Beispiel #1
0
    def test_render_with_special_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' characters such as <, & and > which MUST be encoded'
                ' by jinja2.')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('such as <, & and > which MUST', xml)
        self.assertIn('such as &lt;, &amp; and &gt; which MUST', xml)
        self.assertValidXML(xml)
Beispiel #2
0
    def test_info_set_keep_uniq_id(self):
        #
        # Create a new InfoSet, load it from the KB, confirm that it has
        # the same uniq_id
        #
        vuln = MockVuln(name='Foos')

        info_set_a, created = kb.append_uniq_group(
            'a', 'b', vuln, group_klass=MockInfoSetNames)

        self.assertTrue(created)

        info_set_b = kb.get('a', 'b')[0]

        self.assertEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id())

        #
        # Change the InfoSet a little bit by adding a new Info. That should
        # change the uniq_id
        #
        vuln = MockVuln(name='Foos')
        _, created = kb.append_uniq_group('a',
                                          'b',
                                          vuln,
                                          group_klass=MockInfoSetNames)

        self.assertFalse(created)

        info_set_b = kb.get('a', 'b')[0]

        self.assertNotEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id())
Beispiel #3
0
    def start(self, tag, attrib):
        """
        <vulnerability id="[87]" method="GET"
                       name="Cross site scripting vulnerability"
                       plugin="xss" severity="Medium"
                       url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                       var="text">
        """
        if tag == 'vulnerability':
            name = attrib['name']
            plugin = attrib['plugin']

            v = MockVuln(name, None, 'High', 1, plugin)
            v.set_url(URL(attrib['url']))

            self.vulns.append(v)

        # <body content-encoding="base64">
        elif tag == 'body':
            content_encoding = attrib['content-encoding']

            assert content_encoding == 'base64'
            self._inside_body = True

        elif tag == 'http-response':
            self._inside_response = True
Beispiel #4
0
    def test_render_attr_with_special_chars(self):
        _id = 2

        name = 'A long description with special characters: <&">'

        vuln = MockVuln(_id=_id)
        vuln.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn(name, xml)
        self.assertIn('A long description with special characters: &lt;&amp;&quot;&gt;', xml)
        self.assertValidXML(xml)
Beispiel #5
0
    def test_render_with_special_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' characters such as <, & and > which MUST be encoded'
                ' by jinja2.')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('such as <, & and > which MUST', xml)
        self.assertIn('such as &lt;, &amp; and &gt; which MUST', xml)
        self.assertValidXML(xml)
Beispiel #6
0
    def test_render_with_unicode_control_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' unicode control characters such as \f and \x09')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('unicode control characters such as \f and \x09', xml)
        self.assertIn('unicode control characters such as <character code="000c"/> and <character code="0009"/>', xml)
        self.assertValidXML(xml)
Beispiel #7
0
    def start(self, tag, attrib):
        """
        <vulnerability id="[87]" method="GET"
                       name="Cross site scripting vulnerability"
                       plugin="xss" severity="Medium"
                       url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                       var="text">
        """
        if tag == 'vulnerability':
            name = attrib['name']
            plugin = attrib['plugin']
            
            v = MockVuln(name, None, 'High', 1, plugin)
            v.set_url(URL(attrib['url']))
            
            self.vulns.append(v)
        
        # <body content-encoding="base64">
        elif tag == 'body':
            content_encoding = attrib['content-encoding']
            
            assert content_encoding == 'base64'
            self._inside_body = True

        elif tag == 'http-response':
            self._inside_response = True
Beispiel #8
0
    def test_render_with_unicode_control_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' unicode control characters such as \f and \x09')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('unicode control characters such as \f and \x09', xml)
        self.assertIn(
            'unicode control characters such as <character code="000c"/> and <character code="0009"/>',
            xml)
        self.assertValidXML(xml)
Beispiel #9
0
    def test_render_attr_with_special_chars(self):
        _id = 2

        name = 'A long description with special characters: <&">'

        vuln = MockVuln(_id=_id)
        vuln.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn(name, xml)
        self.assertIn(
            'A long description with special characters: &lt;&amp;&quot;&gt;',
            xml)
        self.assertValidXML(xml)
Beispiel #10
0
    def test_get_one(self):
        vuln = MockVuln()
        kb.append('a', 'b', vuln)
        kb_vuln = kb.get_one('a', 'b')

