some formatting issues

google · Dec 13, 2024 · 3f65b03 · 3f65b03
1 parent fa00fec
commit 3f65b03
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 15 deletions.
diff --git a/...ain/java/com/google/tsunami/plugins/detectors/cves/cve202231137/Cve202231137Detector.java b/...ain/java/com/google/tsunami/plugins/detectors/cves/cve202231137/Cve202231137Detector.java
@@ -128,13 +128,6 @@ private boolean isServiceVulnerable(NetworkService networkService) {
             .build();
 
     Payload payload = payloadGenerator.generate(config);
-    // Check callback server is enabled
-    if (!payload.getPayloadAttributes().getUsesCallbackServer()) {
-      logger.atInfo().log(
-          "The Tsunami callback server is not setup for this environment, so we cannot confirm the"
-              + " RCE callback");
-      return false;
-    }
     String cmd = payload.getPayload();
 
     HttpResponse response = null;
@@ -157,14 +150,11 @@ private boolean isServiceVulnerable(NetworkService networkService) {
     if (response == null || response.bodyString().isEmpty()) {
       return false;
     }
-    // If there is an RCE, the execution isn't immediate
-    logger.atInfo().log("Waiting for RCE callback.");
-    Uninterruptibles.sleepUninterruptibly(Duration.ofSeconds(oobSleepDuration));
-    if (payload.checkIfExecuted(response.bodyString().get())) {
-      logger.atInfo().log("RCE payload executed!");
-      return true;
+    if (payload.getPayloadAttributes().getUsesCallbackServer()) {
+      logger.atInfo().log("Waiting for RCE callback.");
+      Uninterruptibles.sleepUninterruptibly(Duration.ofSeconds(oobSleepDuration));
     }
-    return false;
+    return payload.checkIfExecuted(response.bodyString().get());
   }
 
   @VisibleForTesting

diff --git a/...137DetectorWithoutCallbackServerTest.java → ...ve202231137/Cve202231137DetectorTest.java b/...137DetectorWithoutCallbackServerTest.java → ...ve202231137/Cve202231137DetectorTest.java
@@ -47,7 +47,7 @@
 
 /** Unit tests for {@link Cve202231137Detector}. */
 @RunWith(JUnit4.class)
-public final class Cve202231137DetectorWithoutCallbackServerTest {
+public final class Cve202231137DetectorTest {
   private final FakeUtcClock fakeUtcClock =
       FakeUtcClock.create().setNow(Instant.parse("2022-05-23T00:00:00.00Z"));
   private MockWebServer mockWebServer;