From ce866c91910740dcb170157e844d3a09eb9b386e Mon Sep 17 00:00:00 2001 From: Avi Shah Date: Wed, 6 Nov 2024 20:13:07 +0530 Subject: [PATCH] add html formatting support in request response findings --- .../findings/vulnerable-api/index.ts | 163 +++-- app/utils/parse-vulnerable-api-finding.ts | 559 ++++++------------ package-lock.json | 11 +- package.json | 2 + .../parse-vulnerable-api-finding-test.js | 377 +++++++----- 5 files changed, 467 insertions(+), 645 deletions(-) diff --git a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts index 9878419d0..f334c2c11 100644 --- a/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts +++ b/app/components/file-details/vulnerability-analysis-details/findings/vulnerable-api/index.ts @@ -4,7 +4,10 @@ import { action } from '@ember/object'; import type IntlService from 'ember-intl/services/intl'; import type AnalysisModel from 'irene/models/analysis'; -import type { VulnerableApiFinding } from 'irene/utils/parse-vulnerable-api-finding'; +import { + indentHTML, + type VulnerableApiFinding, +} from 'irene/utils/parse-vulnerable-api-finding'; export interface FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiSignature { Element: HTMLDivElement; @@ -17,6 +20,7 @@ export interface FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableApiSig interface FormattedResult { value: string; isJSON?: boolean; + isHTML?: boolean; } interface VulnerabilityDetails { @@ -40,82 +44,34 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp } get currentVulnerabilityDetails() { - return [ - { - label: this.intl.t('url'), - value: this.url, - }, - { - label: this.intl.t('method'), - value: this.vulnerabilityRequest?.method, - }, - { - label: this.intl.t('severity'), - value: this.args.currentVulnerability?.severity, - }, - { - label: this.intl.t('confidence'), - value: this.args.currentVulnerability?.confidence, - }, - { - label: this.intl.t('issueDetails'), - value: this.args.currentVulnerability?.description, - }, - ]; - } - - get isRequestHeadersEmpty() { - const headers = this.vulnerabilityRequest?.headers; - - return headers && Object.keys(headers).length === 0; - } - - get isResponseHeadersEmpty() { - const headers = this.args.currentVulnerability?.response?.headers; - - return headers && Object.keys(headers).length === 0; - } - - get isRequestParamsEmpty() { - const params = this.vulnerabilityRequest?.params; - - return params && Object.keys(params).length === 0; - } - - get isRequestBodyEmpty() { - const body = this.vulnerabilityRequest?.body; - - return body === "''" || body === ''; - } - - get isResponseBodyEmpty() { - const body = this.vulnerabilityResponse?.text; - - return body === "''" || body === ''; - } - - get isRequestCookiesEmpty() { - const cookies = this.vulnerabilityRequest?.cookies; - - return cookies && Object.keys(cookies).length === 0; - } - - get isResponseCookiesEmpty() { - const cookies = this.vulnerabilityResponse?.cookies; - - return cookies && Object.keys(cookies).length === 0; - } - - get responseStatusCode() { - const statusCode = this.vulnerabilityResponse?.status_code; - - return this.intl.t('statusCode') + ': ' + statusCode; - } - - get responseMessage() { - const message = this.vulnerabilityResponse?.reason; - - return this.intl.t('message') + ': ' + message; + const currentVulnerability = this.args.currentVulnerability || {}; + + if (Object.keys(currentVulnerability).length !== 0) { + return [ + { + label: this.intl.t('url'), + value: this.url, + }, + { + label: this.intl.t('method'), + value: this.vulnerabilityRequest?.method, + }, + { + label: this.intl.t('severity'), + value: this.args.currentVulnerability?.severity, + }, + { + label: this.intl.t('confidence'), + value: this.args.currentVulnerability?.confidence, + }, + { + label: this.intl.t('issueDetails'), + value: this.args.currentVulnerability?.description, + }, + ]; + } else { + return []; + } } get url() { @@ -140,6 +96,19 @@ export default class FileDetailsVulnerabilityAnalysisDetailsFindingsVulnerableAp .replace(/(^['"])|(['"]$)/g, '') .replace(/\\n/g, '\n'); + // Check if it's HTML content + if ( + sanitizedString.includes('; - -/** - * Initializes a `VulnerableApiFinding` with default values. - * @returns A `VulnerableApiFinding` object with default values. - */ -function initializeVulnerableApiFinding(): VulnerableApiFinding { - return { - request: { - body: '', - headers: {}, - method: '', - params: {}, - url: '', - cookies: {}, - }, - response: { - headers: {}, - reason: '', - status_code: 0, - text: '', - url: '', - cookies: {}, - }, - severity: '', - confidence: '', - url: '', - description: '', - }; -} - /** * Determines if a given content string contains information indicative of a vulnerable API finding. * @param content - The content string to check. @@ -98,411 +68,214 @@ export function parseVulnerableApiFinding( content: string ): VulnerableApiFinding[] { const vulnerableApiFindings: VulnerableApiFinding[] = []; - const vulnerableApiFindingBlocks = splitVulnerableApiFindingIntoBlocks(content); vulnerableApiFindingBlocks.forEach((block) => { - const finding = parseVulnerableApiFindingBlock(block); + try { + const finding = parseVulnerableApiFindingBlock(block); - // Validate and push only if valid - if (isValidVulnerableApiFinding(finding)) { - vulnerableApiFindings.push(finding); + if (finding) { + vulnerableApiFindings.push(finding); + } + } catch (error) { + // Log error but continue processing other blocks + console.warn(`Failed to parse block: ${error}`); } }); return vulnerableApiFindings; } -/** - * Validates if a `VulnerableApiFinding` object is valid. - * @param finding - The `VulnerableApiFinding` object to validate. - * @returns `true` if the finding is valid, otherwise `false`. - */ -function isValidVulnerableApiFinding(finding: VulnerableApiFinding): boolean { - return !!(finding.severity || finding.confidence); -} - /** * Splits the content into blocks based on double or triple newlines. * @param content - The content to split. * @returns An array of strings, each representing a block of the content. */ function splitVulnerableApiFindingIntoBlocks(content: string): string[] { - return content.split(/\n{2,3}/); -} - -function handleBodyField( - key: string, - value: string, - lines: string[], - i: number -): { updatedBuffer: string; updatedIndex: number } { - let currentBuffer = value; - let nextIndex = i + 1; - - // Check if body value is a multi-line JSON or array - if ( - (value.startsWith("'{") && !value.endsWith("}'")) || - (value.startsWith("'[") && !value.endsWith("]'")) - ) { - // Keep reading lines until the closing quote - while ( - nextIndex < lines.length && - !