def _has_no_bug(self, fuzz_req, varname='', pname='', kb_varname=''):
"""
Test if the current combination of `fuzz_req`, `varname` hasn't
already been reported to the knowledge base.
:param fuzz_req: A FuzzableRequest like object.
:param varname: Typically the name of the injection parameter.
:param pname: The name of the plugin that presumably reported
the vulnerability. Defaults to self.name.
:param kb_varname: The name of the variable in the kb, where
the vulnerability was saved. Defaults to self.name.
"""
with self._plugin_lock:
if not varname:
if hasattr(fuzz_req, 'get_var'):
varname = fuzz_req.get_var()
else:
raise ValueError("Invalid arg 'varname': %s" % varname)
pname = pname or self.get_name()
kb_varname = kb_varname or pname
vulns = kb.kb.get(pname, kb_varname)
for vuln in vulns:
if vuln.get_var() == varname and\
fuzz_req.get_dc().keys() == vuln.get_dc().keys() and\
are_variants(vuln.get_uri(), fuzz_req.get_uri()):
return False
return True
def _has_no_bug(self, fuzz_req, varname='', pname='', kb_varname=''):
"""
Test if the current combination of `fuzz_req`, `varname` hasn't
already been reported to the knowledge base.
:param fuzz_req: A FuzzableRequest like object.
:param varname: Typically the name of the injection parameter.
:param pname: The name of the plugin that presumably reported
the vulnerability. Defaults to self.name.
:param kb_varname: The name of the variable in the kb, where
the vulnerability was saved. Defaults to self.name.
"""
with self._plugin_lock:
if not varname:
if hasattr(fuzz_req, 'get_var'):
varname = fuzz_req.get_var()
else:
raise ValueError("Invalid arg 'varname': %s" % varname)
pname = pname or self.get_name()
kb_varname = kb_varname or pname
vulns = kb.kb.get(pname, kb_varname)
for vuln in vulns:
if vuln.get_var() == varname and\
fuzz_req.get_dc().keys() == vuln.get_dc().keys() and\
are_variants(vuln.get_uri(), fuzz_req.get_uri()):
return False
return True
def _has_no_bug(self, mutant, varname='', pname='', kb_varname=''):
"""
Test if the current combination of `fuzz_req`, `varname` hasn't
already been reported to the knowledge base.
:param mutant: A Mutant sub-class.
:param varname: Typically the name of the injection parameter.
:param pname: The name of the plugin that presumably reported
the vulnerability. Defaults to self.name.
:param kb_varname: The name of the variable in the kb, where
the vulnerability was saved. Defaults to self.name.
"""
with self._plugin_lock:
pname = pname or self.get_name()
kb_varname = kb_varname or pname
if not varname:
varname = mutant.get_token_name()
vulns = kb.kb.get(pname, kb_varname)
for vuln in vulns:
if vuln.get_token_name() == varname and\
mutant.get_dc().keys() == vuln.get_dc().keys() and\
are_variants(vuln.get_uri(), mutant.get_uri()):
return False
return True
def test_same_param_diff_value_type(self):
self.assertFalse(
are_variants(URL('http://w3af.com/foo.php?id=1111'),
URL('http://w3af.com/foo.php?id=spam')))
def test_same_params_diff_values(self):
self.assertTrue(
are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
URL('http://w3af.com/foo.php?id=333&foo=spam')))
def test_diff_domain_params(self):
self.assertFalse(
are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
URL('http://w3af.org/foo.php?id=1')))
def test_diff_domain(self):
self.assertFalse(
are_variants(URL('http://w3af.com/foo.php?id=1'),
URL('http://bonsai-sec.com/foo.php?id=1')))
def test_diff_file_param(self):
self.assertFalse(
are_variants(URL('http://w3af.com/bar.php?id=1'),
URL('http://w3af.com/foo.php?foo=1')))
def test_diff_params(self):
self.assertFalse(
are_variants(URL('http://w3af.com/foo.php?x=1'),
URL('http://w3af.com/foo.php?y=1')))
def test_eq(self):
self.assertTrue(
are_variants(URL('http://w3af.com/foo.php'),
URL('http://w3af.com/foo.php')))
def test_same_param_diff_value_type(self):
self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1111'),
URL('http://w3af.com/foo.php?id=spam')))
def test_eq(self):
self.assertTrue(are_variants(URL('http://w3af.com/foo.php'),
URL('http://w3af.com/foo.php')))
def test_same_params_diff_values(self):
self.assertTrue(
are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
URL('http://w3af.com/foo.php?id=333&foo=spam')))
def test_diff_domain_params(self):
self.assertFalse(
are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
URL('http://w3af.org/foo.php?id=1')))
def test_diff_domain(self):
self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1'),
URL('http://bonsai-sec.com/foo.php?id=1')))
def test_diff_file_param(self):
self.assertFalse(are_variants(URL('http://w3af.com/bar.php?id=1'),
URL('http://w3af.com/foo.php?foo=1')))
def test_diff_params(self):
self.assertFalse(are_variants(URL('http://w3af.com/foo.php?x=1'),
URL('http://w3af.com/foo.php?y=1')))
