Add a field to the network service proto containing supported SSL ver…

…sion. This information is used in the heuristic that defines if a web service uses SSL or not. PiperOrigin-RevId: 591821277 Change-Id: I1a9b6ac2a67fee1edbe82489b1132d731dcde150
mfmjos · Dec 18, 2023 · 55aa697 · 55aa697
1 parent 440bc4d
commit 55aa697
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java b/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java
@@ -73,9 +73,11 @@ public static boolean isWebService(NetworkService networkService) {
 
   public static boolean isPlainHttp(NetworkService networkService) {
     checkNotNull(networkService);
-    return isWebService(networkService)
-        && IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.getOrDefault(
+    var isKnownPlainHttpService =
+        IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.getOrDefault(
             Ascii.toLowerCase(networkService.getServiceName()), false);
+    var doesNotSupportAnySslVersion = networkService.getSupportedSslVersionsCount() == 0;
+    return isWebService(networkService) && isKnownPlainHttpService && doesNotSupportAnySslVersion;
   }
 
   public static String getServiceName(NetworkService networkService) {

diff --git a/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java b/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java
@@ -153,6 +153,17 @@ public void isPlainHttp_whenNonWebService_returnsFalse() {
         .isFalse();
   }
 
+  @Test
+  public void isPlainHttp_whenHttpServiceButHasSslVersions_returnsFalse() {
+    assertThat(
+            NetworkServiceUtils.isPlainHttp(
+                NetworkService.newBuilder()
+                    .setServiceName("http")
+                    .addSupportedSslVersions("SSLV3")
+                    .build()))
+        .isFalse();
+  }
+
   @Test
   public void getServiceName_whenNonWebService_returnsServiceName() {
     assertThat(

diff --git a/proto/network_service.proto b/proto/network_service.proto
@@ -56,7 +56,8 @@ message NetworkService {
   // in the uri binding representation, like: cpe:/a:openbsd:openssh:8.4p1
   repeated string cpes = 8;
 
-  // TODO(magl): add ssl related information.
+  // List of supported SSL versions (e.g. TLSv1, SSLv3, ...) on the service.
+  repeated string supported_ssl_versions = 9;
 }
 
 // Context information about a specific network service.