(lines[nextIndex]?.includes("}'") || lines[nextIndex]?.includes("]'")) - ) { - currentBuffer += '\n' + lines[nextIndex]; - nextIndex++; - } - - // Add the final line with the closing quote if found - if (nextIndex < lines.length) { - currentBuffer += '\n' + lines[nextIndex]; - nextIndex++; - } - } - - return { updatedBuffer: currentBuffer, updatedIndex: nextIndex - 1 }; -} - -/** - * Parses a block of text into a `VulnerableApiFinding` object. - * @param block - The text block to parse. - * @returns A `VulnerableApiFinding` object parsed from the block. - */ -function parseVulnerableApiFindingBlock(block: string): VulnerableApiFinding { - const lines = block.split('\n'); - const finding = initializeVulnerableApiFinding(); - - let currentSection: VulnerabilityApiFindingSection = 'confidence'; - let currentBuffer: string | null = null; - let currentKey: string | null = null; - - // Process the first line separately to handle initial URL or description - processFirstLine(lines, finding); - - for (let i = 0; i < lines.length; i++) { - const line = lines[i] || ''; - const trimmedLine = line.trim(); - const parsedLine = parseLine(line); - - if (parsedLine) { - const [key, value] = parsedLine; - - if (currentKey && currentBuffer) { - // Update the previous key with the accumulated buffer - updateFindingField(finding, currentKey, currentBuffer, currentSection); - - currentBuffer = null; // Reset buffer after updating - currentKey = null; // Reset key after updating - } - - if (key) { - if (key === 'body') { - // Special handling for body field - const { updatedBuffer, updatedIndex } = handleBodyField( - key, - value, - lines, - i - ); - - currentBuffer = updatedBuffer; - i = updatedIndex; - currentKey = key; - - const { updatedSection } = updateVulnerableApiFinding( - finding, - key, - currentBuffer, - currentSection - ); - - if (updatedSection !== currentSection) { - currentSection = updatedSection; - } - } else { - // Normal key-value handling - const { updatedSection } = updateVulnerableApiFinding( - finding, - key, - value, - currentSection - ); - - // Update current section and headers - if (updatedSection !== currentSection) { - currentSection = updatedSection; - } - - currentKey = key; // Track the current key - currentBuffer = value; // Start accumulating value - } - } - } else if (currentBuffer) { - // Handle normal line continuations (non-body content) - if (line.match(/^\s{2,}/)) { - currentBuffer += ' ' + trimmedLine; - } else { - currentBuffer += '\n' + line; - } + const rawBlocks = content.split(/\n{2,3}/); + const validBlocks: string[] = []; + + for (const block of rawBlocks) { + const lines = block.split('\n'); + const firstLine = lines[0]; + const result = processFirstLine(firstLine); + + // Check if the block meets the criteria + const isValidBlock = result || firstLine?.startsWith('confidence:'); + + if (isValidBlock) { + // If it's a valid block, add it as a new entry + validBlocks.push(block); + } else if (validBlocks.length > 0) { + // If it's not a valid block, append it to the previous block + validBlocks[validBlocks.length - 1] += '\n' + block; + } else { + // If it's the first block and invalid, still add it to start the list + validBlocks.push(block); } } - // Finalize any remaining buffer - if (currentBuffer && currentKey) { - updateFindingField(finding, currentKey, currentBuffer, currentSection); - } - - return finding; -} - -/** - * Parses a single line of text into a key-value pair. - * @param line - The line of text to parse. - * @returns A tuple containing the key and value as strings, or `null` if the line cannot be parsed. - */ -function parseLine(line: string): [string, string] | null { - const [key, ...valueParts] = line.split(':'); - - if (!key) { - return null; - } - - // Split the line into key and value parts based on the first colon - const colonIndex = line.indexOf(':'); - - // If there's no colon, return null as it's not a valid key-value pair - if (colonIndex === -1) { - return null; - } - - const value = valueParts.join(':').trim(); - - return [key.trim().toLowerCase(), value]; + return validBlocks; } /** * Processes the first line of a block to set the description of the finding. * @param lines - The lines of the block. - * @param finding - The `VulnerableApiFinding` object to update. + * @param finding - The VulnerableApiFinding object to update. */ function processFirstLine( - lines: string[], - finding: VulnerableApiFinding -): void { - if (lines[0]) { - const firstLine = lines[0].trim(); - const colonIndex = firstLine.indexOf(': '); - const beforeColon = firstLine.substring(0, colonIndex).trim(); - - const genericUrlRegex = - /^(https?:\/\/)?([a-zA-Z0-9-]+\.)+[a-zA-Z0-9.-]+(:\d+)?(\/[^\s]*)?$/; - - const match = beforeColon.match(genericUrlRegex); - - if (match) { - finding.url = firstLine.substring(0, colonIndex).trim(); - } - - if (!firstLine.startsWith('confidence:') && colonIndex !== -1) { - finding.description = firstLine.substring(colonIndex + 2).trim(); - } + firstLine: string | undefined +): { description?: string; url?: string } | undefined { + if (!firstLine) { + return undefined; } -} -/** - * Updates the current section of the finding based on the key. - * @param key - The key indicating the section to update. - * @param currentSection - The current section of the finding. - * @returns The updated section of the finding. - */ -function updateSection( - key: string, - currentSection: VulnerabilityApiFindingSection -): VulnerabilityApiFindingSection { - const sectionMap: Record = { - request: 'request', - response: 'response', - headers: currentSection.startsWith('response') - ? 'response.headers' - : 'request.headers', - params: 'request.params', - severity: 'severity', - confidence: 'confidence', - url: currentSection.startsWith('response') ? 'response.url' : 'request.url', - method: 'request.method', - body: 'request.body', - text: 'response.text', - status_code: 'response.status_code', - reason: 'response.reason', - cookies: currentSection.startsWith('response') - ? 'response.cookies' - : 'request.cookies', - }; - - return sectionMap[key] || currentSection; -} + const colonIndex = firstLine.indexOf(': '); + const genericUrlRegex = + /^(https?:\/\/)?([a-zA-Z0-9-]+\.)+[a-zA-Z0-9.-]+(:\d+)?(\/[^\s]*)?