Allow templated plugin to ignore HTTP client failures.

PiperOrigin-RevId: 840085951
Change-Id: I8a1c22ed16351c3cfd7d9aff7e5e96bca4b1e92a

Author: magl0

templated/templateddetector/proto/action_http.proto

@@ -110,6 +110,17 @@ message HttpAction {
     // By default, we follow redirects so this flag can be used to disable this
     // behavior.
     bool disable_follow_redirects = 1;
+
+    // Whether the HTTP client exceptions should be ignored.
+    //
+    // By default, any HTTP client failure will fail the plugin execution and
+    // checks are not performed. However, in some cases the tested server might
+    // just execute a payload and hang forever and the HTTP client will timeout.
+    //
+    // Ignoring HTTP client exceptions will allow the workflow to proceed with
+    // vulnerability verifications, like checking whether callback servers
+    // received an interaction.
+    bool ignore_http_client_errors = 2;
   }
 
   // The HTTP method to use (e.g. GET, POST, ...).

templated/templateddetector/src/main/java/com/google/tsunami/plugins/detectors/templateddetector/actions/HttpActionRunner.java

@@ -98,9 +98,16 @@ private boolean run(
     try {
       response = httpClient.send(requestBuilder.build());
     } catch (IOException e) {
-      logger.atSevere().withCause(e).log(
-          "Action '%s' failed with exception: %s", action.getName(), e.getMessage());
-      return false;
+      if (httpAction.getClientOptions().getIgnoreHttpClientErrors()) {
+        logger.atWarning().withCause(e).log(
+            "HTTP client failed. Error is ignored and Action '%s' is considered succeeded.",
+            action.getName());
+        return true;
+      } else {
+        logger.atSevere().withCause(e).log(
+            "Action '%s' failed with exception: %s", action.getName(), e.getMessage());
+        return false;
+      }
     }
 
     if (this.debug) {