diff --git a/agent/exploits/cve_2024_9487.py b/agent/exploits/cve_2024_9487.py index 763f9bc..2d86ca6 100644 --- a/agent/exploits/cve_2024_9487.py +++ b/agent/exploits/cve_2024_9487.py @@ -73,20 +73,17 @@ def check(self, target: definitions.Target) -> list[definitions.Vulnerability]: return vulnerabilities if (matched := self.version_pattern.findall(resp.text)) != []: - for extracted_version in matched: - if isinstance(extracted_version, tuple): - extracted_version = extracted_version[0] - if version.parse(extracted_version) < version.parse(MAX_FIXED_VERSION): - if version.parse(extracted_version) < version.parse( - MAX_NONFIXED_VERSION - ): - vulnerability = self._create_vulnerability(target) - vulnerabilities.append(vulnerability) - continue - version_prefix = ".".join(extracted_version.split(".")[:2]) - if version.parse(extracted_version) < version.parse( - FIXED_VERSIONS[version_prefix] - ): - vulnerability = self._create_vulnerability(target) - vulnerabilities.append(vulnerability) + extracted_version = matched[0] + if version.parse(extracted_version) < version.parse(MAX_FIXED_VERSION): + version_prefix = ".".join(extracted_version.split(".")[:2]) + if version.parse(extracted_version) < version.parse( + MAX_NONFIXED_VERSION + ): + vulnerability = self._create_vulnerability(target) + vulnerabilities.append(vulnerability) + elif version.parse(extracted_version) < version.parse( + FIXED_VERSIONS[version_prefix] + ): + vulnerability = self._create_vulnerability(target) + vulnerabilities.append(vulnerability) return vulnerabilities diff --git a/tests/exploits/cve_2024_9487_test.py b/tests/exploits/cve_2024_9487_test.py index 30f47f6..422f422 100644 --- a/tests/exploits/cve_2024_9487_test.py +++ b/tests/exploits/cve_2024_9487_test.py @@ -83,27 +83,4 @@ def testCVE20249487_whenVersionVeryOld_reportFinding( "http://localhost:80 is vulnerable to CVE-2024-9487, " "GITHUB ENTERPRISE SERVER AUTHENTICATION BYPASS" ) - - -def testCVE20249487_whenMultiVersions_doNotCrash( - requests_mock: req_mock.mocker.Mocker, -) -> None: - """CVE_2024_9487 unit test: case when multible versions matched.""" - requests_mock.get( - "http://localhost:80/", - text=""" -