Merge branch 'master' into dependabot/pip/aiohttp-3.11.11

nettacker/api/engine.py

@@ -11,6 +11,7 @@ from types import SimpleNamespace
 from flask import Flask, jsonify
 from flask import request as flask_request
 from flask import render_template, abort, Response, make_response
+from werkzeug.utils import secure_filename
 
 from nettacker import logger
 from nettacker.api.core import (
@@ -47,6 +48,7 @@ log = logger.get_logger()
 app = Flask(__name__, template_folder=str(Config.path.web_static_dir))
 app.config.from_object(__name__)
 
+nettacker_path_config = Config.path
 nettacker_application_config = Config.settings.as_dict()
 nettacker_application_config.update(Config.api.as_dict())
 del nettacker_application_config["api_access_key"]
@@ -191,6 +193,33 @@ def index():
     )
 
 
+def sanitize_report_path_filename(report_path_filename):
+    """
+    sanitize the report_path_filename
+
+    Args:
+        report_path_filename: the report path filename
+
+    Returns:
+        the sanitized report path filename
+    """
+    filename = secure_filename(os.path.basename(report_path_filename))
+    if not filename:
+        return False
+    # Define a list or tuple of valid extensions
+    VALID_EXTENSIONS = (".html", ".htm", ".txt", ".json", ".csv")
+    if "." in filename:
+        if filename.endswith(VALID_EXTENSIONS):
+            safe_report_path = nettacker_path_config.results_dir / filename
+        else:
+            return False
+    else:
+        safe_report_path = nettacker_path_config.results_dir / filename
+    if not safe_report_path.is_relative_to(nettacker_path_config.results_dir):
+        return False
+    return safe_report_path
+
+
 @app.route("/new/scan", methods=["GET", "POST"])
 def new_scan():
     """
@@ -201,6 +230,11 @@ def new_scan():
     """
     api_key_is_valid(app, flask_request)
     form_values = dict(flask_request.form)
+    raw_report_path_filename = form_values.get("report_path_filename")
+    report_path_filename = sanitize_report_path_filename(raw_report_path_filename)
+    if not report_path_filename:
+        return jsonify(structure(status="error", msg="Invalid report filename")), 400
+    form_values["report_path_filename"] = str(report_path_filename)
     for key in nettacker_application_config:
         if key not in form_values:
             form_values[key] = nettacker_application_config[key]
@@ -273,7 +307,13 @@ def session_set():
     """
     api_key_is_valid(app, flask_request)
     res = make_response(jsonify(structure(status="ok", msg=_("browser_session_valid"))))
-    res.set_cookie("key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
+    res.set_cookie(
+        "key",
+        value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"],
+        httponly=True,
+        samesite="Lax",
+        secure=True,
+    )
     return res
 
 

nettacker/core/lib/socket.py

@@ -233,10 +233,12 @@ class SocketEngine(BaseEngine):
             return response
         if sub_step["method"] == "tcp_connect_send_and_receive":
             if response:
-                received_content = response["response"]
                 for condition in conditions:
                     regex = re.findall(
-                        re.compile(conditions[condition]["regex"]), received_content
+                        re.compile(conditions[condition]["regex"]),
+                        response["response"]
+                        if condition != "open_port"
+                        else str(response["peer_name"][1]),
                     )
                     reverse = conditions[condition]["reverse"]
                     condition_results[condition] = reverse_and_regex_condition(regex, reverse)

nettacker/locale/bn.yaml

@@ -107,3 +107,8 @@ username_list: ব্যবহারকারীর নাম(গুলি) ত
 verbose_mode: Verbose মোড স্তর (0-5) (ডিফল্ট 0)
 wrong_hardware_usage: "আপনি হার্ডওয়্যার ব্যবহারের জন্য এই প্রোফাইলগুলির একটি নির্বাচন করতে হবে। (নিম্ন, স্বাভাবিক, উচ্চ, সর্বাধিক)"
 invalid_scan_id: আপনার স্ক্যান আইডি বৈধ নয়
+compare_report_path_filename: "তুলনা রিপোর্ট সংরক্ষণের জন্য ফাইল পাথ"
+no_scan_to_compare: "তুলনা করার জন্য scan_id পাওয়া যায়নি"
+compare_report_saved: "তুলনা ফলাফল সংরক্ষিত হয়েছে: {0}"
+build_compare_report: "তুলনা রিপোর্ট তৈরি করা হচ্ছে"
+finish_build_report: "তুলনা রিপোর্ট সম্পূর্ণ হয়েছে"

nettacker/modules/scan/port.yaml

@@ -1028,7 +1028,7 @@ payloads:
           condition_type: or
           conditions:
             open_port:
-              regex: ""
+              regex: \d{{1,5}}
               reverse: false
 
             ftp: &ftp

tests/core/lib/test_socket.py

@@ -9,6 +9,10 @@ class Responses:
 
     tcp_connect_send_and_receive = {
         "response": 'HTTP/1.1 400 Bad Request\r\nServer: Apache/2.4.62 (Debian)\r\nContent-Length: 302\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n<hr>\n<address>Apache/2.4.62 (Debian)</address>\n</body></html>\n',
+        "peer_name": (
+            "127.0.0.1",
+            80,
+        ),
         "ssl_flag": True,
     }