cve202016846

package

v0.1.3 Latest Latest Go to latest Published: Sep 20, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv-scalibr

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cve202016846 implements a detector for CVE-2020-16846. To test this detector locally, run the following commands: To install a vulnerable version of Salt, run the following commands as root: python3 -m venv salt_env; source salt_env/bin/activate; pip install salt==3002; pip install jinja2==3.0.1

Once installed, run salt-master -d && salt-api -d

If the proposed method above doesn't work, using the steps in https://github.com/zomy22/CVE-2020-16846-Saltstack-Salt-API might be more stable. However, make sure to add the line "RUN pip install jinja2==3.0.1" before the ENTRYPOINT line in the Dockerfile.

Index ¶

func CheckForCherrypy(saltIP string, saltServerPort int) bool
func ExploitSalt(ctx context.Context, saltIP string, saltServerPort int) bool
type Detector

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckForCherrypy ¶

func CheckForCherrypy(saltIP string, saltServerPort int) bool

CheckForCherrypy checks for the presence of Cherrypy in the server headers.

func ExploitSalt ¶

func ExploitSalt(ctx context.Context, saltIP string, saltServerPort int) bool

ExploitSalt attempts to exploit the Salt server if vulnerable.

Types ¶

type Detector ¶

type Detector struct{}

Detector is a SCALIBR Detector for CVE-2020-16846.

func (Detector) Name ¶

func (Detector) Name() string

Name of the detector.

func (Detector) RequiredExtractors ¶

func (Detector) RequiredExtractors() []string

RequiredExtractors returns an empty list as there are no dependencies.

func (Detector) Requirements ¶

func (Detector) Requirements() *plugin.Capabilities

Requirements of the detector.

func (Detector) Scan ¶

func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, ix *inventoryindex.InventoryIndex) ([]*detector.Finding, error)

Scan checks for the presence of the Salt CVE-2020-16846 vulnerability on the filesystem.

func (Detector) Version ¶

func (Detector) Version() int

Version of the detector.

Source Files ¶

View all Source files

detector.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL