fix comments

Ostorlab · Nov 21, 2023 · e8c4603 · e8c4603
1 parent d8a71a3
commit e8c4603
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 5 deletions.
diff --git a/agent/exploits/cve_2018_13382.py b/agent/exploits/cve_2018_13382.py
@@ -24,7 +24,7 @@ class CVE201813382Exploit(definitions.Exploit):
     """
 
     def accept(self, target: definitions.Target) -> bool:
-        """Verify if the host is alive"""
+        """Verify if the host is alive."""
         try:
             url = f"{target.scheme}://{target.host}:{target.port}/remote/login?lang=en"
             headers = {
@@ -37,9 +37,8 @@ def accept(self, target: definitions.Target) -> bool:
             r = requests.get(
                 url, headers=headers, verify=False, timeout=DEFAULT_TIMEOUT
             )
-            return bool(
-                r.status_code == 200 and "<title>Please Login</title>" in r.text
-            )
+            return r.status_code == 200 and "<title>Please Login</title>" in r.text
+
         except requests.exceptions.ConnectionError:
             return False
 

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -118,3 +118,9 @@ def asteroid_agent_instance() -> asteroid_agent.AsteroidAgent:
 def target_vulnerable_to_cve_2018_13382() -> definitions.Target:
     """Creates a target vulnerable to CVE-2018-13382."""
     return definitions.Target("https", "109.239.246.106", 10443)
+
+
+@pytest.fixture()
+def target_not_vulnerable_to_cve_2018_13382() -> definitions.Target:
+    """Creates a target vulnerable to CVE-2018-13382."""
+    return definitions.Target("https", "139.255.255.218", 10443)
diff --git a/tests/exploits_test.py b/tests/exploits_test.py
@@ -90,7 +90,6 @@ def test_CVE_2018_13382_whenVulnerable_reportFinding(
     """Ensure that the exploit reports findings when the application is vulnerable."""
     exploit_instance = cve_2018_13382.CVE201813382Exploit()
     url = "https://109.239.246.106:10443/remote/login?lang=en"
-
     requests_mock.post(
         url,
         text="redir=/remote/hostcheck_install",
@@ -108,3 +107,21 @@ def test_CVE_2018_13382_whenVulnerable_reportFinding(
         vulnerability.technical_detail
         == "109.239.246.106 is vulnerable to CVE-2018-13382"
     )
+
+
+def test_CVE_2018_13382_whenNotVulnerable_reportFinding(
+    requests_mock: req_mock.mocker.Mocker,
+    target_not_vulnerable_to_cve_2018_13382: definitions.Target,
+) -> None:
+    """Ensure that there is not findings when the application is not vulnerable."""
+    exploit_instance = cve_2018_13382.CVE201813382Exploit()
+    url = "https://139.255.255.218:10443/remote/login?lang=en"
+    requests_mock.post(
+        url,
+        text="",
+        status_code=200,
+    )
+
+    vulnerabilities = exploit_instance.check(target_not_vulnerable_to_cve_2018_13382)
+
+    assert len(vulnerabilities) == 0