As the detection logic for web service does not rely only on service …

…name anymore, we need to handle the case where the service name is not known. Otherwise we would qualify every unknown service as using SSL. PiperOrigin-RevId: 592290838 Change-Id: I24d005c9fd93cb0915d5d170f0b37a8c8ba060b6
mfmjos · Dec 19, 2023 · ab5259d · ab5259d
1 parent 31181c7
commit ab5259d
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 2 deletions.
diff --git a/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java b/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java
@@ -76,11 +76,21 @@ public static boolean isWebService(NetworkService networkService) {
 
   public static boolean isPlainHttp(NetworkService networkService) {
     checkNotNull(networkService);
+
+    var isWebService = isWebService(networkService);
+    var isKnownServiceName = IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.containsKey(
+            Ascii.toLowerCase(networkService.getServiceName()));
+    var doesNotSupportAnySslVersion = networkService.getSupportedSslVersionsCount() == 0;
+
+    if (!isKnownServiceName) {
+      return isWebService && doesNotSupportAnySslVersion;
+    }
+
     var isKnownPlainHttpService =
         IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.getOrDefault(
             Ascii.toLowerCase(networkService.getServiceName()), false);
-    var doesNotSupportAnySslVersion = networkService.getSupportedSslVersionsCount() == 0;
-    return isWebService(networkService) && isKnownPlainHttpService && doesNotSupportAnySslVersion;
+
+    return isKnownPlainHttpService && doesNotSupportAnySslVersion;
   }
 
   public static String getServiceName(NetworkService networkService) {

diff --git a/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java b/common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java
@@ -175,6 +175,39 @@ public void isPlainHttp_whenHttpServiceButHasSslVersions_returnsFalse() {
         .isFalse();
   }
 
+  @Test
+  public void isPlainHttp_whenNonHttpServiceButHasSslVersions_returnsFalse() {
+    assertThat(
+            NetworkServiceUtils.isPlainHttp(
+                NetworkService.newBuilder()
+                    .setServiceName("ssh")
+                    .addSupportedSslVersions("SSLV3")
+                    .build()))
+        .isFalse();
+  }
+
+  @Test
+  public void isPlainHttp_whenHttpServiceFromHttpMethodsWithoutSslVersions_returnsTrue() {
+    assertThat(
+            NetworkServiceUtils.isPlainHttp(
+                NetworkService.newBuilder()
+                    .setServiceName("ssh")
+                    .addSupportedHttpMethods("GET")
+                    .build()))
+        .isTrue();
+  }
+
+  @Test
+  public void isPlainHttp_whenHttpServiceWithSslVersions_returnsFalse() {
+    assertThat(
+            NetworkServiceUtils.isPlainHttp(
+                NetworkService.newBuilder()
+                    .setServiceName("http")
+                    .addSupportedSslVersions("SSLV3")
+                    .build()))
+        .isFalse();
+  }
+
   @Test
   public void getServiceName_whenNonWebService_returnsServiceName() {
     assertThat(