def test_strategy_exception(self): core = w3afCore() target = core.target.get_options() target['target'].set_value(self.TARGET_URL) core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() strategy = CoreStrategy(core) strategy._fuzzable_request_router = Mock(side_effect=Exception) strategy.terminate = Mock(wraps=strategy.terminate) self.assertRaises(Exception, strategy.start) # Now test that those threads are being terminated self.assertEqual(strategy.terminate.called, True) core.exploit_phase_prerequisites = lambda: 42 core.scan_end_hook() self._assert_thread_names()
def test_alert_if_target_is_301_all_internal_redir(self): """ Tests that no info is created if the site redirects internally """ core = w3afCore() httpretty.register_uri( httpretty.GET, re.compile("w3af.com/(.*)"), body='301', status=301, adding_headers={'Location': 'http://w3af.com/xyz'}) target = core.target.get_options() target['target'].set_value('http://w3af.com/') core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() strategy = CoreStrategy(core) strategy.start() infos = kb.get('core', 'core') self.assertEqual(len(infos), 0, infos)
def test_strategy_run(self): core = w3afCore() target = core.target.get_options() target['target'].set_value(self.TARGET_URL) core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() def verify_threads_running(functor): thread_names = [t.name for t in threading.enumerate()] self.assertIn('WorkerThread', thread_names) self.called_teardown_audit = True return functor self.called_teardown_audit = False strategy = CoreStrategy(core) strategy._teardown_audit = verify_threads_running( strategy._teardown_audit) strategy.start() # Now test that those threads are being terminated self.assertTrue(self.called_teardown_audit) vulns = kb.get('sqli', 'sqli') self.assertEqual(len(vulns), 1, vulns) # Tell the core that we've finished, this should kill the WorkerThreads core.exploit_phase_prerequisites = lambda: 42 core.scan_end_hook() self._assert_thread_names()
def test_strategy_verify_target_server_up(self): core = w3afCore() # TODO: Change 2312 by an always closed/non-http port INVALID_TARGET = 'http://localhost:2312/' target = core.target.get_options() target['target'].set_value(INVALID_TARGET) core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() strategy = CoreStrategy(core) try: strategy.start() except ScanMustStopException, wmse: message = str(wmse) self.assertIn('Please verify your target configuration', message)