Asserts handle Connection reset by peer error

Hi everybody, I am having an issue with fluidasserts.proto.http.is_resource_accessible(URL1)
It seems this method handles common http responses (200, 300, 400, etc)

In a particular case, a URL that was accessible (http response 200) . the customer added a rule in the firewall that resets the connection.
this causes fluid asserts to give an UNKNOWN status. (it makes sense, because is unable to determine whether the resource is accessible or not) However
from the customer perspective this vulnerability is closed.
what methods can I use to rewrite asserts in such a way that “Connection reset by peer”
means CLOSED?

(here is the source code of fluidasserts.proto.http.is_resource_accessible)


You can test if the connection is alive by trying to send a payload, and querying its response. The following code could do the job:

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect(("X.Y.Z.W", 8090))

s.send(b'GET / HTTP/1.1\r\n')

s.send(b'Host: X.Y.Z.W\r\n\r\n')

# Here


Where I marked “Here” the place where you can put a try-catch block, because a closed connection will make the socket unable to fetch any data, and it will raise an exception. You can also wrap the whole connection functionality around the try-catch block, because the server can close the connection at any time, but experience dictates the connection is usually closed after the first valid HTTP request.

1 Like

using the code provided by @abstract-sodium I created this assert :grinning:

from fluidasserts.utils import generic

def checklogin():

    import socket
    conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    conn.connect(("", 8090))
    conn.send(b'GET / HTTP/1.1\r\n')
    except socket.error:
        return False

SESSION1 = checklogin()
MSG = 'FIN.H.xxxx. Title'
VALUES = {'description': MSG, 'comentarios': 'Testing.., 'sess1': SESSION1}

def multiplesess(values):
    return values['sess1']

generic.check_function(multiplesess, VALUES)
1 Like