def to_string(self):
context = dotdict({})
context.status = self._status['status']
context.is_paused = self._status['is_paused']
context.is_running = self._status['is_running']
context.active_crawl_plugin = self._status['active_plugin']['crawl']
context.active_audit_plugin = self._status['active_plugin']['audit']
context.current_crawl_request = self._status['current_request'][
'crawl']
context.current_audit_request = self._status['current_request'][
'audit']
context.crawl_input_speed = self._status['queues']['crawl'][
'input_speed']
context.crawl_output_speed = self._status['queues']['crawl'][
'output_speed']
context.crawl_queue_length = self._status['queues']['crawl']['length']
context.audit_input_speed = self._status['queues']['audit'][
'input_speed']
context.audit_output_speed = self._status['queues']['audit'][
'output_speed']
context.audit_queue_length = self._status['queues']['audit']['length']
context.crawl_eta = self._status['eta']['crawl']
context.audit_eta = self._status['eta']['audit']
context.rpm = self._status['rpm']
context.total_urls = self._total_urls
template = self.get_template(self.TEMPLATE)
transaction = template.render(context)
return transaction
def to_string(self):
info = self._info
context = dotdict({})
context.id_list = info.get_id()
context.http_method = info.get_method()
context.name = info.get_name()
context.plugin_name = info.get_plugin_name()
context.severity = info.get_severity()
context.url = info.get_url().url_string if info.get_url(
) is not None else None
context.var = info.get_token_name()
context.description = info.get_desc(with_id=False)
#
# Add the information from the vuln db (if any)
#
context.long_description = None
if info.has_db_details():
context.long_description = info.get_long_description()
context.fix_guidance = info.get_fix_guidance()
context.fix_effort = info.get_fix_effort()
context.references = info.get_references()
#
# Add the HTTP transactions
#
context.http_transactions = []
for transaction in info.get_id():
try:
xml = HTTPTransaction(self._jinja2_env,
transaction).to_string()
except (DBException, TraceReadException) as e:
msg = ('Failed to retrieve request with id %s from DB: "%s".'
' The "%s" vulnerability will have an incomplete HTTP'
' transaction list.')
args = (transaction, e, context.name)
om.out.error(msg % args)
continue
else:
context.http_transactions.append(xml)
template = self.get_template(self.TEMPLATE)
transaction = template.render(context)
return transaction
def flush(self):
"""
Write the XML to the output file
:return: None
"""
# Create the cache path
CachedXMLNode.create_cache_path()
FindingsCache.create_cache_path()
# Create the context
context = dotdict({})
self._add_root_info_to_context(context)
self._add_scan_info_to_context(context)
self._add_scan_status_to_context(context)
self._add_findings_to_context(context)
self._add_errors_to_context(context)
# Write to file
self._write_context_to_file(context)
def to_string(self):
info = self._info
context = dotdict({})
context.id_list = info.get_id()
context.http_method = info.get_method()
context.name = info.get_name()
context.plugin_name = info.get_plugin_name()
context.severity = info.get_severity()
context.url = info.get_url().url_string if info.get_url(
) is not None else None
context.var = info.get_token_name()
context.description = info.get_desc(with_id=False)
#
# Add the information from the vuln db (if any)
#
context.long_description = None
if info.has_db_details():
context.long_description = info.get_long_description()
context.fix_guidance = info.get_fix_guidance()
context.fix_effort = info.get_fix_effort()
context.references = info.get_references()
#
# Add the HTTP transactions
#
context.http_transactions = []
for transaction in info.get_id():
try:
xml = HTTPTransaction(self._jinja2_env,
transaction).to_string()
except DBException, e:
msg = 'Failed to retrieve request with id %s from DB: "%s"'
om.out.error(msg % (transaction, e))
continue
else:
context.http_transactions.append(xml)
def flush(self):
"""
Write the XML to the output file
:return: None
"""
# Create the cache path
CachedXMLNode.create_cache_path()
FindingsCache.create_cache_path()
# Create the context
context = dotdict({})
try:
self._add_scan_status_to_context(context)
except RuntimeError, rte:
# In some very strange scenarios we get this error:
#
# Can NOT call get_run_time before start()
#
# Just "ignore" this call to flush and write the XML in the next call
msg = 'xml_file.flush() failed to add scan status to context: "%s"'
om.out.debug(msg % rte)
return
def to_string(self):
"""
:return: An xml node (as a string) representing the HTTP request / response.
<http-transaction id="...">
<http-request>
<status></status>
<headers>
<header>
<field></field>
<content></content>
</header>
</headers>
<body content-encoding="base64"></body>
</http-request>
<http-response>
<status></status>
<headers>
<header>
<field></field>
<content></content>
</header>
</headers>
<body content-encoding="base64"></body>
</http-response>
</http-transaction>
One of the differences this class has with the previous implementation is
that the body is always encoded, no matter the content-type. This helps
prevent encoding issues.
"""
# Get the data from the cache
node = self.get_node_from_cache()
if node is not None:
return node
# HistoryItem to get requests/responses
req_history = HistoryItem()
# This might raise a DBException in some cases (which I still
# need to identify and fix). When an exception is raised here
# the caller needs to handle it by ignoring this part of the
# HTTP transaction
request, response = req_history.load_from_file(self._id)
data = request.get_data() or ''
b64_encoded_request_body = base64.encodestring(smart_str_ignore(data))
body = response.get_body() or ''
b64_encoded_response_body = base64.encodestring(smart_str_ignore(body))
context = {
'id': self._id,
'request': {
'status': request.get_request_line().strip(),
'headers': request.get_headers(),
'body': b64_encoded_request_body
},
'response': {
'status': response.get_status_line().strip(),
'headers': response.get_headers(),
'body': b64_encoded_response_body
}
}
context = dotdict(context)
template = self.get_template(self.TEMPLATE)
transaction = template.render(context)
self.save_node_to_cache(transaction)
return transaction
