def set_name(self, name): self._name = name if self.get_vulndb_id() is None: # This means that the plugin developer did NOT set the vuln_id via # kwargs, so we're going to try to get that id via VULNS self.set_vulndb_id(VULNS.get(name, None)) # # This section is only here for helping me debug / unittest the # names used in the framework. See test_vulns.py for more info. # if not is_running_tests(): return from w3af.core.data.kb.tests.test_info import MockInfo from w3af.core.data.kb.tests.test_vuln import MockVuln if isinstance(self, (MockVuln, MockInfo)): return if not is_valid_name(name): missing = os.path.join(ARTIFACTS_DIR, 'missing-vulndb.txt') missing = file(missing, 'a') missing.write('%s\n' % name) missing.close()
def test_vulns_dict_points_to_existing_vulndb_data_id(self): invalid = [] for vuln_name, _id in VULNS.iteritems(): if _id is None: continue if not DBVuln.is_valid_id(_id): invalid.append((vuln_name, _id)) self.assertEqual(invalid, [])
def test_all_vulnerability_names_from_db_are_used(self): vuln_names = VULNS.keys() all_plugin_sources = self.get_all_plugins_source() missing_ignore = {'TestCase', 'Blind SQL injection vulnerability'} for vuln_name in vuln_names: if vuln_name in missing_ignore: continue msg = '"%s" not in plugin sources' % vuln_name self.assertIn(vuln_name, all_plugin_sources, msg)
def test_all_vulnerability_names_from_source_in_db(self): vuln_names = VULNS.keys() vuln_names_re = ' (Info|Vuln)\\(["\'](.*?)["\'] ?,.*?\\)' all_plugin_sources = self.get_all_plugins_source() vuln_names_in_source = re.findall(vuln_names_re, all_plugin_sources, re.DOTALL) extracted = [] not_in_db = [] for _type, vuln_title in vuln_names_in_source: extracted.append(vuln_title) if vuln_title not in vuln_names and vuln_title not in not_in_db: not_in_db.append(vuln_title) self.assertEqual(not_in_db, []) self.assertGreater(len(extracted), 120, extracted)
def test_no_empty(self): items = VULNS.items() empty_values = set([(key, val) for (key, val) in items if not val]) self.assertEqual(set([]), empty_values)