def test_pickleable_vuln(self): original_vuln = MockVuln() kb.append('a', 'b', original_vuln) unpickled_vuln = kb.get('a', 'b')[0] self.assertEqual(original_vuln, unpickled_vuln)
def test_get_all_uniq_ids_iter(self): i1 = MockInfo() kb.append('a', 'b', i1) uniq_ids = [u for u in kb.get_all_uniq_ids_iter()] self.assertEqual(uniq_ids, [i1.get_uniq_id()])
def test_kb_list_shells_rfi_port_scan_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() url = URL('http://moth/?a=1') freq = FuzzableRequest(url) exploit_mutant = QSMutant.create_mutants(freq, [''], [], False, {})[0] shell = PortScanShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool, exploit_mutant) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._exploit_mutant, exploit_mutant) w3af_core.quit()
def test_get_all_uniq_ids_iter_include_ids_false(self): i1 = MockInfo() kb.append('a', 'b', i1) uniq_ids = [u for u in kb.get_all_uniq_ids_iter(include_ids=[str(uuid.uuid4())])] self.assertEqual(uniq_ids, [])
def test_get_all_uniq_ids_iter_include_ids(self): i1 = MockInfo() kb.append('a', 'b', i1) uniq_ids = [u for u in kb.get_all_uniq_ids_iter(include_ids=[i1.get_uniq_id()])] self.assertEqual(uniq_ids, [i1.get_uniq_id()])
def test_kb_list_shells_xpath_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() str_delim = '&' true_cond = '' use_difflib = False is_error_response = IsErrorResponse(vuln, w3af_core.uri_opener, use_difflib) shell = XPathReader(vuln, w3af_core.uri_opener, w3af_core.worker_pool, str_delim, true_cond, is_error_response) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.STR_DELIM, shell.STR_DELIM) self.assertEqual(unpickled_shell.TRUE_COND, shell.TRUE_COND) self.assertEqual(unpickled_shell.is_error_resp.use_difflib, use_difflib) self.assertEqual(unpickled_shell.is_error_resp.url_opener, w3af_core.uri_opener) w3af_core.quit()
def test_append_save(self): i1 = MockInfo() kb.append('a', 'b', i1) kb.raw_write('a', 'b', 3) self.assertEqual(kb.raw_read('a', 'b'), 3)
def test_pickleable_info(self): original_info = MockInfo() kb.append('a', 'b', original_info) unpickled_info = kb.get('a', 'b')[0] self.assertEqual(original_info, unpickled_info)
def test_get_one(self): vuln = MockVuln() kb.append('a', 'b', vuln) kb_vuln = kb.get_one('a', 'b') #pylint: disable=E1103 self.assertEqual(kb_vuln.get_uniq_id(), vuln.get_uniq_id()) self.assertEqual(kb_vuln, vuln)
def test_observer_append(self): observer1 = Mock() info = MockInfo() kb.add_observer(observer1) kb.append('a', 'b', info) observer1.append.assert_called_once_with('a', 'b', info, ignore_type=False)
def test_update_vuln(self): vuln = MockVuln() kb.append('a', 'b', vuln) update_vuln = copy.deepcopy(vuln) update_vuln.set_name('a') update_uniq_id = update_vuln.get_uniq_id() kb.update(vuln, update_vuln) self.assertNotEqual(update_vuln, vuln) self.assertEqual(update_vuln, kb.get_by_uniq_id(update_uniq_id))
def test_update_info(self): info = MockInfo() kb.append('a', 'b', info) update_info = copy.deepcopy(info) update_info.set_name('a') update_uniq_id = update_info.get_uniq_id() kb.update(info, update_info) self.assertNotEqual(update_info, info) self.assertEqual(update_info, kb.get_by_uniq_id(update_uniq_id))
def test_observer_update(self): observer1 = Mock() info = MockInfo() kb.add_observer(observer1) kb.append('a', 'b', info) old_info = copy.deepcopy(info) info.set_name('new name') kb.update(old_info, info) observer1.update.assert_called_once_with(old_info, info)
def test_update_exception(self): vuln = MockVuln() kb.append('a', 'b', vuln) original_id = vuln.get_uniq_id() # Cause error by changing vuln uniq_id update_vuln = vuln update_vuln.set_name('a') modified_id = vuln.get_uniq_id() self.assertNotEqual(original_id, modified_id) self.assertRaises(DBException, kb.update, vuln, update_vuln)
def test_append(self): i1 = MockInfo() i2 = MockInfo() i3 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i1) kb.append('a', 'b', i1) kb.append('a', 'b', i2) kb.append('a', 'b', i3) self.assertEqual(kb.get('a', 'b'), [i1, i1, i1, i2, i3])
def test_update_exception(self): vuln = MockVuln() kb.append('a', 'b', vuln) original_id = vuln.get_uniq_id() # Cause error by changing vuln uniq_id update_vuln = vuln update_vuln._uniq_id = str(uuid.uuid4()) modified_id = vuln.get_uniq_id() self.assertNotEqual(original_id, modified_id) self.assertRaises(DBException, kb.update, vuln, update_vuln)
def test_observer_all(self): observer = Mock() kb.add_observer(None, None, observer) kb.raw_write('a', 'b', 1) observer.assert_called_once_with('a', 'b', 1) observer.reset_mock() i = MockInfo() kb.append('a', 'c', i) observer.assert_called_with('a', 'c', i)
def test_save_append(self): """ Although calling raw_write and then append is highly discouraged, someone would want to use it. """ i0 = MockInfo() self.assertRaises(TypeError, kb.raw_write, 'a', 'b', i0) i1 = MockInfo() i2 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, i2])
def test_get_by_uniq_id_duplicated_ignores_second(self): """ TODO: Analyze this case, i1 and i2 have both the same ID because they have all the same information (this is very very uncommon in a real w3af run). Note that in the get_by_uniq_id call i2 is not returned. """ i1 = MockInfo() i2 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i2) i1_copy = kb.get_by_uniq_id(i1.get_uniq_id()) self.assertEqual(i1_copy, i1)
