def test_render_attr_with_special_chars(self): _id = 2 name = 'A long description with special characters: <&">' vuln = MockVuln(_id=_id) vuln.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(_id) h1.response = res h1.save() x = xml_file() finding = Finding(x._get_jinja2_env(), vuln) xml = finding.to_string() self.assertNotIn(name, xml) self.assertIn( 'A long description with special characters: <&">', xml) self.assertValidXML(xml)
def test_render_attr_with_special_chars(self): _id = 2 name = 'A long description with special characters: <&">' vuln = MockVuln(_id=_id) vuln.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(_id) h1.response = res h1.save() x = xml_file() finding = Finding(x._get_jinja2_env(), vuln) xml = finding.to_string() self.assertNotIn(name, xml) self.assertIn('A long description with special characters: <&">', xml) self.assertValidXML(xml)
def test_cache_works_as_expected(self): # # Cache starts empty # cache = FindingsCache() self.assertEquals(cache.list(), []) # # Create two vulnerabilities with their HTTP requests and responses # _id = 1 name = 'I have a name' vuln1 = MockVuln(_id=_id) vuln1.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(_id) h1.response = res h1.save() _id = 2 name = 'Just a name' vuln2 = MockVuln(_id=_id) vuln2.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h2 = HistoryItem() h2.request = request res.set_id(_id) h2.response = res h2.save() # # Save one vulnerability to the KB and call the cache-user # kb.kb.append('a', 'b', vuln1) x = xml_file() list(x.findings()) self.assertEquals(cache.list(), [vuln1.get_uniq_id()]) # # Save another vulnerability to the KB and call the cache-user # kb.kb.append('a', 'c', vuln2) list(x.findings()) expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()} self.assertEquals(set(cache.list()), expected) # # Remove one vulnerability and see how it is removed from the cache # kb.kb.raw_write('a', 'c', 'noop') list(x.findings()) expected = {vuln1.get_uniq_id()} self.assertEquals(set(cache.list()), expected)
def test_cache_works_as_expected(self): # # Cache starts empty # cache = FindingsCache() self.assertEquals(cache.list(), []) # # Create two vulnerabilities with their HTTP requests and responses # _id = 1 name = 'I have a name' vuln1 = MockVuln(_id=_id) vuln1.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(_id) h1.response = res h1.save() _id = 2 name = 'Just a name' vuln2 = MockVuln(_id=_id) vuln2.set_name(name) url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>', hdr, url, url) h2 = HistoryItem() h2.request = request res.set_id(_id) h2.response = res h2.save() # # Save one vulnerability to the KB and call the cache-user # kb.kb.append('a', 'b', vuln1) x = xml_file() list(x.findings()) self.assertEquals(cache.list(), [vuln1.get_uniq_id()]) # # Save another vulnerability to the KB and call the cache-user # kb.kb.append('a', 'c', vuln2) list(x.findings()) expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()} self.assertEquals(set(cache.list()), expected) # # Remove one vulnerability and see how it is removed from the cache # kb.kb.raw_write('a', 'c', 'noop') list(x.findings()) expected = {vuln1.get_uniq_id()} self.assertEquals(set(cache.list()), expected)