def __init__(self):
GrepPlugin.__init__(self)
self._total_count = 0
self._vuln_count = 0
self._vulns = DiskList(table_prefix='cache_control')
self._ids = DiskList(table_prefix='cache_control')
def __init__(self):
GrepPlugin.__init__(self)
self._total_count = 0
self._vuln_count = 0
self._vulns = DiskList()
self._ids = DiskList()
def __init__(self):
GrepPlugin.__init__(self)
self._total_count = 0
self._vuln_count = 0
self._vulns = DiskList(table_prefix='click_jacking')
self._ids = DiskList(table_prefix='click_jacking')
def __init__(self):
"""
Class init
"""
GrepPlugin.__init__(self)
self._total_count = 0
self._vulns = DiskList()
self._urls = DiskList()
def __init__(self):
"""
Class init
"""
GrepPlugin.__init__(self)
self._total_count = 0
self._vulns = DiskList(table_prefix='csp')
self._urls = DiskList(table_prefix='csp')
def __init__(self):
AuditPlugin.__init__(self)
self._xss_mutants = DiskList(table_prefix='xss')
# User configured parameters
self._check_persistent_xss = True
def test_thread_safe(self):
dl = DiskList()
def worker(range_inst):
for i in range_inst:
dl.append(i)
threads = []
_min = 0
for _max in xrange(0, 1100, 100):
th = threading.Thread(target=worker, args=(xrange(_min, _max), ))
threads.append(th)
_min = _max
for th in threads:
th.start()
for th in threads:
th.join()
for i in xrange(0, 1000):
self.assertTrue(i in dl, i)
dl_as_list = list(dl)
self.assertEqual(len(dl_as_list), len(set(dl_as_list)))
dl_as_list.sort()
self.assertEqual(dl_as_list, range(1000))
def test_remove_table_then_add(self):
disk_list = DiskList()
disk_list.append(1)
disk_list.cleanup()
self.assertRaises(AssertionError, disk_list.append, 1)
def __init__(self, scroll_bar, active_filter, possible):
"""
:param scroll_bar: Gtk Vertical Scrollbar object
:param active_filter: the filter active at startup.
:param possible: all filter keys
"""
gtk.TextView.__init__(self)
MessageConsumer.__init__(self)
self.set_editable(False)
self.set_cursor_visible(False)
self.set_wrap_mode(gtk.WRAP_WORD)
self.textbuffer = self.get_buffer()
self.show()
self.possible = set(possible)
self.active_filter = active_filter
self.text_position = 0
self.all_messages = DiskList()
# scroll bar
self.freeze_scrollbar = False
scroll_bar.connect("value-changed", self.scroll_changed)
# colors
self.textbuffer.create_tag("red-fg", foreground="red")
self.textbuffer.create_tag("blue-fg", foreground="blue")
self.textbuffer.create_tag("brown-fg", foreground="brown")
self.bg_colors = {
"vulnerability": "red-fg",
"information": "blue-fg",
"error": "brown-fg",
}
def test_to_unicode(self):
dl = DiskList()
dl.append(1)
dl.append(2)
dl.append(3)
self.assertEqual(unicode(dl), u'<DiskList [1, 2, 3]>')
def test_specific_serializer_with_http_response(self):
#
# This test runs in 26.42 seconds on my workstation
#
body = '<html><a href="http://moth/abc.jsp">test</a></html>'
headers = Headers([('Content-Type', 'text/html')])
url = URL('http://w3af.com')
response = HTTPResponse(200, body, headers, url, url, _id=1)
def dump(http_response):
return msgpack.dumps(http_response.to_dict(), use_bin_type=True)
def load(serialized_object):
data = msgpack.loads(serialized_object, raw=False)
return HTTPResponse.from_dict(data)
count = 30000
dl = DiskList(dump=dump, load=load)
for i in xrange(0, count):
# This tests the serialization
dl.append(response)
# This tests the deserialization
_ = dl[i]
def test_len(self):
dl = DiskList()
for i in xrange(0, 100):
_ = dl.append(i)
self.assertEqual(len(dl) == 100, True)
def test_fuzzable_request(self):
dl = DiskList()
uri = URL('http://w3af.org/?id=2')
qsr1 = HTTPQSRequest(uri,
method='GET',
headers=Headers([('Referer', 'http://w3af.org/')
]))
uri = URL('http://w3af.org/?id=3')
qsr2 = HTTPQSRequest(uri,
method='OPTIONS',
headers=Headers([('Referer', 'http://w3af.org/')
]))
uri = URL('http://w3af.org/?id=7')
qsr3 = HTTPQSRequest(uri,
method='FOO',
headers=Headers([('Referer', 'http://w3af.org/')