$/; -/** - * Updates a specific field in the `VulnerableApiFinding` based on the current section. - * @param finding - The `VulnerableApiFinding` object to update. - * @param key - The key indicating the field to update. - * @param value - The value to set. - * @param currentSection - The current section of the finding. - */ -function updateFindingField( - finding: VulnerableApiFinding, - key: string, - value: string, - currentSection: VulnerabilityApiFindingSection -): void { - const isRequestSection = currentSection.startsWith('request'); - const isResponseSection = currentSection.startsWith('response'); - const isParamsSection = currentSection.startsWith('request.params'); - - if (key === 'body' && isRequestSection) { - finding.request.body = value; - } else if (key === 'url') { - if (isRequestSection || isParamsSection) { - finding.request.url = value; - } else if (isResponseSection) { - finding.response.url = value; - } - } else if (key === 'method' && isRequestSection) { - finding.request.method = value; - } else if (key === 'status_code' && isResponseSection) { - finding.response.status_code = Number(value); - } else if (key === 'reason' && isResponseSection) { - finding.response.reason = value; - } else if (key === 'text' && isResponseSection) { - finding.response.text = value; - } else if (key === 'severity') { - finding.severity = value; - } else if (key === 'confidence') { - finding.confidence = value; + if (colonIndex === -1) { + return; } -} -/** - * Updates the headers in the given section of the finding object. - * - * @param currentSection - The section of the finding to update, which can be either 'request.headers' or 'response.headers'. - * @param finding - The vulnerable API finding object. - * @param key - The header key to update or add. - * @param value - The value to set for the specified header key. - */ -function updateFindingHeaders( - currentSection: VulnerabilityApiFindingSection, - finding: VulnerableApiFinding, - key: string, - value: string -): void { - const currentHeaders = - currentSection === 'request.headers' - ? finding.request.headers - : currentSection === 'response.headers' - ? finding.response.headers - : null; - - if (currentHeaders) { - currentHeaders[key] = value; - } -} + const beforeColon = firstLine.substring(0, colonIndex).trim(); + const afterColon = firstLine.substring(colonIndex + 2).trim(); -/** - * Updates the cookies in the given section of the finding object. - * - * @param currentSection - The section of the finding to update, which can be either 'request.cookies' or 'response.cookies'. - * @param finding - The vulnerable API finding object. - * @param key - The cookie key to update or add. - * @param value - The value to set for the specified cookie key. - */ -function updateFindingCookies( - currentSection: VulnerabilityApiFindingSection, - finding: VulnerableApiFinding, - key: string, - value: string -): void { - const currentCookies = - currentSection === 'request.cookies' - ? finding.request.cookies - : currentSection === 'response.cookies' - ? finding.response.cookies - : null; - - if (currentCookies) { - currentCookies[key] = value; - } -} + // Check if 'beforeColon' matches the URL pattern + const urlMatch = genericUrlRegex.exec(beforeColon); -/** - * Updates the parameters in the request section of the finding object. - * - * @param currentSection - The section of the finding to update, which should be 'request.params'. - * @param finding - The vulnerable API finding object. - * @param key - The parameter key to update or add. - * @param value - The value to set for the specified parameter key. - */ -function updateFindingParams( - currentSection: VulnerabilityApiFindingSection, - finding: VulnerableApiFinding, - key: string, - value: string -): void { - const currentParams = - currentSection === 'request.params' ? finding.request.params : null; - - if (currentParams) { - currentParams[key] = value; + if (urlMatch) { + return { url: beforeColon, description: afterColon || undefined }; + } else { + return { description: afterColon }; } } /** - * Updates a field in a vulnerable API finding and returns the updated section. - * - * @param finding - The vulnerable API finding object to update. - * @param key - The key of the field to update. - * @param value - The new value for the specified field key. - * @param currentSection - The current section of the finding to update, which determines where the update occurs. - * @returns An object containing the updated section of the finding. + * Parses a block of text into a `VulnerableApiFinding` object. + * @param block - The text block to parse. + * @returns A `VulnerableApiFinding` object parsed from the block. */ -function updateVulnerableApiFinding( - finding: VulnerableApiFinding, - key: string, - value: string, - currentSection: VulnerabilityApiFindingSection -): { - updatedSection: VulnerabilityApiFindingSection; -} { - currentSection = updateSection(key, currentSection); - - // Handle empty objects for headers, cookies, and params - if ( - ['headers', 'cookies', 'params'].includes(key) && - (value === '' || value === '{}') - ) { - return { updatedSection: currentSection }; +function parseVulnerableApiFindingBlock( + block: string +): VulnerableApiFinding | null { + try { + // Extract the description (first line) and the rest of the YAML + const lines = block.split('\n'); + + // Process the first line to set the description and URL + const firstLine = processFirstLine(lines[0]); + + let yamlContent = lines.slice(1).join('\n'); + + yamlContent = yamlContent + .replace(/\\n/g, '\n') // Convert \n to newline + .replace(/\\r/g, '\r') // Convert \r to carriage return + .replace(/\\t/g, '\t'); // Convert \t to tab + + // Parse the YAML content + const parsed = yamlLoad(yamlContent) as Omit< + VulnerableApiFinding, + 'description' | 'url' + >; + + // Combine the description with the parsed YAML + const finalObject = { ...firstLine, ...parsed }; + + if (Object.keys(finalObject).length !== 0) { + return finalObject as VulnerableApiFinding; + } else { + return null; + } + } catch (error) { + throw new Error(`Failed to parse YAML content: ${error}`); } +} - updateFindingField(finding, key, value, currentSection); +export function indentHTML(html: string): string { + // Remove existing whitespace between tags + const formatted = html.trim().replace(/>\s+<'); + + // Track indentation level + let indent = 0; + const tab = ' '; // 2 spaces for indentation + let result = ''; + let inComment = false; + + // Elements that don't need newlines + const inlineElements = new Set([ + 'span', + 'em', + 'strong', + 'i', + 'b', + 'br', + 'img', + ]); + + // Process each character + for (let i = 0; i < formatted.length; i++) { + const char = formatted[i]; + + // Check for comment start + if (char === '<' && formatted.slice(i, i + 4) === '', i) + 3); + i = formatted.indexOf('-->', i) + 2; + continue; + } - // Handle headers separately based on the current section - if (currentSection.endsWith('headers')) { - updateFindingHeaders(currentSection, finding, key, value); - } + // Skip processing if we're in a comment + if (!inComment) { + // Handle opening tags + if (char === '<' && formatted[i + 1] !== '/') { + // Get tag name + let tagName = ''; + let j = i + 1; + while ( + j < formatted.length && + formatted[j] !