Test fix, one more Nuclei template (#802)

CERT-Polska · Feb 21, 2024 · 0fa944c · 0fa944c
1 parent 4ef7bbf
commit 0fa944c
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/artemis/config.py b/artemis/config.py
@@ -395,6 +395,7 @@ class Nuclei:
                         "http/misconfiguration/springboot/springboot-threaddump.yaml",
                         "http/misconfiguration/springboot/springboot-trace.yaml",
                         "http/vulnerabilities/generic/basic-xss-prober.yaml",
+                        "http/vulnerabilities/generic/xss-fuzz.yaml",
                     ]
                 ),
                 cast=decouple.Csv(str),

diff --git a/artemis/modules/nuclei.py b/artemis/modules/nuclei.py
@@ -116,6 +116,12 @@ def _scan(self, templates: List[str], targets: List[str]) -> List[Dict[str, Any]
             else str(int(0)),
         ] + additional_configuration
 
+        # The `-it` flag will include the templates provided in NUCLEI_ADDITIONAL_TEMPLATES even if
+        # they're marked with as tag such as `fuzz` which prevents them from being executed by default.
+        for template in Config.Modules.Nuclei.NUCLEI_ADDITIONAL_TEMPLATES:
+            command.append("-it")
+            command.append(template)
+
         for target in targets:
             command.append("-target")
             command.append(target)
@@ -169,7 +175,7 @@ def run_multiple(self, tasks: List[Task]) -> None:
 
             if messages:
                 status = TaskStatus.INTERESTING
-                status_reason = ", ".join(messages)
+                status_reason = ", ".join(sorted(messages))
             else:
                 status = TaskStatus.OK
                 status_reason = None

diff --git a/test/modules/test_nuclei.py b/test/modules/test_nuclei.py
@@ -23,7 +23,7 @@ def test_simple(self) -> None:
         self.assertEqual(call.kwargs["status"], TaskStatus.INTERESTING)
         self.assertEqual(
             call.kwargs["status_reason"],
-            "[high] http://test-phpmyadmin-easy-password:80: phpMyAdmin - Default Login phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.",
+            "[high] http://test-phpmyadmin-easy-password:80: phpMyAdmin - Default Login phpMyAdmin contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations., [info] http://test-phpmyadmin-easy-password:80: phpMyAdmin Panel - Detect phpMyAdmin panel was detected.",
         )
 
     def test_links(self) -> None: