reuse NetworkService data from port scanner if fingerprinting failed.

PiperOrigin-RevId: 330983814 Change-Id: I96e8243d80c7757458ea02009c83ae2bfd202c20
valery-barysok · Sep 10, 2020 · 0075d89 · 0075d89
1 parent a778b9f
commit 0075d89
Show file tree

Hide file tree

Showing 4 changed files with 122 additions and 4 deletions.
diff --git a/plugin/src/main/java/com/google/tsunami/plugin/testing/FailedServiceFingerprinter.java b/plugin/src/main/java/com/google/tsunami/plugin/testing/FailedServiceFingerprinter.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugin.testing;
+
+import com.google.tsunami.plugin.PluginType;
+import com.google.tsunami.plugin.ServiceFingerprinter;
+import com.google.tsunami.plugin.annotations.ForServiceName;
+import com.google.tsunami.plugin.annotations.PluginInfo;
+import com.google.tsunami.proto.FingerprintingReport;
+import com.google.tsunami.proto.NetworkService;
+import com.google.tsunami.proto.TargetInfo;
+
+/** A fake ServiceFingerprinter plugin that instantly fails for testing purpose only. */
+@PluginInfo(
+    type = PluginType.SERVICE_FINGERPRINT,
+    name = "FailedServiceFingerprinter",
+    version = "v0.1",
+    description = "A fake ServiceFingerprinter that instantly fails.",
+    author = "fake",
+    bootstrapModule = FailedServiceFingerprinterBootstrapModule.class)
+@ForServiceName("http")
+public final class FailedServiceFingerprinter implements ServiceFingerprinter {
+
+  @Override
+  public FingerprintingReport fingerprint(TargetInfo targetInfo, NetworkService networkService) {
+    throw new RuntimeException("ServiceFingerprinter failed");
+  }
+}
diff --git a/...ain/java/com/google/tsunami/plugin/testing/FailedServiceFingerprinterBootstrapModule.java b/...ain/java/com/google/tsunami/plugin/testing/FailedServiceFingerprinterBootstrapModule.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.tsunami.plugin.testing;
+
+import com.google.tsunami.plugin.PluginBootstrapModule;
+
+/** Bootstrapping module for {@link FailedServiceFingerprinter}. */
+public final class FailedServiceFingerprinterBootstrapModule extends PluginBootstrapModule {
+
+  @Override
+  protected void configurePlugin() {
+    registerPlugin(FailedServiceFingerprinter.class);
+  }
+}
diff --git a/workflow/src/main/java/com/google/tsunami/workflow/DefaultScanningWorkflow.java b/workflow/src/main/java/com/google/tsunami/workflow/DefaultScanningWorkflow.java
@@ -213,7 +213,7 @@ private ListenableFuture<ReconnaissanceReport> fingerprintNetworkServices(
                 ReconnaissanceReport.newBuilder()
                     .setTargetInfo(targetInfo)
                     .addAllNetworkServices(networkServicesToKeep)
-                    .addAllNetworkServices(successfullyFingerprintedServices(executionResults))
+                    .addAllNetworkServices(getFingerprintedServices(executionResults))
                     .build(),
             directExecutor());
   }
@@ -230,11 +230,17 @@ private static PluginExecutorConfig<FingerprintingReport> buildFingerprinterExec
         .build();
   }
 
-  private static ImmutableList<NetworkService> successfullyFingerprintedServices(
+  @SuppressWarnings("unchecked")
+  private static ImmutableList<NetworkService> getFingerprintedServices(
       Collection<PluginExecutionResult<FingerprintingReport>> executionResults) {
     return executionResults.stream()
-        .filter(PluginExecutionResult::isSucceeded)
-        .flatMap(result -> result.resultData().get().getNetworkServicesList().stream())
+        .flatMap(
+            result ->
+                result.isSucceeded()
+                    ? result.resultData().get().getNetworkServicesList().stream()
+                    : ((List<NetworkService>)
+                            result.executorConfig().matchedPlugin().matchedServices())
+                        .stream())
         .collect(toImmutableList());
   }
 

diff --git a/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java b/workflow/src/test/java/com/google/tsunami/workflow/DefaultScanningWorkflowTest.java
@@ -25,6 +25,7 @@
 import com.google.inject.Injector;
 import com.google.tsunami.common.time.testing.FakeUtcClockModule;
 import com.google.tsunami.plugin.testing.FailedPortScannerBootstrapModule;
+import com.google.tsunami.plugin.testing.FailedServiceFingerprinterBootstrapModule;
 import com.google.tsunami.plugin.testing.FailedVulnDetectorBootstrapModule;
 import com.google.tsunami.plugin.testing.FakePluginExecutionModule;
 import com.google.tsunami.plugin.testing.FakePortScanner;
@@ -154,6 +155,49 @@ public void run_whenPortScannerFailed_returnsFailedScanResult()
     assertThat(scanResults.getScanFindingsList()).isEmpty();
   }
 
+  @Test
+  public void run_whenServiceFingerprinterFailed_reusesNetworkServicesFromPortScan()
+      throws ExecutionException, InterruptedException {
+    Injector injector =
+        Guice.createInjector(
+            new FakeUtcClockModule(),
+            new FakePluginExecutionModule(),
+            new FakePortScannerBootstrapModule(),
+            new FailedServiceFingerprinterBootstrapModule(),
+            new FakeVulnDetectorBootstrapModule(),
+            new FakeVulnDetectorBootstrapModule2());
+    scanningWorkflow = injector.getInstance(DefaultScanningWorkflow.class);
+
+    ScanResults scanResults = scanningWorkflow.run(buildScanTarget());
+
+    assertThat(scanResults.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);
+    assertThat(scanResults.getReconnaissanceReport().getNetworkServicesList())
+        .containsExactly(
+            FakePortScanner.getFakeNetworkService(buildScanTarget().getNetworkEndpoint()));
+  }
+
+  @Test
+  public void run_whenServiceFingerprinterSucceeded_fillsReconnaissanceReportWithFingerprintResult()
+      throws ExecutionException, InterruptedException {
+    Injector injector =
+        Guice.createInjector(
+            new FakeUtcClockModule(),
+            new FakePluginExecutionModule(),
+            new FakePortScannerBootstrapModule(),
+            new FakeServiceFingerprinterBootstrapModule(),
+            new FakeVulnDetectorBootstrapModule(),
+            new FakeVulnDetectorBootstrapModule2());
+    scanningWorkflow = injector.getInstance(DefaultScanningWorkflow.class);
+
+    ScanResults scanResults = scanningWorkflow.run(buildScanTarget());
+
+    assertThat(scanResults.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);
+    assertThat(scanResults.getReconnaissanceReport().getNetworkServicesList())
+        .containsExactly(
+            FakeServiceFingerprinter.addWebServiceContext(
+                FakePortScanner.getFakeNetworkService(buildScanTarget().getNetworkEndpoint())));
+  }
+
   @Test
   public void run_whenSomeVulnDetectorFailed_returnsPartiallySucceededScanResult()
       throws ExecutionException, InterruptedException {