Skip to content

Instantly share code, notes, and snippets.

🤓
Nerdin' out

Charles Neill cneill

View GitHub Profile
View glance-log
2016-09-19 19:03:38.916 32495 INFO eventlet.wsgi.server [req-fa70e3a2-91ed-4cd8-a59d-8e0095cbfd31 1fadb086cfd94c1d8ab9d554657054d1 3330be90ba344c34b34afc27de7e7195 - default default] 10.0.2.2 - - [19/Sep/2016 19:03:38] "POST /v2/tasks HTTP/1.1" 201 850 0.181028
2016-09-19 19:03:38.985 32495 INFO glance.domain [-] Task [e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e] status changing from processing to processing
2016-09-19 19:03:38.987 32495 DEBUG oslo_messaging._drivers.amqpdriver [-] CAST unique_id: caef117456034a4aaa1c30d4043b86f7 NOTIFY exchange 'glance' topic 'notifications.info' _send /usr/local/lib/python2.7/dist-packages/oslo_messaging/_drivers/amqpdriver.py:432
2016-09-19 19:03:39.082 32495 DEBUG glance.async.taskflow_executor [-] Taskflow executor picked up the execution of task ID e4bcbd26-c8d5-4d81-87f0-2f8c64fabd4e of task type import _run /opt/stack/glance/glance/async/taskflow_executor.py:152
2016-09-19 19:03:39.139 32495 ERROR glance.async.flows.base_import [-] Bad task configuration: Task was not config
View new-syntribos-schema.md

Top-Level

{
  "errors": [ ErrorObjects ],
  "failures": [ FailureObjects ],
  "stats": {
    "severity": {
      "HIGH": 0,
      "MEDIUM": 0,
View new-output.md

Requesting with these templates (all non-GET requests to SimpleHTTPServer return 501 status codes):

GET /derp HTTP/1.1
Accept: application/json

View idea.json
{
"errors": [],
"failures": {
"localhost:9000/test": {
"500_errors": {
"description": "This request returns an error with status code 501, which might indicate some server-side fault that could lead to further vulnerabilities",
"payloads": [
{
"confidence": "High",
"param": {
View syntribos-signals.md

Syntribos Checks / Signals

Exception Checks

HTTP Request Failures

  • Inputs: Single requestslib exception object
  • Description: This signal is returned when requests throws an exception on a request
  • Check Location: syntribos.clients.http.checks
  • Slug: HTTP_FAIL_[EXCEPTION CLASS NAME]
View syntribos-cafe-code.txt
doc/source/conf.py:78:intersphinx_mapping = {'cafe': ('http://opencafe.readthedocs.org/en/latest', None)}
doc/source/conf.py:81:# 'cafe',
doc/source/conf.py:82:# 'cafe.engine.http.client',
doc/source/conf.py:83:# 'cafe.drivers.unittest.arguments'
syntribos/arguments.py:18:import cafe.drivers.unittest.arguments
syntribos/arguments.py:70: action=cafe.drivers.unittest.arguments.ConfigAction,
syntribos/arguments.py:71: help="test config. Looks in the ~/.opencafe/configs directory"
syntribos/clients/http/base_http_client.py:3:# Original from OpenCafe (https://github.com/openstack/opencafe)
syntribos/clients/http/config.py:14:from cafe.engine.models.data_interfaces import ConfigSectionInterface
syntribos/config.py:14:from cafe.engine.models.data_interfaces import ConfigSectionInterface
View syntribos-cafe-docs.txt
CONTRIBUTING.rst:10:4. No new code will be accepted if it adds a new dependency on OpenCAFE, or adds
CONTRIBUTING.rst:11: on top of existing CAFE functionality IF it cannot stand on its own without
CONTRIBUTING.rst:12: CAFE.
README.rst:35:CAFE Framework <https://github.com/stackforge/opencafe>`__.
README.rst:83:- Create a directory named .opencafe in the user's home directory, or in the case of a python virtualenv, in the virtualenv root folder.
README.rst:87: $ cafe-config init
README.rst:93: $ cafe-config plugins install http
README.rst:98:Copy the data files from Syntribos data directory to .opencafe/data directory created during "cafe-config init". This directory contains the fuzz string files. Copy the example configuration file to .opencafe/configs directory created during "cafe-config init".
README.rst:102: $ cp syntribos/data/* .opencafe/data/
README.rst:103: $ cp syntribos/examples/configs/keystone.config .opencafe/configs/.
@cneill
cneill / syntribos-terminology.md
Last active May 24, 2016
Description of testing concepts / etc. in Syntribos
View syntribos-terminology.md

Terminology for Syntribos

Test

  • Meaning: A set of checks that is conducted to uncover the presence of a specific type of vulnerability. Tests should be able to specify requests or Request Chains that it knows how to interact with
  • Purpose: Identify vulnerabilities
  • Example: SQL Injection

Test Case

View result.py
def _logTests(self, tests, bucket, status=None):
"""Log each test by adding to self.all_tests and the right "bucket"
based on the status of the test (e.g. self.aggregated_errors)
:param list tests: test results (e.g. test.failures)
:param dict bucket: place to store the tests (e.g. self.aggregated_errors)
"""
for issue in tests:
url = issue.request.url
method = issue.request.method
View gist:0c260009f5cc06084efa3feb613648c4
16:27:43 weechat whee => msg $channel (∩▂∩)
16:27:43 weechat wheee => msg $channel (ノ^_^)ノ
16:27:43 weechat wheeee => msg $channel ゚・✿ヾ╲(。◕‿◕。)╱✿・゚
16:27:43 weechat wheeeee => msg $channel ᕕ(ᐛ)ᕗ
You can’t perform that action at this time.