Documentation ¶
Overview ¶
Package cve202016846 implements a detector for CVE-2020-16846. To test this detector locally, run the following commands: To install a vulnerable version of Salt, run the following commands as root: python3 -m venv salt_env; source salt_env/bin/activate; pip install salt==3002; pip install jinja2==3.0.1
Once installed, run salt-master -d && salt-api -d
If the proposed method above doesn't work, using the steps in https://github.com/zomy22/CVE-2020-16846-Saltstack-Salt-API might be more stable. However, make sure to add the line "RUN pip install jinja2==3.0.1" before the ENTRYPOINT line in the Dockerfile.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckForCherrypy ¶
CheckForCherrypy checks for the presence of Cherrypy in the server headers.
Types ¶
type Detector ¶
type Detector struct{}
Detector is a SCALIBR Detector for CVE-2020-16846.
func (Detector) RequiredExtractors ¶
RequiredExtractors returns an empty list as there are no dependencies.
func (Detector) Requirements ¶
func (Detector) Requirements() *plugin.Capabilities
Requirements of the detector.