Triton Inference Server Rce Detector #451
Conversation
There was a problem hiding this comment.
Hi @secureness,
Thank you for your contribution! I did a review of your plugin, and i've found that is not properly working. Below you can find a list of things to address, some of them are minor stylistic issues but there are some important things to change (for example the issue at line 168).
Feel free to reach out.
~ Leonardo (Doyensec)
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.rce; |
There was a problem hiding this comment.
Please add a space from the line above
...main/java/com/google/tsunami/plugins/detectors/rce/TritonInferenceServerRceVulnDetector.java
Outdated
Show resolved
Hide resolved
| import com.google.common.collect.ImmutableList; | ||
| import com.google.common.flogger.GoogleLogger; | ||
| import com.google.common.util.concurrent.Uninterruptibles; | ||
| import com.google.gson.*; |
There was a problem hiding this comment.
Avoid using wildcard imports. Import only needed packages
| import com.google.tsunami.plugin.annotations.PluginInfo; | ||
| import com.google.tsunami.plugin.payload.Payload; | ||
| import com.google.tsunami.plugin.payload.PayloadGenerator; | ||
| import com.google.tsunami.proto.*; |
There was a problem hiding this comment.
Avoid using wildcard imports. Import only needed packages
| if (modelNames.bodyString().isEmpty()) { | ||
| return false; | ||
| } | ||
| JsonArray modelNamesJO = |
There was a problem hiding this comment.
Methods and non-static variables should be named in lowerCamelCase, with acronyms treated as words. Please consider changing variable name to modelNamesJo
| } | ||
| JsonArray modelNamesJO = | ||
| JsonParser.parseString(modelNames.bodyString().get()).getAsJsonArray(); | ||
| if (modelNamesJO.isEmpty()) { |
There was a problem hiding this comment.
This statement creates some problem during the run. Running on my side it will result in a crash during the Tsunami scan. Please fix this by replacing with modelNamesJO.isJsonNull()
| .setRequestBody( | ||
| ByteString.copyFromUtf8( | ||
| String.format( | ||
| "{\"parameters\":{\"config\" : \"{}\", \"file:config.pbtxt\" :\"%s\" }}", |
There was a problem hiding this comment.
Please consider declaring this as a constant
| .setRequestBody( | ||
| ByteString.copyFromUtf8( | ||
| String.format( | ||
| "{\"parameters\":{\"config\" : \"{}\", \"file:1/model.py\" : \"%s\" }}", |
There was a problem hiding this comment.
Please consider declaring this as a constant
| if (!payloadGenerator.isCallbackServerEnabled()) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
The isCallbackServerEnabled() method return false when all config fields are empty so that improper config (e.g., missing certain fields) can be exposed.
In case where the correct config file is used, but if the callback server is not run, the plugin will crash.
Consider changing the business logic in order to catch this case
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| package com.google.tsunami.plugins.detectors.rce; |
There was a problem hiding this comment.
Please add a space from the line above
There was a problem hiding this comment.
Hi, I didn't understand about this part of the review, unfortunately.
There was a problem hiding this comment.
This should be changed in order to be compliant with Google's Java Format. You can find more information here https://google.github.io/styleguide/javaguide.html#s3-source-file-structure
|
I've also noticed that the issue that this PR is referring to is incorrect. I think this plugin is linked to #433 |
Yes you are right, sorry about this :)) |
|
Hi @secureness, ~ Leonardo (Doyensec) |
|
@secureness could you check if the proposed change works? I would like to merge in this PR asap to unblock you from picking up the hive weak cred plugin. |
|
@maoning @leonardo-doyensec I'm sorry if it took too long to fix the review suggestion. |
|
Hi @secureness , ~ Leonardo (Doyensec) |
|
@leonardo-doyensec thanks for the help. I just wanted to let you know that it is done now. |
There was a problem hiding this comment.
Hi @secureness ,
thank you for your changes. I've added some comment on the code. I'm also noticing that when the plugin is running, and the callback server receives the request (so that the vulnerability is confirmed) the amount of vulnerability detected is not updated. This means that in Tsunami's final log the vulnerability count is zero.
Can you please fix also that?
~ Leonardo (Doyensec)
| package com.google.tsunami.plugins.detectors.rce; | ||
|
|
||
| import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat; | ||
| import static com.google.tsunami.common.data.NetworkEndpointUtils.*; |
There was a problem hiding this comment.
Please, import only needed packages and remove star imports.
| public void detect_whenVulnerable_returnsVulnerability() throws IOException { | ||
| mockWebServer.enqueue( | ||
| new MockResponse().setResponseCode(200).setBody("[{\"name\":\"metasploit\"}]")); | ||
| mockWebServer.enqueue(new MockResponse().setResponseCode(200)); | ||
| mockWebServer.enqueue(new MockResponse().setResponseCode(200)); | ||
| mockWebServer.enqueue(new MockResponse().setResponseCode(200)); | ||
| mockWebServer.enqueue(new MockResponse().setResponseCode(200)); | ||
| mockCallbackServer.enqueue(PayloadTestHelper.generateMockSuccessfulCallbackResponse()); |
There was a problem hiding this comment.
Ideally would be better to implement more reliable tests. Keep in mind that tests should mimic the vulnerable service as close as possible.
|
@leonardo-doyensec I made some changes according to the official Google(the |
|
LGTM - Approved Reviewer: Leonardo, Doyensec Plugin: Triton Inference Server Model Overwrite lead to RCE |
vsutedjo
added
the
Contributor main
-- 959e027 by secureness <nosecureness@gmail.com>: v1 -- a0fece5 by secureness <nosecureness@gmail.com>: chore -- 86fc686 by secureness <nosecureness@gmail.com>: first review round -- 1a91386 by secureness <nosecureness@gmail.com>: better callback control flow, I found out it from cve202348022 detector -- b810477 by secureness <nosecureness@gmail.com>: remove modelNamesJo.isEmpty() -- cddb281 by secureness <nosecureness@gmail.com>: test upgrade -- 0483886 by secureness <nosecureness@gmail.com>: remove unused imports -- a4e0990 by secureness <nosecureness@gmail.com>: general improvement -- e897bdf by secureness <nosecureness@gmail.com>: fix the callback server message:) -- 610d7a5 by Viviana Sutedjo <37225049+vsutedjo@users.noreply.github.com>: Update TritonInferenceServerRceDetectorBootstrapModule.java -- c2c28b9 by Viviana Sutedjo <37225049+vsutedjo@users.noreply.github.com>: Update TritonInferenceServerRceVulnDetector.java -- 3666842 by Viviana Sutedjo <37225049+vsutedjo@users.noreply.github.com>: Update TritonInferenceServerRceVulnDetectorTest.java -- d061471 by Viviana Sutedjo <37225049+vsutedjo@users.noreply.github.com>: Update TritonInferenceServerRceVulnDetector.java COPYBARA_INTEGRATE_REVIEW=#451 from secureness:triton-all-version d061471 PiperOrigin-RevId: 634763499 Change-Id: I949987a9081ddb196d4bd867c138c6d91a51a3ef
|
Hi @secureness, Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made. Thanks! |
|
@tooryx After 27 days I didn't get any response yet. Is there anything wrong with this submission? |
|
Hi @secureness, I will check with the team and get back to you this week. Cheers, |
|
You will receive an update on the tracking bug soon. Sorry for the delay! |
#433