parlov-elicit 0.4.0

Elicitation engine: strategy selection and probe plan generation for parlov.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

//! `CpAccept` -- content negotiation via unsupported `Accept` media type.
//!
//! Sends `Accept: application/x-parlov-nonexistent` on both baseline and probe.
//! Per RFC 9110 S12.5.1 a server MAY respond 406 when no representation matches.
//! A nonexistent resource returns 404, producing the differential.

use http::Method;
use parlov_core::{NormativeStrength, OracleClass, Technique, Vector};

use crate::context::ScanContext;
use crate::strategy::Strategy;
use crate::types::{ProbeSpec, RiskLevel, StrategyMetadata};
use crate::util::{build_pair, clone_headers_with};

fn metadata() -> StrategyMetadata {
    StrategyMetadata {
        strategy_id: "cp-accept",
        strategy_name: "Cache Probe: Accept negotiation",
        risk: RiskLevel::Safe,
    }
}

fn technique() -> Technique {
    Technique {
        id: "cp-accept",
        name: "Accept content negotiation probe",
        oracle_class: OracleClass::Existence,
        vector: Vector::CacheProbing,
        strength: NormativeStrength::May,
    }
}

/// Elicits existence differentials via an unsupported `Accept` media type.
pub struct CpAccept;

impl Strategy for CpAccept {
    fn id(&self) -> &'static str {
        "cp-accept"
    }

    fn name(&self) -> &'static str {
        "Cache Probe: Accept negotiation"
    }

    fn risk(&self) -> RiskLevel {
        RiskLevel::Safe
    }

    fn methods(&self) -> &[Method] {
        &[Method::GET, Method::HEAD]
    }

    fn is_applicable(&self, _ctx: &ScanContext) -> bool {
        true
    }

    fn generate(&self, ctx: &ScanContext) -> Vec<ProbeSpec> {
        let mut specs = Vec::with_capacity(2);
        for method in [Method::GET, Method::HEAD] {
            let hdrs = clone_headers_with(
                &ctx.headers,
                "accept",
                "application/x-parlov-nonexistent",
            );
            let pair = build_pair(
                ctx,
                method,
                hdrs.clone(),
                hdrs,
                None,
                metadata(),
                technique(),
            );
            specs.push(ProbeSpec::Pair(pair));
        }
        specs
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use http::HeaderMap;

    fn make_ctx() -> ScanContext {
        ScanContext {
            target: "https://api.example.com/users/{id}".to_string(),
            baseline_id: "1001".to_string(),
            probe_id: "9999".to_string(),
            headers: HeaderMap::new(),
            max_risk: RiskLevel::Safe,
            known_duplicate: None,
            state_field: None,
            alt_credential: None,
            body_template: None,
        }
    }

    #[test]
    fn generates_correct_technique_vector() {
        let specs = CpAccept.generate(&make_ctx());
        assert_eq!(specs[0].technique().vector, Vector::CacheProbing);
    }

    #[test]
    fn generates_correct_technique_strength() {
        let specs = CpAccept.generate(&make_ctx());
        assert_eq!(specs[0].technique().strength, NormativeStrength::May);
    }

    #[test]
    fn generates_probe_with_correct_header() {
        let specs = CpAccept.generate(&make_ctx());
        let ProbeSpec::Pair(pair) = &specs[0] else {
            panic!("expected Pair variant")
        };
        assert_eq!(
            pair.probe.headers.get("accept").unwrap(),
            "application/x-parlov-nonexistent"
        );
    }

    #[test]
    fn is_always_applicable() {
        assert!(CpAccept.is_applicable(&make_ctx()));
    }

    #[test]
    fn risk_is_safe() {
        assert_eq!(CpAccept.risk(), RiskLevel::Safe);
    }
}