Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix humble scanner output if target not available #13

Closed
manuel-sommer opened this issue Nov 13, 2023 · 3 comments
Closed

Fix humble scanner output if target not available #13

manuel-sommer opened this issue Nov 13, 2023 · 3 comments
Assignees
Labels
bug Something isn't working

Comments

@manuel-sommer
Copy link

manuel-sommer commented Nov 13, 2023

I am using v 1.30 of Humble and tried out the JSON output.

In case the target is not reachable, the output of "Missing Security Headers" should be empty. Right now the output indicates that the target is available.

See at the following output example:

https://github.com/DefectDojo/django-DefectDojo/pull/8989/files#diff-ff6a401d1d37c4f253ab3df1e2c0963f254bb27a23d687542eaf105766f9608d

@manuel-sommer manuel-sommer changed the title Fix humble scanner json output if target not available Fix humble scanner output if target not available Nov 13, 2023
@rfc-st rfc-st self-assigned this Nov 14, 2023
@rfc-st rfc-st added the bug Something isn't working label Nov 14, 2023
@rfc-st
Copy link
Owner

rfc-st commented Nov 14, 2023

Hi there!,

The main problems seems to be that this function is not even reached:

def handle_http_exceptions(r, exception_d):

The controls I had implemented to detect HTTP 404 codes, URLs without schema, etc ... no longer work:

humble/humble.py

Line 1059 in cd35be6

exception_d = {

And I think it's all related to this commit: 57a9125

I have to check it calmly and fix it.

Thanks for reporting it!.

rfc-st added a commit that referenced this issue Nov 14, 2023
@rfc-st
Copy link
Owner

rfc-st commented Nov 14, 2023

Hi there!,

Have a look at: bf288d2

Now, in case the URL does not exist or its scheme is incorrect (ex: http///, https//) the concrete error message is indicated, without generating any file including incorrect information.

I think this is the correct approach ... if the URL is incorrect nothing should be exported to any file in any case.

Please take a look at it, to confirm that I can close this issue.

Thank you!

@manuel-sommer
Copy link
Author

Works fine again, thank you :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants