Add detection for CVE-2024-21287

agent/exploits/cve_2024_21287.py

@@ -0,0 +1,33 @@
+"""Agent Asteroid implementation for CVE-2024-21287"""
+
+import re
+
+from packaging import version
+
+from agent import definitions
+from agent import exploits_registry
+from agent.exploits import webexploit
+
+VULNERABILITY_TITLE = "Oracle Agile PLM Framework Remote File Disclosure"
+VULNERABILITY_REFERENCE = "CVE-2024-21287"
+VULNERABILITY_DESCRIPTION = """A vulnerability in Oracle Agile Product Lifecycle Management (PLM) 
+was discovered, allowing remote attackers to exploit a file disclosure issue. This vulnerability 
+can be exploited over the network without authentication, potentially disclosing sensitive files."""
+RISK_RATING = "HIGH"
+MAX_VULNERABLE_VERSION = version.parse("9.3.6")
+VERSION_PATTERN = re.compile(r"Build Number:\s*(\d+\.\d+\.\d+)")
+
+
+@exploits_registry.register
+class CVE202421287Exploit(webexploit.WebExploit):
+    accept_request = definitions.Request(method="GET", path="/Agile/")
+    check_request = definitions.Request(method="GET", path="/Agile/")
+    accept_pattern = [re.compile("Agile Product Lifecycle Management")]
+    vuln_ranges = [definitions.VulnRange(None, MAX_VULNERABLE_VERSION)]
+    metadata = definitions.VulnerabilityMetadata(
+        title=VULNERABILITY_TITLE,
+        description=VULNERABILITY_DESCRIPTION,
+        reference=VULNERABILITY_REFERENCE,
+        risk_rating=RISK_RATING,
+    )
+    version_pattern = VERSION_PATTERN

tests/exploits/cve_2024_21287_test.py

@@ -0,0 +1,69 @@
+"""Unit tests for Agent Asteroid: CVE-2024-21287"""
+
+import requests_mock as req_mock
+
+from agent import definitions
+from agent.exploits import cve_2024_21287
+
+
+def testCVE202421287_whenVulnerable_reportFinding(
+    requests_mock: req_mock.mocker.Mocker,
+) -> None:
+    """CVE-2024-21287 unit test: case when target is vulnerable."""
+    requests_mock.get(
+        "http://localhost:80/Agile/",
+        text="""
+               <title>Agile Product Lifecycle Management</title>
+               <div class="footer">
+            <div onclick="location.href='https://oracle.com';">
+                <p>Powered by</p>
+                <p>
+                    Build Number: 9.3.6 (Build 56)
+                </p>
+            </div>
+        </div>""",
+        status_code=200,
+    )
+    exploit_instance = cve_2024_21287.CVE202421287Exploit()
+    target = definitions.Target("http", "localhost", 80)
+
+    accept = exploit_instance.accept(target)
+    vulnerabilities = exploit_instance.check(target)
+
+    assert accept is True
+    vulnerability = vulnerabilities[0]
+    assert (
+        vulnerability.entry.title == "Oracle Agile PLM Framework Remote File Disclosure"
+    )
+    assert vulnerability.technical_detail == (
+        "http://localhost:80 is vulnerable to CVE-2024-21287, "
+        "Oracle Agile PLM Framework Remote File Disclosure"
+    )
+
+
+def testCVE202421287_whenSafe_reportNothing(
+    requests_mock: req_mock.mocker.Mocker,
+) -> None:
+    """CVE-2024-21287 unit test: case when target is safe."""
+    exploit_instance = cve_2024_21287.CVE202421287Exploit()
+    requests_mock.get(
+        "http://localhost:80/Agile/",
+        text="""
+               <title>Agile Product Lifecycle Management</title>
+               <div class="footer">
+            <div onclick="location.href='https://oracle.com';">
+                <p>Powered by</p>
+                <p>
+                    Build Number: 9.3.7 (Build 57)
+                </p>
+            </div>
+        </div>""",
+        status_code=200,
+    )
+    target = definitions.Target("http", "localhost", 80)
+
+    accept = exploit_instance.accept(target)
+    vulnerabilities = exploit_instance.check(target)
+
+    assert accept is True
+    assert len(vulnerabilities) == 0