        #pylint: disable=E1103
        self.assertEqual(kb_vuln.get_uniq_id(), vuln.get_uniq_id())
        self.assertEqual(kb_vuln, vuln)
Beispiel #11
0
    def test_get_one(self):
        vuln = MockVuln()
        kb.append('a', 'b', vuln)
        kb_vuln = kb.get_one('a', 'b')

        #pylint: disable=E1103
        self.assertEqual(kb_vuln.get_uniq_id(), vuln.get_uniq_id())
        self.assertEqual(kb_vuln, vuln)
Beispiel #12
0
    def test_append_uniq_group_empty_address(self):
        vuln = MockVuln()
        info_set, created = kb.append_uniq_group('a', 'b', vuln)

        self.assertIsInstance(info_set, InfoSet)
        self.assertTrue(created)
        self.assertEqual(info_set.get_urls(), [vuln.get_url()])
        self.assertEqual(info_set.get_name(), vuln.get_name())
        self.assertEqual(info_set.get_id(), vuln.get_id())
        self.assertEqual(info_set.get_plugin_name(), vuln.get_plugin_name())
Beispiel #13
0
    def test_render_unicode_bytestring(self):
        vuln = MockVuln(name='á')
        vuln.set_id([])

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertIn(u'á', xml)
        self.assertValidXML(xml)
Beispiel #14
0
    def _from_json_get_vulns(self, filename):
        json_data = json.load(open(filename, 'r'))
        vulns = []

        for finding in json_data['items']:

            v = MockVuln(finding['Name'], None, 'High', 1, 'sqli')
            v.set_url(URL(finding['URL']))
            vulns.append(v)

        return vulns
Beispiel #15
0
    def test_render_unicode_bytestring(self):
        vuln = MockVuln(name='á')
        vuln.set_id([])

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertIn(u'á', xml)
        self.assertValidXML(xml)
Beispiel #16
0
    def test_render_url_special_chars(self):
        self.maxDiff = None

        _id = 2
        vuln = MockVuln(_id=_id)

        url = URL(
            u'https://w3af.com/._basebind/node_modules/lodash._basecreate/'
            u'LICENSE.txt\x00=ڞ')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        vuln.set_uri(url)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        expected = (
            u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt&lt;character code=&quot;0000&quot;/&gt;=\u069e" var="None">\n'
            u'    <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
            u'    <http-transactions>\n'
            u'            <http-transaction id="2">\n\n'
            u'    <http-request>\n'
            u'        <status>POST https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt%00=%DA%9E HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n'
            u'</http-transaction>\n'
            u'    </http-transactions>\n'
            u'</vulnerability>')

        self.assertEqual(xml, expected)
        self.assertValidXML(xml)
Beispiel #17
0
    def test_update_exception(self):
        vuln = MockVuln()
        kb.append('a', 'b', vuln)
        original_id = vuln.get_uniq_id()

        # Cause error by changing vuln uniq_id
        update_vuln = vuln
        update_vuln._uniq_id = str(uuid.uuid4())
        modified_id = vuln.get_uniq_id()

        self.assertNotEqual(original_id, modified_id)
        self.assertRaises(DBException, kb.update, vuln, update_vuln)
Beispiel #18
0
    def test_update_exception(self):
        vuln = MockVuln()
        kb.append('a', 'b', vuln)
        original_id = vuln.get_uniq_id()

