def __init__(self):
Plugin.__init__(self)
CommonAttackMethods.__init__(self)
self._uri_opener = None
self._footer = None
self._header = None
# User configured parameter
self._generate_only_one = False
def __init__(self):
Plugin.__init__(self)
CommonAttackMethods.__init__(self)
self._uri_opener = None
self._footer = None
self._header = None
# User configured parameter
self._generate_only_one = False
def setUp(self):
self.cam = CommonAttackMethods()
class TestCommonAttackMethods(unittest.TestCase):
def setUp(self):
self.cam = CommonAttackMethods()
def test_etc_passwd_extract_basic(self):
body = """HEADER
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
FOOTER123"""
self.cam._define_cut_from_etc_passwd(body, body)
header = 'HEADER\n '
footer = ' FOOTER123'
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
mtab_content = """/dev/sda1 / ext4 rw,errors=remount-ro 0 0
proc /proc proc rw,noexec,nosuid,nodev 0 0
sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0
none /sys/fs/fuse/connections fusectl rw 0 0"""
mtab_body = '%s%s%s' % (header, mtab_content, footer)
self.assertEqual(self.cam._cut(mtab_body), mtab_content)
def test_etc_passwd_extract_div(self):
body = """<div>root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\n</div>"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len('<div>'))
self.assertEqual(self.cam._footer_length, len('</div>'))
def test_etc_passwd_extract_no_header_footer(self):
body = """root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\n"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len(''))
self.assertEqual(self.cam._footer_length, len(''))
def test_etc_passwd_extract_together(self):
body = """HEADERroot:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\nFOOTER"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len('HEADER'))
self.assertEqual(self.cam._footer_length, len('FOOTER'))
def test_etc_passwd_extract_bad_1(self):
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, 'a', 'b')
def test_etc_passwd_extract_bad_2(self):
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, 'a', 'a')
def test_etc_passwd_extract_bad_3(self):
body = """HEADER
andres:x:0:0:andres:/andres:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
FOOTER123"""
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, body, body)
def test_etc_passwd_extract_bad_4(self):
body = """HEADERroot:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/shFOOTER"""
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, body, body)
def test_define_exact_cut_basic(self):
expected = 'w3af\n'
header = 'HEADER'
footer = 'FOOTER123'
body = '%s%s%s' % (header, expected, footer)
self.cam._define_exact_cut(body, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_basic(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = 'HEADER'
footer = 'FOOTER123'
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
@attr('ci_fails')
def test_guess_cut_no_header(self):
"""
This one fails but I don't really have time to fix it now and it is not
as important as you might think. It is very related to this line of
code in common_attack_methods.py:
sequence_matcher = difflib.SequenceMatcher(lambda x: len(x) < 3,
Specifically the "lambda x: len(x) < 3".
"""
raise SkipTest
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = ''
footer = 'FOOTER123'
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_no_footer(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = 'HEADER'
footer = ''
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_no_header_no_footer(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = ''
footer = ''
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def setUp(self):
self.cam = CommonAttackMethods()
class TestCommonAttackMethods(unittest.TestCase):
def setUp(self):
self.cam = CommonAttackMethods()
def test_etc_passwd_extract_basic(self):
body = """HEADER
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
FOOTER123"""
self.cam._define_cut_from_etc_passwd(body, body)
header = 'HEADER\n '
footer = ' FOOTER123'
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
mtab_content = """/dev/sda1 / ext4 rw,errors=remount-ro 0 0
proc /proc proc rw,noexec,nosuid,nodev 0 0
sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0
none /sys/fs/fuse/connections fusectl rw 0 0"""
mtab_body = '%s%s%s' % (header, mtab_content, footer)
self.assertEqual(self.cam._cut(mtab_body), mtab_content)
def test_etc_passwd_extract_div(self):
body = """<div>root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\n</div>"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len('<div>'))
self.assertEqual(self.cam._footer_length, len('</div>'))
def test_etc_passwd_extract_no_header_footer(self):
body = """root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\n"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len(''))
self.assertEqual(self.cam._footer_length, len(''))
def test_etc_passwd_extract_together(self):
body = """HEADERroot:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\nFOOTER"""
self.cam._define_cut_from_etc_passwd(body, body)
self.assertEqual(self.cam._header_length, len('HEADER'))
self.assertEqual(self.cam._footer_length, len('FOOTER'))
def test_etc_passwd_extract_bad_1(self):
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd,
'a', 'b')
def test_etc_passwd_extract_bad_2(self):
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd,
'a', 'a')
def test_etc_passwd_extract_bad_3(self):
body = """HEADER
andres:x:0:0:andres:/andres:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
FOOTER123"""
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd,
body, body)
def test_etc_passwd_extract_bad_4(self):
body = """HEADERroot:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/shFOOTER"""
self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd,
body, body)
def test_define_exact_cut_basic(self):
expected = 'w3af\n'
header = 'HEADER'
footer = 'FOOTER123'
body = '%s%s%s' % (header, expected, footer)
self.cam._define_exact_cut(body, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_basic(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = 'HEADER'
footer = 'FOOTER123'
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
@attr('ci_fails')
def test_guess_cut_no_header(self):
"""
This one fails but I don't really have time to fix it now and it is not
as important as you might think. It is very related to this line of
code in common_attack_methods.py:
sequence_matcher = difflib.SequenceMatcher(lambda x: len(x) < 3,
Specifically the "lambda x: len(x) < 3".
"""
raise SkipTest
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = ''
footer = 'FOOTER123'
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_no_footer(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = 'HEADER'
footer = ''
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def test_guess_cut_no_header_no_footer(self):
expected = 'w3af\n'
error = 'error found while trying to read not existing file'
header = ''
footer = ''
body_a = '%s%s%s' % (header, expected, footer)
body_b = '%s%s%s' % (header, error, footer)
self.cam._guess_cut(body_a, body_b, expected)
self.assertEqual(self.cam._header_length, len(header))
self.assertEqual(self.cam._footer_length, len(footer))
another_content = """hello world"""
another_body = '%s%s%s' % (header, another_content, footer)
self.assertEqual(self.cam._cut(another_body), another_content)
def __init__(self, vuln):
ExploitStrategy.__init__(self, vuln)
CommonAttackMethods.__init__(self)
