Skip to content

Commit 8fc888b

Browse files
tooryxcopybara-github
tooryx
authored and
copybara-github
committed
When it can easily be inferred, add the related_id field to the existing detectors in google, doyensec and govtech.
PiperOrigin-RevId: 761890970 Change-Id: I3ef6e79e45e26c50619a08aa43c41fb1d493bba2
1 parent bcc1083 commit 8fc888b

50 files changed

Lines changed: 179 additions & 63 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

doyensec/detectors/magento_cosmicsting_xxe/src/main/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxe.java

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -450,7 +450,11 @@ private DetectionReport buildDetectionReport(
450450
.setRecommendation(VULNERABILITY_REPORT_RECOMMENDATION)
451451
.addAdditionalDetails(
452452
AdditionalDetail.newBuilder()
453-
.setTextData(TextData.newBuilder().setText(additionalDetails))))
453+
.setTextData(TextData.newBuilder().setText(additionalDetails)))
454+
.addRelatedId(
455+
VulnerabilityId.newBuilder()
456+
.setPublisher("CVE")
457+
.setValue("CVE-2024-34102")))
454458
.build();
455459
}
456460
}

doyensec/detectors/magento_cosmicsting_xxe/src/test/java/com/google/tsunami/plugins/detectors/cves/cve202434102/MagentoCosmicStingXxeTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -209,6 +209,10 @@ private DetectionReport generateDetectionReportWithCallback(
209209
.setTitle(VULNERABILITY_REPORT_TITLE)
210210
.setDescription(VULNERABILITY_REPORT_DESCRIPTION_CALLBACK)
211211
.setRecommendation(VULNERABILITY_REPORT_RECOMMENDATION)
212+
.addRelatedId(
213+
VulnerabilityId.newBuilder()
214+
.setPublisher("CVE")
215+
.setValue("CVE-2024-34102"))
212216
.addAdditionalDetails(
213217
AdditionalDetail.newBuilder()
214218
.setTextData(TextData.newBuilder().setText(additionalDetails))))
@@ -234,6 +238,10 @@ private DetectionReport generateDetectionReportWithResponseMatching(
234238
.setTitle(VULNERABILITY_REPORT_TITLE)
235239
.setDescription(VULNERABILITY_REPORT_DESCRIPTION_RESPONSE_MATCHING)
236240
.setRecommendation(VULNERABILITY_REPORT_RECOMMENDATION)
241+
.addRelatedId(
242+
VulnerabilityId.newBuilder()
243+
.setPublisher("CVE")
244+
.setValue("CVE-2024-34102"))
237245
.addAdditionalDetails(
238246
AdditionalDetail.newBuilder()
239247
.setTextData(TextData.newBuilder().setText(additionalDetails))))

google/detectors/credentials/cve20177615/src/main/java/com/google/tsunami/plugins/detectors/credentials/cve20177615/MantisBTAuthenticationBypassDetector.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,8 @@ private DetectionReport buildDetectionReport(
131131
VulnerabilityId.newBuilder().setPublisher("GOOGLE").setValue("CVE_2017_7615"))
132132
.setSeverity(Severity.CRITICAL)
133133
.setTitle("MantisBT Authentication Bypass (CVE-2017-7615)")
134+
.addRelatedId(
135+
VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2017-7615"))
134136
.setDescription(
135137
"MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated"
136138
+ " admin access via an empty confirm_hash value to verify.php."))

google/detectors/credentials/cve20177615/src/test/java/com/google/tsunami/plugins/detectors/credentials/cve20177615/MantisBTAuthenticationBypassDetectorTest.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,10 @@ public void detect_whenWebAppIsVulnerable_reportsVuln() throws IOException {
124124
VulnerabilityId.newBuilder()
125125
.setPublisher("GOOGLE")
126126
.setValue("CVE_2017_7615"))
127+
.addRelatedId(
128+
VulnerabilityId.newBuilder()
129+
.setPublisher("CVE")
130+
.setValue("CVE-2017-7615"))
127131
.setSeverity(Severity.CRITICAL)
128132
.setTitle("MantisBT Authentication Bypass (CVE-2017-7615)")
129133
.setDescription(

google/detectors/directorytraversal/cve202017519/src/main/java/com/google/tsunami/plugins/detectors/directorytraversal/cve202017519/Cve202017519Detector.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,8 @@ private DetectionReport buildDetectionReport(
140140
VulnerabilityId.newBuilder().setPublisher("GOOGLE").setValue("CVE_2020_17519"))
141141
.setSeverity(Severity.CRITICAL)
142142
.setTitle("Apache Flink Unauthorized Directory Traversal (CVE-2020-17519)")
143+
.addRelatedId(
144+
VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2020-17519"))
143145
.setDescription(
144146
"A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and "
145147
+ "1.11.2 as well) allows attackers to read any file on the local "

