pablosnt · pablosnt · Mar 31, 2024 · Mar 31, 2024 · Mar 31, 2024 · Mar 31, 2024
@@ -26,10 +26,12 @@ class HttpHeader(BaseInput):
         null=True,
     )
     key = models.TextField(
-        max_length=100, validators=[Validator(Regex.NAME.value, code="key", deny_injections=True)]
+        max_length=100,
+        validators=[Validator(Regex.NAME.value, code="key", deny_injections=True)],
     )
     value = models.TextField(
-        max_length=500, validators=[Validator(Regex.TEXT.value, code="value", deny_injections=True)]
+        max_length=500,
+        validators=[Validator(Regex.TEXT.value, code="value", deny_injections=True)],
     )
 
     filters = [BaseInput.Filter(type=str, field="key")]

@@ -16,7 +16,8 @@ class InputTechnology(BaseInput):
         Target, related_name="input_technologies", on_delete=models.CASCADE
     )
     name = models.TextField(
-        max_length=100, validators=[Validator(Regex.NAME.value, code="name", deny_injections=True)]
+        max_length=100,
+        validators=[Validator(Regex.NAME.value, code="name", deny_injections=True)],
     )
     version = models.TextField(
         max_length=100,
@@ -69,7 +70,8 @@ class InputVulnerability(BaseInput):
         Target, related_name="input_vulnerabilities", on_delete=models.CASCADE
     )
     cve = models.TextField(
-        max_length=20, validators=[Validator(Regex.CVE.value, code="cve", deny_injections=True)]
+        max_length=20,
+        validators=[Validator(Regex.CVE.value, code="cve", deny_injections=True)],
     )
 
     filters = [

@@ -21,7 +21,7 @@ class Regex(Enum):
     PATH_WITH_QUERYPARAMS = r"[\w\.\-_/\\#?&%$]{0,500}"
     CVE = r"CVE-\d{4}-\d{1,7}"
     SECRET = r"[\w\./\-=\+,:<>¿?¡!#&$()@%\[\]\{\}\*]{1,500}"
-    IS_INJECTION = r"[^;\"&</>$]*"
+    INJECTION = r"[;\"&</>$]+"
 
 
 class Validator(RegexValidator):
@@ -32,7 +32,7 @@ def __init__(
         code: str | None = None,
         inverse_match: bool | None = ...,  # type: ignore
         flags: RegexFlag | None = None,
-        deny_injections: bool = False
+        deny_injections: bool = False,
     ) -> None:
         self.deny_injections = deny_injections
         super().__init__(regex, message, code, inverse_match, flags)
@@ -46,10 +46,14 @@ def __call__(self, value: str | None) -> None:
         invalid_input = (
             not bool(regex_matches) if self.inverse_match else bool(regex_matches)
         )
-        is_injection = bool(re.fullmatch(Regex.IS_INJECTION, value)) if self.deny_injections else False
+        is_injection = (
+            bool(re.findall(Regex.INJECTION.value, value))
+            if self.deny_injections
+            else False
+        )
         if invalid_input or is_injection:
             logger.warning(
-                f"[Security] Invalid value that doesn't match the regex '{self.regex}'"
+                f"[Security] Value '{value}' doesn't match the allowed regex"
             )
             raise ValidationError(self.message, code=self.code, params={"value": value})
 

@@ -1,5 +1,4 @@
 from django.db import models
-
 from framework.models import BaseModel
 from processes.models import Process
 from rekono.settings import AUTH_USER_MODEL
@@ -38,16 +37,6 @@ class Task(BaseModel):
         null=True,
         validators=[FutureDatetimeValidator(code="scheduled_at")],
     )
-    # Amount of time before task execution
-    scheduled_in = models.IntegerField(
-        blank=True,
-        null=True,
-        validators=[TimeAmountValidator(code="scheduled_in")],
-    )
-    # Time unit to apply to the 'sheduled in' value
-    scheduled_time_unit = models.TextField(
-        max_length=10, choices=TimeUnit.choices, blank=True, null=True
-    )
     # Amount of time to wait until repeating the task execution
     repeat_in = models.IntegerField(
         blank=True,

