Skip to content

Commit f1a56f0

Browse files
bitterpanda63bitterpanda63
committed
Linting
1 parent eb2d74a commit f1a56f0

File tree

2 files changed

+10
-18
lines changed

2 files changed

+10
-18
lines changed

aikido_zen/sinks/tests/requests_and_urllib3_test.py

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ def ssrf_check(monkeypatch, url):
7272
"http://1.1.1.1 &@127.0.0.1:4000# @3.3.3.3/",
7373
"""
7474

75+
7576
@pytest.mark.parametrize(
7677
"url",
7778
[
@@ -104,32 +105,27 @@ def ssrf_check(monkeypatch, url):
104105
# private ips written differently
105106
"http://2130706433:8081",
106107
"http://0x7f000001:8081/",
107-
#"http://0177.0.0.01:8081/",
108+
# "http://0177.0.0.01:8081/",
108109
"http://0x7f.0x0.0x0.0x1:8081/",
109110
# 127.0.0.1 ipv6 mapped
110111
"http://[::ffff:127.0.0.1]:8081",
111-
112112
## Filter
113113
# "http://localhost:4000 /", -> failed to parse
114-
115114
# Fix :
116115
"http://127%2E0%2E0%2E1:4000",
117-
118-
#"h\tt\nt\rp://l\to\nc\ra\tl\nh\ro\ts\nt:4\t0\n0\r0/p\ta\nt\rh?q\tu\ne\rry#f\tr\na\rg",
119-
#"http://%30:4000",
120-
116+
# "h\tt\nt\rp://l\to\nc\ra\tl\nh\ro\ts\nt:4\t0\n0\r0/p\ta\nt\rh?q\tu\ne\rry#f\tr\na\rg",
117+
# "http://%30:4000",
121118
# AWS metadata service
122-
#"http://169.254.169.254/latest/meta-data/iam/security-credentials/",
119+
# "http://169.254.169.254/latest/meta-data/iam/security-credentials/",
123120
"http://0251.0376.0251.0376/latest/meta-data/iam/security-credentials/",
124121
"http://[fd00:0ec2:0000:0000:0000:0000:0000:0254]:7000/latest/meta-data/iam/security-credentials/",
125122
"http://0xa9.0xfe.0xa9.0xfe/latest/meta-data/iam/security-credentials/",
126-
#"http://0251.0376.0124776/latest/meta-data/iam/security-credentials/", -> continous loading
123+
# "http://0251.0376.0124776/latest/meta-data/iam/security-credentials/", -> continous loading
127124
"http://0xA9FEA9FE/latest/meta-data/iam/security-credentials/",
128125
"http://2852039166/latest/meta-data/iam/security-credentials/",
129126
"http://[::ffff:169.254.169.254]:8081/latest/meta-data/iam/security-credentials/",
130127
"http://[fd00:ec2::254]/latest/meta-data/iam/security-credentials/",
131-
132-
#"http://169.254.169.254 &@2.2.2.2# @3.3.3.3/latest/meta-data/iam/security-credentials/", -> continous loading
128+
# "http://169.254.169.254 &@2.2.2.2# @3.3.3.3/latest/meta-data/iam/security-credentials/", -> continous loading
133129
"http://1.1.1.1 &@169.254.169.254# @3.3.3.3/latest/meta-data/iam/security-credentials/",
134130
# "http://1.1.1.1 &@2.2.2.2# @169.254.169.254/latest/meta-data/iam/security-credentials/", -> continous loading
135131
],
@@ -224,5 +220,6 @@ def test_srrf_with_request_to_itself_urllib3(monkeypatch):
224220
with pytest.raises(urllib3.exceptions.MaxRetryError):
225221
http.request("GET", "https://localhost/test/4")
226222

223+
227224
def test_ssrf_2(monkeypatch):
228225
ssrf_check(monkeypatch, "http://127%2E0%2E0%2E1:4000")

aikido_zen/vulnerabilities/ssrf/find_hostname_in_userinput.py

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,15 @@ def find_hostname_in_userinput(user_input, hostname_options: List[str], port=Non
1818
if len(hostname_options) == 0:
1919
return False
2020

21-
variants = [
22-
user_input,
23-
f"http://{user_input}",
24-
f"https://{user_input}"
25-
]
21+
variants = [user_input, f"http://{user_input}", f"https://{user_input}"]
2622
unquoted_user_input = unquote(user_input)
2723
if unquoted_user_input != user_input:
2824
variants += [
2925
unquoted_user_input,
3026
f"http://{unquoted_user_input}",
31-
f"https://{unquoted_user_input}"
27+
f"https://{unquoted_user_input}",
3228
]
3329

34-
3530
for variant in variants:
3631
user_input_url = try_parse_url(variant)
3732
if user_input_url and user_input_url.hostname in hostname_options:

0 commit comments

Comments
 (0)