From 6add610a0b55360d90dd569eedae12658f6ca8e9 Mon Sep 17 00:00:00 2001 From: hsekowski-splunk <74253926+hsekowski-splunk@users.noreply.github.com> Date: Mon, 11 Sep 2023 10:53:37 +0200 Subject: [PATCH] chore: tests for CVE-2023-32712 added (#306) --- .github/workflows/build-test-release.yml | 3 +- .../bin/solnlib_demo_collector.py | 9 +++ tests/integration/test_logger.py | 63 +++++++++++++++++++ 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 tests/integration/test_logger.py diff --git a/.github/workflows/build-test-release.yml b/.github/workflows/build-test-release.yml index 9261ab31..b04dcc31 100644 --- a/.github/workflows/build-test-release.yml +++ b/.github/workflows/build-test-release.yml @@ -127,6 +127,7 @@ jobs: echo -e "[user_info]\nUSERNAME=Admin\nPASSWORD=Chang3d"'!' | sudo tee -a /opt/splunk/etc/system/local/user-seed.conf echo 'OPTIMISTIC_ABOUT_FILE_LOCKING=1' | sudo tee -a /opt/splunk/etc/splunk-launch.conf sudo /opt/splunk/bin/splunk start --accept-license + sudo /opt/splunk/bin/splunk cmd python -m pip install solnlib sudo /opt/splunk/bin/splunk set servername custom-servername -auth admin:Chang3d! sudo /opt/splunk/bin/splunk restart until curl -k -s -u admin:Chang3d! https://localhost:8089/services/server/info\?output_mode\=json | jq '.entry[0].content.kvStoreStatus' | grep -o "ready" ; do echo -n "Waiting for KVStore to become ready-" && sleep 5 ; done @@ -177,4 +178,4 @@ jobs: uses: splunk/pypi-publish-action@v1.0 with: pypi_username: ${{ secrets.PYPI_USERNAME }} - pypi_token: ${{ secrets.PYPI_TOKEN }} + pypi_token: ${{ secrets.PYPI_TOKEN }} \ No newline at end of file diff --git a/tests/integration/data/solnlib_demo/bin/solnlib_demo_collector.py b/tests/integration/data/solnlib_demo/bin/solnlib_demo_collector.py index c9f088b2..fbe00127 100644 --- a/tests/integration/data/solnlib_demo/bin/solnlib_demo_collector.py +++ b/tests/integration/data/solnlib_demo/bin/solnlib_demo_collector.py @@ -71,6 +71,15 @@ def extra_arguments(self): # Override do_run function def do_run(self, inputs): logger.info("Solnlib demo modular input start...") + # for CVE-2023-32712 integration test + msg = "ASCII Table in one string: " + for i in range(9): + msg += chr(i) + for i in range(11, 13): + msg += chr(i) + for i in range(14, 128): + msg += chr(i) + logger.info(msg) # Register orphan process handler self.register_orphan_handler(orphan_handler, self) # Register teardown signal handler diff --git a/tests/integration/test_logger.py b/tests/integration/test_logger.py new file mode 100644 index 00000000..4829dd00 --- /dev/null +++ b/tests/integration/test_logger.py @@ -0,0 +1,63 @@ +# +# Copyright 2021 Splunk Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os.path as op +import sys +import time + +sys.path.insert(0, op.dirname(op.dirname(op.abspath(__file__)))) +import context +from _search import search + + +def test_CVE_2023_32712(): + # CVE-2023-32712 + session_key = context.get_session_key() + + msg_prefix = "ASCII Table in one string: " + time.sleep(30) + search_results = search(session_key, f'search index=_internal "{msg_prefix}"') + assert len(search_results) >= 1 + _raw_event = search_results[0]["_raw"] + + # test for nonwhite characters and white characters as they should be represented in fixed Splunk instance + assert r"\x00" in _raw_event + assert r"\x01\x02\x03\x04\x05\x06\x07\x08" in _raw_event + # assert "\t\n" in _raw_event + assert r"\x0b\x0c" in _raw_event + # assert "\r" in _raw_event + assert ( + r"\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + in _raw_event + ) + assert ( + " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~" + in _raw_event + ) + assert r"\x7f" in _raw_event + + # test for white characters as they shouldn't be represented in fixed Splunk instance + def gen_ascii_chars_range(start: int = 0, stop: int = 128) -> str: + chars_str = "" + for i in range(start, stop): + chars_str += chr(i) + return chars_str + + ascii_chars_range_00_09 = gen_ascii_chars_range(start=0, stop=9) + ascii_chars_range_0b_0d = gen_ascii_chars_range(start=11, stop=13) + ascii_chars_range_0e_20 = gen_ascii_chars_range(start=14, stop=32) + assert ascii_chars_range_00_09 not in _raw_event + assert ascii_chars_range_0b_0d not in _raw_event + assert ascii_chars_range_0e_20 not in _raw_event