diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java index a35293275..481933c29 100644 --- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java +++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java @@ -13,6 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector; import static java.nio.charset.StandardCharsets.UTF_8; @@ -44,10 +45,10 @@ import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ncrack.NcrackCredentialTester; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.postgres.PostgresCredentialTester; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rabbitmq.RabbitMQCredentialTester; -import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.wordpress.WordpressCredentialTester; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.rstudio.RStudioCredentialTester; -import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatHttpCredentialTester; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatAjpCredentialTester; +import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.tomcat.TomcatHttpCredentialTester; +import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.wordpress.WordpressCredentialTester; import java.io.FileNotFoundException; import java.io.IOException; import java.nio.file.Files; diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/provider/Top100Passwords.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/provider/Top100Passwords.java index a16dd13a9..bed43a6c5 100644 --- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/provider/Top100Passwords.java +++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/provider/Top100Passwords.java @@ -13,6 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider; import static com.google.common.collect.ImmutableList.toImmutableList; diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatAjpCredentialTester.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatAjpCredentialTester.java index 2297c6780..126f0b047 100644 --- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatAjpCredentialTester.java +++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatAjpCredentialTester.java @@ -24,12 +24,12 @@ import com.google.common.flogger.GoogleLogger; import com.google.tsunami.common.data.NetworkEndpointUtils; import com.google.tsunami.common.data.NetworkServiceUtils; -import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpReader; +import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential; +import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpMessage; +import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.AjpReader; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.ForwardRequestMessage; import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.testers.ajp13.Pair; -import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.provider.TestCredential; -import com.google.tsunami.plugins.detectors.credentials.genericweakcredentialdetector.tester.CredentialTester; import com.google.tsunami.proto.NetworkService; import java.io.DataInputStream; import java.io.DataOutputStream; @@ -79,9 +79,7 @@ public ImmutableList testValidCredentials( return credentials.stream() .filter(cred -> isTomcatAccessible(networkService, cred)) - .findFirst() - .map(ImmutableList::of) - .orElseGet(ImmutableList::of); + .collect(toImmutableList()); } private boolean isTomcatAccessible(NetworkService networkService, TestCredential credential) { @@ -144,9 +142,10 @@ private byte[] sendAndReceive(String host, int port, byte[] data) throws IOExcep } } - // This method checks if the response headers contain elements indicative of a Tomcat manager page. - // Specifically, it examines the cookies set rather than body elements to improve the efficiency and speed of the plugin. - // By focusing on headers, the plugin can quickly identify successful logins without parsing potentially large and variable body content. + // This method checks if the response headers contain elements indicative of a Tomcat manager + // page. Specifically, it examines the cookies set rather than body elements to improve the + // efficiency and speed of the plugin. By focusing on headers, the plugin can quickly identify + // successful logins without parsing potentially large and variable body content. private static boolean headersContainsSuccessfulLoginElements(AjpMessage responseMessage) { String responseHeaders = responseMessage.getDescription().toLowerCase(); diff --git a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatHttpCredentialTester.java b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatHttpCredentialTester.java index 91d2cb173..071bd053b 100644 --- a/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatHttpCredentialTester.java +++ b/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/testers/tomcat/TomcatHttpCredentialTester.java @@ -93,9 +93,9 @@ public boolean canAccept(NetworkService networkService) { logger.atInfo().log("probing Tomcat manager - custom fingerprint phase"); HttpResponse response = httpClient.send(get(url).withEmptyHeaders().build()); - - canAcceptByCustomFingerprint = response.status().code() == 302 - && response.headers().get("Location").get().equals("/manager/html"); + + canAcceptByCustomFingerprint = response.status().code() == 302 + && response.headers().get("Location").get().equals("/manager/html"); } catch (IOException e) { logger.atWarning().withCause(e).log("Unable to query '%s'.", url); @@ -112,9 +112,7 @@ public ImmutableList testValidCredentials( return credentials.stream() .filter(cred -> isTomcatAccessible(networkService, cred)) - .findFirst() - .map(ImmutableList::of) - .orElseGet(ImmutableList::of); + .collect(toImmutableList()); } private boolean isTomcatAccessible(NetworkService networkService, TestCredential credential) { @@ -157,9 +155,9 @@ private HttpResponse sendRequestWithCredentials(String url, TestCredential crede } // This method checks if the response body contains elements indicative of a Tomcat manager page. - // Specifically, it examines the page title rather than body elements because the content of the body can vary - // depending on the language settings of the server. The title is less likely to change and provides a reliable - // indicator of a successful login page. + // Specifically, it examines the page title rather than body elements because the content of the + // body can vary depending on the language settings of the server. The title is less likely to + // change and provides a reliable indicator of a successful login page. private static boolean bodyContainsSuccessfulLoginElements(String responseBody) { Document doc = Jsoup.parse(responseBody); String title = doc.title();