tgen

package

v0.0.0-...-0eb72fb Latest Latest Go to latest Published: Aug 28, 2024 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/OWASP/OFFAT

Links

Open Source Insights

Documentation ¶

Overview ¶

Tests for unrestricted HTTP methods/verbs

Index ¶

Variables
func MergeMaps(map1 map[string]string, map2 map[string]string) map[string]string
func ParamsToMap(params []parser.Param) map[string]string
type ApiTest
type InjectionConfig
type Payload
type TGenHandler
- func (t *TGenHandler) FilterTests(apiTests []*ApiTest, pathRegex string) []*ApiTest
- func (t *TGenHandler) GenerateTests() []*ApiTest

Constants ¶

This section is empty.

Variables ¶

View Source

var HttpMethodsSlice = []string{
	fasthttp.MethodGet,
	fasthttp.MethodHead,
	fasthttp.MethodPost,
	fasthttp.MethodPut,
	fasthttp.MethodPatch,
	fasthttp.MethodDelete,
	fasthttp.MethodConnect,
	fasthttp.MethodOptions,
	fasthttp.MethodTrace,
}

Functions ¶

func MergeMaps ¶

func MergeMaps(map1 map[string]string, map2 map[string]string) map[string]string

MergeMaps merges two maps and returns a map[string]string and an error if any value in map2 cannot be converted to a string

func ParamsToMap ¶

func ParamsToMap(params []parser.Param) map[string]string

convert parser.Param to map

Types ¶

type ApiTest ¶

type ApiTest struct {
	// Fields to be populated before making HTTP request
	TestName       string          `json:"test_name"`
	Request        *client.Request `json:"request"`
	Path           string          `json:"path"`
	PathWithParams string          `json:"path_with_params"`
	MatchRegex     string          `json:"match_regex"` // regex used in post processing for detecting injection

	// Fields to be populated after making HTTP request
	IsVulnerable bool                       `json:"is_vulnerable"`
	IsDataLeak   bool                       `json:"is_data_leak"`
	Response     *client.ConcurrentResponse `json:"concurrent_response"`

	// Post Request Process
	VulnerableResponseCodes []int `json:"vulnerable_response_codes"`
	ImmuneResponseCodes     []int `json:"immune_response_codes"` //
}

Holds data related for API testing

func BasicOsCommandInjectionTest ¶

func BasicOsCommandInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BasicSqliTest ¶

func BasicSqliTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

generates very basic sqli API tests

func BasicSsrfTest ¶

func BasicSsrfTest(ssrfUrl, baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

generates very basic SSRF API tests by injecting provided URL

func BasicSstiInjectionTest ¶

func BasicSstiInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BasicXssHtmlInjectionTest ¶

func BasicXssHtmlInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BolaTest ¶

func BolaTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

func BolaTrailingPathTest ¶

func BolaTrailingPathTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

func UnrestrictedHttpMethods ¶

func UnrestrictedHttpMethods(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

returns a new map with k:parser.DocHttpParams.Name, v:parser.DocHttpParams.Value

type InjectionConfig ¶

type InjectionConfig struct {
	InPath   bool
	InQuery  bool
	InBody   bool
	InHeader bool
	InCookie bool
	Payloads []Payload

	// for vulnerable ssrf endpoint inject endpoint in query param
	// example: https://ssrf-website.com?offat_test_endpoint=/api/v1/users
	InjectUriInQuery bool
}

type Payload ¶

type Payload struct {
	InjText string // text to be injected

	// Post Processors
	VulnerableResponseCodes []int  // status code indicating API endpoint is vulnerable
	ImmuneResponseCodes     []int  // status code indicating API endpoint is not vulnerable
	Regex                   string // regex to be used for post processing
}

Struct used for injecting payloads while generating tests

type TGenHandler ¶

type TGenHandler struct {
	Doc                []*parser.DocHttpParams
	DefaultQueryParams map[string]string
	DefaultHeaders     map[string]string
	BaseUrl            string

	// Register all tests using bool values below
	RunUnrestrictedHttpMethodTest bool
	RunBasicSQLiTest              bool
	RunBasicSSRFTest              bool
	RunOsCommandInjectionTest     bool
	RunXssHtmlInjectionTest       bool
	RunSstiInjectionTest          bool
	RunBolaTest                   bool
	RunBolaTrailingPathTest       bool

	// SSRF Test related data
	SsrfUrl string
}

func (*TGenHandler) FilterTests ¶

func (t *TGenHandler) FilterTests(apiTests []*ApiTest, pathRegex string) []*ApiTest

func (*TGenHandler) GenerateTests ¶

func (t *TGenHandler) GenerateTests() []*ApiTest

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL