def toggle_bookmark(self, cell, path, model): """Toggle bookmark.""" model[path][1] = not model[path][1] historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.toggle_mark(True) return
def __init__(self, w3af, request_id, enableWidget=None, withManual=True, withFuzzy=True, withCompare=True, withAudit=True, editableRequest=False, editableResponse=False, widgname="default"): # Create the window RememberingWindow.__init__(self, w3af, "reqResWin", _("w3af - HTTP Request/Response"), "Browsing_the_Knowledge_Base") # Create the request response viewer rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy, withCompare, withAudit, editableRequest, editableResponse, widgname) # Search the id in the DB historyItem = HistoryItem() historyItem.load(request_id) # Set rrViewer.request.show_object(historyItem.request) rrViewer.response.show_object(historyItem.response) rrViewer.show() self.vbox.pack_start(rrViewer) # Show the window self.show()
def edit_tag(self, cell, path, new_text, model): """Edit tag.""" model[path][4] = new_text historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.update_tag(new_text, True) return
def test_save_load(self): i = random.randint(1, 499) url = URL('http://w3af.com/a/b/c.php') request = HTTPRequest(url, data='a=1') hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res h1.save() h2 = HistoryItem() h2.load(i) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body)
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by # audit plugins... not just the ones with vulnerabilities. # for result in impact.result: if result.get_id() is None: continue for itemId in result.get_id(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.update_tag(historyItem.tag + result.plugin_name) historyItem.info = result.get_desc() historyItem.save() else: if isinstance(impact.exception, HTTPRequestException): msg = 'Exception found while sending HTTP request. Original' \ ' exception is: "%s"' % impact.exception elif isinstance(impact.exception, ScanMustStopException): msg = 'Multiple exceptions found while sending HTTP requests.' \ ' Exception: "%s"' % impact.exception elif isinstance(impact.exception, BaseFrameworkException): msg = str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by # audit plugins... not just the ones with vulnerabilities. # for result in impact.result: if result.get_id() is None: continue for itemId in result.get_id(): history_item = HistoryItem() history_item.load(itemId) history_item.update_tag(history_item.tag + result.plugin_name) history_item.info = result.get_desc() history_item.save() else: if isinstance(impact.exception, HTTPRequestException): msg = 'Exception found while sending HTTP request. Original' \ ' exception is: "%s"' % impact.exception elif isinstance(impact.exception, ScanMustStopException): msg = 'Multiple exceptions found while sending HTTP requests.' \ ' Exception: "%s"' % impact.exception elif isinstance(impact.exception, BaseFrameworkException): msg = str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def test_save_load_unicode_decode_error(self): url = URL('http://w3af.com/a/b/é.php?x=á') request = HTTPRequest(url, data='a=1') headers = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', headers, url, url) res.set_id(1) h1 = HistoryItem() h1.request = request h1.response = res h1.save() h2 = HistoryItem() h2.load(1) self.assertEqual(h1.request.to_dict(), h2.request.to_dict()) self.assertEqual(h1.response.body, h2.response.body) self.assertEqual(h1.request.url_object, h2.request.url_object)
def test_save_load_unicode_decode_error(self): url = URL('http://w3af.com/a/b/é.php?x=á') request = HTTPRequest(url, data='a=1') headers = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', headers, url, url) res.set_id(1) h1 = HistoryItem() h1.request = request h1.response = res h1.save() h2 = HistoryItem() h2.load(1) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body) self.assertEqual(h1.request.url_object, h2.request.url_object)
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736 if result.get_id() is not None: for itemId in result.get_id(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.update_tag( historyItem.tag + result.plugin_name) historyItem.info = result.get_desc() historyItem.save() else: if impact.exception.__class__ == BaseFrameworkException: msg = str(impact.exception) elif impact.exception.__class__ == ScanMustStopException: msg = "Stopped sending requests because " + \ str(impact.exception) elif impact.exception.__class__ == ScanMustStopOnUrlError: msg = "Not sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736 if result.get_id() is not None: for itemId in result.get_id(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.update_tag(historyItem.tag + result.plugin_name) historyItem.info = result.get_desc() historyItem.save() else: if impact.exception.__class__ == BaseFrameworkException: msg = str(impact.exception) elif impact.exception.__class__ == ScanMustStopException: msg = "Stopped sending requests because " + \ str(impact.exception) elif impact.exception.__class__ == ScanMustStopOnUrlError: msg = "Not sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def test_tag(self): tag_id = random.randint(501, 999) tag_value = rand_alnum(10) url = URL('http://w3af.org/a/b/c.php') for i in xrange(501, 1000): request = HTTPRequest(url, data='a=1') hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == tag_id: h1.update_tag(tag_value) h1.save() h2 = HistoryItem() h2.load(tag_id) self.assertEqual(h2.tag, tag_value)
def test_history_access(self): self.count_plugin.loops = 1 self.w3afcore.start() history_item = HistoryItem() self.assertTrue(history_item.load(1)) self.assertEqual(history_item.id, 1) self.assertEqual(history_item.get_request().get_uri().url_string, get_moth_http()) self.assertEqual(history_item.get_response().get_uri().url_string, get_moth_http())
def test_save_load_compressed(self): force_compression_count = HistoryItem._UNCOMPRESSED_FILES + HistoryItem._COMPRESSED_FILE_BATCH force_compression_count += 150 url = URL('http://w3af.com/a/b/c.php') headers = Headers([('Content-Type', 'text/html')]) body = '<html>' + LOREM * 20 for i in xrange(1, force_compression_count): request = HTTPRequest(url, data='a=%s' % i) response = HTTPResponse(200, body, headers, url, url) response.set_id(i) h = HistoryItem() h.request = request h.response = response h.save() compressed_file = os.path.join(h.get_session_dir(), '1-150.zip') self.assertTrue(os.path.exists(compressed_file)) compressed_file_temp = os.path.join(h.get_session_dir(), '1-150.zip.tmp') self.assertFalse(os.path.exists(compressed_file_temp)) expected_files = [ '%s.trace' % i for i in range(1, HistoryItem._COMPRESSED_FILE_BATCH + 1) ] _zip = zipfile.ZipFile(compressed_file, mode='r') self.assertEqual(_zip.namelist(), expected_files) for i in xrange(1, 100): h = HistoryItem() h.load(i) self.assertEqual(h.request.get_uri(), url) self.assertEqual(h.response.get_headers(), headers) self.assertEqual(h.response.get_body(), body)
def test_mark(self): mark_id = 3 url = URL('http://w3af.org/a/b/c.php') for i in xrange(0, 500): request = HTTPRequest(url, data='a=1') hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == mark_id: h1.toggle_mark() h1.save() h2 = HistoryItem() h2.load(mark_id) self.assertTrue(h2.mark) h3 = HistoryItem() h3.load(mark_id-1) self.assertFalse(h3.mark)
def test_mark(self): mark_id = 3 url = URL('http://w3af.org/a/b/c.php') for i in xrange(0, 500): request = HTTPRequest(url, data='a=1') hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == mark_id: h1.toggle_mark() h1.save() h2 = HistoryItem() h2.load(mark_id) self.assertTrue(h2.mark) h3 = HistoryItem() h3.load(mark_id - 1) self.assertFalse(h3.mark)