Kshitijk4poor/main #1304
Kshitijk4poor/main #1304
Conversation
artemis/placeholder_page_analyzer.py
Outdated
| "wróć do bezpieczeństwa", | ||
| "utrzymywana jest na serwerach", | ||
| "parametry wspólne serwerów", | ||
| "forbidden", |
There was a problem hiding this comment.
Some of these keywords are too generic and may match too mch (e.g. "forbidden")
IMO let's take 5-10 most popular website providers and just match their "no website" pages (even matching with html so that we don't match some text inside)
BTW, make this configurable
artemis/config.py
Outdated
| @@ -698,6 +698,29 @@ class Nuclei: | |||
| "NUCLEI_TEMPLATE_CHUNK_SIZE is 200, three calls will be made with 200 templates each.", | |||
| ] = get_config("NUCLEI_TEMPLATE_CHUNK_SIZE", default=200, cast=int) | |||
|
|
|||
| class PlaceholderPagesHtmlElements: | |||
| PLACEHOLDER_PAGE_HTML_ELEMENTS: Annotated[ | |||
There was a problem hiding this comment.
IMO this is a good idea to extract this to a file (have config named "PLACEHOLDER_PAGE_CONTENT_FILENAME" and these contents being loaded from file)
artemis/config.py
Outdated
| class PlaceholderPagesHtmlElements: | ||
| PLACEHOLDER_PAGE_HTML_ELEMENTS: Annotated[ | ||
| List[str], | ||
| "A list of html elements that appear on placeholder pages", |
There was a problem hiding this comment.
maybe write that exact string matching will be performed, no parsing, no nothing. And write what will happen with such pages
artemis/module_base.py
Outdated
| @@ -153,6 +154,11 @@ def check_domain_exists(self, domain: str) -> bool: | |||
| bool: True if the domain exists, False otherwise. | |||
| """ | |||
| try: | |||
| manager = AnalyzerManager(domain) | |||
There was a problem hiding this comment.
name this class more verbosely, not AnalyzerManager, maybe PlaceholderPageDetector?
artemis/module_base.py
Outdated
| @@ -153,6 +154,11 @@ def check_domain_exists(self, domain: str) -> bool: | |||
| bool: True if the domain exists, False otherwise. | |||
| """ | |||
| try: | |||
| manager = AnalyzerManager(domain) | |||
| result = manager.run_analysis() | |||
artemis/config.py
Outdated
| @@ -698,6 +698,29 @@ class Nuclei: | |||
| "NUCLEI_TEMPLATE_CHUNK_SIZE is 200, three calls will be made with 200 templates each.", | |||
| ] = get_config("NUCLEI_TEMPLATE_CHUNK_SIZE", default=200, cast=int) | |||
|
|
|||
| class PlaceholderPagesHtmlElements: | |||
There was a problem hiding this comment.
IMO add a configuration variable to enable this behavior, default false - by default people may not want random webpages to be skipped
| if response: | ||
| html_content = response.content | ||
| with open( | ||
| Config.Modules.PlaceholderPageContent.PLACEHOLDER_PAGE_CONTENT_FILENAME, "r", encoding="utf-8" |
There was a problem hiding this comment.
this will cause the file to be read on every check, this can be made more optimal by moving to init and constrycting a singleton instance (and calling is_placeholder on different urls)
| return True | ||
|
|
||
|
|
||
| class PlaceholderPageDetector: |
There was a problem hiding this comment.
I don't think having two classes adds anything in terms of readability
| @@ -153,6 +154,12 @@ def check_domain_exists(self, domain: str) -> bool: | |||
| bool: True if the domain exists, False otherwise. | |||
| """ | |||
| try: | |||
| if Config.Modules.PlaceholderPageContent.PLACEHOLDER_PAGE_DETECTOR_ENABLE: | |||
There was a problem hiding this comment.
PLACEHOLDER_PAGE_DETECTOR_ENABLED or ENABLE_PLACEHOLDER_PAGE_DETECTOR
| class PlaceholderPageContent: | ||
| PLACEHOLDER_PAGE_DETECTOR_ENABLE: Annotated[ | ||
| bool, | ||
| "Enable or disable placeholder pages detector." |
There was a problem hiding this comment.
space or newline between dot and A
| PLACEHOLDER_PAGE_DETECTOR_ENABLE: Annotated[ | ||
| bool, | ||
| "Enable or disable placeholder pages detector." | ||
| "A strict string matching will be performed without any parsing or modifications. The string will be " |
There was a problem hiding this comment.
two sentences with the same meaning: "A strict string matching will be performed without any parsing or modifications." and "The string will ...".
| "Enable or disable placeholder pages detector." | ||
| "A strict string matching will be performed without any parsing or modifications. The string will be " | ||
| "matched exactly as provided, without applying any transformations or processing. If the page exists " | ||
| "but the specified string is found within it, the page will not be scanned for vulnerabilities. " |
| class PlaceholderPageContent: | ||
| PLACEHOLDER_PAGE_DETECTOR_ENABLE: Annotated[ | ||
| bool, | ||
| "Enable or disable placeholder pages detector." |
There was a problem hiding this comment.
add maybe "using this feature you may skip vulnerability scanning for websites that aren't built yet, but e.g. contain a hosting provider placeholder page"
No description provided.