コード例 #1
0
    def _has_no_bug(self, fuzz_req, varname='', pname='', kb_varname=''):
        '''
        Test if the current combination of `fuzz_req`, `varname` hasn't
        already been reported to the knowledge base.

        :param fuzz_req: A FuzzableRequest like object.
        :param varname: Typically the name of the injection parameter.
        :param pname: The name of the plugin that presumably reported
            the vulnerability. Defaults to self.name.
        :param kb_varname: The name of the variable in the kb, where
            the vulnerability was saved. Defaults to self.name.
        '''
        with self._plugin_lock:
            if not varname:
                if hasattr(fuzz_req, 'get_var'):
                    varname = fuzz_req.get_var()
                else:
                    raise ValueError("Invalid arg 'varname': %s" % varname)

            pname = pname or self.get_name()
            kb_varname = kb_varname or pname
            vulns = kb.kb.get(pname, kb_varname)

            for vuln in vulns:
                if vuln.get_var() == varname and\
                fuzz_req.get_dc().keys() == vuln.get_dc().keys() and\
                are_variants(vuln.get_uri(), fuzz_req.get_uri()):
                    return False
                
            return True
コード例 #2
0
    def _need_more_variants(self, new_reference):
        """
        @new_reference: The new URL that we want to see if its a variant of at most MAX_VARIANTS
        references stored in self._already_crawled.
        
        @return: True if I need more variants of ref.
        
        Basically, the idea is to crawl the whole website, but if we are crawling a site like
        youtube.com that has A LOT of links with the form: 
            - http://www.youtube.com/watch?v=xwLNu5MHXFs
            - http://www.youtube.com/watch?v=JEzjwifH4ts
            - ...
            - http://www.youtube.com/watch?v=something_here
        
        Then we don't actually want to follow all the links to all the videos! So we are going
        to follow a decent number of variant URLs (in this case, video URLs) to see if we can
        find something interesting in those links, but after a fixed number of variants, we will
        start ignoring all those variants.
        """
        number_of_variants = 0
        for reference in self._already_crawled:
            if are_variants(reference, new_reference):
                number_of_variants += 1

            if number_of_variants > MAX_VARIANTS:
                msg = 'Ignoring new reference "' + new_reference + '" (it is simply a variant).'
                om.out.debug(msg)
                return False

        return True
コード例 #3
0
 def test_same_param_diff_value_type(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/foo.php?id=1111'),
                      URL('http://w3af.com/foo.php?id=spam')))
コード例 #4
0
 def test_same_params_diff_values(self):
     self.assertTrue(
         are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
                      URL('http://w3af.com/foo.php?id=333&foo=spam')))
コード例 #5
0
 def test_diff_domain_params(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
                      URL('http://w3af.org/foo.php?id=1')))
コード例 #6
0
 def test_diff_domain(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/foo.php?id=1'),
                      URL('http://bonsai-sec.com/foo.php?id=1')))
コード例 #7
0
 def test_diff_file_param(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/bar.php?id=1'),
                      URL('http://w3af.com/foo.php?foo=1')))
コード例 #8
0
 def test_diff_params(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/foo.php?x=1'),
                      URL('http://w3af.com/foo.php?y=1')))
コード例 #9
0
 def test_eq(self):
     self.assertTrue(
         are_variants(URL('http://w3af.com/foo.php'),
                      URL('http://w3af.com/foo.php')))
コード例 #10
0
 def test_same_param_diff_value_type(self):
     self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1111'),
                                   URL('http://w3af.com/foo.php?id=spam')))
コード例 #11
0
 def test_same_params_diff_values(self):
     self.assertTrue(
         are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
                      URL('http://w3af.com/foo.php?id=333&foo=spam')))
コード例 #12
0
 def test_diff_domain_params(self):
     self.assertFalse(
         are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'),
                      URL('http://w3af.org/foo.php?id=1')))
コード例 #13
0
 def test_diff_domain(self):
     self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1'),
                                   URL('http://bonsai-sec.com/foo.php?id=1')))
コード例 #14
0
 def test_diff_file_param(self):
     self.assertFalse(are_variants(URL('http://w3af.com/bar.php?id=1'),
                                   URL('http://w3af.com/foo.php?foo=1')))
コード例 #15
0
 def test_diff_params(self):
     self.assertFalse(are_variants(URL('http://w3af.com/foo.php?x=1'),
                                   URL('http://w3af.com/foo.php?y=1')))
コード例 #16
0
 def test_eq(self):
     self.assertTrue(are_variants(URL('http://w3af.com/foo.php'),
                                  URL('http://w3af.com/foo.php')))