== ' ' && + formatted[j] !== '>' + ) { + tagName += formatted[j]; + j++; + } - // Handle cookies separately based on the current section - if (currentSection.endsWith('cookies')) { - updateFindingCookies(currentSection, finding, key, value); - } + // Add newline and indent for block elements + if (!inlineElements.has(tagName.toLowerCase())) { + result += '\n' + tab.repeat(indent); + } + result += char; + indent++; + } + // Handle closing tags + else if (char === '<' && formatted[i + 1] === '/') { + indent--; + // Get tag name + let tagName = ''; + let j = i + 2; + while ( + j < formatted.length && + formatted[j] !== ' ' && + formatted[j] !== '>' + ) { + tagName += formatted[j]; + j++; + } - // Handle params separately based on the current section - if (currentSection.endsWith('params')) { - updateFindingParams(currentSection, finding, key, value); + // Add newline and indent for block elements + if (!inlineElements.has(tagName.toLowerCase())) { + result += '\n' + tab.repeat(indent); + } + result += char; + } + // Normal character + else { + result += char; + } + } } - return { - updatedSection: currentSection, - }; + return result; } diff --git a/package-lock.json b/package-lock.json index da2ebf3f3..7a03782db 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,6 +19,7 @@ "echarts": "^5.4.2", "ember-data-resources": "^5.2.1", "ember-websockets": "^10.2.1", + "js-yaml": "^4.1.0", "material-icons": "^1.11.6", "qrious": "^4.0.2", "swagger-ui": "^5.17.14" @@ -77,6 +78,7 @@ "@types/ember-qunit": "^6.1.1", "@types/ember-resolver": "^9.0.0", "@types/jquery": "^3.5.25", + "@types/js-yaml": "^4.0.9", "@types/qunit": "^2.19.10", "@types/rsvp": "^4.0.9", "@typescript-eslint/eslint-plugin": "^7.0.2", @@ -13963,6 +13965,12 @@ "@types/sizzle": "*" } }, + "node_modules/@types/js-yaml": { + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==", + "dev": true + }, "node_modules/@types/json-schema": { "version": "7.0.15", "license": "MIT" @@ -47242,7 +47250,8 @@ }, "node_modules/js-yaml": { "version": "4.1.0", - "license": "MIT", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", "dependencies": { "argparse": "^2.0.1" }, diff --git a/package.json b/package.json index 6994b7cf8..4571ce29a 100644 --- a/package.json +++ b/package.json @@ -88,6 +88,7 @@ "@types/ember-qunit": "^6.1.1", "@types/ember-resolver": "^9.0.0", "@types/jquery": "^3.5.25", + "@types/js-yaml": "^4.0.9", "@types/qunit": "^2.19.10", "@types/rsvp": "^4.0.9", "@typescript-eslint/eslint-plugin": "^7.0.2", @@ -197,6 +198,7 @@ "echarts": "^5.4.2", "ember-data-resources": "^5.2.1", "ember-websockets": "^10.2.1", + "js-yaml": "^4.1.0", "material-icons": "^1.11.6", "qrious": "^4.0.2", "swagger-ui": "^5.17.14" diff --git a/tests/unit/utils/parse-vulnerable-api-finding-test.js b/tests/unit/utils/parse-vulnerable-api-finding-test.js index 7ba4a568d..960d30c0f 100644 --- a/tests/unit/utils/parse-vulnerable-api-finding-test.js +++ b/tests/unit/utils/parse-vulnerable-api-finding-test.js @@ -13,28 +13,48 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) { const expectedObject1 = [ { + confidence: 'LOW', + description: + 'A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based Regex DoS attacks', + param: { + location: 'headers', + method: 'POST', + variables: [ + 'X-Apple-I-Md-M', + 'Content-Length', + 'X-Apple-I-Locale', + 'Accept', + 'Accept-Language', + 'Connection', + 'X-Apple-I-Md', + 'Accept-Encoding', + 'User-Agent', + 'X-Apple-I-Timezone', + 'X-Apple-I-Md-Rinfo', + 'X-Apple-I-Client-Time', + ], + }, request: { - body: "''", - cookies: {}, + body: '', headers: { - accept: "'*/*'", - 'accept-encoding': 'gzip, deflate, br', - 'accept-language': 'en-US,en;q=0.9', - connection: 'keep-alive', - 'content-length': "'0'", - host: 'p157-caldav.icloud.com:443', - 'user-agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', - 'x-apple-i-client-time': "'1111111111111111111111111111111112'", - 'x-apple-i-locale': 'en_US', - 'x-apple-i-md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', - 'x-apple-i-md-m': + Accept: '*/*', + 'Accept-Encoding': 'gzip, deflate, br', + 'Accept-Language': 'en-US,en;q=0.9', + Connection: 'keep-alive', + 'Content-Length': '0', + Host: 'p157-caldav.icloud.com:443', + 'User-Agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', + 'X-Apple-I-Client-Time': '1111111111111111111111111111111112', + 'X-Apple-I-Locale': 'en_US', + 'X-Apple-I-Md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', + 'X-Apple-I-Md-M': 'qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0', - 'x-apple-i-md-rinfo': "'50660608'", - 'x-apple-i-timezone': 'GMT+5:30', + 'X-Apple-I-Md-Rinfo': '50660608', + 'X-Apple-I-Timezone': 'GMT+5:30', }, method: 'POST', params: { - key: "'16304401481'", + key: '16304401481', token: 'b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268', }, @@ -42,39 +62,37 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) { }, response: { cookies: { + JSESSIONID: '0000gfnsEirGQB2UzBDCcDys4Un:1cca51vsg', + VSLEGFIA: + '022f6c2a0b-ee5b-4b5HFOjCLRz0fkRYfGDWsskj3PxhW1FT4PNCd2AqIl_uBPL0m1psk_DSBX0qcKCSGO7bY', + WC_PERSISTENT: + '6KqdTAXHThll4Ll8fMLSnpkpDZGTH2stmRKqWcNQfMk%3D%3B2024-07-31+16%3A19%3A53.785_1722457193785-8500_0', __cf_bm: 'irVbX8KLSRbQwNnUZzx8.wKUryCpolObw3OtCxlBWRA-1722457193-1.0.1.1-2fvHPIjkGdPENjQnGpZO4HVGW2RCipjQ5ogdRhtyTnw.JF8skFeoJhkWAa53BWdd.U850VGe.MACd6K9tTWf9A', - jsessionid: '0000gfnsEirGQB2UzBDCcDys4Un:1cca51vsg', src: 'app', - vslegfia: - '022f6c2a0b-ee5b-4b5HFOjCLRz0fkRYfGDWsskj3PxhW1FT4PNCd2AqIl_uBPL0m1psk_DSBX0qcKCSGO7bY', - wc_persistent: - '6KqdTAXHThll4Ll8fMLSnpkpDZGTH2stmRKqWcNQfMk%3D%3B2024-07-31+16%3A19%3A53.785_1722457193785-8500_0', }, headers: { - connection: 'keep-alive', - 'content-length': "'0'", - date: 'Mon, 15 Jul 2024 12:49:15 GMT', - server: 'AppleHttpServer/b866cf47a603', - 'x-apple-edge-response-time': "'0'", - 'x-apple-filtered-at-edge': "'true'", - 'x-apple-request-uuid': 'f3dcbfe2-9417-43ff-9e2d-d09071707eb6', + Connection: 'keep-alive', + 'Content-Length': '0', + Date: 'Mon, 15 Jul 2024 12:49:15 GMT', + Server: 'AppleHttpServer/b866cf47a603', + 'X-Apple-Edge-Response-Time': '0', + 'X-Apple-Filtered-At-Edge': 'true', + 'X-Apple-Request-UUID': 'f3dcbfe2-9417-43ff-9e2d-d09071707eb6', 'access-control-expose-headers': 'X-Apple-Request-UUID,Via', via: '631194250daa17e24277dea86cf30319:18042a2d519f8fe036a8b503c12ad658:usmes1', 'www-authenticate': 'X-MobileMe-AuthToken realm="MMCalDav", Basic realm="MMCalDav"', - 'x-apple-user-partition': "'157'", + 'x-apple-user-partition': '157', }, reason: 'Unauthorized', status_code: 401, - text: '\'{"storeConf":[{"assortment_enable":"true"}]}\'', + text: '{"storeConf":[{"assortment_enable":"true"}]}', url: 