From d741561c90a1dfc1a23df08a42c222dbd8b90901 Mon Sep 17 00:00:00 2001 From: Pierre Precourt Date: Mon, 26 Aug 2024 05:58:26 -0700 Subject: [PATCH] Introduce the `RequiresCallbackServer` annotation that ensures a plugin only gets executed if the callback server is present. PiperOrigin-RevId: 667556868 Change-Id: I8641612e85372a89812e2173705da999e640c35e --- .../tsunami/main/cli/TsunamiCliTest.java | 7 ++ .../tsunami/plugin/PluginDefinition.java | 10 ++- .../google/tsunami/plugin/PluginManager.java | 18 ++++- .../annotations/RequiresCallbackServer.java | 28 ++++++++ .../tsunami/plugin/PluginManagerTest.java | 71 +++++++++++++++++-- .../workflow/DefaultScanningWorkflowTest.java | 21 ++++++ .../tsunami/workflow/ExecutionTracerTest.java | 5 ++ 7 files changed, 151 insertions(+), 9 deletions(-) create mode 100644 plugin/src/main/java/com/google/tsunami/plugin/annotations/RequiresCallbackServer.java diff --git a/main/src/test/java/com/google/tsunami/main/cli/TsunamiCliTest.java b/main/src/test/java/com/google/tsunami/main/cli/TsunamiCliTest.java index 9b729ab0..26c79e95 100644 --- a/main/src/test/java/com/google/tsunami/main/cli/TsunamiCliTest.java +++ b/main/src/test/java/com/google/tsunami/main/cli/TsunamiCliTest.java @@ -27,8 +27,10 @@ import com.google.tsunami.common.config.ConfigModule; import com.google.tsunami.common.config.TsunamiConfig; import com.google.tsunami.common.data.NetworkEndpointUtils; +import com.google.tsunami.common.net.http.HttpClientModule; import com.google.tsunami.common.time.testing.FakeUtcClockModule; import com.google.tsunami.main.cli.server.RemoteServerLoaderModule; +import com.google.tsunami.plugin.payload.PayloadGeneratorModule; import com.google.tsunami.plugin.testing.FailedVulnDetectorBootstrapModule; import com.google.tsunami.plugin.testing.FakePluginExecutionModule; import com.google.tsunami.plugin.testing.FakePortScanner; @@ -62,6 +64,7 @@ import java.net.Inet4Address; import java.net.InetAddress; import java.net.URL; +import java.security.SecureRandom; import java.util.concurrent.ExecutionException; import java.util.stream.Stream; import javax.inject.Inject; @@ -98,6 +101,8 @@ private boolean runCli(ImmutableMap rawConfigData, String... arg @Override protected void configure() { bind(ScanResultsArchiver.class).toInstance(scanResultsArchiver); + install(new HttpClientModule.Builder().build()); + install(new PayloadGeneratorModule(new SecureRandom())); install(new ConfigModule(scanResult, TsunamiConfig.fromYamlData(rawConfigData))); install(new CliOptionsModule(scanResult, "TsunamiCliTest", args)); install(new FakeUtcClockModule()); @@ -271,6 +276,8 @@ public void run_whenScanFailed_generatesFailedScanResults() @Override protected void configure() { bind(ScanResultsArchiver.class).toInstance(scanResultsArchiver); + install(new HttpClientModule.Builder().build()); + install(new PayloadGeneratorModule(new SecureRandom())); install( new ConfigModule(scanResult, TsunamiConfig.fromYamlData(ImmutableMap.of()))); install( diff --git a/plugin/src/main/java/com/google/tsunami/plugin/PluginDefinition.java b/plugin/src/main/java/com/google/tsunami/plugin/PluginDefinition.java index 3b015395..f9b253b0 100644 --- a/plugin/src/main/java/com/google/tsunami/plugin/PluginDefinition.java +++ b/plugin/src/main/java/com/google/tsunami/plugin/PluginDefinition.java @@ -25,6 +25,7 @@ import com.google.tsunami.plugin.annotations.ForSoftware; import com.google.tsunami.plugin.annotations.ForWebService; import com.google.tsunami.plugin.annotations.PluginInfo; +import com.google.tsunami.plugin.annotations.RequiresCallbackServer; import java.util.Optional; /** A data class that captures all the definition details about a {@link TsunamiPlugin}. */ @@ -40,6 +41,8 @@ abstract class PluginDefinition { abstract Optional targetOperatingSystemClass(); + abstract boolean requiresCallbackServer(); + /** * Unique identifier for the plugin. * @@ -82,6 +85,7 @@ public static PluginDefinition forPlugin(Class pluginCl boolean isForWebService = pluginClazz.isAnnotationPresent(ForWebService.class); Optional targetOperatingSystemClass = Optional.ofNullable(pluginClazz.getAnnotation(ForOperatingSystemClass.class)); + boolean requiresCallbackServer = pluginClazz.isAnnotationPresent(RequiresCallbackServer.class); checkState( pluginInfo.isPresent(), @@ -93,7 +97,8 @@ public static PluginDefinition forPlugin(Class pluginCl targetServiceName, targetSoftware, isForWebService, - targetOperatingSystemClass); + targetOperatingSystemClass, + requiresCallbackServer); } /** @@ -109,6 +114,7 @@ public static PluginDefinition forRemotePlugin(PluginInfo remotePluginInfo) { Optional.empty(), Optional.empty(), false, - Optional.empty()); + Optional.empty(), + false); } } diff --git a/plugin/src/main/java/com/google/tsunami/plugin/PluginManager.java b/plugin/src/main/java/com/google/tsunami/plugin/PluginManager.java index 7b4dc891..76a479ec 100644 --- a/plugin/src/main/java/com/google/tsunami/plugin/PluginManager.java +++ b/plugin/src/main/java/com/google/tsunami/plugin/PluginManager.java @@ -15,6 +15,7 @@ */ package com.google.tsunami.plugin; +import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.collect.ImmutableList.toImmutableList; import static com.google.tsunami.common.data.NetworkServiceUtils.isWebService; import static java.util.Arrays.stream; @@ -41,10 +42,13 @@ */ public class PluginManager { private final Map> tsunamiPlugins; + private final TcsClient tcsClient; @Inject - PluginManager(Map> tsunamiPlugins) { + PluginManager( + Map> tsunamiPlugins, TcsClient tcsClient) { this.tsunamiPlugins = tsunamiPlugins; + this.tcsClient = checkNotNull(tcsClient); } /** @@ -100,6 +104,7 @@ public ImmutableList> getVulnDetectors( ReconnaissanceReport reconnaissanceReport) { return tsunamiPlugins.entrySet().stream() .filter(entry -> isVulnDetector(entry.getKey())) + .filter(entry -> matchCurrentCallbackServerSetup(entry.getKey())) .map(entry -> matchAllVulnDetectors(entry.getKey(), entry.getValue(), reconnaissanceReport)) .flatMap(Streams::stream) .collect(toImmutableList()); @@ -110,6 +115,14 @@ private static boolean isVulnDetector(PluginDefinition pluginDefinition) { || pluginDefinition.type().equals(PluginType.REMOTE_VULN_DETECTION); } + private boolean matchCurrentCallbackServerSetup(PluginDefinition pluginDefinition) { + if (tcsClient.isCallbackServerEnabled()) { + return true; + } + + return !pluginDefinition.requiresCallbackServer(); + } + private static Optional> matchAllVulnDetectors( PluginDefinition pluginDefinition, Provider vulnDetectorProvider, @@ -310,13 +323,16 @@ public static Builder builder() { @AutoValue.Builder public abstract static class Builder { public abstract Builder setPluginDefinition(PluginDefinition value); + public abstract Builder setTsunamiPlugin(T value); abstract ImmutableList.Builder matchedServicesBuilder(); + public Builder addMatchedService(NetworkService networkService) { matchedServicesBuilder().add(networkService); return this; } + public Builder addAllMatchedServices(Iterable networkServices) { matchedServicesBuilder().addAll(networkServices); return this; diff --git a/plugin/src/main/java/com/google/tsunami/plugin/annotations/RequiresCallbackServer.java b/plugin/src/main/java/com/google/tsunami/plugin/annotations/RequiresCallbackServer.java new file mode 100644 index 00000000..cf2c7f4a --- /dev/null +++ b/plugin/src/main/java/com/google/tsunami/plugin/annotations/RequiresCallbackServer.java @@ -0,0 +1,28 @@ +/* + * Copyright 2024 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.google.tsunami.plugin.annotations; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * Annotation for marking that a plugin can only run if the callback server is enabled. + */ +@Retention(RetentionPolicy.RUNTIME) +@Target(ElementType.TYPE) +public @interface RequiresCallbackServer {} diff --git a/plugin/src/test/java/com/google/tsunami/plugin/PluginManagerTest.java b/plugin/src/test/java/com/google/tsunami/plugin/PluginManagerTest.java index a81fcbbe..758c50cd 100644 --- a/plugin/src/test/java/com/google/tsunami/plugin/PluginManagerTest.java +++ b/plugin/src/test/java/com/google/tsunami/plugin/PluginManagerTest.java @@ -24,12 +24,14 @@ import