Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| assert canary_subdomain.endswith(".example.com"), ( | ||
| f"Subdomain canary doesn't end with basehost: {canary_subdomain}" | ||
| ) | ||
| assert "-test.example.com" in canary_mutation, ( |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
The fix is to replace the substring check " -test.example.com" in canary_mutation with a more precise hostname validation. Since canary_mutation is intended as a hostname or domain, and we want to ensure it correctly ends with -test.example.com rather than appearing at any arbitrary position, we should parse (or treat) it as a domain name and use the .endswith() method. This would check that canary_mutation is a domain with the required suffix, so only validly-structured canary hosts would pass the test.
The change should occur in bbot/test/test_step_2/module_tests/test_module_virtualhost.py, around line 470, inside the check method of TestVirtualhostHTTPSLogic. No additional imports are needed, as string logic is sufficient here.
| @@ -467,8 +467,8 @@ | ||
| assert canary_subdomain.endswith(".example.com"), ( | ||
| f"Subdomain canary doesn't end with basehost: {canary_subdomain}" | ||
| ) | ||
| assert "-test.example.com" in canary_mutation, ( | ||
| f"Mutation canary doesn't contain expected pattern: {canary_mutation}" | ||
| assert canary_mutation.endswith("-test.example.com"), ( | ||
| f"Mutation canary doesn't end with expected pattern: {canary_mutation}" | ||
| ) | ||
| assert canary_random.endswith(".com"), f"Random canary doesn't end with .com: {canary_random}" | ||
|
|
# Conflicts: # bbot/test/test_step_1/test_presets.py
liquidsec
force-pushed
the
asn-as-targets
branch
2 times, most recently
from
a65a347 to
344130e
Compare
Resolve conflicts taking asn-as-targets as source of truth. Move bake()+init into Scanner.__init__ (sync bake). Convert generic_ssrf from VULNERABILITY to FINDING event type. Fix virtualhost test to check FINDING instead of VULNERABILITY. Keep generic_ssrf module (deleted on asn-as-targets, restored here).
Reset the global asndb_client after cleanup so subsequent ASNDB() calls create a fresh client instead of returning a closed one.
# Conflicts: # bbot/test/test_step_1/test_python_api.py # docs/data/chord_graph/entities.json # docs/data/chord_graph/rels.json # docs/modules/list_of_modules.md # docs/scanning/advanced.md # docs/scanning/configuration.md # docs/scanning/events.md # docs/scanning/index.md # docs/scanning/presets_list.md
…HostEvent - virtualhost: replace removed flags (aggressive, deadly) with loud - generic_ssrf: event.data → event.url, aggressive → invasive, web-thorough → web-heavy - waf_bypass: VULNERABILITY → FINDING, event.data → event.url, add name/confidence fields, web-thorough → web-heavy - test_module_waf_bypass: VULNERABILITY → FINDING in assertions
2 participants
No description provided.