Python Drupal.plugins_base_urlの例

コード例 #1

ファイル: base_http_tests.py プロジェクト: tedramli/droopescan

    def test_module_fake_200(self, warn, mock):
        """
        The workaround implemented to find some modules that return 200 when
        they are present causes other sites to report many false positives. This
        is due to the fact that all modules respond with 200 for unknown
        reasons. In these cases 200 should be ignored as they are fake.
        """

        scanner = Drupal()
        scanner._general_init(self.test_opts)

        r_404 = ['supermodule/']
        r_403 = ['yep/', 'thisisthere/', 'thisisalsothere/']
        r_500 = ['iamtherebuti500/']
        r_200 = ['iamtherebuti200/', scanner.not_found_module + "/"]
        self.respond_several(self.base_url + 'sites/all/modules/%s', {
            404: r_404,
            403: r_403,
            500: r_500,
            200: r_200
        })

        scanner.plugins_base_url = '%ssites/all/modules/%s/'
        self.mock_controller('drupal', 'enumerate_interesting')

        result, empty = scanner.enumerate_plugins(self.base_url,
                                                  scanner.plugins_base_url,
                                                  ScanningMethod.forbidden)

        assert len(result) == 4
        found_500 = False
        found_200 = False
        for res in result:
            if res['name'] == 'iamtherebuti500':
                found_500 = True

            if res['name'] == 'iamtherebuti200':
                found_200 = True

        assert found_500
        assert not found_200  # 200 should not count as false positive
        assert warn.called

コード例 #2

ファイル: base_http_tests.py プロジェクト: droope/droopescan

    def test_module_fake_200(self, warn, mock):
        """
        The workaround implemented to find some modules that return 200 when
        they are present causes other sites to report many false positives. This
        is due to the fact that all modules respond with 200 for unknown
        reasons. In these cases 200 should be ignored as they are fake.
        """

        scanner = Drupal()
        scanner._general_init(self.test_opts)

        r_404 = ['supermodule/']
        r_403 = ['yep/', 'thisisthere/', 'thisisalsothere/']
        r_500 = ['iamtherebuti500/']
        r_200 = ['iamtherebuti200/', scanner.not_found_module + "/"]
        self.respond_several(self.base_url + 'sites/all/modules/%s', {404:
            r_404, 403: r_403, 500: r_500, 200: r_200})

        scanner.plugins_base_url = '%ssites/all/modules/%s/'
        self.mock_controller('drupal', 'enumerate_interesting')

        result, empty = scanner.enumerate_plugins(self.base_url,
                scanner.plugins_base_url, ScanningMethod.forbidden)

        assert len(result) == 4
        found_500 = False
        found_200 = False
        for res in result:
            if res['name'] == 'iamtherebuti500':
                found_500 = True

            if res['name'] == 'iamtherebuti200':
                found_200 = True

        assert found_500
        assert not found_200 # 200 should not count as false positive
        assert warn.called