Esempio n. 1
0
    def setUp(self):
        super(TestHTMLRendering, self).setUp()
        self.plugin = self.w3afcore.plugins.get_plugin_inst('output',
                                                            'html_file')

        HistoryItem().init()

        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)
        h1 = HistoryItem()
        h1.request = request
        res.set_id(1)
        h1.response = res
        h1.save()

        url = URL('http://w3af.com/foo.py')
        request = HTTPRequest(url, data='text=xss')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>empty</html>', hdr, url, url)
        h1 = HistoryItem()
        h1.request = request
        res.set_id(4)
        h1.response = res
        h1.save()
Esempio n. 2
0
    def setUp(self):
        super(TestHTMLRendering, self).setUp()
        self.plugin = self.w3afcore.plugins.get_plugin_inst(
            'output', 'html_file')

        HistoryItem().init()

        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)
        h1 = HistoryItem()
        h1.request = request
        res.set_id(1)
        h1.response = res
        h1.save()

        url = URL('http://w3af.com/foo.py')
        request = HTTPRequest(url, data='text=xss')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>empty</html>', hdr, url, url)
        h1 = HistoryItem()
        h1.request = request
        res.set_id(4)
        h1.response = res
        h1.save()
Esempio n. 3
0
    def test_find(self):
        find_id = random.randint(1, 499)
        url = URL('http://w3af.org/a/b/foobar.php?foo=123')
        tag_value = rand_alnum(10)
        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            code = 200
            if i == find_id:
                code = 302

            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(code, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == find_id:
                h1.toggle_mark()
                h1.update_tag(tag_value)
            h1.save()
        h2 = HistoryItem()
        self.assertEqual(
                len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
        self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
        self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
        self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
        self.assertEqual(
                len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
        results = h2.find(
                [('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
        self.assertEqual(results[0].id, 499)
        search_data = []
        search_data.append(('id', find_id + 1, "<"))
        search_data.append(('id', find_id - 1, ">"))
        self.assertEqual(len(h2.find(search_data)), 1)
Esempio n. 4
0
    def test_find(self):
        find_id = random.randint(1, 499)
        url = URL('http://w3af.org/a/b/foobar.php?foo=123')
        tag_value = rand_alnum(10)
        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            code = 200
            if i == find_id:
                code = 302

            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(code, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == find_id:
                h1.toggle_mark()
                h1.update_tag(tag_value)
            h1.save()
        h2 = HistoryItem()
        self.assertEqual(
            len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
        self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
        self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
        self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
        self.assertEqual(
            len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
        results = h2.find(
            [('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
        self.assertEqual(results[0].id, 499)
        search_data = []
        search_data.append(('id', find_id + 1, "<"))
        search_data.append(('id', find_id - 1, ">"))
        self.assertEqual(len(h2.find(search_data)), 1)
Esempio n. 5
0
    def test_clear(self):
        
        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)
        
        h1 = HistoryItem()
        h1.request = request
        res.set_id(1)
        h1.response = res
        h1.save()

        table_name = h1.get_table_name()
        db = get_default_temp_db_instance()
        
        self.assertTrue(db.table_exists(table_name))
        
        clear_result = h1.clear()
        
        self.assertTrue(clear_result)
        self.assertFalse(os.path.exists(h1._session_dir),
                         '%s exists.' % h1._session_dir)
        
        # Changed the meaning of clear a little bit... now it simply removes
        # all rows from the table, not the table itself
        self.assertTrue(db.table_exists(table_name))        
Esempio n. 6
0
    def test_render_attr_with_special_chars(self):
        _id = 2

        name = 'A long description with special characters: <&">'

        vuln = MockVuln(_id=_id)
        vuln.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn(name, xml)
        self.assertIn('A long description with special characters: &lt;&amp;&quot;&gt;', xml)
        self.assertValidXML(xml)
Esempio n. 7
0
    def test_clear(self):
        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(1)
        h1.response = res
        h1.save()

        table_name = h1.get_table_name()
        db = get_default_temp_db_instance()

        self.assertTrue(db.table_exists(table_name))

        clear_result = h1.clear()

        self.assertTrue(clear_result)
        self.assertFalse(os.path.exists(h1._session_dir),
                         '%s exists.' % h1._session_dir)

