feat: Added coverage for AWS S3 & Cloudflare R2 + bug fixes

intigriti · Sep 21, 2024 · 8eef535 · 8eef535
2 parents 12c693f + 622c539
commit 8eef535
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 5 deletions.
diff --git a/main.go b/main.go
@@ -33,9 +33,9 @@ type Service struct {
 		Body    any                 `json:"body"`
 	} `json:"request"`
 	Response struct {
-		StatusCode            int64    `json:"statusCode"`
-		DetectionFingerprints []string `json:"detectionFingerprints"`
-		Fingerprints          []string `json:"fingerprints"`
+		StatusCode            interface{} `json:"statusCode"`
+		DetectionFingerprints []string    `json:"detectionFingerprints"`
+		Fingerprints          []string    `json:"fingerprints"`
 	} `json:"response"`
 	Metadata struct {
 		Service           string   `json:"service"`
@@ -347,8 +347,18 @@ func checkResponse(result *Result, service *Service, r *RequestContext) {
 		defer res.Body.Close()
 
 		var statusCodeMatched bool = false
-		if res.StatusCode == int(service.Response.StatusCode) {
-			statusCodeMatched = true
+		if _, ok := service.Response.StatusCode.([]interface{}); ok {
+			// In case multiple status codes are supplied
+			for _, c := range service.Response.StatusCode.([]interface{}) {
+				if int(c.(float64)) == res.StatusCode {
+					statusCodeMatched = true
+					break
+				}
+			}
+		} else {
+			if res.StatusCode == int(service.Response.StatusCode.(float64)) {
+				statusCodeMatched = true
+			}
 		}
 
 		var responseHeaders string = ""

diff --git a/templates/services.json b/templates/services.json
@@ -543,5 +543,82 @@
                 "https://trailhead.salesforce.com/content/learn/modules/data_security/data_security_records"
             ]
         }
+    },
+    {
+        "id": 15,
+        "request": {
+            "method": "GET",
+            "baseURL": "https://{TARGET}.s3.amazonaws.com",
+            "path": ["/"],
+            "body": null
+        },
+        "response": {
+            "statusCode": [
+                200,
+                403
+            ],
+            "detectionFingerprints": [
+                "<ListBucketResult",
+                "<Code>AccessDenied</Code>",
+                "<Message>Access denied.</Message>",
+                "x-amz-bucket-region"
+            ],
+            "fingerprints": [
+                "<ListBucketResult",
+                "<Name>"
+            ]
+        },
+        "metadata": {
+            "service": "aws-s3",
+            "serviceName": "AWS S3 Bucket with Misconfigured List Permissions",
+            "description": "AWS S3 Bucket can be left misconfigured and allow anyone to list files and objects potentially containing sensitive data if access permissions aren't properly enforced",
+            "reproductionSteps": [
+                "Visit the S3 Bucket API endpoint",
+                "Observe the response for any disclosed information (like private files). View the references for more information."
+            ],
+            "references": [
+                "https://bugology.intigriti.io/misconfig-mapper-docs/services/aws-s3/misconfigured-list-permissions",
+                "https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide"
+            ]
+        }
+    },
+    {
+        "id": 16,
+        "request": {
+            "method": "GET",
+            "baseURL": "https://pub-{TARGET}.r2.dev",
+            "path": ["/"],
+            "body": null
+        },
+        "response": {
+            "statusCode": [
+                200,
+                401,
+                404
+            ],
+            "detectionFingerprints": [
+                "<p id=\"error-title\">You are not authorized to view this bucket</p>",
+                "<p id=\"footer-title\">Is this your bucket?</p>",
+                "href=\"https\\:\/\/developers.cloudflare.com\/r2\/data-access\/public-buckets\/\""
+            ],
+            "fingerprints": [
+                "<h3>Object not found<\\/h3>",
+                "<p id=\"footer-title\">Is this your bucket\\?<\\/p>",
+                "href=\"https\\:\\/\\/developers.cloudflare.com\\/r2\\/data-access\\/public-buckets\\/\""
+            ]
+        },
+        "metadata": {
+            "service": "cf-r2",
+            "serviceName": "Cloudflare R2 with R2.DEV Enabled",
+            "description": "Cloudflare R2 with R2.DEV enabled can allow bad actors to view objects in buckets",
+            "reproductionSteps": [
+                "Visit the Cloudflare R2 Bucket API endpoint",
+                "Observe the response for any disclosed information (such as private files). View the references for more information."
+            ],
+            "references": [
+                "https://bugology.intigriti.io/misconfig-mapper-docs/services/cloudflare-r2/r2-dev-enabled",
+                "https://blog.intigriti.com/hacking-tools/hacking-misconfigured-cloudflare-r2-buckets-a-complete-guide"
+            ]
+        }
     }
 ]