File size: 2,717 Bytes
5e0bd20
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
"""Shared pytest fixtures."""

import pytest


@pytest.fixture
def sample_injection_results():
    """A small synthetic dataset that matches the schema produced by the Injector."""
    return [
        # SQLi - vulnerable (dump)
        {
            "target_url": "http://localhost:8080/vulnerabilities/sqli/",
            "method": "GET",
            "vuln_type": "sqli",
            "param": "id",
            "payload": "' OR 1=1-- ",
            "status_code": 200,
            "response_len": 4821,
            "response_body": "<p>First name: admin Surname: admin</p>"
            "<p>First name: gordon Surname: brown</p>"
            "<p>First name: hack Surname: me</p>"
            "<p>First name: pablo Surname: picasso</p>"
            "<p>First name: smithy Surname: smith</p>",
        },
        # SQLi - not vulnerable
        {
            "target_url": "http://localhost:8080/vulnerabilities/sqli/",
            "method": "GET",
            "vuln_type": "sqli",
            "param": "id",
            "payload": "admin'--",
            "status_code": 200,
            "response_len": 4479,
            "response_body": "<p>User ID:</p>",
        },
        # XSS - vulnerable (reflected)
        {
            "target_url": "http://localhost:8080/vulnerabilities/xss_r/",
            "method": "GET",
            "vuln_type": "xss_r",
            "param": "name",
            "payload": "<script>alert(1)</script>",
            "status_code": 200,
            "response_len": 3842,
            "response_body": "<p>Hello <script>alert(1)</script></p>",
        },
        # LFI - vulnerable
        {
            "target_url": "http://localhost:8080/vulnerabilities/fi/",
            "method": "GET",
            "vuln_type": "lfi",
            "param": "page",
            "payload": "/etc/passwd",
            "status_code": 200,
            "response_len": 6823,
            "response_body": "root:x:0:0:root:/root:/bin/bash\n"
            "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin",
        },
        # LFI - not vulnerable (path traversal blocked)
        {
            "target_url": "http://localhost:8080/vulnerabilities/fi/",
            "method": "GET",
            "vuln_type": "lfi",
            "param": "page",
            "payload": "../../etc/passwd",
            "status_code": 200,
            "response_len": 3241,
            "response_body": "<p>Warning: include() failed to open stream</p>",
        },
    ]


@pytest.fixture
def sample_labeled_results(sample_injection_results):
    """Labeled subset for ML training tests."""
    from intelliscan.modules.analyzer import Analyzer

    a = Analyzer(sample_injection_results)
    return [r.to_dict() for r in a.run()]