def test_pickleable_shells(self): pool = Pool(1) xurllib = ExtendedUrllib() original_shell = Shell(MockVuln(), xurllib, pool) kb.append('a', 'b', original_shell) unpickled_shell = kb.get('a', 'b')[0] self.assertEqual(original_shell, unpickled_shell) self.assertEqual(unpickled_shell.worker_pool, None) self.assertEqual(unpickled_shell._uri_opener, None) pool.terminate() pool.join() xurllib.end()
def test_observer_location_b(self): observer = Mock() kb.add_observer('a', 'b', observer) kb.raw_write('a', 'b', 1) observer.assert_called_once_with('a', 'b', 1) observer.reset_mock() # Shouldn't call the observer kb.raw_write('a', 'xyz', 1) self.assertFalse(observer.called) i = MockInfo() kb.append('a', 'b', i) observer.assert_called_with('a', 'b', i)
def test_types_observer(self): observer = Mock() info_inst = MockInfo() kb.add_types_observer(Info, observer) kb.append('a', 'b', info_inst) observer.assert_called_once_with('a', 'b', info_inst) observer.reset_mock() info_inst = MockInfo() kb.append('a', 'c', info_inst) observer.assert_called_with('a', 'c', info_inst) observer.reset_mock() # Should NOT call it because it is NOT an Info instance some_int = 3 kb.raw_write('a', 'd', some_int) self.assertEqual(observer.call_count, 0)
def test_pickleable_shells_get_all(self): class FakeCore(object): worker_pool = Pool(1) uri_opener = ExtendedUrllib() core = FakeCore() original_shell = Shell(MockVuln(), core.uri_opener, core.worker_pool) kb.append('a', 'b', original_shell) unpickled_shell = list(kb.get_all_shells(core))[0] self.assertEqual(original_shell, unpickled_shell) self.assertEqual(unpickled_shell.worker_pool, core.worker_pool) self.assertEqual(unpickled_shell._uri_opener, core.uri_opener) core.worker_pool.terminate() core.worker_pool.join() core.uri_opener.end()
def test_kb_list_shells_file_upload_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() exploit_url = URL('http://w3af.org/') shell = FileUploadShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, exploit_url) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._exploit_url, shell._exploit_url) w3af_core.quit()
def test_kb_list_shells_eval_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() shellcodes = get_shell_code('php', 'ls') shellcode_generator = shellcodes[0][2] shell = EvalShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, shellcode_generator) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.shellcode_generator.args, shell.shellcode_generator.args) w3af_core.quit()
def test_kb_list_shells_os_commanding_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() vuln['separator'] = '&' vuln['os'] = 'linux' strategy = BasicExploitStrategy(vuln) shell = OSCommandingShell(strategy, w3af_core.uri_opener, w3af_core.worker_pool) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.strategy.vuln, vuln) w3af_core.quit()
def test_kb_list_shells_file_read_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() header_len, footer_len = 1, 1 vuln = MockVuln() shell = FileReaderShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool, header_len, footer_len) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._header_length, shell._header_length) self.assertEqual(unpickled_shell._footer_length, shell._footer_length) w3af_core.quit()
def test_kb_list_shells_sqlmap_2181(self): """ Also very related with test_pickleable_shells :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() target = Target(URL('http://w3af.org/')) sqlmap_wrapper = SQLMapWrapper(target, w3af_core.uri_opener) sqlmap_shell = SQLMapShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, sqlmap_wrapper) kb.append('a', 'b', sqlmap_shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(sqlmap_shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertIs(unpickled_shell.sqlmap.proxy._uri_opener, w3af_core.uri_opener) w3af_core.quit()
def test_return_all_for_plugin(self): i1 = MockInfo() i2 = MockInfo() i3 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i2) kb.append('a', 'b', i3) self.assertEqual(kb.get('a', 'b'), [i1, i2, i3])
def test_all_of_info_vuln(self): i1 = MockInfo() i2 = MockInfo() v1 = MockVuln() v2 = MockVuln() iset = InfoSet([i2]) vset = InfoSet([v2]) kb.append('a', 'b', i1) kb.append('w', 'z', iset) kb.append('x', 'y', v1) kb.append('4', '2', vset) self.assertEqual(kb.get_all_vulns(), [v1, vset]) self.assertEqual(kb.get_all_infos(), [i1, iset]) self.assertEqual(kb.get_all_findings(), [i1, iset, v1, vset])
def test_all_of_info_exclude_ids(self): i1 = MockInfo() i2 = MockInfo() v1 = MockVuln() v2 = MockVuln() iset = InfoSet([i2]) vset = InfoSet([v2]) kb.append('a', 'b', i1) kb.append('w', 'z', iset) kb.append('x', 'y', v1) kb.append('4', '2', vset) all_findings = kb.get_all_findings() all_findings_except_v1 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(),)) all_findings_except_v1_v2 = kb.get_all_findings(exclude_ids=(v1.get_uniq_id(), vset.get_uniq_id())) self.assertEqual(all_findings, [i1, iset, v1, vset]) self.assertEqual(all_findings_except_v1, [i1, iset, vset]) self.assertEqual(all_findings_except_v1_v2, [i1, iset])
def test_raw_read_error(self): kb.append('a', 'b', MockInfo()) kb.append('a', 'b', MockInfo()) self.assertRaises(RuntimeError, kb.raw_read,'a', 'b')