve-all.badsecrets.com/",
status_code=200,
text=multiple_vuln_html,
f"http://multiplevulns.carve-all.badsecrets.com/",
status_code=200,
text=multiple_vuln_html,
)

res = requests.get(f"http://multiplevulns.carve-all.badsecrets.com/")
r_list = carve_all_modules(requests_response=res)
assert len(r_list) == 2
assert len(r_list) == 2


def test_carve_empty_vstate():
empty_vstate_html = """
<div class="aspNetHidden">
<input type="hidden" name="__VSTATE" id="__VSTATE" value="" />
"""

with requests_mock.Mocker() as m:
m.get(
f"http://emptyvstate.carve-all.badsecrets.com/",
status_code=200,
text=empty_vstate_html,
)

res = requests.get(f"http://emptyvstate.carve-all.badsecrets.com/")
r_list = carve_all_modules(requests_response=res)
assert r_list
assert r_list[0]["product"] == "EMPTY '__VSTATE' FORM FIELD"

0 comments on commit 1a05798

Please sign in to comment.