def _init_scanner(self): self.scanner = Drupal() self.scanner._general_init(self.test_opts) self.scanner._determine_fake_200_module = self._fake_200_check m = self.mock_controller('drupal', '_determine_fake_200_module', return_value=False)
def test_fix_dereference_bug(self): ''' test for dereference that made the app fail even though all tests were passing. ''' plugins_base_url = 'plugins_base_url' themes_base_url = 'themes_base_url' opts_p = { 'url': self.base_url, 'plugins_base_url': plugins_base_url, 'themes_base_url': themes_base_url, 'scanning_method': 'a', 'number': 'a', 'threads': 'a', 'threads_enumerate': None, 'threads_identify': None, 'threads_scan': None, 'verb': 'a', 'enumerate': 'p', 'timeout': 15, 'headers': {} } opts_t = dict(opts_p) opts_t['enumerate'] = 't' drupal = Drupal() kwargs_p = drupal._functionality(opts_p)['plugins']['kwargs'] kwargs_t = drupal._functionality(opts_t)['themes']['kwargs'] # these should not be equal assert not kwargs_p == kwargs_t
def test_module_fake_200(self, warn, mock): """ The workaround implemented to find some modules that return 200 when they are present causes other sites to report many false positives. This is due to the fact that all modules respond with 200 for unknown reasons. In these cases 200 should be ignored as they are fake. """ scanner = Drupal() scanner._general_init(self.test_opts) r_404 = ['supermodule/'] r_403 = ['yep/', 'thisisthere/', 'thisisalsothere/'] r_500 = ['iamtherebuti500/'] r_200 = ['iamtherebuti200/', scanner.not_found_module + "/"] self.respond_several(self.base_url + 'sites/all/modules/%s', { 404: r_404, 403: r_403, 500: r_500, 200: r_200 }) scanner.plugins_base_url = '%ssites/all/modules/%s/' self.mock_controller('drupal', 'enumerate_interesting') result, empty = scanner.enumerate_plugins(self.base_url, scanner.plugins_base_url, ScanningMethod.forbidden) assert len(result) == 4 found_500 = False found_200 = False for res in result: if res['name'] == 'iamtherebuti500': found_500 = True if res['name'] == 'iamtherebuti200': found_200 = True assert found_500 assert not found_200 # 200 should not count as false positive assert warn.called
def test_plugins_update_check(self): drupal = Drupal() drupal.update_plugins = up = Mock(spec=self.scanner.update_plugins, return_value=([], [])) today = datetime.today() yesterday = datetime.today() - timedelta(days=1) too_long_ago = today - timedelta(days=400) o = mock_open() with patch('dscan.plugins.update.open', o, create=True): with patch('dscan.common.update_api.file_mtime', return_value=yesterday, autospec=True): self.updater.update_plugins( self.controller_get('drupal')(), 'Drupal') assert not up.called with patch('dscan.common.update_api.file_mtime', return_value=too_long_ago): self.updater.update_plugins(drupal, 'Drupal') assert up.called
def test_kali_old_requests_bug(self, warn): drupal = Drupal() with patch('requests.adapters', spec_set=["force_attr_error"]): drupal._general_init(self.test_opts) assert warn.called
def _init_scanner(self): self.scanner = Drupal() self.scanner._general_init(self.test_opts)