From 2a5aebeb879381eef7cc7192db64edef0b126beb Mon Sep 17 00:00:00 2001 From: Matteo Bitussi Date: Mon, 4 Mar 2024 15:44:09 +0100 Subject: [PATCH] fix: msg_type matching was wrong in specific cases When searching for a request message, and having a HttpReqRes object containing both a request and a response, the match would return true, even if the intercepted message is a response --- tool/src/main/java/migt/BurpExtender.java | 2 +- tool/src/main/java/migt/HTTPReqRes.java | 7 +++++-- tool/src/main/java/migt/Test.java | 2 +- tool/src/main/java/migt/TestSuite.java | 12 ++++++------ 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/tool/src/main/java/migt/BurpExtender.java b/tool/src/main/java/migt/BurpExtender.java index 79e0a85..19ac787 100644 --- a/tool/src/main/java/migt/BurpExtender.java +++ b/tool/src/main/java/migt/BurpExtender.java @@ -108,7 +108,7 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa } // Check that the given message matches the message type specified in the test - boolean matchMessage = message.matches_msg_type(msg_type); + boolean matchMessage = message.matches_msg_type(msg_type, messageIsRequest); if (matchMessage) { // If the operation's action is an intercept diff --git a/tool/src/main/java/migt/HTTPReqRes.java b/tool/src/main/java/migt/HTTPReqRes.java index dcf9445..5edebcd 100644 --- a/tool/src/main/java/migt/HTTPReqRes.java +++ b/tool/src/main/java/migt/HTTPReqRes.java @@ -829,10 +829,11 @@ public void updateHeadersWHurl() throws RuntimeException { /** * Function to check if the given message matches a message_type * - * @param msg_type the message type to check against it + * @param msg_type the message type to check against it + * @param is_request tells whether the message you are checking is a request or a response * @return true or false, if matched or not respectively */ - public boolean matches_msg_type(MessageType msg_type) { + public boolean matches_msg_type(MessageType msg_type, boolean is_request) { boolean matchedMessage = false; try { /* If the response message name is searched, the getByResponse will be true. @@ -855,6 +856,8 @@ public boolean matches_msg_type(MessageType msg_type) { new ArrayList<>() // TODO: fix ); } else { + // this check is done to avoid matching request messages when intercepting a response + if (is_request != msg_type.isRequest) return false; if (!msg_type.isRequest && !isResponse) return false; // this message is not containing a response matchedMessage = Tools.executeChecks( msg_type.checks, diff --git a/tool/src/main/java/migt/Test.java b/tool/src/main/java/migt/Test.java index df46316..bb39be7 100644 --- a/tool/src/main/java/migt/Test.java +++ b/tool/src/main/java/migt/Test.java @@ -449,7 +449,7 @@ public boolean execute(List messageList, currentOP.api.vars = vars; } - if (messageList.get(i).matches_msg_type(msg_type)) { + if (messageList.get(i).matches_msg_type(msg_type, currentOP.api.is_request)) { currentOP.setAPI(new Operation_API(messageList.get(i), msg_type.msg_to_process_is_request)); currentOP.execute(); res = currentOP.getResult(); diff --git a/tool/src/main/java/migt/TestSuite.java b/tool/src/main/java/migt/TestSuite.java index 17a4196..f290fae 100644 --- a/tool/src/main/java/migt/TestSuite.java +++ b/tool/src/main/java/migt/TestSuite.java @@ -80,15 +80,15 @@ public void log_test_suite(String log_folder_path) { e.printStackTrace(); } - String log_content_csv =""; + String log_content_csv = ""; log_content_csv += "name,description,type,result,applicable\n"; for (Test t : tests) { log_content_csv += - StringEscapeUtils.escapeJava(t.name.replaceAll(",","")) + "," + - StringEscapeUtils.escapeJava(t.description.replaceAll(",","")) + "," + - (t.isActive ? "active" : "passive") + "," + - t.success + "," + - t.applicable + "\n"; + StringEscapeUtils.escapeJava(t.name.replaceAll(",", "")) + "," + + StringEscapeUtils.escapeJava(t.description.replaceAll(",", "")) + "," + + (t.isActive ? "active" : "passive") + "," + + t.success + "," + + t.applicable + "\n"; } File log_suite_csv = new File(test_log_folder + "results.csv");