'https://p157-contacts.icloud.com:443/mm/sub?token=b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268&key=16304401481', + version: 11, }, severity: 'MEDIUM', - confidence: 'LOW', url: 'p157-contacts.icloud.com:443/mm/sub', - description: - 'A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based Regex DoS attacks', }, ]; @@ -83,161 +101,178 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) { const expectedObject2 = [ { - request: { - body: '', - cookies: {}, - headers: {}, - method: '', - params: {}, - url: '', - }, - response: { - headers: {}, - cookies: {}, - reason: '', - status_code: 0, - text: '', - url: '', - }, + description: 'TRACE is enabled in the webserver configuration', severity: 'LOW', - confidence: '', url: 'https://token.safebrowsing.apple:443/api/v1/google.json', - description: 'TRACE is enabled in the webserver configuration', }, ]; const content3 = - "p157-contacts.icloud.com:443/mm/sub: A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based SQL injection attacks\nconfidence: LOW\nparam:\n location: headers\n method: POST\n variables:\n - X-Apple-I-Md-M\n - Content-Length\n - X-Apple-I-Locale\n - Accept\n - Accept-Language\n - Connection\n - X-Apple-I-Md\n - Accept-Encoding\n - User-Agent\n - X-Apple-I-Timezone\n - X-Apple-I-Md-Rinfo\n - Host\n - X-Apple-I-Client-Time\nrequest:\n body: '{\"operationName\": \"GetAdhocTasks\", \"variables\": {\"driverId\": 3, \"startTime\": \"2024-09-02 14:00:00\", \"endTime\": \"2024-09-03 00:00:00\"}, \"query\": \"query GetAdhocTasks($driverId: Int, $endTime: String, $startTime: String) {\\n adhocTasks(driverId: $driverId, endTime: $endTime, startTime: $startTime) {\\n adhoctaskId\\n driverId\\n note\\n startTime\\n endDeadline\\n issueType\\n delayedTask\\n __typename\\n }\\n}\"}'\n headers:\n Accept: '*/*'\n Accept-Encoding: ; OR '1'='1'\n Accept-Language: en-US,en;q=0.9\n Connection: keep-alive\n Content-Length: '0'\n Host: p157-caldav.icloud.com:443\n User-Agent: iOS/16.7.5 (20H307) dataaccessd/1.0\n X-Apple-I-Client-Time: '2024-07-15T09:07:13Z'\n X-Apple-I-Locale: en_US\n X-Apple-I-Md: AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==\n X-Apple-I-Md-M: qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0\n X-Apple-I-Md-Rinfo: '50660608'\n X-Apple-I-Timezone: GMT+5:30\n method: POST\n params:\n catalogId: '10054'\n langId: '-1'\n name: assortment_enable\n responseFormat: json\n src: app\n url: https://qa2.hdsupplysolutions.com:443/wcs/resources/store/10051/hdsstore/storeconf\n url: https://p157-contacts.icloud.com:443/mm/sub\nresponse:\n cookies: {}\n headers:\n Connection: keep-alive\n Content-Length: '0'\n Date: Mon, 15 Jul 2024 12:50:17 GMT\n Server: AppleHttpServer/b866cf47a603\n X-Apple-Edge-Response-Time: '0'\n X-Apple-Filtered-At-Edge: 'true'\n X-Apple-Request-UUID: c411e3b6-c70a-4b50-acd5-b98c31521249\n access-control-expose-headers: X-Apple-Request-UUID,Via\n via: 631194250daa17e24277dea86cf30319:02caeb0e04ee373e250b945a1f576f08:usdal2\n www-authenticate: X-MobileMe-AuthToken realm=\"MMCalDav\", Basic realm=\"MMCalDav\"\n x-apple-user-partition: '157'\n reason: Unauthorized\n status_code: 401\n text: ''\n url: https://p157-contacts.icloud.com:443/mm/sub?token=b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268&key=16304401481\n version: 11\nseverity: MEDIUM\n\nconfidence: LOW\nparam:\n location: params\n method: POST\n variables:\n - token\n - key\nrequest:\n body: ''\n headers:\n Accept: '*/*'\n Accept-Encoding: gzip, deflate, br\n Accept-Language: en-US,en;q=0.9\n Connection: keep-alive\n Content-Length: '0'\n Host: p157-caldav.icloud.com:443\n User-Agent: iOS/16.7.5 (20H307) dataaccessd/1.0\n X-Apple-I-Client-Time: '2024-07-15T09:07:13Z'\n X-Apple-I-Locale: en_US\n X-Apple-I-Md: AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==\n X-Apple-I-Md-M: qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0\n X-Apple-I-Md-Rinfo: '50660608'\n X-Apple-I-Timezone: GMT+5:30\n method: POST\n params:\n key: '16304401481'\n token: ; OR '1'='1'\n url: https://p157-contacts.icloud.com:443/mm/sub\nresponse:\n cookies: {}\n headers:\n Connection: keep-alive\n Content-Length: '0'\n Date: Mon, 15 Jul 2024 12:50:18 GMT\n Server: AppleHttpServer/b866cf47a603\n X-Apple-Edge-Response-Time: '0'\n X-Apple-Filtered-At-Edge: 'true'\n X-Apple-Request-UUID: 05b1ac99-ee33-44ba-aa1d-f52499fdcd88\n access-control-expose-headers: X-Apple-Request-UUID,Via\n via: 631194250daa17e24277dea86cf30319:4253a6fbce6fc9cade45c5ab633577a5:usmes1\n www-authenticate: X-MobileMe-AuthToken realm=\"MMCalDav\", Basic realm=\"MMCalDav\"\n x-apple-user-partition: '157'\n reason: Unauthorized\n status_code: 401\n text: ''\n url: https://p157-contacts.icloud.com:443/mm/sub?token=%3B+OR+%271%27%3D%271%27&key=16304401481\n version: 11\nseverity: MEDIUM\n\n\n"; + "p157-contacts.icloud.com:443/mm/sub: A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based SQL injection attacks\nconfidence: LOW\nparam:\n location: headers\n method: POST\n variables:\n - X-Apple-I-Md-M\n - Content-Length\n - X-Apple-I-Locale\n - Accept\n - Accept-Language\n - Connection\n - X-Apple-I-Md\n - Accept-Encoding\n - User-Agent\n - X-Apple-I-Timezone\n - X-Apple-I-Md-Rinfo\n - Host\n - X-Apple-I-Client-Time\nrequest:\n body: '{\\\"operationName\\\": \\\"GetAdhocTasks\\\", \\\"variables\\\": {\\\"driverId\\\": 3, \\\"startTime\\\": \\\"2024-09-02 14:00:00\\\", \\\"endTime\\\": \\\"2024-09-03 00:00:00\\\"}, \\\"query\\\": \\\"query GetAdhocTasks($driverId: Int, $endTime: String, $startTime: String) {\\\\n adhocTasks(driverId: $driverId, endTime: $endTime, startTime: $startTime) {\\\\n adhoctaskId\\\\n driverId\\\\n note\\\\n startTime\\\\n endDeadline\\\\n issueType\\\\n delayedTask\\\\n __typename\\\\n }\\\\n}\\\"}'\n headers:\n Accept: '*/*'\n Accept-Encoding: ; OR '1'='1'\n Accept-Language: en-US,en;q=0.9\n Connection: keep-alive\n Content-Length: '0'\n Host: p157-caldav.icloud.com:443\n User-Agent: iOS/16.7.5 (20H307) dataaccessd/1.0\n X-Apple-I-Client-Time: '2024-07-15T09:07:13Z'\n X-Apple-I-Locale: en_US\n X-Apple-I-Md: AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==\n X-Apple-I-Md-M: qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0\n X-Apple-I-Md-Rinfo: '50660608'\n X-Apple-I-Timezone: GMT+5:30\n method: POST\n params:\n catalogId: '10054'\n langId: '-1'\n name: assortment_enable\n responseFormat: json\n src: app\n url: https://qa2.hdsupplysolutions.com:443/wcs/resources/store/10051/hdsstore/storeconf\n response:\n cookies: {}\n headers:\n Connection: keep-alive\n Content-Length: '0'\n Date: Mon, 15 Jul 2024 12:50:17 GMT\n Server: AppleHttpServer/b866cf47a603\n X-Apple-Edge-Response-Time: '0'\n X-Apple-Filtered-At-Edge: 'true'\n X-Apple-Request-UUID: c411e3b6-c70a-4b50-acd5-b98c31521249\n access-control-expose-headers: X-Apple-Request-UUID,Via\n