        # Changed the meaning of clear a little bit... now it simply removes
        # all rows from the table, not the table itself
        self.assertTrue(db.table_exists(table_name))
Esempio n. 8
0
    def test_render_with_special_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' characters such as <, & and > which MUST be encoded'
                ' by jinja2.')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('such as <, & and > which MUST', xml)
        self.assertIn('such as &lt;, &amp; and &gt; which MUST', xml)
        self.assertValidXML(xml)
Esempio n. 9
0
    def test_render_attr_with_special_chars(self):
        _id = 2

        name = 'A long description with special characters: <&">'

        vuln = MockVuln(_id=_id)
        vuln.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn(name, xml)
        self.assertIn(
            'A long description with special characters: &lt;&amp;&quot;&gt;',
            xml)
        self.assertValidXML(xml)
Esempio n. 10
0
    def test_render_with_unicode_control_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' unicode control characters such as \f and \x09')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('unicode control characters such as \f and \x09', xml)
        self.assertIn('unicode control characters such as <character code="000c"/> and <character code="0009"/>', xml)
        self.assertValidXML(xml)
Esempio n. 11
0
    def test_render_with_special_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' characters such as <, & and > which MUST be encoded'
                ' by jinja2.')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('such as <, & and > which MUST', xml)
        self.assertIn('such as &lt;, &amp; and &gt; which MUST', xml)
        self.assertValidXML(xml)
Esempio n. 12
0
    def test_render_with_unicode_control_chars(self):
        _id = 2

        desc = ('This is a long description that contains some special'
                ' unicode control characters such as \f and \x09')

        vuln = MockVuln(_id=_id)
        vuln.set_desc(desc)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        self.assertNotIn('unicode control characters such as \f and \x09', xml)
        self.assertIn(
            'unicode control characters such as <character code="000c"/> and <character code="0009"/>',
            xml)
        self.assertValidXML(xml)
Esempio n. 13
0
    def test_render_url_special_chars(self):
        self.maxDiff = None

        _id = 2
        vuln = MockVuln(_id=_id)

        url = URL(
            u'https://w3af.com/._basebind/node_modules/lodash._basecreate/'
            u'LICENSE.txt\x00=ڞ')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        vuln.set_uri(url)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        expected = (
            u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt&lt;character code=&quot;0000&quot;/&gt;=\u069e" var="None">\n'
            u'    <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
            u'    <http-transactions>\n'
            u'            <http-transaction id="2">\n\n'
            u'    <http-request>\n'
            u'        <status>POST https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt%00=%DA%9E HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n'
            u'</http-transaction>\n'
            u'    </http-transactions>\n'
            u'</vulnerability>')

        self.assertEqual(xml, expected)
        self.assertValidXML(xml)
Esempio n. 14
0
    def test_cache(self):
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        _id = 2

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()
        http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)

        self.assertIsNone(http_transaction.get_node_from_cache())

        # Writes to cache
        xml = http_transaction.to_string()

        expected = (
            u'<http-transaction id="2">\n\n'
            u'    <http-request>\n'
            u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n</http-transaction>')
        self.assertEqual(expected, xml)

        # Yup, we're cached
        self.assertIsNotNone(http_transaction.get_node_from_cache())

        # Make sure they are all the same
        cached_xml = http_transaction.get_node_from_cache()
        self.assertEqual(cached_xml, expected)

        xml = http_transaction.to_string()
        self.assertEqual(expected, xml)
Esempio n. 15
0
    def test_cache(self):
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        _id = 2

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()
        http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)

        self.assertIsNone(http_transaction.get_node_from_cache())

        # Writes to cache
        xml = http_transaction.to_string()

        expected = (u'<http-transaction id="2">\n\n'
                    u'    <http-request>\n'
                    u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
                    u'        <headers>\n'
                    u'            <header field="User-agent" content="w3af" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">YT0x\n</body>\n'
                    u'    </http-request>\n\n'
                    u'    <http-response>\n'
                    u'        <status>HTTP/1.1 200 OK</status>\n'
                    u'        <headers>\n'
                    u'            <header field="Content-Type" content="text/html" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
                    u'    </http-response>\n\n</http-transaction>')
        self.assertEqual(expected, xml)

