Esempio n. 1
0
    def test_strategy_exception(self):
        core = w3afCore()
        
        target = core.target.get_options()
        target['target'].set_value(self.TARGET_URL)
        core.target.set_options(target)
        
        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()
        
        core.verify_environment()
        core.scan_start_hook()
        
        strategy = CoreStrategy(core)
        strategy._fuzzable_request_router = Mock(side_effect=Exception)
        
        strategy.terminate = Mock(wraps=strategy.terminate)
        
        self.assertRaises(Exception, strategy.start)
        
        # Now test that those threads are being terminated
        self.assertEqual(strategy.terminate.called, True)
        
        core.exploit_phase_prerequisites = lambda: 42
        core.scan_end_hook()

        self._assert_thread_names()
Esempio n. 2
0
    def test_strategy_exception(self):
        core = w3afCore()

        target = core.target.get_options()
        target['target'].set_value(self.TARGET_URL)
        core.target.set_options(target)

        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()

        core.verify_environment()
        core.scan_start_hook()

        strategy = CoreStrategy(core)
        strategy._fuzzable_request_router = Mock(side_effect=Exception)

        strategy.terminate = Mock(wraps=strategy.terminate)

        self.assertRaises(Exception, strategy.start)

        # Now test that those threads are being terminated
        self.assertEqual(strategy.terminate.called, True)

        core.exploit_phase_prerequisites = lambda: 42
        core.scan_end_hook()

        self._assert_thread_names()
Esempio n. 3
0
    def test_alert_if_target_is_301_all_internal_redir(self):
        """
        Tests that no info is created if the site redirects internally
        """
        core = w3afCore()

        httpretty.register_uri(
            httpretty.GET,
            re.compile("w3af.com/(.*)"),
            body='301',
            status=301,
            adding_headers={'Location': 'http://w3af.com/xyz'})

        target = core.target.get_options()
        target['target'].set_value('http://w3af.com/')
        core.target.set_options(target)

        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()

        core.verify_environment()
        core.scan_start_hook()

        strategy = CoreStrategy(core)
        strategy.start()

        infos = kb.get('core', 'core')
        self.assertEqual(len(infos), 0, infos)
    def test_alert_if_target_is_301_all_internal_redir(self):
        """
        Tests that no info is created if the site redirects internally
        """
        core = w3afCore()

        httpretty.register_uri(httpretty.GET,
                               re.compile("w3af.com/(.*)"),
                               body='301',
                               status=301,
                               adding_headers={'Location': 'http://w3af.com/xyz'})

        target = core.target.get_options()
        target['target'].set_value('http://w3af.com/')
        core.target.set_options(target)

        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()

        core.verify_environment()
        core.scan_start_hook()

        strategy = CoreStrategy(core)
        strategy.start()

        infos = kb.get('core', 'core')
        self.assertEqual(len(infos), 0, infos)
Esempio n. 5
0
    def test_strategy_run(self):
        core = w3afCore()

        target = core.target.get_options()
        target['target'].set_value(self.TARGET_URL)
        core.target.set_options(target)

        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()

        core.verify_environment()
        core.scan_start_hook()

        def verify_threads_running(functor):
            thread_names = [t.name for t in threading.enumerate()]
            self.assertIn('WorkerThread', thread_names)
            self.called_teardown_audit = True
            return functor

        self.called_teardown_audit = False

        strategy = CoreStrategy(core)
        strategy._teardown_audit = verify_threads_running(
            strategy._teardown_audit)

        strategy.start()

        # Now test that those threads are being terminated
        self.assertTrue(self.called_teardown_audit)

        vulns = kb.get('sqli', 'sqli')
        self.assertEqual(len(vulns), 1, vulns)

        # Tell the core that we've finished, this should kill the WorkerThreads
        core.exploit_phase_prerequisites = lambda: 42
        core.scan_end_hook()

        self._assert_thread_names()
Esempio n. 6
0
 def test_strategy_verify_target_server(self):
     core = w3afCore()
     
     # TODO: Change 2312 by an always closed/non-http port
     INVALID_TARGET = 'http://localhost:2312/'
     
     target = core.target.get_options()
     target['target'].set_value(INVALID_TARGET)
     core.target.set_options(target)
     
     core.plugins.set_plugins(['sqli'], 'audit')
     core.plugins.init_plugins()
     
     core.verify_environment()
     core.scan_start_hook()
     
     strategy = CoreStrategy(core)
     
     try:
         strategy.start()
     except ScanMustStopException, wmse:
         message = str(wmse)
         self.assertIn('Please verify your target configuration', message)
Esempio n. 7
0
    def test_strategy_verify_target_server_up(self):
        core = w3afCore()

        # TODO: Change 2312 by an always closed/non-http port
        INVALID_TARGET = 'http://localhost:2312/'

        target = core.target.get_options()
        target['target'].set_value(INVALID_TARGET)
        core.target.set_options(target)

        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()

        core.verify_environment()
        core.scan_start_hook()

        strategy = CoreStrategy(core)

        try:
            strategy.start()
        except ScanMustStopException, wmse:
            message = str(wmse)
            self.assertIn('Please verify your target configuration', message)
Esempio n. 8
0
    def test_strategy_run(self):
        core = w3afCore()
        
        target = core.target.get_options()
        target['target'].set_value(self.TARGET_URL)
        core.target.set_options(target)
        
        core.plugins.set_plugins(['sqli'], 'audit')
        core.plugins.init_plugins()
        
        core.verify_environment()
        core.scan_start_hook()
        
        def verify_threads_running(functor):
            thread_names = [t.name for t in threading.enumerate()]
            self.assertIn('WorkerThread', thread_names)
            self.called_teardown_audit = True
            return functor
        
        self.called_teardown_audit = False
        
        strategy = CoreStrategy(core)
        strategy._teardown_audit = verify_threads_running(strategy._teardown_audit)
        
        strategy.start()
        
        # Now test that those threads are being terminated
        self.assertTrue(self.called_teardown_audit)
        
        vulns = kb.get('sqli', 'sqli')
        self.assertEqual(len(vulns), 1, vulns)
        
        # Tell the core that we've finished, this should kill the WorkerThreads
        core.exploit_phase_prerequisites = lambda: 42
        core.scan_end_hook()

        self._assert_thread_names()