def setUp(self):
super(TestHTMLRendering, self).setUp()
self.plugin = self.w3afcore.plugins.get_plugin_inst(
'output', 'html_file')
HistoryItem().init()
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
url = URL('http://w3af.com/foo.py')
request = HTTPRequest(url, data='text=xss')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>empty</html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(4)
h1.response = res
h1.save()
def test_find(self):
find_id = random.randint(1, 499)
url = URL('http://w3af.org/a/b/foobar.php?foo=123')
tag_value = rand_alnum(10)
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
code = 200
if i == find_id:
code = 302
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(code, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == find_id:
h1.toggle_mark()
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
self.assertEqual(
len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
self.assertEqual(
len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
results = h2.find(
[('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
self.assertEqual(results[0].id, 499)
search_data = []
search_data.append(('id', find_id + 1, "<"))
search_data.append(('id', find_id - 1, ">"))
self.assertEqual(len(h2.find(search_data)), 1)
def test_save_load(self):
i = random.randint(1, 499)
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(i)
self.assertEqual(h1.request, h2.request)
self.assertEqual(h1.response.body, h2.response.body)
def test_render_with_special_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' characters such as <, & and > which MUST be encoded'
' by jinja2.')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('such as <, & and > which MUST', xml)
self.assertIn('such as <, & and > which MUST', xml)
self.assertValidXML(xml)
def test_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
table_name = h1.get_table_name()
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
clear_result = h1.clear()
self.assertTrue(clear_result)
self.assertFalse(os.path.exists(h1._session_dir),
'%s exists.' % h1._session_dir)
# Changed the meaning of clear a little bit... now it simply removes
# all rows from the table, not the table itself
self.assertTrue(db.table_exists(table_name))
def edit_tag(self, cell, path, new_text, model):
"""Edit tag."""
model[path][4] = new_text
historyItem = HistoryItem()
historyItem.load(model[path][0])
historyItem.update_tag(new_text, True)
return
def toggle_bookmark(self, cell, path, model):
"""Toggle bookmark."""
model[path][1] = not model[path][1]
historyItem = HistoryItem()
historyItem.load(model[path][0])
historyItem.toggle_mark(True)
return
def _get_request_response_from_work_unit(self, work_unit):
"""
In some cases the work unit is a tuple with request / response instances.
In other cases it is an ID, which needs to be queried from the History DB
to get the request / response.
:param work_unit: One of the options explained above
:return: A request / response tuple
"""
if not isinstance(work_unit, int):
request, response = work_unit
else:
# Before we sent requests and responses as work units,
# but since we changed from Queue to CachedQueue for BaseConsumer
# the database was growing really big (1GB) for storing that traffic
# and I decided to migrate to using just the response.id and querying
# the SQLite one extra time.
history = HistoryItem()
request, response = history.load_from_file(work_unit)
# Create a fuzzable request based on the urllib2 request object
headers_inst = Headers(request.header_items())
request = FuzzableRequest.from_parts(request.url_object,
request.get_method(),
request.get_data() or '',
headers_inst)
return request, response
def test_render_with_unicode_control_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' unicode control characters such as \f and \x09')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('unicode control characters such as \f and \x09', xml)
self.assertIn(
'unicode control characters such as <character code="000c"/> and <character code="0009"/>',
xml)
self.assertValidXML(xml)
def get_traffic_details(scan_id, traffic_id):
"""
The HTTP request and response associated with a vulnerability, usually the
user will first get /scans/1/kb/3 and from there (if needed) browse to
this resource where the HTTP traffic is available
:param scan_id: The scan ID
:param traffic_id: The ID of the request/response
:return: HTTP request and response in base64 format
"""
scan_info = get_scan_info_from_id(scan_id)
if scan_info is None:
abort(404, 'Scan not found')
history_db = HistoryItem()
try:
details = history_db.read(traffic_id)
except DBException:
msg = 'Failed to retrieve request with id %s from DB.'