        # Cause error by changing vuln uniq_id
        update_vuln = vuln
        update_vuln.set_name('a')
        modified_id = vuln.get_uniq_id()

        self.assertNotEqual(original_id, modified_id)
        self.assertRaises(DBException, kb.update, vuln, update_vuln)
Beispiel #19
0
    def _from_html_get_vulns(self):
        vuln_url_re = re.compile('<li>Vulnerable URL: <a href="(.*?)">')
        vulns = []

        for line in file(self.OUTPUT_FILE):

            mo = vuln_url_re.search(line)
            if mo:
                url = URL(mo.group(1))
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(url)
                vulns.append(v)

        return vulns
Beispiel #20
0
    def _from_html_get_vulns(self):
        vuln_url_re = re.compile('<b>URL:</b> (.*?)<br />')
        vulns = []

        for line in file(self.OUTPUT_FILE):

            mo = vuln_url_re.search(line)
            if mo:
                url = URL(mo.group(1))
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(url)
                vulns.append(v)

        return vulns
Beispiel #21
0
    def test_help_contents(self):
        shell = ReadShell(MockVuln(), None, None)
        _help = shell.help(None)

        self.assertNotIn('execute', _help)
        self.assertNotIn('upload', _help)
        self.assertIn('read', _help)
Beispiel #22
0
 def test_pickleable_vuln(self):
     original_vuln = MockVuln()
     
     kb.append('a', 'b', original_vuln)
     unpickled_vuln = kb.get('a', 'b')[0]
     
     self.assertEqual(original_vuln, unpickled_vuln)
Beispiel #23
0
    def test_kb_list_shells_rfi_port_scan_2181(self):
        """
        :see: https://github.com/andresriancho/w3af/issues/2181
        """
        w3af_core = w3afCore()

        vuln = MockVuln()
        url = URL('http://moth/?a=1')
        freq = FuzzableRequest(url)
        exploit_mutant = QSMutant.create_mutants(freq, [''], [], False, {})[0]

        shell = PortScanShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool,
                              exploit_mutant)
        kb.append('a', 'b', shell)

        shells = kb.get_all_shells(w3af_core=w3af_core)
        self.assertEqual(len(shells), 1)
        unpickled_shell = shells[0]

        self.assertEqual(shell, unpickled_shell)
        self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
        self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
        self.assertEqual(unpickled_shell._exploit_mutant, exploit_mutant)

        w3af_core.quit()
Beispiel #24
0
    def test_kb_list_shells_xpath_2181(self):
        """
        :see: https://github.com/andresriancho/w3af/issues/2181
        """
        w3af_core = w3afCore()
        vuln = MockVuln()

        str_delim = '&'
        true_cond = ''
        use_difflib = False
        is_error_response = IsErrorResponse(vuln, w3af_core.uri_opener,
                                            use_difflib)

        shell = XPathReader(vuln, w3af_core.uri_opener,
                            w3af_core.worker_pool, str_delim, true_cond,
                            is_error_response)
        kb.append('a', 'b', shell)

        shells = kb.get_all_shells(w3af_core=w3af_core)
        self.assertEqual(len(shells), 1)
        unpickled_shell = shells[0]

        self.assertEqual(shell, unpickled_shell)
        self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
        self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
        self.assertEqual(unpickled_shell.STR_DELIM, shell.STR_DELIM)
        self.assertEqual(unpickled_shell.TRUE_COND, shell.TRUE_COND)
        self.assertEqual(unpickled_shell.is_error_resp.use_difflib, use_difflib)
        self.assertEqual(unpickled_shell.is_error_resp.url_opener,
                         w3af_core.uri_opener)

        w3af_core.quit()
Beispiel #25
0
    def _from_txt_get_vulns(self):
        file_vulns = []
        vuln_regex = 'SQL injection in a .*? was found at: "(.*?)"' \
                     ', using HTTP method (.*?). The sent .*?data was: "(.*?)"'
        vuln_re = re.compile(vuln_regex)

        for line in file(self.OUTPUT_FILE):
            mo = vuln_re.search(line)

            if mo:
                v = MockVuln('TestCase', None, 'High', 1, 'plugin')
                v.set_url(URL(mo.group(1)))
                v.set_method(mo.group(2))
                
                file_vulns.append(v)

