tanner icon indicating copy to clipboard operation
tanner copied to clipboard

Published 20 hours ago verified publisher icon mushorg

Twig template injection

Open mzfr opened this issue 5 years ago • 5 comments

Add twig template Fix for #381

mzfr avatar Aug 22 '20 07:08 mzfr

Pull Request Test Coverage Report for Build 1411

  • 19 of 26 (73.08%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.05%) to 77.197%
Changes Missing Coverage Covered Lines Changed/Added Lines %
tanner/emulators/twig_template_injection.py 19 26 73.08%
<!-- Total: 19 26
Totals Coverage Status
Change from base Build 1400: -0.05%
Covered Lines: 1581
Relevant Lines: 2048
💛 - Coveralls

coveralls avatar Aug 22 '20 08:08 coveralls

@mzfr And what is the pattern to catch this type of attack?

afeena avatar Aug 26 '20 18:08 afeena

@afeena This kind of injection can be detected by the same regex used for tornado template injection.

That is why I didn't added any new pattern.

mzfr avatar Aug 26 '20 18:08 mzfr

@mzfr Are you able to see the results now?

rjt-gupta avatar Aug 27 '20 03:08 rjt-gupta

@rjt-gupta no, still having the same problem i.e no error, no result.

mzfr avatar Aug 28 '20 05:08 mzfr