shell bypass 403
"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Copyright © 2019 Cloud Linux Software Inc.
This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
import logging
from collections import defaultdict
from urllib.parse import urljoin
from urllib.request import Request
from defence360agent.api.server import API, APIError
from defence360agent.internals.iaid import (
IndependentAgentIDAPI,
IAIDTokenError,
)
logger = logging.getLogger(__name__)
class VulnerabilityAPI(API):
URL = urljoin(API._BASE_URL, "/api/patch/vulnerabilities")
_STUB_VULNERABILITY_INFO = {"cveId": "", "app": "", "type": "", "name": ""}
@classmethod
async def get_details(cls, ids: list) -> dict:
"""
Get vulnerabilities details for specific *ids*.
More details in DEF-32152
"""
info = defaultdict(cls._STUB_VULNERABILITY_INFO.copy)
if not ids:
return info
try:
token = await IndependentAgentIDAPI.get_token()
except IAIDTokenError as exc:
logger.error(
"Can't get iaid token: %s. "
"Return default vulnerabilities details.",
exc,
)
return info
url = cls.URL + f"?ids={','.join(ids)}"
request = Request(
url,
headers={"X-Auth": token, "Content-Type": "application/json"},
)
try:
result = await cls.async_request(request)
except APIError as exc:
logger.error(
"Failed to get vulnerabilities details: %s. "
"Return default vulnerabilities details.",
exc,
)
return info
info.update(result["vulnerabilities"])
return info