        return file_vulns
Beispiel #26
0
    def test_append_uniq_group_filter_func_specific(self):
        vuln1 = MockVuln(name='Foos')
        vuln2 = MockVuln(name='Bars')
        vuln3 = MockVuln(name='Foos', _id=42)
        kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetNames)
        kb.append_uniq_group('a', 'b', vuln2, group_klass=MockInfoSetNames)
        kb.append_uniq_group('a', 'b', vuln3, group_klass=MockInfoSetNames)

        raw_data = kb.get('a', 'b')
        self.assertEqual(len(raw_data), 2)
        self.assertIsInstance(raw_data[0], InfoSet)
        self.assertIsInstance(raw_data[1], InfoSet)

        self.assertEqual(raw_data[0].get_name(), 'Foos')
        self.assertEqual(len(raw_data[0].infos), 2)
        self.assertEqual(raw_data[0].infos[1].get_id(), [42])
        self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
Beispiel #27
0
    def test_append_uniq_group_no_match_filter_func(self):
        vuln1 = MockVuln(name='Foos')
        vuln2 = MockVuln(name='Bars')
        kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetFalse)
        info_set, created = kb.append_uniq_group('a', 'b', vuln2,
                                                 group_klass=MockInfoSetFalse)

        self.assertIsInstance(info_set, InfoSet)
        self.assertTrue(created)
        self.assertEqual(len(info_set.infos), 1)

        raw_data = kb.get('a', 'b')
        self.assertEqual(len(raw_data), 2)
        self.assertIsInstance(raw_data[0], InfoSet)
        self.assertIsInstance(raw_data[1], InfoSet)

        self.assertEqual(raw_data[0].first_info.get_name(), 'Foos')
        self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
Beispiel #28
0
    def test_all_of_info_vuln(self):
        i1 = MockInfo()
        i2 = MockInfo()

        v1 = MockVuln()
        v2 = MockVuln()

        iset = InfoSet([i2])
        vset = InfoSet([v2])

        kb.append('a', 'b', i1)
        kb.append('w', 'z', iset)
        kb.append('x', 'y', v1)
        kb.append('4', '2', vset)

        self.assertEqual(kb.get_all_vulns(), [v1, vset])
        self.assertEqual(kb.get_all_infos(), [i1, iset])
        self.assertEqual(kb.get_all_findings(), [i1, iset, v1, vset])
Beispiel #29
0
    def test_append_uniq_group_match_filter_func(self):
        vuln = MockVuln()
        kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetTrue)
        info_set, created = kb.append_uniq_group('a', 'b', vuln,
                                                 group_klass=MockInfoSetTrue)

        self.assertFalse(created)
        self.assertIsInstance(info_set, InfoSet)
        self.assertEqual(len(info_set.infos), 2)
Beispiel #30
0
    def test_help_format(self):
        shell = ExecShell(MockVuln(), None, None)
        _help = shell.help(None)

        self.assertFalse(_help.startswith(' '))

        self.assertIn('    help', _help)
        # Note that I add an extra space
        self.assertNotIn('     help', _help)
Beispiel #31
0
    def test_update_vuln(self):
        vuln = MockVuln()
        kb.append('a', 'b', vuln)
        update_vuln = copy.deepcopy(vuln)
        update_vuln.set_name('a')
        update_uniq_id = update_vuln.get_uniq_id()
        kb.update(vuln, update_vuln)

        self.assertNotEqual(update_vuln, vuln)
        self.assertEqual(update_vuln, kb.get_by_uniq_id(update_uniq_id))
Beispiel #32
0
    def start(self, tag, attrib):
        """
        <vulnerability id="[87]" method="GET" name="Cross site scripting vulnerability"
                       plugin="xss" severity="Medium" url="http://moth/w3af/audit/xss/simple_xss_no_script_2.php"
                       var="text">
        """
        if tag == "vulnerability":
            name = attrib["name"]
            plugin = attrib["plugin"]

            v = MockVuln(name, None, "High", 1, plugin)
            v.set_url(URL(attrib["url"]))

            self.vulns.append(v)

