def test_render_attr_with_special_chars(self):
_id = 2
name = 'A long description with special characters: <&">'
vuln = MockVuln(_id=_id)
vuln.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn(name, xml)
self.assertIn(
'A long description with special characters: <&">',
xml)
self.assertValidXML(xml)
def test_render_attr_with_special_chars(self):
_id = 2
name = 'A long description with special characters: <&">'
vuln = MockVuln(_id=_id)
vuln.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn(name, xml)
self.assertIn('A long description with special characters: <&">', xml)
self.assertValidXML(xml)
def test_cache_works_as_expected(self):
#
# Cache starts empty
#
cache = FindingsCache()
self.assertEquals(cache.list(), [])
#
# Create two vulnerabilities with their HTTP requests and responses
#
_id = 1
name = 'I have a name'
vuln1 = MockVuln(_id=_id)
vuln1.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
_id = 2
name = 'Just a name'
vuln2 = MockVuln(_id=_id)
vuln2.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h2 = HistoryItem()
h2.request = request
res.set_id(_id)
h2.response = res
h2.save()
#
# Save one vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'b', vuln1)
x = xml_file()
list(x.findings())
self.assertEquals(cache.list(), [vuln1.get_uniq_id()])
#
# Save another vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'c', vuln2)
list(x.findings())
expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
#
# Remove one vulnerability and see how it is removed from the cache
#
kb.kb.raw_write('a', 'c', 'noop')
list(x.findings())
expected = {vuln1.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
def test_cache_works_as_expected(self):
#
# Cache starts empty
#
cache = FindingsCache()
self.assertEquals(cache.list(), [])
#
# Create two vulnerabilities with their HTTP requests and responses
#
_id = 1
name = 'I have a name'
vuln1 = MockVuln(_id=_id)
vuln1.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
_id = 2
name = 'Just a name'
vuln2 = MockVuln(_id=_id)
vuln2.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h2 = HistoryItem()
h2.request = request
res.set_id(_id)
h2.response = res
h2.save()
#
# Save one vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'b', vuln1)
x = xml_file()
list(x.findings())
self.assertEquals(cache.list(), [vuln1.get_uniq_id()])
#
# Save another vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'c', vuln2)
list(x.findings())
expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
#
# Remove one vulnerability and see how it is removed from the cache
#
kb.kb.raw_write('a', 'c', 'noop')
list(x.findings())
expected = {vuln1.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
