decrement confidence in time-based when duration is lower than the ex…

…pected delay
pyneda · May 27, 2024 · 3b860e2 · 3b860e2
1 parent 2ad9e2c
commit 3b860e2
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/pkg/payloads/generation/detection_methods.go b/pkg/payloads/generation/detection_methods.go
@@ -1,9 +1,10 @@
 package generation
 
 import (
-	"github.com/rs/zerolog/log"
 	"strconv"
 	"time"
+
+	"github.com/rs/zerolog/log"
 )
 
 type DetectionMethod struct {
@@ -78,24 +79,25 @@ type TimeBasedDetectionMethod struct {
 	Confidence int    `yaml:"confidence,omitempty"`
 }
 
-func (t *TimeBasedDetectionMethod) CheckIfResultDurationIsHigher(resultDuration time.Duration) bool {
-	sleepInt, err := strconv.Atoi(t.Sleep)
+func (t *TimeBasedDetectionMethod) ParseSleepDuration(sleep string) time.Duration {
+	sleepInt, err := strconv.Atoi(sleep)
 	if err != nil {
-		log.Error().Err(err).Str("sleep", t.Sleep).Msg("Error converting sleep string to int")
-		return false
+		log.Error().Err(err).Str("sleep", sleep).Msg("Error converting sleep string to int")
+		return 0
 	}
-	// TODO: Improve this, the units should probably be defined in the templates
 	var sleepDuration time.Duration
-	// var unit string
 	if sleepInt >= 1000 {
 		sleepDuration = time.Duration(sleepInt) * time.Millisecond
-		// unit = "ms"
 	} else {
 		sleepDuration = time.Duration(sleepInt) * time.Second
-		// unit = "s"
 	}
+	return sleepDuration
+}
+
+func (t *TimeBasedDetectionMethod) CheckIfResultDurationIsHigher(resultDuration time.Duration) bool {
+	sleepDuration := t.ParseSleepDuration(t.Sleep)
 
-	if resultDuration >= sleepDuration {
+	if sleepDuration != 0 && resultDuration >= sleepDuration {
 		return true
 	}
 	return false

diff --git a/pkg/scan/scanner.go b/pkg/scan/scanner.go
@@ -429,7 +429,7 @@ func (f *TemplateScanner) EvaluateDetectionMethod(result TemplateScannerResult,
 			sb.WriteString(fmt.Sprintf("Response took %s, which is greater than the sleep time injected in the payload of %s\n\n", result.Duration, m.Sleep))
 			// var originalResults []bool
 			// var payloadResults []bool
-
+			expectedSleepDuratoin := m.ParseSleepDuration(m.Sleep)
 			sb.WriteString("Revalidation results:\n")
 			sb.WriteString("=============================\n")
 
@@ -462,7 +462,7 @@ func (f *TemplateScanner) EvaluateDetectionMethod(result TemplateScannerResult,
 					finalConfidence += confidenceIncrement
 				}
 
-				if originalResult.duration > withPayloadResult.duration {
+				if originalResult.duration > withPayloadResult.duration || withPayloadResult.duration < expectedSleepDuratoin {
 					finalConfidence -= confidenceDecrement
 				}
 				// originalResults = append(originalResults, originalIsHigher)