com.google.inject.Guice; import com.google.inject.multibindings.MapBinder; import com.google.tsunami.common.data.NetworkEndpointUtils; +import com.google.tsunami.common.net.http.HttpClientModule; import com.google.tsunami.plugin.PluginManager.PluginMatchingResult; import com.google.tsunami.plugin.annotations.ForOperatingSystemClass; import com.google.tsunami.plugin.annotations.ForServiceName; import com.google.tsunami.plugin.annotations.ForSoftware; import com.google.tsunami.plugin.annotations.ForWebService; import com.google.tsunami.plugin.annotations.PluginInfo; +import com.google.tsunami.plugin.payload.PayloadGeneratorModule; import com.google.tsunami.plugin.testing.FakePortScanner; import com.google.tsunami.plugin.testing.FakePortScanner2; import com.google.tsunami.plugin.testing.FakePortScannerBootstrapModule; @@ -52,6 +54,7 @@ import com.google.tsunami.proto.TargetServiceName; import com.google.tsunami.proto.TargetSoftware; import com.google.tsunami.proto.TransportProtocol; +import java.security.SecureRandom; import java.util.List; import java.util.Optional; import org.junit.Test; @@ -66,6 +69,8 @@ public class PluginManagerTest { public void getPortScanners_whenMultiplePortScannersInstalled_returnsAllPortScanners() { PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakePortScannerBootstrapModule2(), new FakeServiceFingerprinterBootstrapModule(), @@ -84,6 +89,8 @@ public void getPortScanners_whenMultiplePortScannersInstalled_returnsAllPortScan public void getPortScanners_whenNoPortScannersInstalled_returnsEmptyList() { PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeServiceFingerprinterBootstrapModule(), new FakeVulnDetectorBootstrapModule()) .getInstance(PluginManager.class); @@ -95,6 +102,8 @@ public void getPortScanners_whenNoPortScannersInstalled_returnsEmptyList() { public void getPortScanner_whenMultiplePortScannersInstalled_returnsTheFirstMatchedPortScanner() { PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakePortScannerBootstrapModule2(), new FakeServiceFingerprinterBootstrapModule(), @@ -117,6 +126,8 @@ public void getPortScanner_whenMultiplePortScannersInstalled_returnsTheFirstMatc public void getPortScanner_whenNoPortScannersInstalled_returnsEmptyOptional() { PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeServiceFingerprinterBootstrapModule(), new FakeVulnDetectorBootstrapModule()) .getInstance(PluginManager.class); @@ -134,7 +145,10 @@ public void getServiceFingerprinter_whenFingerprinterNotAnnotated_returnsEmpty() .build(); PluginManager pluginManager = Guice.createInjector( - new FakePortScannerBootstrapModule(), NoAnnotationFingerprinter.getModule()) + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + NoAnnotationFingerprinter.getModule()) .getInstance(PluginManager.class); Optional> fingerprinter = @@ -153,7 +167,10 @@ public void getServiceFingerprinter_whenFingerprinterHasMatch_returnsMatch() { .build(); PluginManager pluginManager = Guice.createInjector( - new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule()) + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + new FakeServiceFingerprinterBootstrapModule()) .getInstance(PluginManager.class); Optional> fingerprinter = @@ -173,7 +190,10 @@ public void getServiceFingerprinter_whenNoFingerprinterMatches_returnsEmpty() { .build(); PluginManager pluginManager = Guice.createInjector( - new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule()) + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + new FakeServiceFingerprinterBootstrapModule()) .getInstance(PluginManager.class); Optional> fingerprinter = @@ -197,7 +217,11 @@ public void getServiceFingerprinter_whenForWebServiceAnnotationAndWebService_ret .setServiceName("https") .build(); PluginManager pluginManager = - Guice.createInjector(new FakePortScannerBootstrapModule(), FakeWebFingerprinter.getModule()) + Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + FakeWebFingerprinter.getModule()) .getInstance(PluginManager.class); Optional> fingerprinter = @@ -225,7 +249,11 @@ public void getServiceFingerprinter_whenForWebServiceAnnotationAndNonWebService_ .setServiceName("rdp") .build(); PluginManager pluginManager = - Guice.createInjector(new FakePortScannerBootstrapModule(), FakeWebFingerprinter.getModule()) + Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + FakeWebFingerprinter.getModule()) .getInstance(PluginManager.class); assertThat(pluginManager.getServiceFingerprinter(sshService)).isEmpty(); @@ -255,6 +283,8 @@ public void getServiceFingerprinter_whenForWebServiceAnnotationAndNonWebService_ .