Skip to content

Commit

Permalink
Merge pull request #129 from OWASP/ssl-verification
Browse files Browse the repository at this point in the history
fix ssl verification bug
  • Loading branch information
dmdhrumilmistry authored Jul 30, 2024
2 parents 7dc6027 + 0b069bf commit 6f0522a
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 33 deletions.
47 changes: 17 additions & 30 deletions src/offat/http.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import aiohttp.resolver

aiohttp.resolver.DefaultResolver = aiohttp.resolver.AsyncResolver
if os_name == "nt":
if os_name == 'nt':
asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())


Expand Down Expand Up @@ -89,10 +89,13 @@ def __init__(
@retry(
stop=stop_after_attempt(3),
retry=retry_if_not_exception_type(
KeyboardInterrupt or asyncio.exceptions.CancelledError
(
KeyboardInterrupt,
asyncio.exceptions.CancelledError,
),
),
)
async def request(self, url: str, *args, method: str = "GET", **kwargs) -> dict:
async def request(self, url: str, *args, method: str = 'GET', **kwargs) -> dict:
"""Send HTTP requests asynchronously
Args:
Expand All @@ -105,26 +108,10 @@ async def request(self, url: str, *args, method: str = "GET", **kwargs) -> dict:
"""
async with self._limiter:
async with ClientSession(
headers=self._headers, timeout=self._timeout
headers=self._headers,
timeout=self._timeout,
) as session:
method = str(method).upper()
match method:
case "GET":
req_method = session.get
case "POST":
req_method = session.post
case "PUT":
req_method = session.put
case "PATCH":
req_method = session.patch
case "HEAD":
req_method = session.head
case "OPTIONS":
req_method = session.options
case "DELETE":
req_method = session.delete
case _:
req_method = session.get
req_method = getattr(session, method.lower(), session.get)

async with req_method(
url,
Expand All @@ -135,14 +122,14 @@ async def request(self, url: str, *args, method: str = "GET", **kwargs) -> dict:
**kwargs,
) as response:
resp_data = {
"status": response.status,
"req_url": str(response.request_info.real_url),
"query_url": str(response.url),
"req_method": response.request_info.method,
"req_headers": dict(**response.request_info.headers),
"res_redirection": str(response.history),
"res_headers": dict(response.headers),
"res_body": await response.text(),
'status': response.status,
'req_url': str(response.request_info.real_url),
'query_url': str(response.url),
'req_method': response.request_info.method,
'req_headers': dict(**response.request_info.headers),
'res_redirection': str(response.history),
'res_headers': dict(response.headers),
'res_body': await response.text(),
}

return resp_data
1 change: 1 addition & 0 deletions src/offat/tester/handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ def generate_and_run_tests(
rate_limit=rate_limit,
headers=req_headers,
proxies=proxies,
ssl_verify=ssl_verify,
)

results: list = []
Expand Down
6 changes: 4 additions & 2 deletions src/offat/tester/runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
from asyncio.exceptions import CancelledError
from enum import Enum
from sys import exc_info, exit
from traceback import format_exc
from rich.progress import Progress, TaskID

from ..http import AsyncRequests
Expand Down Expand Up @@ -30,7 +31,7 @@ def __init__(
rate_limit=rate_limit,
headers=headers,
proxies=proxies,
ssl_verify=ssl_verify
ssl_verify=ssl_verify,
)
self.progress = Progress(console=console)
self.progress_task_id: TaskID | None = None
Expand Down Expand Up @@ -147,8 +148,9 @@ async def send_request(self, test_task: dict):
test_result['error'] = True

logger.debug('Exception Debug Data:', exc_info=exc_info())
logger.debug(format_exc())
logger.debug(locals())
logger.error('Unable to send request due to error: %s', e)
logger.error(locals())

# generate curl command for reproducing result
test_result['curl_command'] = result_to_curl(test_result)
Expand Down
2 changes: 1 addition & 1 deletion src/pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "offat"
version = "0.19.2"
version = "0.19.3"
description = "Offensive API tester tool automates checks for common API vulnerabilities"
authors = ["Dhrumil Mistry <[email protected]>"]
license = "MIT"
Expand Down

0 comments on commit 6f0522a

Please sign in to comment.