Add helper for code execution (#324)

* phpox helper used * rfi emulator
mushorg · Jun 4, 2019 · 573cdaa · 573cdaa
1 parent 4f39e4e
commit 573cdaa
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 27 deletions.
diff --git a/tanner/emulators/php_code_injection.py b/tanner/emulators/php_code_injection.py
@@ -1,30 +1,21 @@
-import aiohttp
 import asyncio
 import logging
 
-from tanner import config
+from tanner.utils.php_sandbox_helper import PHPSandboxHelper
 from tanner.utils import patterns
 
 
 class PHPCodeInjection:
     def __init__(self, loop=None):
         self._loop = loop if loop is not None else asyncio.get_event_loop()
         self.logger = logging.getLogger('tanner.php_code_injection')
+        self.helper = PHPSandboxHelper(self._loop)
 
     async def get_injection_result(self, code):
-        code_injection_result = None
-        code = '<?php eval(\'$a = {code}\'); ?>'.format(code=code)
-        phpox_address = 'http://{host}:{port}'.format(host=config.TannerConfig.get('PHPOX', 'host'),
-                                                      port=config.TannerConfig.get('PHPOX', 'port')
-                                                      )
-        try:
-            async with aiohttp.ClientSession(loop=self._loop) as session:
-                async with session.post(phpox_address, data=code) as resp:
-                    code_injection_result = await resp.json()
-        except aiohttp.ClientError as client_error:
-            self.logger.error('Error during connection to php sandbox %s', client_error)
-        else:
-            await session.close()
+        vul_code = '<?php eval(\'$a = {code}\'); ?>'.format(code=code)
+
+        code_injection_result = await self.helper.get_result(vul_code)
+
         return code_injection_result
 
     def scan(self, value):

diff --git a/tanner/emulators/rfi.py b/tanner/emulators/rfi.py
@@ -11,6 +11,7 @@
 import yarl
 
 from tanner import config
+from tanner.utils.php_sandbox_helper import PHPSandboxHelper
 from tanner.utils import patterns
 
 
@@ -19,6 +20,7 @@ def __init__(self, root_dir, loop=None):
         self._loop = loop if loop is not None else asyncio.get_event_loop()
         self.script_dir = os.path.join(root_dir, 'files')
         self.logger = logging.getLogger('tanner.rfi_emulator.RfiEmulator')
+        self.helper = PHPSandboxHelper(self._loop)
 
     async def download_file(self, path):
         file_name = None
@@ -77,18 +79,9 @@ async def get_rfi_result(self, path):
             return rfi_result
         with open(os.path.join(self.script_dir, file_name), 'br') as script:
             script_data = script.read()
-        phpox_address = 'http://{host}:{port}'.format(host=config.TannerConfig.get('PHPOX', 'host'),
-                                                      port=config.TannerConfig.get('PHPOX', 'port')
-                                                      )
-        try:
-            async with aiohttp.ClientSession(loop=self._loop) as session:
-                async with session.post(phpox_address, data=script_data) as resp:
-                    rfi_result = await resp.json(content_type=None)
-        except aiohttp.ClientError as client_error:
-            self.logger.exception('Error during connection to php sandbox %s', client_error)
-        else:
-            await resp.release()
-            await session.close()
+
+        rfi_result = await self.helper.get_result(script_data)
+
         return rfi_result
 
     def scan(self, value):