abort(404, msg)
return
data = {
'request': b64encode(details.request.dump()),
'response': b64encode(details.response.dump())
}
return jsonify(data)
def test_render_attr_with_special_chars(self):
_id = 2
name = 'A long description with special characters: <&">'
vuln = MockVuln(_id=_id)
vuln.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn(name, xml)
self.assertIn(
'A long description with special characters: <&">',
xml)
self.assertValidXML(xml)
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timestamp = str(int(time.time()))
self._long_timestamp = str(time.strftime(TIME_FORMAT,
time.localtime()))
# List with additional xml elements
self._errorXML = []
# xml root
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement('w3af-run')
self._topElement.setAttribute('start', self._timestamp)
self._topElement.setAttribute('start-long', self._long_timestamp)
self._topElement.setAttribute('version', self.XML_OUTPUT_VERSION)
# Add in the version details
version_element = self._xmldoc.createElement('w3af-version')
version = xml_str(get_w3af_version.get_w3af_version())
version_data = self._xmldoc.createTextNode(version)
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scaninfo = self._xmldoc.createElement('scan-info')
# HistoryItem to get requests/responses
self._history = HistoryItem()
def __init__(self,
w3af,
request_id,
enableWidget=None,
withManual=True,
withFuzzy=True,
withCompare=True,
withAudit=True,
editableRequest=False,
editableResponse=False,
widgname="default"):
# Create the window
RememberingWindow.__init__(self, w3af, "reqResWin",
_("w3af - HTTP Request/Response"),
"Browsing_the_Knowledge_Base")
# Create the request response viewer
rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy,
withCompare, withAudit, editableRequest,
editableResponse, widgname)
# Search the id in the DB
historyItem = HistoryItem()
historyItem.load(request_id)
# Set
rrViewer.request.show_object(historyItem.request)
rrViewer.response.show_object(historyItem.response)
rrViewer.show()
self.vbox.pack_start(rrViewer)
# Show the window
self.show()
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timeFormat = '%a %b %d %H:%M:%S %Y'
self._longTimestampString = str(
time.strftime(self._timeFormat, time.localtime()))
self._timestampString = str(int(time.time()))
# List with additional xml elements
self._errorXML = []
# xml
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement("w3afrun")
self._topElement.setAttribute("start", self._timestampString)
self._topElement.setAttribute("startstr", self._longTimestampString)
self._topElement.setAttribute("xmloutputversion", "2.0")
# Add in the version details
version_element = self._xmldoc.createElement("w3af-version")
version_data = self._xmldoc.createTextNode(
str(get_w3af_version.get_w3af_version()))
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scanInfo = self._xmldoc.createElement("scaninfo")
# HistoryItem to get requests/responses
self._history = HistoryItem()
def setUp(self):
kb.kb.cleanup()
create_temp_dir()
CachedXMLNode.create_cache_path()
FindingsCache.create_cache_path()
HistoryItem().init()
self.w3af_core = w3afCore()
self.w3af_core.status.start()
def __init__(self, w3af, kbbrowser, ifilter):
super(FullKBTree, self).__init__(w3af,
ifilter,
'Knowledge Base',
strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._showDesc)
self.show()
def test_save_load_unicode_decode_error(self):
url = URL('http://w3af.com/a/b/é.php?x=á')
request = HTTPRequest(url, data='a=1')
headers = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', headers, url, url)
res.set_id(1)
h1 = HistoryItem()
h1.request = request
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(1)
self.assertEqual(h1.request.to_dict(), h2.request.to_dict())
self.assertEqual(h1.response.body, h2.response.body)
self.assertEqual(h1.request.url_object, h2.request.url_object)
def __init__(self, w3af):
super(KBBrowser, self).__init__(w3af, "pane-kbbrowser", 250)
# Internal variables:
# Save the request and response ids to be used in the page control
self.req_res_ids = []