]))
dl.append(qsr1)
dl.append(qsr2)
self.assertEqual(dl[0], qsr1)
self.assertEqual(dl[1], qsr2)
self.assertFalse(qsr3 in dl)
self.assertTrue(qsr2 in dl)
def test_slice_all(self):
disk_list = DiskList()
disk_list.append('1')
disk_list.append('2')
dl_copy = disk_list[:]
self.assertIn('1', dl_copy)
self.assertIn('2', dl_copy)
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._potential_vulns = DiskList(table_prefix='generic')
# User configured variables
self._diff_ratio = 0.30
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._expected_res_mutant = DiskDict()
self._freq_list = DiskList()
re_str = '<!--#exec cmd="echo -n (.*?);echo -n (.*?)" -->'
self._extract_results_re = re.compile(re_str)
def __init__(self):
GrepPlugin.__init__(self)
# Internal variables
self._potential_vulns = DiskList(table_prefix='error_pages')
self._already_reported_max_msg_exceeded = []
self._already_reported_versions = []
self._compiled_regex = []
def test_slice_greater_than_length(self):
disk_list = DiskList()
disk_list.append('1')
disk_list.append('2')
dl_copy = disk_list[:50]
self.assertIn('1', dl_copy)
self.assertIn('2', dl_copy)
self.assertEqual(2, len(dl_copy))
def test_many_instances(self):
all_instances = []
amount = 200
for _ in xrange(amount):
disk_list = DiskList()
all_instances.append(disk_list)
self.assertEqual(len(all_instances), amount)
def test_urlobject(self):
dl = DiskList()
dl.append(URL('http://w3af.org/?id=2'))
dl.append(URL('http://w3af.org/?id=3'))
self.assertEqual(dl[0], URL('http://w3af.org/?id=2'))
self.assertEqual(dl[1], URL('http://w3af.org/?id=3'))
self.assertFalse(URL('http://w3af.org/?id=4') in dl)
self.assertTrue(URL('http://w3af.org/?id=2') in dl)
def test_slice_first_N(self):
disk_list = DiskList()
disk_list.append('1')
disk_list.append('2')
disk_list.append('3')
dl_copy = disk_list[:1]
self.assertIn('1', dl_copy)
self.assertNotIn('2', dl_copy)
self.assertNotIn('3', dl_copy)
def test_sorted(self):
dl = DiskList()
dl.append('abc')
dl.append('def')
dl.append('aaa')
sorted_dl = sorted(dl)
self.assertEqual(['aaa', 'abc', 'def'], sorted_dl)
def test_remove_table(self):
disk_list = DiskList()
table_name = disk_list.table_name
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
disk_list.cleanup()
self.assertFalse(db.table_exists(table_name))
def test_clear(self):
dl = DiskList()
dl.append('a')
dl.append('b')
self.assertEqual(len(dl), 2)
dl.clear()
self.assertEqual(len(dl), 0)
def test_getitem(self):
dl = DiskList()
dl.append('a')
dl.append(1)
dl.append([3, 2, 1])
self.assertEqual(dl[0] == 'a', True)
self.assertEqual(dl[1] == 1, True)
self.assertEqual(dl[2] == [3, 2, 1], True)
self.assertRaises(IndexError, dl.__getitem__, 3)
def test_getitem_negative(self):
dl = DiskList()
dl.append('a')
dl.append('b')
dl.append('c')
self.assertEqual(dl[-1], 'c')
self.assertEqual(dl[-2], 'b')
self.assertEqual(dl[-3], 'a')
self.assertRaises(IndexError, dl.__getitem__, -4)
def __init__(self):
GrepPlugin.__init__(self)
# Internal variables
self._reported = DiskList(table_prefix='path_disclosure')
# Compile all regular expressions and store information to avoid
# multiple queries to the same function
self._common_directories = get_common_directories()
self._compiled_regexes = {}
self._compile_regex()
def test_extend(self):
dl = DiskList()
dl.append('a')
dl.extend([1, 2, 3])
self.assertEqual(len(dl), 4)
self.assertEqual(dl[0], 'a')
self.assertEqual(dl[1], 1)
self.assertEqual(dl[2], 2)
self.assertEqual(dl[3], 3)
def test_islice(self):
disk_list = DiskList()
disk_list.extend('ABCDEFG')
EXPECTED = 'CDEFG'
result = ''
for c in itertools.islice(disk_list, 2, None, None):
result += c
self.assertEqual(EXPECTED, result)
def test_reverse_iteration(self):
dl = DiskList()
dl.append(1)
dl.append(2)
dl.append(3)
reverse_iter_res = []
for i in reversed(dl):
reverse_iter_res.append(i)
self.assertEqual(reverse_iter_res, [3, 2, 1])