        # Yup, we're cached
        self.assertIsNotNone(http_transaction.get_node_from_cache())

        # Make sure they are all the same
        cached_xml = http_transaction.get_node_from_cache()
        self.assertEqual(cached_xml, expected)

        xml = http_transaction.to_string()
        self.assertEqual(expected, xml)
Esempio n. 16
0
    def test_clear_clear(self):
        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(1)
        h1.response = res
        h1.save()

        h1.clear()
        h1.clear()
Esempio n. 17
0
 def test_clear_clear(self):
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     
     h1 = HistoryItem()
     h1.request = request
     res.set_id(1)
     h1.response = res
     h1.save()
     
     h1.clear()
     h1.clear()
Esempio n. 18
0
    def test_render_simple(self):
        _id = 2

        vuln = MockVuln(_id=_id)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        expected = (
            u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
            u'    <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
            u'    <http-transactions>\n'
            u'            <http-transaction id="2">\n\n'
            u'    <http-request>\n'
            u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n'
            u'</http-transaction>\n'
            u'    </http-transactions>\n'
            u'</vulnerability>')

        self.assertEqual(xml, expected)
        self.assertValidXML(xml)
Esempio n. 19
0
    def test_no_duplicate_vuln_reports(self):
        # The xml_file plugin had a bug where vulnerabilities were written to
        # disk multiple times, this test makes sure I fixed that vulnerability

        # Write the HTTP request / response to the DB
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)

        _id = 1

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        # Create one vulnerability in the KB pointing to the request-
        # response we just created
        desc = 'Just a test for the XML file output plugin.'
        v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
        kb.kb.append('sqli', 'sqli', v)

        self.assertEqual(len(kb.kb.get_all_vulns()), 1)

        # Setup the plugin
        plugin_instance = xml_file()
        plugin_instance.set_w3af_core(self.w3af_core)

        # Set the output file for the unittest
        ol = OptionList()
        d = 'Output file name where to write the XML data'
        o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
        ol.add(o)

        # Then we flush() twice to disk, this reproduced the issue
        plugin_instance.set_options(ol)
        plugin_instance.flush()
        plugin_instance.flush()
        plugin_instance.flush()

        # Now we parse the vulnerabilities from disk and confirm only one
        # is there
        file_vulns = get_vulns_from_xml(self.FILENAME)
        self.assertEqual(len(file_vulns), 1, file_vulns)
Esempio n. 20
0
 def test_save_load(self):
     i = random.randint(1, 499)
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     h1 = HistoryItem()
     h1.request = request
     res.set_id(i)
     h1.response = res
     h1.save()
     h2 = HistoryItem()
     h2.load(i)
     self.assertEqual(h1.request, h2.request)
     self.assertEqual(h1.response.body, h2.response.body)
Esempio n. 21
0
 def test_save_load(self):
     i = random.randint(1, 499)
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     h1 = HistoryItem()
     h1.request = request
     res.set_id(i)
     h1.response = res
     h1.save()
     h2 = HistoryItem()
     h2.load(i)
     self.assertEqual(h1.request, h2.request)
     self.assertEqual(h1.response.body, h2.response.body)
Esempio n. 22
0
    def test_no_duplicate_vuln_reports(self):
        # The xml_file plugin had a bug where vulnerabilities were written to
        # disk multiple times, this test makes sure I fixed that vulnerability

        # Write the HTTP request / response to the DB
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)

        _id = 1

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        # Create one vulnerability in the KB pointing to the request-
        # response we just created
        desc = 'Just a test for the XML file output plugin.'
        v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
        kb.kb.append('sqli', 'sqli', v)

        self.assertEqual(len(kb.kb.get_all_vulns()), 1)

        # Setup the plugin
        plugin_instance = xml_file()

        # Set the output file for the unittest
        ol = OptionList()
        d = 'Output file name where to write the XML data'
        o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
        ol.add(o)

        # Then we flush() twice to disk, this reproduced the issue
        plugin_instance.set_options(ol)
        plugin_instance.flush()
        plugin_instance.flush()
        plugin_instance.flush()