# This is to search the DB and print the different request and responses
# as they are requested from the page control, "page_change" method.
self._historyItem = HistoryItem()
# the filter to the tree
filterbox = gtk.HBox()
self.filters = {}
def make_but(label, signal, initial):
but = gtk.CheckButton(label)
but.set_active(initial)
but.connect('clicked', self.type_filter, signal)
self.filters[signal] = initial
but.show()
filterbox.pack_start(but, expand=False, fill=False, padding=2)
make_but('Vulnerability', 'vuln', True)
make_but('Information', 'info', True)
filterbox.show()
# the kb tree
self.kbtree = FullKBTree(w3af, self, self.filters)
# all in the first pane
kbtree_scrollwin = gtk.ScrolledWindow()
kbtree_scrollwin.set_policy(gtk.POLICY_AUTOMATIC, gtk.POLICY_AUTOMATIC)
kbtree_scrollwin.add(self.kbtree)
kbtree_scrollwin.show()
# the filter and tree box
treebox = gtk.VBox()
treebox.pack_start(filterbox, expand=False, fill=False)
treebox.pack_start(kbtree_scrollwin)
treebox.show()
# the vulnerability information
summary = self.get_notebook_summary(w3af)
description = self.get_notebook_description()
self.vuln_notebook = gtk.Notebook()
self.vuln_notebook.append_page(summary, gtk.Label('Summary'))
self.vuln_notebook.append_page(description, gtk.Label('Description'))
self.vuln_notebook.set_current_page(0)
self.vuln_notebook.show()
# pack & show
self.pack1(treebox)
self.pack2(self.vuln_notebook)
self.show()
def test_history_access(self):
self.count_plugin.loops = 1
self.w3afcore.start()
history_item = HistoryItem()
self.assertTrue(history_item.load(1))
self.assertEqual(history_item.id, 1)
self.assertEqual(history_item.get_request().get_uri().url_string,
get_moth_http())
self.assertEqual(history_item.get_response().get_uri().url_string,
get_moth_http())
def test_tag(self):
tag_id = random.randint(501, 999)
tag_value = rand_alnum(10)
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(501, 1000):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == tag_id:
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
h2.load(tag_id)
self.assertEqual(h2.tag, tag_value)
def test_render_url_special_chars(self):
self.maxDiff = None
_id = 2
vuln = MockVuln(_id=_id)
url = URL(
u'https://w3af.com/._basebind/node_modules/lodash._basecreate/'
u'LICENSE.txt\x00=ڞ')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
vuln.set_uri(url)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
expected = (
u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt<character code="0000"/>=\u069e" var="None">\n'
u' <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
u' <http-transactions>\n'
u' <http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt%00=%DA%9E HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n'
u'</http-transaction>\n'
u' </http-transactions>\n'
u'</vulnerability>')
self.assertEqual(xml, expected)
self.assertValidXML(xml)
def test_save_load_compressed(self):
force_compression_count = HistoryItem._UNCOMPRESSED_FILES + HistoryItem._COMPRESSED_FILE_BATCH
force_compression_count += 150
url = URL('http://w3af.com/a/b/c.php')
headers = Headers([('Content-Type', 'text/html')])
body = '<html>' + LOREM * 20
for i in xrange(1, force_compression_count):
request = HTTPRequest(url, data='a=%s' % i)
response = HTTPResponse(200, body, headers, url, url)
response.set_id(i)
h = HistoryItem()
h.request = request
h.response = response
h.save()
compressed_file = os.path.join(h.get_session_dir(), '1-150.zip')
self.assertTrue(os.path.exists(compressed_file))
compressed_file_temp = os.path.join(h.get_session_dir(),
'1-150.zip.tmp')
self.assertFalse(os.path.exists(compressed_file_temp))
expected_files = [
'%s.trace' % i
for i in range(1, HistoryItem._COMPRESSED_FILE_BATCH + 1)
]
_zip = zipfile.ZipFile(compressed_file, mode='r')
self.assertEqual(_zip.namelist(), expected_files)
for i in xrange(1, 100):
h = HistoryItem()
h.load(i)
self.assertEqual(h.request.get_uri(), url)
self.assertEqual(h.response.get_headers(), headers)
self.assertEqual(h.response.get_body(), body)
def test_cache(self):
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
_id = 2
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
self.assertIsNone(http_transaction.get_node_from_cache())
# Writes to cache
xml = http_transaction.to_string()
expected = (
u'<http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n</http-transaction>')
self.assertEqual(expected, xml)
# Yup, we're cached
self.assertIsNotNone(http_transaction.get_node_from_cache())
# Make sure they are all the same
cached_xml = http_transaction.get_node_from_cache()
self.assertEqual(cached_xml, expected)
xml = http_transaction.to_string()
self.assertEqual(expected, xml)
def response_dump(_id):
"""
:param _id: The ID to query in the database
:return: The response as unicode
"""
_history = HistoryItem()
try:
details = _history.read(_id)
except DBException:
return None
return smart_unicode(details.response.dump().strip())
def test_mark(self):
mark_id = 3
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == mark_id:
h1.toggle_mark()
h1.save()
h2 = HistoryItem()
h2.load(mark_id)
self.assertTrue(h2.mark)
h3 = HistoryItem()
h3.load(mark_id - 1)
self.assertFalse(h3.mark)
def test_clear_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
h1.clear()
h1.clear()
def test_render_simple(self):
_id = 2
vuln = MockVuln(_id=_id)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
expected = (
u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
u' <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
u' <http-transactions>\n'
u' <http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n'
u'</http-transaction>\n'
u' </http-transactions>\n'
u'</vulnerability>')
self.assertEqual(xml, expected)
self.assertValidXML(xml)
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# Write the HTTP request / response to the DB
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
# Create one vulnerability in the KB pointing to the request-
# response we just created
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
kb.kb.append('sqli', 'sqli', v)
self.assertEqual(len(kb.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
plugin_instance.set_w3af_core(self.w3af_core)
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = get_vulns_from_xml(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def __init__(self, w3af, kbbrowser, ifilter):
"""A tree showing all the info.
This also gives a long description of the element when clicked.
:param kbbrowser: The KB Browser
:param ifilter: The filter to show which elements
:author: Facundo Batista <facundobatista =at= taniquetil.com.ar>
"""
super(FullKBTree, self).__init__(w3af, ifilter,
'Knowledge Base', strict=False)
self._historyItem = HistoryItem()
self.kbbrowser = kbbrowser
self.connect('cursor-changed', self._show_desc)
self.show()
def _impact_done(self, event, impact):
# Keep calling this from timeout_add until isSet
if not event.isSet():
return True
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
# Analyze the impact
if impact.ok:
# Lets check if we found any vulnerabilities
#
# TODO: I should actually show ALL THE REQUESTS generated by
# audit plugins... not just the ones with vulnerabilities.
#
for result in impact.result:
if result.get_id() is None:
continue
for itemId in result.get_id():
historyItem = HistoryItem()
historyItem.load(itemId)
historyItem.update_tag(historyItem.tag +
result.plugin_name)
historyItem.info = result.get_desc()
historyItem.save()
else:
if isinstance(impact.exception, HTTPRequestException):
msg = 'Exception found while sending HTTP request. Original' \
' exception is: "%s"' % impact.exception
elif isinstance(impact.exception, ScanMustStopException):
msg = 'Multiple exceptions found while sending HTTP requests.' \
' Exception: "%s"' % impact.exception
elif isinstance(impact.exception, BaseFrameworkException):
msg = str(impact.exception)
else:
raise impact.exception
# We stop the throbber, and hide it
self.throbber.hide()
self.throbber.running(False)
gtk.gdk.threads_enter()
helpers.FriendlyExceptionDlg(msg)
gtk.gdk.threads_leave()
return False
