Skip to content

Commit

Permalink
Use consts instead of properties
Browse files Browse the repository at this point in the history
  • Loading branch information
ostorlab committed Nov 13, 2023
1 parent 278fb4a commit 62e5055
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 39 deletions.
20 changes: 1 addition & 19 deletions agent/definitions.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,30 +20,12 @@ class Vulnerability:
class BaseExploit(abc.ABC):
"""Base Exploit"""

@property
@abc.abstractmethod
def vulnerability_title(self) -> str:
"""Vulnerability title"""
pass

@property
@abc.abstractmethod
def vulnerability_reference(self) -> str:
"""Vulnerability reference (ie. CVE)"""
pass

@property
@abc.abstractmethod
def vulnerability_description(self) -> str:
"""Vulnerability description"""
pass

@abc.abstractmethod
def accept(self) -> bool:
pass

@abc.abstractmethod
def check(self) -> list[Vulnerability] | None:
def check(self) -> list[Vulnerability]:
"""Rule to detect specific vulnerability on a specific target.
Args:
Expand Down
37 changes: 17 additions & 20 deletions agent/exploits/cve_2021_22941.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,24 +27,18 @@ class Exploit(definitions.BaseExploit):
CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller
"""

VULNERABILITY_TITLE = (
"Improper Access Control in Citrix ShareFile storage zones controller"
)
VULNERABILITY_REFERENCE = "CVE-2021-22941"
VULNERABILITY_DESCRIPTION = (
"Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may "
"allow an unauthenticated attacker to remotely compromise the storage zones controller."
)

def __init__(self, target: str):
self.target = target

@property
def vulnerability_title(self) -> str:
return "Improper Access Control in Citrix ShareFile storage zones controller"

@property
def vulnerability_reference(self) -> str:
return "CVE-2021-22941"

@property
def vulnerability_description(self) -> str:
return (
"Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may "
"allow an unauthenticated attacker to remotely compromise the storage zones controller."
)

def accept(self) -> bool:
try:
req = requests.get(self.target, verify=False, timeout=DEFAULT_TIMEOUT)
Expand Down Expand Up @@ -88,12 +82,12 @@ def check(self) -> list[definitions.Vulnerability]:

def generate_vulnerability_object(self) -> definitions.Vulnerability:
entry = kb.Entry(
title=self.vulnerability_title,
title=Exploit.VULNERABILITY_TITLE,
risk_rating="HIGH",
short_description=self.vulnerability_description,
description=self.vulnerability_description,
short_description=Exploit.VULNERABILITY_DESCRIPTION,
description=Exploit.VULNERABILITY_DESCRIPTION,
references={
"nvd.nist.gov": "https://nvd.nist.gov/vuln/detail/CVE-2021-22941"
"nvd.nist.gov": f"https://nvd.nist.gov/vuln/detail/{Exploit.VULNERABILITY_REFERENCE}"
},
recommendation=(
"- Make sure to install the latest security patches from software vendor \n"
Expand All @@ -106,7 +100,10 @@ def generate_vulnerability_object(self) -> definitions.Vulnerability:
targeted_by_ransomware=False,
targeted_by_nation_state=False,
)
technical_detail = f"{self.target} is vulnerable to {self.vulnerability_reference}, {self.vulnerability_title}"
technical_detail = (
f"{self.target} is vulnerable to {Exploit.VULNERABILITY_REFERENCE}, "
f"{Exploit.VULNERABILITY_TITLE}"
)
vulnerability = definitions.Vulnerability(
entry=entry,
technical_detail=technical_detail,
Expand Down

0 comments on commit 62e5055

Please sign in to comment.