        # Now we parse the vulnerabilities from disk and confirm only one
        # is there
        file_vulns = get_vulns_from_xml(self.FILENAME)
        self.assertEqual(len(file_vulns), 1, file_vulns)
Esempio n. 23
0
    def test_render_simple(self):
        _id = 2

        vuln = MockVuln(_id=_id)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()

        finding = Finding(x._get_jinja2_env(), vuln)
        xml = finding.to_string()

        expected = (u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
                    u'    <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
                    u'    <http-transactions>\n'
                    u'            <http-transaction id="2">\n\n'
                    u'    <http-request>\n'
                    u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
                    u'        <headers>\n'
                    u'            <header field="User-agent" content="w3af" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">YT0x\n</body>\n'
                    u'    </http-request>\n\n'
                    u'    <http-response>\n'
                    u'        <status>HTTP/1.1 200 OK</status>\n'
                    u'        <headers>\n'
                    u'            <header field="Content-Type" content="text/html" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
                    u'    </http-response>\n\n'
                    u'</http-transaction>\n'
                    u'    </http-transactions>\n'
                    u'</vulnerability>')

        self.assertEqual(xml, expected)
        self.assertValidXML(xml)
Esempio n. 24
0
    def test_save_load_unicode_decode_error(self):
        url = URL('http://w3af.com/a/b/é.php?x=á')
        request = HTTPRequest(url, data='a=1')
        headers = Headers([('Content-Type', 'text/html')])

        res = HTTPResponse(200, '<html>', headers, url, url)
        res.set_id(1)

        h1 = HistoryItem()
        h1.request = request
        h1.response = res
        h1.save()

        h2 = HistoryItem()
        h2.load(1)

        self.assertEqual(h1.request, h2.request)
        self.assertEqual(h1.response.body, h2.response.body)
        self.assertEqual(h1.request.url_object, h2.request.url_object)
Esempio n. 25
0
    def test_save_load_unicode_decode_error(self):
        url = URL('http://w3af.com/a/b/é.php?x=á')
        request = HTTPRequest(url, data='a=1')
        headers = Headers([('Content-Type', 'text/html')])

        res = HTTPResponse(200, '<html>', headers, url, url)
        res.set_id(1)

        h1 = HistoryItem()
        h1.request = request
        h1.response = res
        h1.save()

        h2 = HistoryItem()
        h2.load(1)

        self.assertEqual(h1.request.to_dict(), h2.request.to_dict())
        self.assertEqual(h1.response.body, h2.response.body)
        self.assertEqual(h1.request.url_object, h2.request.url_object)
Esempio n. 26
0
    def test_tag(self):
        tag_id = random.randint(501, 999)
        tag_value = rand_alnum(10)
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(501, 1000):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == tag_id:
                h1.update_tag(tag_value)
            h1.save()

        h2 = HistoryItem()
        h2.load(tag_id)
        self.assertEqual(h2.tag, tag_value)
Esempio n. 27
0
    def test_tag(self):
        tag_id = random.randint(501, 999)
        tag_value = rand_alnum(10)
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(501, 1000):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == tag_id:
                h1.update_tag(tag_value)
            h1.save()

        h2 = HistoryItem()
        h2.load(tag_id)
        self.assertEqual(h2.tag, tag_value)
Esempio n. 28
0
    def test_save_load_compressed(self):
        force_compression_count = HistoryItem._UNCOMPRESSED_FILES + HistoryItem._COMPRESSED_FILE_BATCH
        force_compression_count += 150

        url = URL('http://w3af.com/a/b/c.php')
        headers = Headers([('Content-Type', 'text/html')])
        body = '<html>' + LOREM * 20

        for i in xrange(1, force_compression_count):
            request = HTTPRequest(url, data='a=%s' % i)

            response = HTTPResponse(200, body, headers, url, url)
            response.set_id(i)

            h = HistoryItem()
            h.request = request
            h.response = response
            h.save()

        compressed_file = os.path.join(h.get_session_dir(), '1-150.zip')
        self.assertTrue(os.path.exists(compressed_file))

        compressed_file_temp = os.path.join(h.get_session_dir(),
                                            '1-150.zip.tmp')
        self.assertFalse(os.path.exists(compressed_file_temp))

        expected_files = [
            '%s.trace' % i
            for i in range(1, HistoryItem._COMPRESSED_FILE_BATCH + 1)
        ]

