Add check for SSH passwords #512
Conversation
|
so far it's a good direction, please fix license check and add tests/autoreport |
anna1492
changed the title
artemis/reporting/severity.py
Outdated
| @@ -26,6 +26,7 @@ class Severity(str, Enum): | |||
| ReportType("exposed_configuration_file"): Severity.HIGH, | |||
| ReportType("exposed_sql_dump"): Severity.HIGH, | |||
| ReportType("exposed_log_file"): Severity.HIGH, | |||
| ReportType("exposed_log_file"): Severity.HIGH, | |||
| if not task_result["status"] == "INTERESTING": | ||
| return [] | ||
|
|
||
| if not isinstance(task_result["result"], SSHBruterResult): |
There was a problem hiding this comment.
when deserializing from db, it wouldn't be a SSHBruterResult instance, but a dict
| @@ -0,0 +1,26 @@ | |||
| {% if "exposed_ssh_with_easy_password" in data.contains_type %} | |||
| <li>{% trans %}The following address contains SSH server where simple login/password pair allows logging in:{% endtrans %} | |||
There was a problem hiding this comment.
by default we have plural in these messages (addresses contain SSH servers...)
| "The following address contains SSH server where simple login/password " | ||
| "pair allows logging in:" | ||
| msgstr "" | ||
| "Na następującym adresie uruchomiony jest serwer SSH przez który można się" |
|
|
||
| #: artemis/reporting/modules/ssh_bruter/template_exposed_ssh_with_easy_password.jinja2:10 | ||
| msgid "username" | ||
| msgstr "użytkownikowi" |
There was a problem hiding this comment.
jak piszesz "Poniższe dane umożliwiają zalogowanie się" to potem w zdaniu przypadek musi się zgadzać: "nazwą użytkwonika ... i hasłem"
| from artemis.reporting.base.templating import build_message_template | ||
| from artemis.reporting.export.translations import install_translations | ||
|
|
||
| environment = Environment( |
There was a problem hiding this comment.
IMO if we have multiple reporting test, we may factor the common code into something called BaseReportingTest, so that lines 15-22 don't duplicate with bruter
| "The following addresses contain SSH server where simple login/password " | ||
| "pair allows logging in:" | ||
| msgstr "" | ||
| "Na następującym adresie uruchomiony jest serwer SSH na który można się " |
There was a problem hiding this comment.
you made the original plural, not the tanslated version
| @@ -0,0 +1,25 @@ | |||
| #: artemis/reporting/modules/ssh_bruter/template_exposed_ssh_with_easy_password.jinja2:2 | |||
| msgid "" | |||
| "The following addresses contain SSH server where simple login/password " | |||
| msgid "empty password" | ||
| msgstr "" | ||
|
|
||
| #~ msgid "username" |
There was a problem hiding this comment.
nuke these commented translations
| #: artemis/reporting/modules/ssh_bruter/template_exposed_ssh_with_easy_password.jinja2:11 | ||
| #, fuzzy | ||
| msgid "and " | ||
| msgstr "i" |
There was a problem hiding this comment.
let's not use fuzzy matches if they aren't needed, and besides here you translate and with space to "i" without space - that's asking for trouble ;)
There was a problem hiding this comment.
polish version returns "ihasłem", so you need to preserve the space, preferably outside of translation
| "The following addresses contain SSH servers where simple login/password " | ||
| "pair allows logging in:" | ||
| msgstr "" | ||
| "Na następujących adresach uruchomione są serwery SSH do których można się" |
There was a problem hiding this comment.
pewnie lepiej "pod następującymi adresami" niż "na"
No description provided.