via: 631194250daa17e24277dea86cf3002caeb0e04ee373e250b945a1f576f08\n x-apple-user-partition: '157'\n reason: Unauthorized\n status_code: 401\n text: ''\n url: https://p157-contacts.icloud.com:443/mm/sub?token=b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268&key=16304401481\nversion: 11\nseverity: MEDIUM\n\nconfidence: LOW\nparam:\n location: params\n method: POST\n variables:\n - token\n - key\nrequest:\n body: ''\n headers:\n Accept: '*/*'\n Accept-Encoding: gzip, deflate, br\n Accept-Language: en-US,en;q=0.9\n Connection: keep-alive\n Content-Length: '0'\n Host: p157-caldav.icloud.com:443\n User-Agent: iOS/16.7.5 (20H307) dataaccessd/1.0\n X-Apple-I-Client-Time: '2024-07-15T09:07:13Z'\n X-Apple-I-Locale: en_US\n X-Apple-I-Md: AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==\n X-Apple-I-Md-M: qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0\n X-Apple-I-Md-Rinfo: '50660608'\n X-Apple-I-Timezone: GMT+5:30\n method: POST\n params:\n key: '16304401481'\n token: ; OR '1'='1'\n url: https://p157-contacts.icloud.com:443/mm/sub\nresponse:\n cookies: {}\n headers:\n Connection: keep-alive\n Content-Length: '0'\n Date: Mon, 15 Jul 2024 12:50:18 GMT\n Server: AppleHttpServer/b866cf47a603\n X-Apple-Edge-Response-Time: '0'\n X-Apple-Filtered-At-Edge: 'true'\n X-Apple-Request-UUID: 05b1ac99-ee33-44ba-aa1d-f52499fdcd88\n access-control-expose-headers: X-Apple-Request-UUID,Via\n via: 631194250daa17e24277dea86cf30319:4253a6fbce6fc9cade45c5ab633577a5:usmes1\n www-authenticate: X-MobileMe-AuthToken realm=\\\"MMCalDav\\\", Basic realm=\\\"MMCalDav\\\"\n x-apple-user-partition: '157'\n reason: Unauthorized\n status_code: 401\n text: ''\\n url: https://p157-contacts.icloud.com:443/mm/sub?token=%3B+OR+%271%27%3D%271%27&key=16304401481\n version: 11\nseverity: MEDIUM"; const expectedObject3 = [ { + url: 'p157-contacts.icloud.com:443/mm/sub', + description: + 'A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based SQL injection attacks', + confidence: 'LOW', + param: { + location: 'headers', + method: 'POST', + variables: [ + 'X-Apple-I-Md-M', + 'Content-Length', + 'X-Apple-I-Locale', + 'Accept', + 'Accept-Language', + 'Connection', + 'X-Apple-I-Md', + 'Accept-Encoding', + 'User-Agent', + 'X-Apple-I-Timezone', + 'X-Apple-I-Md-Rinfo', + 'Host', + 'X-Apple-I-Client-Time', + ], + }, request: { - body: '\'{"operationName": "GetAdhocTasks", "variables": {"driverId": 3, "startTime": "2024-09-02 14:00:00", "endTime": "2024-09-03 00:00:00"}, "query": "query GetAdhocTasks($driverId: Int, $endTime: String, $startTime: String) {\\n adhocTasks(driverId: $driverId, endTime: $endTime, startTime: $startTime) {\\n adhoctaskId\\n driverId\\n note\\n startTime\\n endDeadline\\n issueType\\n delayedTask\\n __typename\\n }\\n}"}\'', - cookies: {}, + body: '{\\"operationName\\": \\"GetAdhocTasks\\", \\"variables\\": {\\"driverId\\": 3, \\"startTime\\": \\"2024-09-02 14:00:00\\", \\"endTime\\": \\"2024-09-03 00:00:00\\"}, \\"query\\": \\"query GetAdhocTasks($driverId: Int, $endTime: String, $startTime: String) {\\ adhocTasks(driverId: $driverId, endTime: $endTime, startTime: $startTime) {\\ adhoctaskId\\ driverId\\ note\\ startTime\\ endDeadline\\ issueType\\ delayedTask\\ __typename\\ }\\ }\\"}', headers: { - accept: "'*/*'", - 'accept-encoding': "; OR '1'='1'", - 'accept-language': 'en-US,en;q=0.9', - connection: 'keep-alive', - 'content-length': "'0'", - host: 'p157-caldav.icloud.com:443', - 'user-agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', - 'x-apple-i-client-time': "'2024-07-15T09:07:13Z'", - 'x-apple-i-locale': 'en_US', - 'x-apple-i-md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', - 'x-apple-i-md-m': + Accept: '*/*', + 'Accept-Encoding': "; OR '1'='1'", + 'Accept-Language': 'en-US,en;q=0.9', + Connection: 'keep-alive', + 'Content-Length': '0', + Host: 'p157-caldav.icloud.com:443', + 'User-Agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', + 'X-Apple-I-Client-Time': '2024-07-15T09:07:13Z', + 'X-Apple-I-Locale': 'en_US', + 'X-Apple-I-Md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', + 'X-Apple-I-Md-M': 'qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0', - 'x-apple-i-md-rinfo': "'50660608'", - 'x-apple-i-timezone': 'GMT+5:30', + 'X-Apple-I-Md-Rinfo': '50660608', + 'X-Apple-I-Timezone': 'GMT+5:30', }, method: 'POST', params: { - catalogid: "'10054'", - langid: "'-1'", + catalogId: '10054', + langId: '-1', name: 'assortment_enable', - responseformat: 'json', + responseFormat: 'json', src: 'app', }, - url: 'https://p157-contacts.icloud.com:443/mm/sub', - }, - response: { - headers: { - connection: 'keep-alive', - 'content-length': "'0'", - date: 'Mon, 15 Jul 2024 12:50:17 GMT', - server: 'AppleHttpServer/b866cf47a603', - 'x-apple-edge-response-time': "'0'", - 'x-apple-filtered-at-edge': "'true'", - 'x-apple-request-uuid': 'c411e3b6-c70a-4b50-acd5-b98c31521249', - 'access-control-expose-headers': 'X-Apple-Request-UUID,Via', - via: '631194250daa17e24277dea86cf30319:02caeb0e04ee373e250b945a1f576f08:usdal2', - 'www-authenticate': - 'X-MobileMe-AuthToken realm="MMCalDav", Basic realm="MMCalDav"', - 'x-apple-user-partition': "'157'", + url: 'https://qa2.hdsupplysolutions.com:443/wcs/resources/store/10051/hdsstore/storeconf', + response: { + cookies: {}, + headers: { + Connection: 'keep-alive', + 'Content-Length': '0', + Date: 'Mon, 15 Jul 2024 12:50:17 GMT', + Server: 'AppleHttpServer/b866cf47a603', + 'X-Apple-Edge-Response-Time': '0', + 'X-Apple-Filtered-At-Edge': 'true', + 'X-Apple-Request-UUID': 'c411e3b6-c70a-4b50-acd5-b98c31521249', + 'access-control-expose-headers': 'X-Apple-Request-UUID,Via', + via: '631194250daa17e24277dea86cf3002caeb0e04ee373e250b945a1f576f08', + 'x-apple-user-partition': '157', + }, + reason: 'Unauthorized', + status_code: 401, + text: '', + url: 'https://p157-contacts.icloud.com:443/mm/sub?token=b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268&key=16304401481', }, - cookies: {}, - reason: 'Unauthorized', - status_code: 401, - text: "''", - url: 'https://p157-contacts.icloud.com:443/mm/sub?token=b37163f4e3f63e20192b40e3bfe0ce293ba129f9706437f0dc0dce3e2bea9268&key=16304401481', }, + version: 11, severity: 'MEDIUM', - confidence: 'LOW', - url: 'p157-contacts.icloud.com:443/mm/sub', - description: - 'A response to one of our payload requests has taken too long compared to the baseline request. This could indicate a vulnerability to time-based SQL injection attacks', }, { + description: 'LOW', + param: { + location: 'params', + method: 'POST', + variables: ['token', 'key'], + }, request: { - body: "''", + body: '', headers: { - accept: "'*/*'", - 'accept-encoding': 'gzip, deflate, br', - 'accept-language': 'en-US,en;q=0.9', - connection: 'keep-alive', - 