def set_name(self, name):
self._name = name
if self.get_vulndb_id() is None:
# This means that the plugin developer did NOT set the vuln_id via
# kwargs, so we're going to try to get that id via VULNS
self.set_vulndb_id(VULNS.get(name, None))
#
# This section is only here for helping me debug / unittest the
# names used in the framework. See test_vulns.py for more info.
#
if not is_running_tests():
return
from w3af.core.data.kb.tests.test_info import MockInfo
from w3af.core.data.kb.tests.test_vuln import MockVuln
if isinstance(self, (MockVuln, MockInfo)):
return
if not is_valid_name(name):
missing = os.path.join(ARTIFACTS_DIR, 'missing-vulndb.txt')
missing = file(missing, 'a')
missing.write('%s\n' % name)
missing.close()
def set_name(self, name):
self._name = name
if self.get_vulndb_id() is None:
# This means that the plugin developer did NOT set the vuln_id via
# kwargs, so we're going to try to get that id via VULNS
self.set_vulndb_id(VULNS.get(name, None))
#
# This section is only here for helping me debug / unittest the
# names used in the framework. See test_vulns.py for more info.
#
if not is_running_tests():
return
from w3af.core.data.kb.tests.test_info import MockInfo
from w3af.core.data.kb.tests.test_vuln import MockVuln
if isinstance(self, (MockVuln, MockInfo)):
return
if not is_valid_name(name):
missing = os.path.join(ARTIFACTS_DIR, 'missing-vulndb.txt')
missing = file(missing, 'a')
missing.write('%s\n' % name)
missing.close()
def test_vulns_dict_points_to_existing_vulndb_data_id(self):
invalid = []
for vuln_name, _id in VULNS.iteritems():
if _id is None:
continue
if not DBVuln.is_valid_id(_id):
invalid.append((vuln_name, _id))
self.assertEqual(invalid, [])
def test_vulns_dict_points_to_existing_vulndb_data_id(self):
invalid = []
for vuln_name, _id in VULNS.iteritems():
if _id is None:
continue
if not DBVuln.is_valid_id(_id):
invalid.append((vuln_name, _id))
self.assertEqual(invalid, [])
def test_all_vulnerability_names_from_db_are_used(self):
vuln_names = VULNS.keys()
all_plugin_sources = self.get_all_plugins_source()
missing_ignore = {'TestCase', 'Blind SQL injection vulnerability'}
for vuln_name in vuln_names:
if vuln_name in missing_ignore:
continue
msg = '"%s" not in plugin sources' % vuln_name
self.assertIn(vuln_name, all_plugin_sources, msg)
def test_all_vulnerability_names_from_db_are_used(self):
vuln_names = VULNS.keys()
all_plugin_sources = self.get_all_plugins_source()
missing_ignore = {'TestCase',
'Blind SQL injection vulnerability'}
for vuln_name in vuln_names:
if vuln_name in missing_ignore:
continue
msg = '"%s" not in plugin sources' % vuln_name
self.assertIn(vuln_name, all_plugin_sources, msg)
def test_all_vulnerability_names_from_source_in_db(self):
vuln_names = VULNS.keys()
vuln_names_re = ' (Info|Vuln)\\(["\'](.*?)["\'] ?,.*?\\)'
all_plugin_sources = self.get_all_plugins_source()
vuln_names_in_source = re.findall(vuln_names_re, all_plugin_sources,
re.DOTALL)
extracted = []
not_in_db = []
for _type, vuln_title in vuln_names_in_source:
extracted.append(vuln_title)
if vuln_title not in vuln_names and vuln_title not in not_in_db:
not_in_db.append(vuln_title)
self.assertEqual(not_in_db, [])
self.assertGreater(len(extracted), 120, extracted)
def test_all_vulnerability_names_from_source_in_db(self):
vuln_names = VULNS.keys()
vuln_names_re = ' (Info|Vuln)\\(["\'](.*?)["\'] ?,.*?\\)'
all_plugin_sources = self.get_all_plugins_source()
vuln_names_in_source = re.findall(vuln_names_re, all_plugin_sources,
re.DOTALL)
extracted = []
not_in_db = []
for _type, vuln_title in vuln_names_in_source:
extracted.append(vuln_title)
if vuln_title not in vuln_names and vuln_title not in not_in_db:
not_in_db.append(vuln_title)
self.assertEqual(not_in_db, [])
self.assertGreater(len(extracted), 120, extracted)
def test_no_empty(self):
items = VULNS.items()
empty_values = set([(key, val) for (key, val) in items if not val])
self.assertEqual(set([]), empty_values)