google/detectors/directorytraversal/cve202017519/src/test/java/com/google/tsunami/plugins/detectors/directorytraversal/cve202017519/Cve202017519DetectorTest.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,10 @@ public void detect_whenFlinkVulnerable_returnsVulnerability()
112112
VulnerabilityId.newBuilder()
113113
.setPublisher("GOOGLE")
114114
.setValue("CVE_2020_17519"))
115+
.addRelatedId(
116+
VulnerabilityId.newBuilder()
117+
.setPublisher("CVE")
118+
.setValue("CVE-2020-17519"))
115119
.setSeverity(Severity.CRITICAL)
116120
.setTitle("Apache Flink Unauthorized Directory Traversal (CVE-2020-17519)")
117121
.setDescription(

google/detectors/directorytraversal/cve20213223/src/main/java/com/google/tsunami/plugins/detectors/directorytraversal/cve20213223/NodeRedDashboardDirectoryTraversalDetector.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,8 @@ private DetectionReport buildDetectionReport(
134134
VulnerabilityId.newBuilder().setPublisher("GOOGLE").setValue("CVE_2021_3223"))
135135
.setSeverity(Severity.CRITICAL)
136136
.setTitle("Node-RED-Dashboard directory traversal vulnerability")
137+
.addRelatedId(
138+
VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2021-3223"))
137139
.setDescription("Directory Traversal vulnerability in exposed Node-RED-Dashboard")
138140
.setRecommendation("Upgrade node-red-dashboard to version 2.26.2 or greater.")
139141
.addAdditionalDetails(AdditionalDetail.newBuilder().setTextData(details)))

google/detectors/directorytraversal/cve20213223/src/test/java/com/google/tsunami/plugins/detectors/directorytraversal/cve20213223/NodeRedDashboardDirectoryTraversalDetectorTest.java

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -107,12 +107,13 @@ public void detect_whenNodeRedDashboardDirExposed_reportsVuln() throws IOExcepti
107107
.setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)
108108
.setVulnerability(
109109
Vulnerability.newBuilder()
110-
.setMainId(
111-
VulnerabilityId.newBuilder()
112-
.setPublisher("GOOGLE")
113-
.setValue("CVE_2021_3223"))
114-
.setSeverity(Severity.CRITICAL)
115-
.setTitle("Node-RED-Dashboard directory traversal vulnerability")
110+
.setMainId(
111+
VulnerabilityId.newBuilder()
112+
.setPublisher("GOOGLE")
113+
.setValue("CVE_2021_3223"))
114+
.addRelatedId(VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2021-3223"))
115+
.setSeverity(Severity.CRITICAL)
116+
.setTitle("Node-RED-Dashboard directory traversal vulnerability")
116117
.setDescription(
117118
"Directory Traversal vulnerability in exposed Node-RED-Dashboard")
118119
.setRecommendation(

google/detectors/exposedui/phpunit/src/main/java/com/google/tsunami/plugins/detectors/exposedui/phpunit/PHPUnitExposedEvalStdinDetector.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,8 @@ private DetectionReport buildDetectionReport(
145145
.setPublisher("GOOGLE")
146146
.setValue("EXPOSED_PHPUNIT_EVAL_STDIN"))
147147
.setSeverity(Severity.CRITICAL)
148+
.addRelatedId(
149+
VulnerabilityId.newBuilder().setPublisher("CVE").setValue("CVE-2017-9841"))
148150
.setTitle("CVE-2017-9841: Exposed Vulnerable eval-stdin.php in PHPUnit")
149151
.setDescription(
150152
"CVE-2017-9841: For vulnerable versions of PHPUnit, its eval-stdin.php script"

google/detectors/exposedui/phpunit/src/test/java/com/google/tsunami/plugins/detectors/exposedui/phpunit/PHPUnitExposedEvalStdinDetectorTest.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,10 @@ private void verifyVulnerabilityReport(
176176
VulnerabilityId.newBuilder()
177177
.setPublisher("GOOGLE")
178178
.setValue("EXPOSED_PHPUNIT_EVAL_STDIN"))
179+
.addRelatedId(
180+
VulnerabilityId.newBuilder()
181+
.setPublisher("CVE")
182+
.setValue("CVE-2017-9841"))
179183
.setSeverity(Severity.CRITICAL)
180184
.setTitle("CVE-2017-9841: Exposed Vulnerable eval-stdin.php in PHPUnit")
181185
.setDescription(

0 commit comments

Comments
 (0)