        # <body content-encoding="text">
        elif tag == "body":
            content_encoding = attrib["content-encoding"]

            assert content_encoding == "text"
            self._inside_body = True
Beispiel #33
0
        def multi_append():
            for i in xrange(InfoSet.MAX_INFO_INSTANCES * 2):
                vuln = MockVuln()
                kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetTrue)

            info_set_list = kb.get('a', 'b')

            self.assertEqual(len(info_set_list), 1)

            info_set = info_set_list[0]
            self.assertEqual(len(info_set.infos), InfoSet.MAX_INFO_INSTANCES)
            return True
Beispiel #34
0
    def test_all_of_info_exclude_ids(self):
        i1 = MockInfo()
        i2 = MockInfo()

        v1 = MockVuln()
        v2 = MockVuln()

        iset = InfoSet([i2])
        vset = InfoSet([v2])

        kb.append('a', 'b', i1)
        kb.append('w', 'z', iset)
        kb.append('x', 'y', v1)
        kb.append('4', '2', vset)

        all_findings = kb.get_all_findings()
        all_findings_except_v1 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(),))
        all_findings_except_v1_v2 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(), vset.get_uniq_id()))

        self.assertEqual(all_findings, [i1, iset, v1, vset])
        self.assertEqual(all_findings_except_v1, [i1, iset, vset])
        self.assertEqual(all_findings_except_v1_v2, [i1, iset])
    def test_all_of_info_exclude_ids(self):
        i1 = MockInfo()
        i2 = MockInfo()

        v1 = MockVuln()
        v2 = MockVuln()

        iset = InfoSet([i2])
        vset = InfoSet([v2])

        kb.append('a', 'b', i1)
        kb.append('w', 'z', iset)
        kb.append('x', 'y', v1)
        kb.append('4', '2', vset)

        all_findings = kb.get_all_findings()
        all_findings_except_v1 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(),))
        all_findings_except_v1_v2 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(), vset.get_uniq_id()))

        self.assertEqual(all_findings, [i1, iset, v1, vset])
        self.assertEqual(all_findings_except_v1, [i1, iset, vset])
        self.assertEqual(all_findings_except_v1_v2, [i1, iset])
Beispiel #36
0
    def test_append_uniq_group_filter_func_attribute_match(self):
        vuln1 = MockVuln(name='Foos')
        vuln1['tag'] = 'foo'

        vuln2 = MockVuln(name='Bars')
        vuln2['tag'] = 'bar'

        vuln3 = MockVuln(_id=42)
        vuln3['tag'] = 'foo'

        kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetITag)
        kb.append_uniq_group('a', 'b', vuln2, group_klass=MockInfoSetITag)
        kb.append_uniq_group('a', 'b', vuln3, group_klass=MockInfoSetITag)

        raw_data = kb.get('a', 'b')
        self.assertEqual(len(raw_data), 2)
        self.assertIsInstance(raw_data[0], InfoSet)
        self.assertIsInstance(raw_data[1], InfoSet)

        self.assertEqual(raw_data[0].get_name(), 'Foos')
        self.assertEqual(len(raw_data[0].infos), 2)
        self.assertEqual(raw_data[0].infos[1].get_id(), [42])
        self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
Beispiel #37
0
    def test_render_simple(self):
        _id = 2

        vuln = MockVuln(_id=_id)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        expected = (
            u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
            u'    <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
            u'    <http-transactions>\n'
            u'            <http-transaction id="2">\n\n'
            u'    <http-request>\n'
            u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n'
            u'</http-transaction>\n'
            u'    </http-transactions>\n'
            u'</vulnerability>')

        self.assertEqual(xml, expected)
        self.assertValidXML(xml)
Beispiel #38
0
    def test_append_uniq_group_empty_address(self):
        vuln = MockVuln()
        info_set, created = kb.append_uniq_group('a', 'b', vuln)

