From 7cf51a428953bdb7e44a123a2fbdc38b4d726e09 Mon Sep 17 00:00:00 2001 From: Pierre Precourt Date: Mon, 18 Dec 2023 01:50:24 -0800 Subject: [PATCH] Add a field to the network service proto of Tsunami to keep track of supported HTTP methods. PiperOrigin-RevId: 591823049 Change-Id: I81dc68aa44023248538ecde5fa5f73fb96b9ff89 --- .../tsunami/common/data/NetworkServiceUtils.java | 5 ++++- .../tsunami/common/data/NetworkServiceUtilsTest.java | 11 +++++++++++ proto/network_service.proto | 3 +++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java b/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java index 57d93faf..f12f9bfc 100644 --- a/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java +++ b/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java @@ -68,7 +68,10 @@ public static boolean isWebService(Optional serviceName) { public static boolean isWebService(NetworkService networkService) { checkNotNull(networkService); - return isWebService(Optional.of(networkService.getServiceName())); + // A web-service is a service that is either flagged as http by nmap or one that supports at + // least one HTTP method. + return (networkService.getSupportedHttpMethodsCount() > 0) + || isWebService(Optional.of(networkService.getServiceName())); } public static boolean isPlainHttp(NetworkService networkService) { diff --git a/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java b/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java index 2196eb5c..29825bf7 100644 --- a/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java +++ b/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java @@ -105,6 +105,17 @@ public void isWebService_whenCapitalizedHttpService_ignoresCaseAndReturnsTrue() .isTrue(); } + @Test + public void isWebService_whenHasAtLeastOneHttpMethod_returnsTrue() { + assertThat( + NetworkServiceUtils.isWebService( + NetworkService.newBuilder() + .setServiceName("irrelevantService") + .addSupportedHttpMethods("IrrelevantMethodName") + .build())) + .isTrue(); + } + @Test public void isWebService_whenNonWebService_returnsFalse() { assertThat( diff --git a/proto/network_service.proto b/proto/network_service.proto index 45dcd83a..61b33b8c 100644 --- a/proto/network_service.proto +++ b/proto/network_service.proto @@ -58,6 +58,9 @@ message NetworkService { // List of supported SSL versions (e.g. TLSv1, SSLv3, ...) on the service. repeated string supported_ssl_versions = 9; + + // List of supported HTTP methods (e.g. POST, GET, ...) on the service. + repeated string supported_http_methods = 10; } // Context information about a specific network service.