        _zip = zipfile.ZipFile(compressed_file, mode='r')
        self.assertEqual(_zip.namelist(), expected_files)

        for i in xrange(1, 100):
            h = HistoryItem()
            h.load(i)

            self.assertEqual(h.request.get_uri(), url)
            self.assertEqual(h.response.get_headers(), headers)
            self.assertEqual(h.response.get_body(), body)
Esempio n. 29
0
    def test_delete(self):
        i = random.randint(1, 499)

        url = URL('http://w3af.com/a/b/c.php')
        request = HTTPRequest(url, data='a=1')
        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)
        res.set_id(i)

        h1 = HistoryItem()
        h1.request = request
        h1.response = res
        h1.save()

        fname = h1._get_trace_filename_for_id(i)
        self.assertTrue(os.path.exists(fname))

        h1.delete(i)

        self.assertRaises(DBException, h1.read, i)
        self.assertFalse(os.path.exists(fname))
Esempio n. 30
0
    def store_in_cache(request, response):
        # Create the http response object
        resp = HTTPResponse.from_httplib_resp(response,
                                              original_url=request.url_object)
        resp.set_id(response.id)
        resp.set_alias(gen_hash(request))

        hi = HistoryItem()
        hi.request = request
        hi.response = resp

        # Now save them
        try:
            hi.save()
        except sqlite3.Error, e:
            msg = 'A sqlite3 error was raised: "%s".' % e

            if 'disk' in str(e).lower():
                msg += ' Please check if your disk is full.'

            raise ScanMustStopException(msg)
Esempio n. 31
0
 def test_delete(self):
     i = random.randint(1, 499)
     
     url = URL('http://w3af.com/a/b/c.php')
     request = HTTPRequest(url, data='a=1')
     hdr = Headers([('Content-Type', 'text/html')])
     res = HTTPResponse(200, '<html>', hdr, url, url)
     res.set_id(i)
     
     h1 = HistoryItem()
     h1.request = request
     h1.response = res
     h1.save()
     
     fname = h1._get_fname_for_id(i)
     self.assertTrue(os.path.exists(fname))
     
     h1.delete(i)
     
     self.assertRaises(DBException, h1.read, i)
     self.assertFalse(os.path.exists(fname))
Esempio n. 32
0
    def store_in_cache(request, response):
        # Create the http response object
        resp = HTTPResponse.from_httplib_resp(response,
                                              original_url=request.url_object)
        resp.set_id(response.id)
        resp.set_alias(gen_hash(request))

        hi = HistoryItem()
        hi.request = request
        hi.response = resp

        # Now save them
        try:
            hi.save()
        except sqlite3.Error, e:
            msg = 'A sqlite3 error was raised: "%s".' % e
            
            if 'disk' in str(e).lower():
                msg += ' Please check if your disk is full.'
                
            raise ScanMustStopException(msg)
Esempio n. 33
0
    def test_render_simple(self):
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        _id = 1

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()
        http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
        xml = http_transaction.to_string()

        expected = (
            u'<http-transaction id="1">\n\n'
            u'    <http-request>\n'
            u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
            u'        <headers>\n'
            u'            <header field="User-agent" content="w3af" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">YT0x\n</body>\n'
            u'    </http-request>\n\n'
            u'    <http-response>\n'
            u'        <status>HTTP/1.1 200 OK</status>\n'
            u'        <headers>\n'
            u'            <header field="Content-Type" content="text/html" />\n'
            u'        </headers>\n'
            u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
            u'    </http-response>\n\n</http-transaction>')

        self.assertEqual(expected, xml)
        self.assertValidXML(xml)
Esempio n. 34
0
    def test_render_simple(self):
        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        _id = 1

