def _impactDone(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: for itemId in result.getId(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.updateTag(historyItem.tag + result.plugin_name) historyItem.info = result.getDesc() historyItem.save() else: if impact.exception.__class__ == w3afException: msg = str(impact.exception) elif impact.exception.__class__ == w3afMustStopException: msg = "Stopped sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.friendlyException(msg) gtk.gdk.threads_leave() return False
def toggle_bookmark(self, cell, path, model): """Toggle bookmark.""" model[path][1] = not model[path][1] historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.toggle_mark(True) return
def edit_tag(self, cell, path, new_text, model): """Edit tag.""" model[path][4] = new_text historyItem = HistoryItem() historyItem.load(model[path][0]) historyItem.update_tag(new_text, True) return
def __init__(self, w3af, request_id, enableWidget=None, withManual=True, withFuzzy=True, withCompare=True, withAudit=True, editableRequest=False, editableResponse=False, widgname="default"): # Create the window RememberingWindow.__init__(self, w3af, "reqResWin", _("w3af - HTTP Request/Response"), "Browsing_the_Knowledge_Base") # Create the request response viewer rrViewer = reqResViewer(w3af, enableWidget, withManual, withFuzzy, withCompare, withAudit, editableRequest, editableResponse, widgname) # Search the id in the DB historyItem = HistoryItem() historyItem.load(request_id) # Set rrViewer.request.show_object(historyItem.request) rrViewer.response.show_object(historyItem.response) rrViewer.show() self.vbox.pack_start(rrViewer) # Show the window self.show()
def test_save_load(self): i = random.randint(1, 499) url = url_object('http://w3af.com/a/b/c.php') fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res h1.save() h2 = HistoryItem() h2.load(i) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body)
def test_save_load(self): i = random.randint(1, 499) url = URL("http://w3af.com/a/b/c.php") request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res h1.save() h2 = HistoryItem() h2.load(i) self.assertEqual(h1.request, h2.request) self.assertEqual(h1.response.body, h2.response.body)
def test_mark(self): mark_id = random.randint(1, 499) url = url_object('http://w3af.org/a/b/c.php') for i in xrange(0, 500): fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res if i == mark_id: h1.toggleMark() h1.save() h2 = HistoryItem() h2.load(mark_id) self.assertTrue(h2.mark)
def test_tag(self): tag_id = random.randint(501, 999) tag_value = createRandAlNum(10) url = url_object('http://w3af.org/a/b/c.php') for i in xrange(501, 1000): fr = FuzzReq(url, dc={'a': ['1']}) res = httpResponse(200, '<html>',{'Content-Type':'text/html'}, url, url) h1 = HistoryItem() h1.request = fr res.setId(i) h1.response = res if i == tag_id: h1.updateTag(tag_value) h1.save() h2 = HistoryItem() h2.load(tag_id) self.assertEqual(h2.tag, tag_value)
def _impact_done(self, event, impact): # Keep calling this from timeout_add until isSet if not event.isSet(): return True # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) # Analyze the impact if impact.ok: # Lets check if we found any vulnerabilities # # TODO: I should actually show ALL THE REQUESTS generated by audit plugins... # not just the ones with vulnerabilities. # for result in impact.result: # TODO: I'm not sure when this is None bug it appeared in Trac bug #167736 if result.get_id() is not None: for itemId in result.get_id(): historyItem = HistoryItem() historyItem.load(itemId) historyItem.update_tag(historyItem.tag + result.plugin_name) historyItem.info = result.get_desc() historyItem.save() else: if impact.exception.__class__ == w3afException: msg = str(impact.exception) elif impact.exception.__class__ == w3afMustStopException: msg = "Stopped sending requests because " + \ str(impact.exception) elif impact.exception.__class__ == w3afMustStopOnUrlError: msg = "Not sending requests because " + str(impact.exception) else: raise impact.exception # We stop the throbber, and hide it self.throbber.hide() self.throbber.running(False) gtk.gdk.threads_enter() helpers.FriendlyExceptionDlg(msg) gtk.gdk.threads_leave() return False
def test_history_access(self): self.count_plugin.loops = 1 self.w3afcore.start() history_item = HistoryItem() self.assertTrue(history_item.load(1)) self.assertEqual(history_item.id, 1) self.assertEqual(history_item.get_request().get_uri().url_string, 'http://moth/') self.assertEqual(history_item.get_response().get_uri().url_string, 'http://moth/')
def test_tag(self): tag_id = random.randint(501, 999) tag_value = rand_alnum(10) url = URL("http://w3af.org/a/b/c.php") for i in xrange(501, 1000): request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == tag_id: h1.update_tag(tag_value) h1.save() h2 = HistoryItem() h2.load(tag_id) self.assertEqual(h2.tag, tag_value)
def test_mark(self): mark_id = 3 url = URL("http://w3af.org/a/b/c.php") for i in xrange(0, 500): request = HTTPRequest(url, data="a=1") hdr = Headers([("Content-Type", "text/html")]) res = HTTPResponse(200, "<html>", hdr, url, url) h1 = HistoryItem() h1.request = request res.set_id(i) h1.response = res if i == mark_id: h1.toggle_mark() h1.save() h2 = HistoryItem() h2.load(mark_id) self.assertTrue(h2.mark) h3 = HistoryItem() h3.load(mark_id - 1) self.assertFalse(h3.mark)