'content-length': "'0'", - host: 'p157-caldav.icloud.com:443', - 'user-agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', - 'x-apple-i-client-time': "'2024-07-15T09:07:13Z'", - 'x-apple-i-locale': 'en_US', - 'x-apple-i-md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', - 'x-apple-i-md-m': + Accept: '*/*', + 'Accept-Encoding': 'gzip, deflate, br', + 'Accept-Language': 'en-US,en;q=0.9', + Connection: 'keep-alive', + 'Content-Length': '0', + Host: 'p157-caldav.icloud.com:443', + 'User-Agent': 'iOS/16.7.5 (20H307) dataaccessd/1.0', + 'X-Apple-I-Client-Time': '2024-07-15T09:07:13Z', + 'X-Apple-I-Locale': 'en_US', + 'X-Apple-I-Md': 'AAAABQAAABD+t/oZrRyr0dQagkbgUyI3AAAAAw==', + 'X-Apple-I-Md-M': 'qKirfmb8fGttUzAtNOscrjefNSH3JW09VgFOjsxKbHYZeoFsqnHcTScIa6zrbXzkCyinChfXXcQZaME0', - 'x-apple-i-md-rinfo': "'50660608'", - 'x-apple-i-timezone': 'GMT+5:30', + 'X-Apple-I-Md-Rinfo': '50660608', + 'X-Apple-I-Timezone': 'GMT+5:30', }, - cookies: {}, method: 'POST', params: { - key: "'16304401481'", + key: '16304401481', token: "; OR '1'='1'", }, url: 'https://p157-contacts.icloud.com:443/mm/sub', }, response: { + cookies: {}, headers: { - connection: 'keep-alive', - 'content-length': "'0'", - date: 'Mon, 15 Jul 2024 12:50:18 GMT', - server: 'AppleHttpServer/b866cf47a603', - 'x-apple-edge-response-time': "'0'", - 'x-apple-filtered-at-edge': "'true'", - 'x-apple-request-uuid': '05b1ac99-ee33-44ba-aa1d-f52499fdcd88', + Connection: 'keep-alive', + 'Content-Length': '0', + Date: 'Mon, 15 Jul 2024 12:50:18 GMT', + Server: 'AppleHttpServer/b866cf47a603', + 'X-Apple-Edge-Response-Time': '0', + 'X-Apple-Filtered-At-Edge': 'true', + 'X-Apple-Request-UUID': '05b1ac99-ee33-44ba-aa1d-f52499fdcd88', 'access-control-expose-headers': 'X-Apple-Request-UUID,Via', via: '631194250daa17e24277dea86cf30319:4253a6fbce6fc9cade45c5ab633577a5:usmes1', 'www-authenticate': - 'X-MobileMe-AuthToken realm="MMCalDav", Basic realm="MMCalDav"', - 'x-apple-user-partition': "'157'", + 'X-MobileMe-AuthToken realm=\\"MMCalDav\\", Basic realm=\\"MMCalDav\\"', + 'x-apple-user-partition': '157', }, - cookies: {}, reason: 'Unauthorized', status_code: 401, - text: "''", + text: '', url: 'https://p157-contacts.icloud.com:443/mm/sub?token=%3B+OR+%271%27%3D%271%27&key=16304401481', + version: 11, }, severity: 'MEDIUM', - confidence: 'LOW', - url: '', - description: '', }, ]; const content4 = - 'mobile.useinsider.com:443/api/v3/session/start: The time elapsed between the sending of the request and the arrival of the response exceeds the expected amount of time, suggesting a vulnerability to command injection attacks.\nconfidence: MEDIUM\nparam:\n location: headers\n method: POST\n variables:\n - Accept\n - Content-Type\n - Accept-Language\n - Host\n - Content-Length\n - Connection\n - Accept-Encoding\n - User-Agent\n - Ts\nrequest:\n body: \'{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled":\n false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7",\n "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name":\n "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}\'\n headers:\n Accept: \'*/*\'\n Accept-Encoding: gzip, deflate, br\n Ts: \'1717657521\'\n User-Agent: Liv/666 CFNetwork/1410.1 Darwin/22.6.0\n method: POST\n params: {}\n url: https://mobile.useinsider.com:443/api/v3/session/start\nresponse:\n cookies:\n __cf_bm: Y344vnTG2lq7wTlqEMFGsTIQ3PlYUFLpHkTrqTVlEzI-1717659521-1.0.1.1-mYaqUeGWUgRuX6qX3QSTYeBDLGEiWy7QvsPT.m.V81ZZla2e22iXwUZND2QPqL4Cv2r0yvmQuigDf0_Y_dAx8A\n headers:\n CF-RAY: 88f6be8aaa872258-ORD\n Cache-Control: private,\n Vary: Accept-Encoding\n X-Frame-Options: SAMEORIGIN\n reason: Forbidden\n status_code: 403\n text: "\\uFFFD(\\uFFFD\\0 \\uFFFDM"'; + 'mobile.useinsider.com:443/api/v3/session/start: The time elapsed between the sending of the request and the arrival of the response exceeds the expected amount of time, suggesting a vulnerability to command injection attacks.\nconfidence: MEDIUM\nparam:\n location: headers\n method: POST\n variables:\n - Accept\n - Content-Type\n - Accept-Language\n - Host\n - Content-Length\n - Connection\n - Accept-Encoding\n - User-Agent\n - Ts\nrequest:\n body: \'{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled":\n false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7",\n "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name":\n "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}\'\n headers:\n Accept: \'*/*\'\n Accept-Encoding: gzip, deflate, br\n Ts: \'1717657521\'\n User-Agent: Liv/666 CFNetwork/1410.1 Darwin/22.6.0\n method: POST\n params: {}\n url: https://mobile.useinsider.com:443/api/v3/session/start\nresponse:\n cookies:\n __cf_bm: Y344vnTG2lq7wTlqEMFGsTIQ3PlYUFLpHkTrqTVlEzI-1717659521-1.0.1.1-mYaqUeGWUgRuX6qX3QSTYeBDLGEiWy7QvsPT.m.V81ZZla2e22iXwUZND2QPqL4Cv2r0yvmQuigDf0_Y_dAx8A\n headers:\n CF-RAY: 88f6be8aaa872258-ORD\n Cache-Control: private,\n Vary: Accept-Encoding\n X-Frame-Options: SAMEORIGIN\n reason: Forbidden\n status_code: 403\n text: ""'; const expectedObject4 = [ { confidence: 'MEDIUM', description: 'The time elapsed between the sending of the request and the arrival of the response exceeds the expected amount of time, suggesting a vulnerability to command injection attacks.', + param: { + location: 'headers', + method: 'POST', + variables: [ + 'Accept', + 'Content-Type', + 'Accept-Language', + 'Host', + 'Content-Length', + 'Connection', + 'Accept-Encoding', + 'User-Agent', + 'Ts', + ], + }, request: { - body: '\'{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled":\n false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7",\n "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name":\n "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}\'', - cookies: {}, + body: '{"insider_id": "53B4EFCC2CFD40AAA5BF73B303F90BEB", "device_info": {"location_enabled": false, "app_version": "5.6.0", "push_enabled": false, "os_version": "16.7.7", "battery": 100, "sdk_version": "13.0.0", "connection": "wifi"}, "partner_name": "nbdliv", "calledDueToInsiderIdChange": false, "first_run": true, "udid": "53B4EFCC2CFD40AAA5BF73B303F90BEB"}', headers: { - accept: "'*/*'", - 'accept-encoding': 'gzip, deflate, br', - ts: "'1717657521'", - 'user-agent': 'Liv/666 CFNetwork/1410.1 Darwin/22.6.0', + Accept: '*/*', + 'Accept-Encoding': 'gzip, deflate, br', + Ts: '1717657521', + 'User-Agent': 'Liv/666 CFNetwork/1410.1 Darwin/22.6.0', }, method: 'POST', params: {}, @@ -249,44 +284,56 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) { 'Y344vnTG2lq7wTlqEMFGsTIQ3PlYUFLpHkTrqTVlEzI-1717659521-1.0.1.1-mYaqUeGWUgRuX6qX3QSTYeBDLGEiWy7QvsPT.m.V81ZZla2e22iXwUZND2QPqL4Cv2r0yvmQuigDf0_Y_dAx8A', }, headers: { - 'cache-control': 'private,', - 'cf-ray': '88f6be8aaa872258-ORD', - vary: 'Accept-Encoding', - 