tgen

package

v0.22.0-beta Latest Latest Go to latest Published: Oct 18, 2024 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/owasp-offat/offat

Links

Open Source Insights

Documentation ¶

Overview ¶

Tests for unrestricted HTTP methods/verbs

Index ¶

Constants
Variables
func DeleteAuthFromMap(authMap map[string]string, keys []string)
func MergeMaps(map1 map[string]string, map2 map[string]string) map[string]string
func ParamsToMap(params []parser.Param) map[string]string
type ApiTest
type DataLeakPattern
type DataLeakPatternMatch
type DataLeakPatterns
type InjectionConfig
type Payload
type PayloadConfig
type TGenHandler
- func (t *TGenHandler) FilterTests(apiTests []*ApiTest, pathRegex string) []*ApiTest
- func (t *TGenHandler) GenerateTests() []*ApiTest

Constants ¶

View Source

const (
	Path   = "path"
	Query  = "query"
	Header = "header"
	Cookie = "cookie"
	Body   = "body"
)

Variables ¶

View Source

var HttpMethodsSlice = []string{
	fasthttp.MethodGet,
	fasthttp.MethodHead,
	fasthttp.MethodPost,
	fasthttp.MethodPut,
	fasthttp.MethodPatch,
	fasthttp.MethodDelete,
	fasthttp.MethodConnect,
	fasthttp.MethodOptions,
	fasthttp.MethodTrace,
}

Functions ¶

func DeleteAuthFromMap ¶

func DeleteAuthFromMap(authMap map[string]string, keys []string)

func MergeMaps ¶

func MergeMaps(map1 map[string]string, map2 map[string]string) map[string]string

MergeMaps merges two maps and returns a map[string]string and an error if any value in map2 cannot be converted to a string

func ParamsToMap ¶

func ParamsToMap(params []parser.Param) map[string]string

convert parser.Param to map

Types ¶

type ApiTest ¶

type ApiTest struct {
	// Fields to be populated before making HTTP request
	TestName       string          `json:"test_name"`
	Request        *client.Request `json:"request"`
	Path           string          `json:"path"`
	PathWithParams string          `json:"path_with_params"`
	MatchRegex     string          `json:"match_regex"` // regex used in post processing for detecting injection

	// Fields to be populated after making HTTP request
	IsVulnerable bool                       `json:"is_vulnerable"`
	IsDataLeak   bool                       `json:"is_data_leak"`
	Response     *client.ConcurrentResponse `json:"concurrent_response"`

	// Post Request Process
	VulnerableResponseCodes []int                  `json:"vulnerable_response_codes"`
	ImmuneResponseCodes     []int                  `json:"immune_response_codes"`
	DataLeakMatches         []DataLeakPatternMatch `json:"data_leak_matches"`
}

Holds data related for API testing

func BasicOsCommandInjectionTest ¶

func BasicOsCommandInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BasicSqliTest ¶

func BasicSqliTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

generates very basic sqli API tests

func BasicSsrfTest ¶

func BasicSsrfTest(ssrfUrl, baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

generates very basic SSRF API tests by injecting provided URL

func BasicSstiInjectionTest ¶

func BasicSstiInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BasicXssHtmlInjectionTest ¶

func BasicXssHtmlInjectionTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string, injectionConfig InjectionConfig) []*ApiTest

func BolaTest ¶

func BolaTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

func BolaTrailingPathTest ¶

func BolaTrailingPathTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

func MissingAuthTest ¶

func MissingAuthTest(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

func UnrestrictedHttpMethods ¶

func UnrestrictedHttpMethods(baseUrl string, docParams []*parser.DocHttpParams, queryParams map[string]string, headers map[string]string) []*ApiTest

returns a new map with k:parser.DocHttpParams.Name, v:parser.DocHttpParams.Value

type DataLeakPattern ¶

type DataLeakPattern struct {
	Name       string `json:"name" yaml:"name"`
	Regex      string `json:"regex" yaml:"regex"`
	Confidence string `json:"confidence" yaml:"confidence"`
}

For Post runner

type DataLeakPatternMatch ¶

type DataLeakPatternMatch struct {
	DataLeakPattern

	Matches []string
}

type DataLeakPatterns ¶

type DataLeakPatterns struct {
	Patterns []DataLeakPattern `json:"patterns" yaml:"patterns"`
}

type InjectionConfig ¶

type InjectionConfig struct {
	InPath   bool
	InQuery  bool
	InBody   bool
	InHeader bool
	InCookie bool
	Payloads []Payload

	// for vulnerable ssrf endpoint inject endpoint in query param
	// example: https://ssrf-website.com?offat_test_endpoint=/api/v1/users
	InjectUriInQuery bool
}

type Payload ¶

type Payload struct {
	InjText string // text to be injected

	// Post Processors
	VulnerableResponseCodes []int  // status code indicating API endpoint is vulnerable
	ImmuneResponseCodes     []int  // status code indicating API endpoint is not vulnerable
	Regex                   string // regex to be used for post processing
}

Struct used for injecting payloads while generating tests

type PayloadConfig ¶

type PayloadConfig struct {
	In string // body,
}

Struct used for injecting payloads as per configuration

type TGenHandler ¶

type TGenHandler struct {
	Doc                []*parser.DocHttpParams
	DefaultQueryParams map[string]string
	DefaultHeaders     map[string]string
	BaseUrl            string

	// Register all tests using bool values below
	RunUnrestrictedHttpMethodTest    bool
	RunBasicSQLiTest                 bool
	RunBasicSSRFTest                 bool
	RunOsCommandInjectionTest        bool
	RunXssHtmlInjectionTest          bool
	RunSstiInjectionTest             bool
	RunBolaTest                      bool
	RunBolaTrailingPathTest          bool
	RunMissingAuthImplementationTest bool

	// SSRF Test related data
	SsrfUrl string
}

func (*TGenHandler) FilterTests ¶

func (t *TGenHandler) FilterTests(apiTests []*ApiTest, pathRegex string) []*ApiTest

func (*TGenHandler) GenerateTests ¶

func (t *TGenHandler) GenerateTests() []*ApiTest

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL