Merge branch 'master' into dependabot/pip/aiohttp-3.11.11

2025-01-13 21:15:53 +00:00 · 2025-01-13 21:15:53 +00:00 · b93edd41df
parent 3f34029276 1463af88bc
commit b93edd41df
5 changed files with 55 additions and 4 deletions
--- a/nettacker/api/engine.py
+++ b/nettacker/api/engine.py
@ -11,6 +11,7 @@ from types import SimpleNamespace
 from flask import Flask, jsonify
 from flask import request as flask_request
 from flask import render_template, abort, Response, make_response
+from werkzeug.utils import secure_filename

 from nettacker import logger
 from nettacker.api.core import (
@ -47,6 +48,7 @@ log = logger.get_logger()
 app = Flask(__name__, template_folder=str(Config.path.web_static_dir))
 app.config.from_object(__name__)

+nettacker_path_config = Config.path
 nettacker_application_config = Config.settings.as_dict()
 nettacker_application_config.update(Config.api.as_dict())
 del nettacker_application_config["api_access_key"]
@ -191,6 +193,33 @@ def index():
    )


+def sanitize_report_path_filename(report_path_filename):
+    """
+    sanitize the report_path_filename
+
+    Args:
+        report_path_filename: the report path filename
+
+    Returns:
+        the sanitized report path filename
+    """
+    filename = secure_filename(os.path.basename(report_path_filename))
+    if not filename:
+        return False
+    # Define a list or tuple of valid extensions
+    VALID_EXTENSIONS = (".html", ".htm", ".txt", ".json", ".csv")
+    if "." in filename:
+        if filename.endswith(VALID_EXTENSIONS):
+            safe_report_path = nettacker_path_config.results_dir / filename
+        else:
+            return False
+    else:
+        safe_report_path = nettacker_path_config.results_dir / filename
+    if not safe_report_path.is_relative_to(nettacker_path_config.results_dir):
+        return False
+    return safe_report_path
+
+
@app.route("/new/scan", methods=["GET", "POST"])
 def new_scan():
    """
@ -201,6 +230,11 @@ def new_scan():
    """
    api_key_is_valid(app, flask_request)
    form_values = dict(flask_request.form)
+    raw_report_path_filename = form_values.get("report_path_filename")
+    report_path_filename = sanitize_report_path_filename(raw_report_path_filename)
+    if not report_path_filename:
+        return jsonify(structure(status="error", msg="Invalid report filename")), 400
+    form_values["report_path_filename"] = str(report_path_filename)
    for key in nettacker_application_config:
        if key not in form_values:
            form_values[key] = nettacker_application_config[key]
@ -273,7 +307,13 @@ def session_set():
    """
    api_key_is_valid(app, flask_request)
    res = make_response(jsonify(structure(status="ok", msg=_("browser_session_valid"))))
-    res.set_cookie("key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
+    res.set_cookie(
+        "key",
+        value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"],
+        httponly=True,
+        samesite="Lax",
+        secure=True,
+    )
    return res


--- a/nettacker/core/lib/socket.py
+++ b/nettacker/core/lib/socket.py
@ -233,10 +233,12 @@ class SocketEngine(BaseEngine):
            return response
        if sub_step["method"] == "tcp_connect_send_and_receive":
            if response:
-                received_content = response["response"]
                for condition in conditions:
                    regex = re.findall(
-                        re.compile(conditions[condition]["regex"]), received_content
+                        re.compile(conditions[condition]["regex"]),
+                        response["response"]
+                        if condition != "open_port"
+                        else str(response["peer_name"][1]),
                    )
                    reverse = conditions[condition]["reverse"]
                    condition_results[condition] = reverse_and_regex_condition(regex, reverse)
--- a/nettacker/locale/bn.yaml
+++ b/nettacker/locale/bn.yaml
@ -107,3 +107,8 @@ username_list: ব্যবহারকারীর নাম(গুলি) ত
 verbose_mode: Verbose মোড স্তর (0-5) (ডিফল্ট 0)
 wrong_hardware_usage: "আপনি হার্ডওয়্যার ব্যবহারের জন্য এই প্রোফাইলগুলির একটি নির্বাচন করতে হবে। (নিম্ন, স্বাভাবিক, উচ্চ, সর্বাধিক)"
 invalid_scan_id: আপনার স্ক্যান আইডি বৈধ নয়
+compare_report_path_filename: "তুলনা রিপোর্ট সংরক্ষণের জন্য ফাইল পাথ"
+no_scan_to_compare: "তুলনা করার জন্য scan_id পাওয়া যায়নি"
+compare_report_saved: "তুলনা ফলাফল সংরক্ষিত হয়েছে: {0}"
+build_compare_report: "তুলনা রিপোর্ট তৈরি করা হচ্ছে"
+finish_build_report: "তুলনা রিপোর্ট সম্পূর্ণ হয়েছে"
--- a/nettacker/modules/scan/port.yaml
+++ b/nettacker/modules/scan/port.yaml
@ -1028,7 +1028,7 @@ payloads:
          condition_type: or
          conditions:
            open_port:
-              regex: ""
+              regex: \d{{1,5}}
              reverse: false

            ftp: &ftp
--- a/tests/core/lib/test_socket.py
+++ b/tests/core/lib/test_socket.py
@ -9,6 +9,10 @@ class Responses:

    tcp_connect_send_and_receive = {
        "response": 'HTTP/1.1 400 Bad Request\r\nServer: Apache/2.4.62 (Debian)\r\nContent-Length: 302\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n<hr>\n<address>Apache/2.4.62 (Debian)</address>\n</body></html>\n',
+        "peer_name": (
+            "127.0.0.1",
+            80,
+        ),
        "ssl_flag": True,
    }