phaser 0.7.8

High-performance attack surface mapper and vulnerability scanner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

use crate::{
    modules::{HttpModule, Module, ModuleName, ModuleVersion},
    report::{Finding, ModuleResult, Severity},
    Error,
};
use async_trait::async_trait;
use regex::Regex;
use reqwest::Client;

pub struct GitConfigDisclosure {
    git_config_regex: Regex,
}

impl GitConfigDisclosure {
    pub fn new() -> Self {
        GitConfigDisclosure {
            git_config_regex: Regex::new(r#"\[branch "[^"]*"\]"#)
                .expect("compiling http/git_config_disclosure regexp"),
        }
    }

    async fn is_git_config_file(&self, content: String) -> Result<bool, Error> {
        let git_config_regex = self.git_config_regex.clone();
        let res = tokio::task::spawn_blocking(move || git_config_regex.is_match(&content)).await?;

        Ok(res)
    }
}

impl Module for GitConfigDisclosure {
    fn name(&self) -> ModuleName {
        ModuleName::HttpGitConfigDisclosure
    }

    fn description(&self) -> String {
        String::from("Check for .git/config file disclosure")
    }

    fn version(&self) -> ModuleVersion {
        ModuleVersion(1, 0, 0)
    }

    fn is_aggressive(&self) -> bool {
        false
    }

    fn severity(&self) -> Severity {
        Severity::High
    }
}

#[async_trait]
impl HttpModule for GitConfigDisclosure {
    async fn scan(&self, http_client: &Client, endpoint: &str) -> Result<Option<Finding>, Error> {
        let url = format!("{}/.git/config", &endpoint);
        let res = http_client.get(&url).send().await?;

        if !res.status().is_success() {
            return Ok(None);
        }

        let body = res.text().await?;
        if self.is_git_config_file(body).await? {
            return Ok(Some(Finding {
                module: self.name(),
                module_version: self.version(),
                severity: self.severity(),
                result: ModuleResult::Url(url),
            }));
        }

        Ok(None)
    }
}

#[cfg(test)]
mod tests {
    use super::GitConfigDisclosure;

    #[tokio::test]
    async fn is_git_directory() {
        let module = GitConfigDisclosure::new();

        let body = r#"[core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
        ignorecase = true
        precomposeunicode = true
[remote "origin"]
        url = git@github.com:skerkour/black-hat-rust.git
        fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
        remote = origin
        merge = refs/heads/master"#;

        let body2 = "test test test test tes  <tle>Index of kerkour.fr</title> test";

        assert_eq!(
            true,
            module.is_git_config_file(body.to_string()).await.unwrap()
        );
        assert_eq!(
            false,
            module.is_git_config_file(body2.to_string()).await.unwrap()
        );
    }
}