diff --git a/nettacker/api/engine.py b/nettacker/api/engine.py
index 8fb82c27..cba34fcc 100644
--- a/nettacker/api/engine.py
+++ b/nettacker/api/engine.py
@@ -11,6 +11,7 @@ from types import SimpleNamespace
from flask import Flask, jsonify
from flask import request as flask_request
from flask import render_template, abort, Response, make_response
+from werkzeug.utils import secure_filename
from nettacker import logger
from nettacker.api.core import (
@@ -47,6 +48,7 @@ log = logger.get_logger()
app = Flask(__name__, template_folder=str(Config.path.web_static_dir))
app.config.from_object(__name__)
+nettacker_path_config = Config.path
nettacker_application_config = Config.settings.as_dict()
nettacker_application_config.update(Config.api.as_dict())
del nettacker_application_config["api_access_key"]
@@ -191,6 +193,33 @@ def index():
)
+def sanitize_report_path_filename(report_path_filename):
+ """
+ sanitize the report_path_filename
+
+ Args:
+ report_path_filename: the report path filename
+
+ Returns:
+ the sanitized report path filename
+ """
+ filename = secure_filename(os.path.basename(report_path_filename))
+ if not filename:
+ return False
+ # Define a list or tuple of valid extensions
+ VALID_EXTENSIONS = (".html", ".htm", ".txt", ".json", ".csv")
+ if "." in filename:
+ if filename.endswith(VALID_EXTENSIONS):
+ safe_report_path = nettacker_path_config.results_dir / filename
+ else:
+ return False
+ else:
+ safe_report_path = nettacker_path_config.results_dir / filename
+ if not safe_report_path.is_relative_to(nettacker_path_config.results_dir):
+ return False
+ return safe_report_path
+
+
@app.route("/new/scan", methods=["GET", "POST"])
def new_scan():
"""
@@ -201,6 +230,11 @@ def new_scan():
"""
api_key_is_valid(app, flask_request)
form_values = dict(flask_request.form)
+ raw_report_path_filename = form_values.get("report_path_filename")
+ report_path_filename = sanitize_report_path_filename(raw_report_path_filename)
+ if not report_path_filename:
+ return jsonify(structure(status="error", msg="Invalid report filename")), 400
+ form_values["report_path_filename"] = str(report_path_filename)
for key in nettacker_application_config:
if key not in form_values:
form_values[key] = nettacker_application_config[key]
@@ -273,7 +307,13 @@ def session_set():
"""
api_key_is_valid(app, flask_request)
res = make_response(jsonify(structure(status="ok", msg=_("browser_session_valid"))))
- res.set_cookie("key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
+ res.set_cookie(
+ "key",
+ value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"],
+ httponly=True,
+ samesite="Lax",
+ secure=True,
+ )
return res
diff --git a/nettacker/core/lib/socket.py b/nettacker/core/lib/socket.py
index fbf26b3e..948d9bc2 100644
--- a/nettacker/core/lib/socket.py
+++ b/nettacker/core/lib/socket.py
@@ -233,10 +233,12 @@ class SocketEngine(BaseEngine):
return response
if sub_step["method"] == "tcp_connect_send_and_receive":
if response:
- received_content = response["response"]
for condition in conditions:
regex = re.findall(
- re.compile(conditions[condition]["regex"]), received_content
+ re.compile(conditions[condition]["regex"]),
+ response["response"]
+ if condition != "open_port"
+ else str(response["peer_name"][1]),
)
reverse = conditions[condition]["reverse"]
condition_results[condition] = reverse_and_regex_condition(regex, reverse)
diff --git a/nettacker/locale/bn.yaml b/nettacker/locale/bn.yaml
index 84e11473..063b17f3 100644
--- a/nettacker/locale/bn.yaml
+++ b/nettacker/locale/bn.yaml
@@ -107,3 +107,8 @@ username_list: ব্যবহারকারীর নাম(গুলি) ত
verbose_mode: Verbose মোড স্তর (0-5) (ডিফল্ট 0)
wrong_hardware_usage: "আপনি হার্ডওয়্যার ব্যবহারের জন্য এই প্রোফাইলগুলির একটি নির্বাচন করতে হবে। (নিম্ন, স্বাভাবিক, উচ্চ, সর্বাধিক)"
invalid_scan_id: আপনার স্ক্যান আইডি বৈধ নয়
+compare_report_path_filename: "তুলনা রিপোর্ট সংরক্ষণের জন্য ফাইল পাথ"
+no_scan_to_compare: "তুলনা করার জন্য scan_id পাওয়া যায়নি"
+compare_report_saved: "তুলনা ফলাফল সংরক্ষিত হয়েছে: {0}"
+build_compare_report: "তুলনা রিপোর্ট তৈরি করা হচ্ছে"
+finish_build_report: "তুলনা রিপোর্ট সম্পূর্ণ হয়েছে"
diff --git a/nettacker/modules/scan/port.yaml b/nettacker/modules/scan/port.yaml
index 02ea4d16..dfa74be0 100644
--- a/nettacker/modules/scan/port.yaml
+++ b/nettacker/modules/scan/port.yaml
@@ -1028,7 +1028,7 @@ payloads:
condition_type: or
conditions:
open_port:
- regex: ""
+ regex: \d{{1,5}}
reverse: false
ftp: &ftp
diff --git a/tests/core/lib/test_socket.py b/tests/core/lib/test_socket.py
index f6ad745c..8f8da9fb 100644
--- a/tests/core/lib/test_socket.py
+++ b/tests/core/lib/test_socket.py
@@ -9,6 +9,10 @@ class Responses:
tcp_connect_send_and_receive = {
"response": 'HTTP/1.1 400 Bad Request\r\nServer: Apache/2.4.62 (Debian)\r\nContent-Length: 302\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n\n\n400 Bad Request\n\nBad Request
\nYour browser sent a request that this server could not understand.
\n
\n
\nApache/2.4.62 (Debian)\n\n',
+ "peer_name": (
+ "127.0.0.1",
+ 80,
+ ),
"ssl_flag": True,
}