Documentation
¶
Overview ¶
Package cve202016846 implements a detector for CVE-2020-16846. To test this detector locally, run the following commands: To install a vulnerable version of Salt, run the following commands as root: python3 -m venv salt_env; source salt_env/bin/activate; pip install salt==3002; pip install jinja2==3.0.1
Once installed, run salt-master -d && salt-api -d
If the proposed method above doesn't work, using the steps in https://github.com/zomy22/CVE-2020-16846-Saltstack-Salt-API might be more stable. However, make sure to add the line "RUN pip install jinja2==3.0.1" before the ENTRYPOINT line in the Dockerfile.
Index ¶
- Constants
- func CheckForCherrypy(ctx context.Context, saltIP string, saltServerPort int) bool
- func ExploitSalt(ctx context.Context, saltIP string, saltServerPort int) bool
- func New() detector.Detector
- type Detector
- func (d Detector) DetectedFinding() inventory.Finding
- func (Detector) Name() string
- func (Detector) RequiredExtractors() []string
- func (Detector) Requirements() *plugin.Capabilities
- func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ...) (inventory.Finding, error)
- func (Detector) Version() int
Constants ¶
const (
// Name of the detector.
Name = "cve/cve-2020-16846"
)
Variables ¶
This section is empty.
Functions ¶
func CheckForCherrypy ¶
CheckForCherrypy checks for the presence of Cherrypy in the server headers.
func ExploitSalt ¶
ExploitSalt attempts to exploit the Salt server if vulnerable.
Types ¶
type Detector ¶
type Detector struct{}
Detector is a SCALIBR Detector for CVE-2020-16846.
func (Detector) DetectedFinding ¶ added in v0.3.1
DetectedFinding returns generic vulnerability information about what is detected.
func (Detector) RequiredExtractors ¶
RequiredExtractors returns an empty list as there are no dependencies.
func (Detector) Requirements ¶
func (Detector) Requirements() *plugin.Capabilities
Requirements of the detector.
Source Files