From 622c5392578b3c4b3621822c6394685da8d8af69 Mon Sep 17 00:00:00 2001 From: 0xblackbird Date: Tue, 17 Sep 2024 20:40:08 +0200 Subject: [PATCH] feat: Added coverage for AWS S3 & Cloudflare R2 + bug fixes --- main.go | 20 ++++++++--- templates/services.json | 77 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index 3132aab..a6ab9f8 100644 --- a/main.go +++ b/main.go @@ -33,9 +33,9 @@ type Service struct { Body any `json:"body"` } `json:"request"` Response struct { - StatusCode int64 `json:"statusCode"` - DetectionFingerprints []string `json:"detectionFingerprints"` - Fingerprints []string `json:"fingerprints"` + StatusCode interface{} `json:"statusCode"` + DetectionFingerprints []string `json:"detectionFingerprints"` + Fingerprints []string `json:"fingerprints"` } `json:"response"` Metadata struct { Service string `json:"service"` @@ -347,8 +347,18 @@ func checkResponse(result *Result, service *Service, r *RequestContext) { defer res.Body.Close() var statusCodeMatched bool = false - if res.StatusCode == int(service.Response.StatusCode) { - statusCodeMatched = true + if _, ok := service.Response.StatusCode.([]interface{}); ok { + // In case multiple status codes are supplied + for _, c := range service.Response.StatusCode.([]interface{}) { + if int(c.(float64)) == res.StatusCode { + statusCodeMatched = true + break + } + } + } else { + if res.StatusCode == int(service.Response.StatusCode.(float64)) { + statusCodeMatched = true + } } var responseHeaders string = "" diff --git a/templates/services.json b/templates/services.json index d5a97cf..f3e4e90 100644 --- a/templates/services.json +++ b/templates/services.json @@ -543,5 +543,82 @@ "https://trailhead.salesforce.com/content/learn/modules/data_security/data_security_records" ] } + }, + { + "id": 15, + "request": { + "method": "GET", + "baseURL": "https://{TARGET}.s3.amazonaws.com", + "path": ["/"], + "body": null + }, + "response": { + "statusCode": [ + 200, + 403 + ], + "detectionFingerprints": [ + "AccessDenied", + "Access denied.", + "x-amz-bucket-region" + ], + "fingerprints": [ + "" + ] + }, + "metadata": { + "service": "aws-s3", + "serviceName": "AWS S3 Bucket with Misconfigured List Permissions", + "description": "AWS S3 Bucket can be left misconfigured and allow anyone to list files and objects potentially containing sensitive data if access permissions aren't properly enforced", + "reproductionSteps": [ + "Visit the S3 Bucket API endpoint", + "Observe the response for any disclosed information (like private files). View the references for more information." + ], + "references": [ + "https://bugology.intigriti.io/misconfig-mapper-docs/services/aws-s3/misconfigured-list-permissions", + "https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide" + ] + } + }, + { + "id": 16, + "request": { + "method": "GET", + "baseURL": "https://pub-{TARGET}.r2.dev", + "path": ["/"], + "body": null + }, + "response": { + "statusCode": [ + 200, + 401, + 404 + ], + "detectionFingerprints": [ + "

You are not authorized to view this bucket

", + "

Is this your bucket?

", + "href=\"https\\:\/\/developers.cloudflare.com\/r2\/data-access\/public-buckets\/\"" + ], + "fingerprints": [ + "

Object not found<\\/h3>", + "

Is this your bucket\\?<\\/p>", + "href=\"https\\:\\/\\/developers.cloudflare.com\\/r2\\/data-access\\/public-buckets\\/\"" + ] + }, + "metadata": { + "service": "cf-r2", + "serviceName": "Cloudflare R2 with R2.DEV Enabled", + "description": "Cloudflare R2 with R2.DEV enabled can allow bad actors to view objects in buckets", + "reproductionSteps": [ + "Visit the Cloudflare R2 Bucket API endpoint", + "Observe the response for any disclosed information (such as private files). View the references for more information." + ], + "references": [ + "https://bugology.intigriti.io/misconfig-mapper-docs/services/cloudflare-r2/r2-dev-enabled", + "https://blog.intigriti.com/hacking-tools/hacking-misconfigured-cloudflare-r2-buckets-a-complete-guide" + ] + } } ] \ No newline at end of file