'x-frame-options': 'SAMEORIGIN', + 'CF-RAY': '88f6be8aaa872258-ORD', + 'Cache-Control': 'private,', + Vary: 'Accept-Encoding', + 'X-Frame-Options': 'SAMEORIGIN', }, reason: 'Forbidden', status_code: 403, - text: '"\\uFFFD(\\uFFFD\\0 \\uFFFDM"', - url: '', + text: '', }, - severity: '', url: 'mobile.useinsider.com:443/api/v3/session/start', }, ]; const content5 = - 'mobile-collector.newrelic.com:443/mobile/v3/data: The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks\nconfidence: LOW\nparam:\n location: headers\n method: POST\n variables:\n - Connection\n - Content-Length\n - Content-Type\n - User-Agent\n - Content-Encoding\n - Accept-Encoding\n - X-Newrelic-Connect-Time\nrequest:\n body: \'[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0",\n "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform":\n "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"},\n {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375,\n "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]\'\n headers:\n Accept-Encoding: gzip\n Connection: Keep-Alive\n Content-Encoding: identity\n Content-Length: \'358\'\n Content-Type: application/json\n Host: mobile-collector.newrelic.com:443\n User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Mi A2 Build/QQ3A.200805.001)\n X-App-License-Key: AAa728a7f147e1cf95a25a315203d656a36f602257-NRMA\n X-Newrelic-Connect-Time: \'*!@#$^&()[]{}|.,"\\\'\'/\'\'\'\'"\'\n method: POST\n params: {}\n url: https://mobile-collector.newrelic.com:443/mobile/v3/data\nresponse:\n cookies: {}\n headers:\n CF-Cache-Status: DYNAMIC\n CF-Ray: 89e502ccbbcbc5cb-ORD\n Connection: keep-alive\n Content-Length: \'2\'\n Content-Type: application/json; charset=UTF-8\n Date: Fri, 05 Jul 2024 05:38:48 GMT\n Server: cloudflare\n Vary: Accept-Encoding\n reason: OK\n status_code: 200\n text: \'{}\''; + 'mobile-collector.newrelic.com:443/mobile/v3/data: The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks\nconfidence: LOW\nparam:\n location: headers\n method: POST\n variables:\n - Connection\n - Content-Length\n - Content-Type\n - User-Agent\n - Content-Encoding\n - Accept-Encoding\n - X-Newrelic-Connect-Time\nrequest:\n body: \'[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0",\n "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform":\n "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"},\n {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375,\n "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]\'\n headers:\n Accept-Encoding: gzip\n Connection: Keep-Alive\n Content-Encoding: identity\n Content-Length: \\\'358\\\'\n Content-Type: application/json\n Host: mobile-collector.newrelic.com:443\n User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Mi A2 Build/QQ3A.200805.001)\n X-App-License-Key: AAa728a7f147e1cf95a25a315203d656a36f602257-NRMA\n X-Newrelic-Connect-Time: \\\'*!@#$^&()[]{}|.,"\\\\\\\'\\\'/\\\'\\\'\\\'\\\'"\\\'\n method: POST\n params: {}\n url: https://mobile-collector.newrelic.com:443/mobile/v3/data\nresponse:\n cookies: {}\n headers:\n CF-Cache-Status: DYNAMIC\n CF-Ray: 89e502ccbbcbc5cb-ORD\n Connection: keep-alive\n Content-Length: \\\'2\\\'\n Content-Type: application/json; charset=UTF-8\n Date: Fri, 05 Jul 2024 05:38:48 GMT\n Server: cloudflare\n Vary: Accept-Encoding\n reason: OK\n status_code: 200\n text: "Error

Sorry, something went wrong.

We're working on\\\n \\ getting this fixed as soon as we can.

Go back

Meta © 2024 · Help
"\n method: POST\n params: {}\n url: https://mobile-collector.newrelic.com:443/mobile/v3/data\n version: 11\nseverity: LOW\n'; const expectedObject5 = [ { - confidence: 'LOW', + url: 'mobile-collector.newrelic.com:443/mobile/v3/data', description: 'The difference in length between the response to the baseline request and the request returned when sending an attack string exceeds 1000.0 percent, which could indicate a vulnerability to injection attacks', + confidence: 'LOW', + param: { + location: 'headers', + method: 'POST', + variables: [ + 'Connection', + 'Content-Length', + 'Content-Type', + 'User-Agent', + 'Content-Encoding', + 'Accept-Encoding', + 'X-Newrelic-Connect-Time', + ], + }, request: { - body: '\'[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0",\n "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform":\n "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"},\n {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375,\n "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]\'', - cookies: {}, + body: '[[482998014, 594496047], ["Android", "10", "Mi A2", "AndroidAgent", "6.9.0", "b36f41b0-37ae-4a68-9a54-d860c6876323", "", "", "Xiaomi", {"size": "normal", "platform": "Native", "platformVersion": "6.9.0"}], 0.0, [], [[{"scope": "", "name": "Memory/Used"}, {"count": 1, "total": 76.3740234375, "min": 76.3740234375, "max": 76.3740234375, "sum_of_squares": 5832.991456031799}]], [], [], [], {}, []]', headers: { - 'accept-encoding': 'gzip', - connection: 'Keep-Alive', - 'content-encoding': 'identity', - 'content-length': "'358'", - 'content-type': 'application/json', - host: 'mobile-collector.newrelic.com:443', - 'user-agent': + 'Accept-Encoding': 'gzip', + Connection: 'Keep-Alive', + 'Content-Encoding': 'identity', + 'Content-Length': "\\'358\\'", + 'Content-Type': 'application/json', + Host: 'mobile-collector.newrelic.com:443', + 'User-Agent': 'Dalvik/2.1.0 (Linux; U; Android 10; Mi A2 Build/QQ3A.200805.001)', - 'x-app-license-key': + 'X-App-License-Key': 'AAa728a7f147e1cf95a25a315203d656a36f602257-NRMA', - 'x-newrelic-connect-time': "'*!@#$^&()[]{}|.,\"\\''/''''\"'", + 'X-Newrelic-Connect-Time': + "\\'*!@#$^&()[]{}|.,\"\\\\\\'\\'/\\'\\'\\'\\'\"\\'", }, method: 'POST', params: {}, @@ -295,22 +342,24 @@ module('Unit | Utility | parse-vulnerable-api-finding', function (hooks) { response: { cookies: {}, headers: { - 'cf-cache-status': 'DYNAMIC', - 'cf-ray': '89e502ccbbcbc5cb-ORD', - connection: 'keep-alive', - 'content-length': "'2'", - 'content-type': 'application/json; charset=UTF-8', - date: 'Fri, 05 Jul 2024 05:38:48 GMT', - server: 'cloudflare', - vary: 'Accept-Encoding', + 'CF-Cache-Status': 'DYNAMIC', + 'CF-Ray': '89e502ccbbcbc5cb-ORD', + Connection: 'keep-alive', + 'Content-Length': "\\'2\\'", + 'Content-Type': 'application/json; charset=UTF-8', + Date: 'Fri, 05 Jul 2024 05:38:48 GMT', + Server: 'cloudflare', + Vary: 'Accept-Encoding', }, reason: 'OK', status_code: 200, - text: "'{}'", - url: '', + text: 'Error

Sorry, something went wrong.

We're working on getting this fixed as soon as we can.

Go back

', + method: 'POST', + params: {}, + url: 'https://mobile-collector.newrelic.com:443/mobile/v3/data', + version: 11, }, - severity: '', - url: 'mobile-collector.newrelic.com:443/mobile/v3/data', + severity: 'LOW', }, ];