GreedyBear icon indicating copy to clipboard operation
GreedyBear copied to clipboard
verified publisher icon intelowlproject

Solved issue #607 - Allow to query for passwords in CowrieSession API

Open IshaanXCoder opened this issue 2 weeks ago • 5 comments

Solved #607

Description

This PR adds the ability to query CowrieSession API by password, in addition to the existing IP address and SHA-256 hash query methods.

Changes Made

  1. Added password query support to /api/cowrie_session endpoint:

    • Users can now query sessions by providing a password string
    • The query searches for credentials matching the pattern " | {password}" in the credentials array field
    • Returns 404 if no sessions are found with the specified password

  2. Added GIN index on CowrieSession.credentials field:

    • Migration 0023_add_gin_index_credentials.py creates a GIN index for efficient array searches
    • Thi improves query performance when searching through the credentials array

  3. Added input validation:

    • Rejects 64 character strings that aren't valid SHA-256 hashes
    • Rejects strings with dots that aren't valid IP addresses

  4. Tested the functions i added:

    • test_password_query: Valid password query returns correct results
    • test_password_query_not_found: Non-existent password returns 404
    • test_password_query_with_session_data: Password query with session data included

Type of change

  • [x] New feature (non-breaking change which adds functionality).

Checklist

  • [x] I have read and understood the rules about how to Contribute to this project.
  • [x] The pull request is for the branch develop. (Please verify this is correct)
  • [x] I have added documentation of the new features. (Updated docstring in cowrie_session_view)
  • [x] Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
  • [x] I have added tests for the feature/bug I solved. All the tests (new and old ones) gave 0 errors.
  • [x] If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md). (Updated view docstring)
  • [ ] If the GUI has been modified:
    • [ ] I have a provided a screenshot of the result in the PR.
    • [ ] I have created new frontend tests for the new component or updated existing ones.

IshaanXCoder avatar Dec 14 '25 08:12 IshaanXCoder

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard. Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
20141940 Triggered Username Password 127d67a0ab16cf062e5f0f74144ae506603878df tests/authentication/test_auth.py View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

gitguardian[bot] avatar Dec 14 '25 08:12 gitguardian[bot]

Hey @IshaanXCoder ! Thank you for your contribution. :) I looked at your code and made a few comments. I really don't think we should use raw SQL in this project. You have to change it in order to get this PR merged. Also, it seems like your PR contains the full history of the main branch, which is very strange. Please also try to fix that.

regulartim avatar Dec 15 '25 13:12 regulartim

Are you still working on this PR, @IshaanXCoder ?

regulartim avatar Dec 16 '25 13:12 regulartim

Yes I'm interested to continue my work on this, right now i'm working on anotehr issue, will be back on this right after completing the current one. sorry for the delay.

IshaanXCoder avatar Dec 16 '25 16:12 IshaanXCoder

No problem, take your time. Just wanted to make sure you're still interested.

regulartim avatar Dec 16 '25 16:12 regulartim

Heyy @regulartim i've made the required changes, to solve the issue of this "full history of the main branch", i'm closing this PR and creating a new PR if that's okay?

IshaanXCoder avatar Dec 21 '25 20:12 IshaanXCoder

yep, feel free to close and reopen a clean PR

mlodic avatar Dec 22 '25 05:12 mlodic

Closing this PR, the clean version is https://github.com/intelowlproject/GreedyBear/pull/641

IshaanXCoder avatar Dec 22 '25 08:12 IshaanXCoder