def test_strategy_exception(self):
core = w3afCore()
target = core.target.get_options()
target['target'].set_value(self.TARGET_URL)
core.target.set_options(target)
core.plugins.set_plugins(['sqli'], 'audit')
core.plugins.init_plugins()
core.verify_environment()
core.scan_start_hook()
strategy = CoreStrategy(core)
strategy._fuzzable_request_router = Mock(side_effect=Exception)
strategy.terminate = Mock(wraps=strategy.terminate)
self.assertRaises(Exception, strategy.start)
# Now test that those threads are being terminated
self.assertEqual(strategy.terminate.called, True)
core.exploit_phase_prerequisites = lambda: 42
core.scan_end_hook()
self._assert_thread_names()
def test_alert_if_target_is_301_all_internal_redir(self):
"""
Tests that no info is created if the site redirects internally
"""
core = w3afCore()
httpretty.register_uri(
httpretty.GET,
re.compile("w3af.com/(.*)"),
body='301',
status=301,
adding_headers={'Location': 'http://w3af.com/xyz'})
target = core.target.get_options()
target['target'].set_value('http://w3af.com/')
core.target.set_options(target)
core.plugins.set_plugins(['sqli'], 'audit')
core.plugins.init_plugins()
core.verify_environment()
core.scan_start_hook()
strategy = CoreStrategy(core)
strategy.start()
infos = kb.get('core', 'core')
self.assertEqual(len(infos), 0, infos)
def test_strategy_run(self):
core = w3afCore()
target = core.target.get_options()
target['target'].set_value(self.TARGET_URL)
core.target.set_options(target)
core.plugins.set_plugins(['sqli'], 'audit')
core.plugins.init_plugins()
core.verify_environment()
core.scan_start_hook()
def verify_threads_running(functor):
thread_names = [t.name for t in threading.enumerate()]
self.assertIn('WorkerThread', thread_names)
self.called_teardown_audit = True
return functor
self.called_teardown_audit = False
strategy = CoreStrategy(core)
strategy._teardown_audit = verify_threads_running(
strategy._teardown_audit)
strategy.start()
# Now test that those threads are being terminated
self.assertTrue(self.called_teardown_audit)
vulns = kb.get('sqli', 'sqli')
self.assertEqual(len(vulns), 1, vulns)
# Tell the core that we've finished, this should kill the WorkerThreads
core.exploit_phase_prerequisites = lambda: 42
core.scan_end_hook()
self._assert_thread_names()
def test_strategy_verify_target_server_up(self):
core = w3afCore()
# TODO: Change 2312 by an always closed/non-http port
INVALID_TARGET = 'http://localhost:2312/'
target = core.target.get_options()
target['target'].set_value(INVALID_TARGET)
core.target.set_options(target)
core.plugins.set_plugins(['sqli'], 'audit')
core.plugins.init_plugins()
core.verify_environment()
core.scan_start_hook()
strategy = CoreStrategy(core)
try:
strategy.start()
except ScanMustStopException, wmse:
message = str(wmse)
self.assertIn('Please verify your target configuration', message)