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), new FakeVulnDetectorBootstrapModule(), @@ -302,6 +332,8 @@ public void getVulnDetectors_whenServiceNameFilterHasMatchingService_returnsMatc .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeServiceNameFilteringDetector.getModule()) @@ -331,6 +363,8 @@ public void getVulnDetectors_whenServiceNameFilterHasNoMatchingService_returnsEm .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeServiceNameFilteringDetector.getModule()) @@ -372,6 +406,8 @@ public void getVulnDetectors_whenSoftwareFilterHasMatchingService_returnsMatched .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeSoftwareFilteringDetector.getModule()) @@ -417,6 +453,8 @@ public void getVulnDetectors_whenOsFilterHasNoMatchingClass_returnsEmpty() { .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeOsFilteringDetector.getModule()) @@ -465,6 +503,8 @@ public void getVulnDetectors_whenOsFilterHasMatchingClass_returnsMatches() { .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeOsFilteringDetector.getModule()) @@ -517,6 +557,8 @@ public void getVulnDetectors_whenOsServiceFilterHasMatchingClass_returnsMatches( .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeOsServiceFilteringDetector.getModule()) @@ -550,6 +592,8 @@ public void getVulnDetectors_whenSoftwareFilterHasNoMatchingService_returnsEmpty .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeSoftwareFilteringDetector.getModule()) @@ -583,7 +627,10 @@ public void getVulnDetectors_whenNoVulnDetectorsInstalled_returnsEmptyList() { .build(); PluginManager pluginManager = Guice.createInjector( - new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule()) + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), + new FakePortScannerBootstrapModule(), + new FakeServiceFingerprinterBootstrapModule()) .getInstance(PluginManager.class); assertThat(pluginManager.getVulnDetectors(fakeReconnaissanceReport)).isEmpty(); @@ -613,6 +660,8 @@ public void getVulnDetectors_whenNoVulnDetectorsInstalled_returnsEmptyList() { .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeServiceFingerprinterBootstrapModule(), new FakeRemoteVulnDetectorLoadingModule(2)) .getInstance(PluginManager.class); @@ -655,6 +704,8 @@ public void getVulnDetectors_whenNoVulnDetectorsInstalled_returnsEmptyList() { .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeFilteringRemoteDetector.getModule()) @@ -687,6 +738,8 @@ public void getVulnDetectors_whenRemoteDetectorWithServiceNameHasNoMatch_returns .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeFilteringRemoteDetector.getModule()) @@ -732,6 +785,8 @@ public void getVulnDetectors_whenRemoteDetectorWithServiceNameHasNoMatch_returns .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeFilteringRemoteDetector.getModule()) @@ -801,6 +856,8 @@ public void getVulnDetectors_whenRemoteDetectorWithServiceNameHasNoMatch_returns .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeFilteringRemoteDetector.getModule()) @@ -858,6 +915,8 @@ public void getVulnDetectors_whenRemoteDetectorWithServiceNameHasNoMatch_returns .build(); PluginManager pluginManager = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(), FakeFilteringRemoteDetector.getModule()) diff --git a/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java b/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java index 2ebbcdf2..af636e62 100644 --- a/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java +++ b/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java @@ -23,7 +23,9 @@ import com.google.common.collect.ImmutableList; import com.google.inject.Guice; import com.google.inject.Injector; +import