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        x = xml_file()
        http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
        xml = http_transaction.to_string()

        expected = (u'<http-transaction id="1">\n\n'
                    u'    <http-request>\n'
                    u'        <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
                    u'        <headers>\n'
                    u'            <header field="User-agent" content="w3af" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">YT0x\n</body>\n'
                    u'    </http-request>\n\n'
                    u'    <http-response>\n'
                    u'        <status>HTTP/1.1 200 OK</status>\n'
                    u'        <headers>\n'
                    u'            <header field="Content-Type" content="text/html" />\n'
                    u'        </headers>\n'
                    u'        <body content-encoding="base64">PGh0bWw+\n</body>\n'
                    u'    </http-response>\n\n</http-transaction>')

        self.assertEqual(expected, xml)
        self.assertValidXML(xml)
Esempio n. 35
0
    def test_mark(self):
        mark_id = 3
        url = URL('http://w3af.org/a/b/c.php')
        
        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == mark_id:
                h1.toggle_mark()
            h1.save()

        h2 = HistoryItem()
        h2.load(mark_id)
        self.assertTrue(h2.mark)

        h3 = HistoryItem()
        h3.load(mark_id-1)
        self.assertFalse(h3.mark)
Esempio n. 36
0
    def test_mark(self):
        mark_id = 3
        url = URL('http://w3af.org/a/b/c.php')

        for i in xrange(0, 500):
            request = HTTPRequest(url, data='a=1')
            hdr = Headers([('Content-Type', 'text/html')])
            res = HTTPResponse(200, '<html>', hdr, url, url)
            h1 = HistoryItem()
            h1.request = request
            res.set_id(i)
            h1.response = res
            if i == mark_id:
                h1.toggle_mark()
            h1.save()

        h2 = HistoryItem()
        h2.load(mark_id)
        self.assertTrue(h2.mark)

        h3 = HistoryItem()
        h3.load(mark_id - 1)
        self.assertFalse(h3.mark)
Esempio n. 37
0
    def test_cache_works_as_expected(self):
        #
        # Cache starts empty
        #
        cache = FindingsCache()
        self.assertEquals(cache.list(), [])

        #
        # Create two vulnerabilities with their HTTP requests and responses
        #
        _id = 1

        name = 'I have a name'

        vuln1 = MockVuln(_id=_id)
        vuln1.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        _id = 2

        name = 'Just a name'

        vuln2 = MockVuln(_id=_id)
        vuln2.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h2 = HistoryItem()
        h2.request = request
        res.set_id(_id)
        h2.response = res
        h2.save()

        #
        # Save one vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'b', vuln1)

        x = xml_file()
        list(x.findings())

        self.assertEquals(cache.list(), [vuln1.get_uniq_id()])

        #
        # Save another vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'c', vuln2)

        list(x.findings())

        expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)

        #
        # Remove one vulnerability and see how it is removed from the cache
        #
        kb.kb.raw_write('a', 'c', 'noop')

        list(x.findings())

        expected = {vuln1.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)
Esempio n. 38
0
    def test_cache_works_as_expected(self):
        #
        # Cache starts empty
        #
        cache = FindingsCache()
        self.assertEquals(cache.list(), [])

        #
        # Create two vulnerabilities with their HTTP requests and responses
        #
        _id = 1

        name = 'I have a name'

        vuln1 = MockVuln(_id=_id)
        vuln1.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h1 = HistoryItem()
        h1.request = request
        res.set_id(_id)
        h1.response = res
        h1.save()

        _id = 2

        name = 'Just a name'

        vuln2 = MockVuln(_id=_id)
        vuln2.set_name(name)

        url = URL('http://w3af.com/a/b/c.php')
        hdr = Headers([('User-Agent', 'w3af')])
        request = HTTPRequest(url, data='a=1')
        request.set_headers(hdr)

        hdr = Headers([('Content-Type', 'text/html')])
        res = HTTPResponse(200, '<html>', hdr, url, url)

        h2 = HistoryItem()
        h2.request = request
        res.set_id(_id)
        h2.response = res
        h2.save()

        #
        # Save one vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'b', vuln1)

        x = xml_file()
        list(x.findings())

        self.assertEquals(cache.list(), [vuln1.get_uniq_id()])

        #
        # Save another vulnerability to the KB and call the cache-user
        #
        kb.kb.append('a', 'c', vuln2)

        list(x.findings())

        expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)

        #
        # Remove one vulnerability and see how it is removed from the cache
        #
        kb.kb.raw_write('a', 'c', 'noop')

        list(x.findings())

        expected = {vuln1.get_uniq_id()}
        self.assertEquals(set(cache.list()), expected)