Spaces:
Sleeping
Sleeping
fix: sync exploit chain + ReDoS fixes
Browse files- inference.py +2 -1
- statestrike_env/environment.py +1 -1
inference.py
CHANGED
|
@@ -169,7 +169,8 @@ def _normalize_action_data(data: dict, task_name: str, created_user_id: int | No
|
|
| 169 |
data["payload_strategy"] = STRATEGY_ALIASES.get(strategy, strategy)
|
| 170 |
|
| 171 |
if task_name == "exploit_chain" and created_user_id:
|
| 172 |
-
|
|
|
|
| 173 |
data["target_user_id"] = created_user_id
|
| 174 |
|
| 175 |
return data
|
|
|
|
| 169 |
data["payload_strategy"] = STRATEGY_ALIASES.get(strategy, strategy)
|
| 170 |
|
| 171 |
if task_name == "exploit_chain" and created_user_id:
|
| 172 |
+
ep = str(data.get("endpoint", ""))
|
| 173 |
+
if "orders" in ep.lower():
|
| 174 |
data["target_user_id"] = created_user_id
|
| 175 |
|
| 176 |
return data
|
statestrike_env/environment.py
CHANGED
|
@@ -145,7 +145,7 @@ class StateStrikeEnv:
|
|
| 145 |
not session.redos_bounty_awarded
|
| 146 |
and endpoint_str == EndpointChoice.POST_USERS.value
|
| 147 |
and strategy_value == PayloadStrategy.REDOS_ATTACK.value
|
| 148 |
-
and
|
| 149 |
):
|
| 150 |
session.redos_bounty_awarded = True
|
| 151 |
session.triggered_vulns.add("redos")
|
|
|
|
| 145 |
not session.redos_bounty_awarded
|
| 146 |
and endpoint_str == EndpointChoice.POST_USERS.value
|
| 147 |
and strategy_value == PayloadStrategy.REDOS_ATTACK.value
|
| 148 |
+
and status in (400, 422)
|
| 149 |
):
|
| 150 |
session.redos_bounty_awarded = True
|
| 151 |
session.triggered_vulns.add("redos")
|