com.google.tsunami.common.net.http.HttpClientModule; import com.google.tsunami.common.time.testing.FakeUtcClockModule; +import com.google.tsunami.plugin.payload.PayloadGeneratorModule; import com.google.tsunami.plugin.testing.FailedPortScannerBootstrapModule; import com.google.tsunami.plugin.testing.FailedRemoteVulnDetectorBootstrapModule; import com.google.tsunami.plugin.testing.FailedServiceFingerprinterBootstrapModule; @@ -43,6 +45,7 @@ import com.google.tsunami.proto.ScanResults; import com.google.tsunami.proto.ScanStatus; import com.google.tsunami.proto.ScanTarget; +import java.security.SecureRandom; import java.util.concurrent.ExecutionException; import javax.inject.Inject; import org.junit.Before; @@ -58,6 +61,8 @@ public final class DefaultScanningWorkflowTest { @Before public void setUp() { Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -140,6 +145,8 @@ public void run_whenNoPortScannerInstalled_returnsFailedScanResult() throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakeServiceFingerprinterBootstrapModule(), @@ -159,6 +166,8 @@ public void run_whenNoFingerprinterInstalled_executesScanningWorkflow() throws InterruptedException, ExecutionException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -187,6 +196,8 @@ public void run_whenPortScannerFailed_returnsFailedScanResult() throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FailedPortScannerBootstrapModule(), @@ -207,6 +218,8 @@ public void run_whenServiceFingerprinterFailed_reusesNetworkServicesFromPortScan throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -228,6 +241,8 @@ public void run_whenServiceFingerprinterSucceeded_fillsReconnaissanceReportWithF throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -250,6 +265,8 @@ public void run_whenSomeVulnDetectorFailed_returnsPartiallySucceededScanResult() throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -276,6 +293,8 @@ public void run_whenAllVulnDetectorFailed_returnsFailedScanResult() throws ExecutionException, InterruptedException { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakePortScannerBootstrapModule(), @@ -295,6 +314,8 @@ public void run_whenAllVulnDetectorFailed_returnsFailedScanResult() public void run_whenNullScanTarget_throwsNullPointerException() { Injector injector = Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakeUtcClockModule(), new FakePluginExecutionModule(), new FakeServiceFingerprinterBootstrapModule(), diff --git a/workflow/src/test/java/com/google/tsunami/workflow/ExecutionTracerTest.java b/workflow/src/test/java/com/google/tsunami/workflow/ExecutionTracerTest.java index 20a24f70..c05b8ef2 100644 --- a/workflow/src/test/java/com/google/tsunami/workflow/ExecutionTracerTest.java +++ b/workflow/src/test/java/com/google/tsunami/workflow/ExecutionTracerTest.java @@ -23,10 +23,12 @@ import com.google.common.collect.ImmutableList; import com.google.common.testing.FakeTicker; import com.google.inject.Guice; +import com.google.tsunami.common.net.http.HttpClientModule; import com.google.tsunami.plugin.PluginManager; import com.google.tsunami.plugin.PluginManager.PluginMatchingResult; import com.google.tsunami.plugin.PortScanner; import com.google.tsunami.plugin.VulnDetector; +import com.google.tsunami.plugin.payload.PayloadGeneratorModule; import com.google.tsunami.plugin.testing.FakePortScannerBootstrapModule; import com.google.tsunami.plugin.testing.FakeServiceFingerprinterBootstrapModule; import com.google.tsunami.plugin.testing.FakeVulnDetectorBootstrapModule; @@ -36,6 +38,7 @@ import com.google.tsunami.proto.ScanFinding; import com.google.tsunami.proto.ScanResults; import com.google.tsunami.proto.TransportProtocol; +import java.security.SecureRandom; import java.time.Duration; import javax.inject.Inject; import org.junit.Before; @@ -57,6 +60,8 @@ public final class ExecutionTracerTest { @Before public void setUp() { Guice.createInjector( + new HttpClientModule.Builder().build(), + new PayloadGeneratorModule(new SecureRandom()), new FakePortScannerBootstrapModule(), new FakePortScannerBootstrapModule(), new FakeServiceFingerprinterBootstrapModule(),