From 40d2729213134e079fb72bc684ccf72eb6865b61 Mon Sep 17 00:00:00 2001
From: PiranhaSa <saad@ostorlab.dev>
Date: Mon, 22 Jan 2024 10:33:03 +0100
Subject: [PATCH] fix comments

---
 agent/exploits/cve_2023_49897.py      | 16 +++++++++-------
 tests/exploits/cve_2023_49897_test.py |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/agent/exploits/cve_2023_49897.py b/agent/exploits/cve_2023_49897.py
index 80189b5f..226032c9 100644
--- a/agent/exploits/cve_2023_49897.py
+++ b/agent/exploits/cve_2023_49897.py
@@ -4,6 +4,7 @@
 import requests
 from ostorlab.agent.kb import kb
 from ostorlab.agent.mixins import agent_report_vulnerability_mixin
+from packaging import version
 from requests import exceptions as requests_exceptions
 
 from agent import definitions
@@ -19,6 +20,7 @@
 
 DEFAULT_TIMEOUT = 90
 MAX_REDIRECTS = 2
+UPPER_VULNERABLE_VERSION = version.parse("2.0.9")
 HEADERS = {
     "Content-Type": "application/x-www-form-urlencoded",
     "Cookie": "cookieno=489646; username=admin; password=admin",
@@ -37,7 +39,6 @@ def __init__(self) -> None:
         self.session.verify = False
 
     def accept(self, target: definitions.Target) -> bool:
-        target_uri = f"{target.scheme}://{target.host}:{target.port}"
         data = {
             "username_input": "admin",
             "password_input": "admin",
@@ -48,23 +49,24 @@ def accept(self, target: definitions.Target) -> bool:
         }
         try:
             self.session.post(
-                target_uri + "/cgi-bin/login.apply",
+                target.origin + "/cgi-bin/login.apply",
                 headers=HEADERS,
                 data=data,
                 timeout=DEFAULT_TIMEOUT,
             )
             response = self.session.get(
-                target_uri + "/main_top.htm", headers=HEADERS, timeout=DEFAULT_TIMEOUT
+                target.origin + "/main_top.htm",
+                headers=HEADERS,
+                timeout=DEFAULT_TIMEOUT,
             )
             return response.status_code == 200 and "logout" in response.text
         except requests_exceptions.RequestException:
             return False
 
     def check(self, target: definitions.Target) -> list[definitions.Vulnerability]:
-        target_uri = f"{target.scheme}://{target.host}:{target.port}"
         try:
             response = self.session.get(
-                target_uri + "/cgi-bin/runtime?system_status",
+                target.origin + "/cgi-bin/runtime?system_status",
                 headers=HEADERS,
                 timeout=DEFAULT_TIMEOUT,
             )
@@ -72,8 +74,8 @@ def check(self, target: definitions.Target) -> list[definitions.Vulnerability]:
                 pattern = re.compile(r"firmware_version=(\d+\.\d+\.\d+)")
                 match = pattern.search(response.text)
                 if match is not None:
-                    firmware_version = match.group(1)
-                    if firmware_version <= "2.0.9":
+                    firmware_version = version.parse(match.group(1))
+                    if firmware_version <= UPPER_VULNERABLE_VERSION:
                         vulnerability = self._create_vulnerability(target)
                         return [vulnerability]
         except requests.exceptions.RequestException:
diff --git a/tests/exploits/cve_2023_49897_test.py b/tests/exploits/cve_2023_49897_test.py
index 2eb1ed1d..9e532842 100644
--- a/tests/exploits/cve_2023_49897_test.py
+++ b/tests/exploits/cve_2023_49897_test.py
@@ -14,7 +14,7 @@
 system.general.hardware.version=R01
 bootcode_info=U-Boot_1.1.4_1.2
 version_bootcode=1.2
-firmware_version=2.0.10
+firmware_version=2.0.9
 system.general.model_name=AE1021PE
 system.general.mode=bridge
 wifi.general.CountryCode=JP