From b56aa64a94278a6b14c24d93133923fa5e05fc89 Mon Sep 17 00:00:00 2001 From: AdnaneKhan Date: Sat, 7 Dec 2024 13:05:48 -0500 Subject: [PATCH] wip --- gatox/attack/pwnrequest/steps/cache_poison.py | 35 +++++++++++++++---- gatox/attack/pwnrequest/steps/issue.py | 2 +- 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/gatox/attack/pwnrequest/steps/cache_poison.py b/gatox/attack/pwnrequest/steps/cache_poison.py index 457697c..1c98971 100644 --- a/gatox/attack/pwnrequest/steps/cache_poison.py +++ b/gatox/attack/pwnrequest/steps/cache_poison.py @@ -2,21 +2,44 @@ class CachePoison(AttackStep): - """ """ + """Attack template that automates GitHub Actions cache poisoning + after obtaining execution within a default branch workflow. + """ def __init__(self, payload_path: str): - """ """ + """ + """ self.poison_payload = payload_path + def setup(self, api): + """ + """ + # Check that the files exist + + # Prepare the poisoned payload + + return True + @AttackStep.require_params("cache_token", "cache_url") def preflight(self, cache_token=None, cache_url=None): """Validates preconditions for executing this step.""" + + # Check that the cache JWT is valid by trying to read a value from the cache. + + # Check that the cache entries we want to write are vacated. + pass def execute(self, api): """ """ - pass - def handoff(self): - """ """ - pass + # If we have a actions: write credential, purge the cache key we want to + # poison with it. + + # Confirm successful purge of the cache key. + + # Upload the payload to the cache. + + # Confirm that we get a 204. + + return True \ No newline at end of file diff --git a/gatox/attack/pwnrequest/steps/issue.py b/gatox/attack/pwnrequest/steps/issue.py index 0d76990..e24e6ae 100644 --- a/gatox/attack/pwnrequest/steps/issue.py +++ b/gatox/attack/pwnrequest/steps/issue.py @@ -6,6 +6,6 @@ class IssueStep(AttackStep): GitHub API. """ - def __init__(self): + def __init__(self, issue_body: str, issue_title: str): """ """ pass