        self.assertIsInstance(info_set, InfoSet)
        self.assertTrue(created)
        self.assertEqual(info_set.get_urls(), [vuln.get_url()])
        self.assertEqual(info_set.get_name(), vuln.get_name())
        self.assertEqual(info_set.get_id(), vuln.get_id())
        self.assertEqual(info_set.get_plugin_name(), vuln.get_plugin_name())
Beispiel #39
0
 def test_pickleable_shells(self):
     pool = Pool(1)
     xurllib = ExtendedUrllib()
     
     original_shell = Shell(MockVuln(), xurllib, pool)
     
     kb.append('a', 'b', original_shell)
     unpickled_shell = kb.get('a', 'b')[0]
     
     self.assertEqual(original_shell, unpickled_shell)
     self.assertEqual(unpickled_shell.worker_pool, None)
     self.assertEqual(unpickled_shell._uri_opener, None)
     
     pool.terminate()
     pool.join()
     xurllib.end()
Beispiel #40
0
 def test_pickleable_shells_get_all(self):
     class FakeCore(object):
         worker_pool = Pool(1)
         uri_opener = ExtendedUrllib()
     
     core = FakeCore()
     original_shell = Shell(MockVuln(), core.uri_opener, core.worker_pool)
     
     kb.append('a', 'b', original_shell)
     unpickled_shell = list(kb.get_all_shells(core))[0]
     
     self.assertEqual(original_shell, unpickled_shell)
     self.assertEqual(unpickled_shell.worker_pool, core.worker_pool)
     self.assertEqual(unpickled_shell._uri_opener, core.uri_opener)
     
     core.worker_pool.terminate()
     core.worker_pool.join()
     core.uri_opener.end()
Beispiel #41
0
    def test_info_set_keep_uniq_id_after_max_info_instances(self):
        #
        # Create one InfoSet, add MAX_INFO_INSTANCES, assert that the ID is not
        # changed afterwards
        #
        vuln = MockVuln(name='Foos')

        for _ in xrange(MockInfoSetNames.MAX_INFO_INSTANCES + 1):
            kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames)

        info_set_before = kb.get('a', 'b')[0]

        # Now some rounds of testing
        for _ in xrange(5):
            info_set_after, _ = kb.append_uniq_group(
                'a', 'b', vuln, group_klass=MockInfoSetNames)

            self.assertEqual(info_set_before.get_uniq_id(),
                             info_set_after.get_uniq_id())
Beispiel #42
0
    def test_kb_list_shells_file_upload_2181(self):
        """
        :see: https://github.com/andresriancho/w3af/issues/2181
        """
        w3af_core = w3afCore()
        exploit_url = URL('http://w3af.org/')

        shell = FileUploadShell(MockVuln(), w3af_core.uri_opener,
                                w3af_core.worker_pool, exploit_url)
        kb.append('a', 'b', shell)

        shells = kb.get_all_shells(w3af_core=w3af_core)
        self.assertEqual(len(shells), 1)
        unpickled_shell = shells[0]

        self.assertEqual(shell, unpickled_shell)
        self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
        self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
        self.assertEqual(unpickled_shell._exploit_url, shell._exploit_url)

        w3af_core.quit()
Beispiel #43
0
    def test_cache_works_as_expected(self):
        #
        # Cache starts empty
        #
        cache = FindingsCache()
        self.assertEquals(cache.list(), [])

        #
        # Create two vulnerabilities with their HTTP requests and responses
        #
        _id = 1

        name = 'I have a name'

        vuln1 = MockVuln(_id=_id)
        vuln1.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        _id = 2

        name = 'Just a name'

        vuln2 = MockVuln(_id=_id)
        vuln2.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h2 = HistoryItem()
        h2.request = request
        res.set_id(_id)
        h2.response = res
        h2.save()

        #
        # Save one vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'b', vuln1)

        x = xml_file()
        list(x.findings())

        self.assertEquals(cache.list(), [vuln1.get_uniq_id()])

        #
        # Save another vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'c', vuln2)

        list(x.findings())

        expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)

        #
        # Remove one vulnerability and see how it is removed from the cache
        #
        kb.kb.raw_write('a', 'c', 'noop')

        list(x.findings())

        expected = {vuln1.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)