@@ -34,18 +34,6 @@ def enqueue(self, task: Task) -> Job:
             logger.info(
                 f"[Task] Task {task.id} will be enqueued at {task.scheduled_at}"
             )
-        elif task.scheduled_in and task.scheduled_time_unit:
-            delay = {task.scheduled_time_unit.lower(): task.scheduled_in}
-            task.enqueued_at = timezone.now() + timedelta(**delay)
-            job = queue.enqueue_in(
-                timedelta(**delay),
-                self.consume,
-                task=task,
-                on_success=self._scheduled_callback,
-            )
-            logger.info(
-                f"[Task] Task {task.id} will be enqueued in {task.scheduled_in} {task.scheduled_time_unit}"
-            )
         else:
             task.enqueued_at = timezone.now()
             job = queue.enqueue(

@@ -1,10 +1,9 @@
 from typing import Any, Dict, cast
 
 from django.core.exceptions import ValidationError
-from rest_framework.serializers import ModelSerializer, PrimaryKeyRelatedField
-
 from processes.models import Process
 from processes.serializers import SimpleProcessSerializer
+from rest_framework.serializers import ModelSerializer, PrimaryKeyRelatedField
 from targets.models import Target
 from targets.serializers import SimpleTargetSerializer
 from tasks.models import Task
@@ -57,8 +56,6 @@ class Meta:
             "intensity",
             "executor",
             "scheduled_at",
-            "scheduled_in",
-            "scheduled_time_unit",
             "repeat_in",
             "repeat_time_unit",
             "creation",
@@ -99,13 +96,9 @@ def validate(self, attrs: Dict[str, Any]) -> Dict[str, Any]:
                     "process": "Invalid task. Process or configuration is required",
                 }
             )
-        for field, unit in [
-            ("scheduled_in", "scheduled_time_unit"),
-            ("repeat_in", "repeat_time_unit"),
-        ]:
-            if not attrs.get(field) or not attrs.get(unit):
-                attrs[field] = None
-                attrs[unit] = None
+        if not attrs.get("repeat_in") or not attrs.get("repeat_time_unit"):
+            attrs["repeat_in"] = None
+            attrs["repeat_time_unit"] = None
         return super().validate(attrs)
 
     def create(self, validated_data: Dict[str, Any]) -> Task:

@@ -60,11 +60,7 @@ def test_case(self, *args: Any, **kwargs: Any) -> None:
                     data=self.data,
                     format=self.format,
                 )
-                try:
-                    self.tc.assertEqual(self.status_code, response.status_code)
-                except Exception as ex:
-                    input(response.content)
-                    raise ex
+                self.tc.assertEqual(self.status_code, response.status_code)
                 if self.expected is not None:
                     content = json.loads((response.content or "{}".encode()).decode())
                     if isinstance(self.expected, dict):

@@ -1,7 +1,6 @@
 from typing import Any
 
 from executions.enums import Status
-from tasks.enums import TimeUnit
 from tests.cases import ApiTestCase
 from tests.framework import ApiTest
 from tools.enums import Intensity
@@ -19,7 +18,6 @@
     "configuration_id": 25,
     "intensity": Intensity.SNEAKY.name.capitalize(),
 }
-invalid_task4 = {**task1, "scheduled_in": -1, "scheduled_time_unit": TimeUnit.MINUTES}
 
 
 class TaskTest(ApiTest):
@@ -122,7 +120,6 @@ class TaskTest(ApiTest):
         ApiTestCase(["admin1", "auditor1"], "post", 400, invalid_task1),
         ApiTestCase(["admin1", "auditor1"], "post", 400, invalid_task2),
         ApiTestCase(["admin1", "auditor1"], "post", 400, invalid_task3),
-        ApiTestCase(["admin1", "auditor1"], "post", 400, invalid_task4),
         ApiTestCase(["admin2", "auditor2", "reader1", "reader2"], "post", 403, task1),
         ApiTestCase(
             ["admin1"],