def home(request): plugin_families = get_plugin_families() context = {'families': plugin_families} response = render_to_response('moth/home.html', context) response['X-Powered-By'] = 'PHP/5.1.2-1+b1 ubuntu' return response
def __init__(self): self._plugin_families = set(get_plugin_families()) # Will be generated on autoregister self._mapping = None self._view_instances = [] self._view_files = [] self._autoregister()
def test_get_plugin_families(self): result = get_plugin_families() expected = set(['grep', 'audit', 'core', 'auth', 'bruteforce', 'crawl', 'infrastructure']) self.assertEqual(set(result), expected)
class VulnerableTemplateView(TemplateView): """ All vulnerabilities inherit from this template, which will render the data returned by the subclasses, disable anti-CSRF, etc. """ # The template to use to render this view template_name = "moth/vulnerability-output.html" # The title that will appear on the rendered HTML title = None # The description that will appear on the rendered HTML description = None # The URL pattern string (not regex for now) which we'll try to match before # sending information to this view. This is parsed by the router view. url_path = None # Is this a real vulnerability or a false positive check? false_positive_check = False # You can provide tags to a vulnerability, such as trivial, POST, GET, # high risk, hacme, etc. tags = [] # URLs to interesting/related information references = [] # Add link to this view from the index? linked = True plugin_families = set(get_plugin_families()) # Any extra HTTP response headers to add extra_headers = {} # Encode the path before returning it? url_encode_path = False @method_decorator(csrf_exempt) def dispatch(self, *args, **kwargs): return super(VulnerableTemplateView, self).dispatch(*args, **kwargs) def get(self, request, *args, **kwds): """ Adds extra headers to the response """ # pylint: disable=E1101 context = self.get_context_data() response = render_to_response(self.template_name, context) for key, value in self.extra_headers.iteritems(): response[key] = value return response def get_context_data(self, **kwargs): context = super(VulnerableTemplateView, self).get_context_data(**kwargs) context['title'] = self.title context['description'] = self.description context['false_positive_check'] = self.false_positive_check context['tags'] = self.tags context['references'] = self.references return context def get_trailing_url_part(self): path = self.url_path if self.url_encode_path: encoded_path = path.encode('utf-8') path = urllib.quote(encoded_path) return path def _create_path(self, trailing_part): family, plugin = self.get_family_plugin() if isinstance(trailing_part, unicode): trailing_part = trailing_part.encode('utf-8') path = urlparse.urlparse(trailing_part).path url_path = '%s/%s/%s' % (family, plugin, path) return url_path.decode('utf-8') def get_unicode_url_path(self): """ :return: The url_path without any encoding. """ return self._create_path(self.url_path) def get_url_path(self): """ :return: The URL path, without any query string. To be used mainly in routing to the right view without taking parameters (?text=1) into account. """ return self._create_path(self.get_trailing_url_part()) def get_family_plugin(self): """ :param view_obj: A view object, an instance of (for example) moth.views.vulnerabilities.audit.xss.SimpleXSSView :return: A string containing the plugin family name, for the previous input it would be 'audit'. """ module_name = self.__module__ split_mname = module_name.split('.') family = list(self.plugin_families.intersection(set(split_mname)))[0] plugin = split_mname[split_mname.index(family) + 1] return family, plugin def http_method_not_allowed(self, request, *args, **kwargs): """ Override to avoid tracebacks like the one found here: https://circleci.com/gh/andresriancho/w3af/585 """ return http.HttpResponseNotAllowed(self._allowed_methods())
def __init__(self): self._plugin_families = set(get_plugin_families()) self._mapping = Trie(string.printable) self._view_files = [] self._autoregister()