def test_info_set_keep_uniq_id(self): # # Create a new InfoSet, load it from the KB, confirm that it has # the same uniq_id # vuln = MockVuln(name='Foos') info_set_a, created = kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) self.assertTrue(created) info_set_b = kb.get('a', 'b')[0] self.assertEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id()) # # Change the InfoSet a little bit by adding a new Info. That should # change the uniq_id # vuln = MockVuln(name='Foos') _, created = kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) self.assertFalse(created) info_set_b = kb.get('a', 'b')[0] self.assertNotEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id())
def test_info_set_keep_uniq_id(self): # # Create a new InfoSet, load it from the KB, confirm that it has # the same uniq_id # vuln = MockVuln(name='Foos') info_set_a, created = kb.append_uniq_group( 'a', 'b', vuln, group_klass=MockInfoSetNames) self.assertTrue(created) info_set_b = kb.get('a', 'b')[0] self.assertEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id()) # # Change the InfoSet a little bit by adding a new Info. That should # change the uniq_id # vuln = MockVuln(name='Foos') _, created = kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) self.assertFalse(created) info_set_b = kb.get('a', 'b')[0] self.assertNotEqual(info_set_a.get_uniq_id(), info_set_b.get_uniq_id())
def test_pickleable_info(self): original_info = MockInfo() kb.append('a', 'b', original_info) unpickled_info = kb.get('a', 'b')[0] self.assertEqual(original_info, unpickled_info)
def test_alert_if_target_is_301_all_internal_redir(self): """ Tests that no info is created if the site redirects internally """ core = w3afCore() httpretty.register_uri(httpretty.GET, re.compile("w3af.com/(.*)"), body='301', status=301, adding_headers={'Location': 'http://w3af.com/xyz'}) target = core.target.get_options() target['target'].set_value('http://w3af.com/') core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() strategy = CoreStrategy(core) strategy.start() infos = kb.get('core', 'core') self.assertEqual(len(infos), 0, infos)
def test_pickleable_vuln(self): original_vuln = MockVuln() kb.append('a', 'b', original_vuln) unpickled_vuln = kb.get('a', 'b')[0] self.assertEqual(original_vuln, unpickled_vuln)
def test_alert_if_target_is_301_all_internal_redir(self): """ Tests that no info is created if the site redirects internally """ core = w3afCore() httpretty.register_uri( httpretty.GET, re.compile("w3af.com/(.*)"), body='301', status=301, adding_headers={'Location': 'http://w3af.com/xyz'}) target = core.target.get_options() target['target'].set_value('http://w3af.com/') core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() strategy = CoreStrategy(core) strategy.start() infos = kb.get('core', 'core') self.assertEqual(len(infos), 0, infos)
def test_if_cdn_provider_can_be_detected_by_url(self): url = URL('https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css') empty_header = Headers() request = FuzzableRequest(url, method='GET') response = HTTPResponse(200, '', empty_header, url, url, _id=1) self.plugin.grep(request, response) self.assertEqual(len(kb.get('cdn_providers', 'cdn_providers')), 1)
def test_if_cdn_can_be_detected(self): url = URL('https://example.com/') headers = Headers([('server', 'Netlify')]) response = HTTPResponse(200, '', headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEqual(len(kb.get('cdn_providers', 'cdn_providers')), 1)
def test_if_wrong_cdn_info_is_not_detected(self): url = URL('https://example.com/') headers = Headers([('server', 'Netlifo')]) # There's no Netlifo provider, # so it shouldn't be detected response = HTTPResponse(200, '', headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') self.plugin.grep(request, response) self.assertEqual(len(kb.get('cdn_providers', 'cdn_providers')), 0)
def test_return_all_for_plugin(self): i1 = MockInfo() i2 = MockInfo() i3 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i2) kb.append('a', 'b', i3) self.assertEqual(kb.get('a', 'b'), [i1, i2, i3])
def test_append_uniq_var_bug_10Dec2012(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html')) i1.set_var('id') i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html')) i2.set_var('id') kb.append_uniq('a', 'b', i1) kb.append_uniq('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, ])
def multi_append(): for i in xrange(InfoSet.MAX_INFO_INSTANCES * 2): vuln = MockVuln() kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetTrue) info_set_list = kb.get('a', 'b') self.assertEqual(len(info_set_list), 1) info_set = info_set_list[0] self.assertEqual(len(info_set.infos), InfoSet.MAX_INFO_INSTANCES) return True
def test_append(self): i1 = MockInfo() i2 = MockInfo() i3 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i1) kb.append('a', 'b', i1) kb.append('a', 'b', i2) kb.append('a', 'b', i3) self.assertEqual(kb.get('a', 'b'), [i1, i1, i1, i2, i3])
def test_append_uniq_url_uniq(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1')) i1.set_dc(QueryString([('id', '1')])) i1.set_var('id') i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html?id=3')) i2.set_dc(QueryString([('id', '3')])) i2.set_var('id') kb.append_uniq('a', 'b', i1, filter_by='URL') kb.append_uniq('a', 'b', i2, filter_by='URL') self.assertEqual(kb.get('a', 'b'), [i1,])
def test_append_uniq_var_bug_10Dec2012(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html')) i1.set_var('id') i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html')) i2.set_var('id') kb.append_uniq('a', 'b', i1) kb.append_uniq('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [ i1, ])
def test_store_in_kb(self): dt = DAVTemplate() dt.store_in_kb() stored_data = kb.get(*dt.get_kb_location()) self.assertEqual(len(stored_data), 1) stored_vuln = stored_data[0] created_vuln = dt.create_vuln() stored_vuln.set_id(created_vuln.get_id()) self.assertEqual(stored_vuln, created_vuln)
def test_append_uniq_var_not_uniq(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1')) i1.set_dc(QueryString([('id', '1')])) i1.set_var('id') i2 = MockInfo() i2.set_uri(URL('http://moth/def.html?id=3')) i2.set_dc(QueryString([('id', '3')])) i2.set_var('id') kb.append_uniq('a', 'b', i1) kb.append_uniq('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, i2])
def test_append_uniq_var_not_uniq_diff_token_name(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1&foo=bar')) i1.set_dc(QueryString([('id', ['1']), ('foo', ['bar'])])) i1.set_token(('id', 0)) i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html?id=1&foo=bar')) i2.set_dc(QueryString([('id', ['3']), ('foo', ['bar'])])) i2.set_token(('foo', 0)) kb.append_uniq('a', 'b', i1) kb.append_uniq('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, i2])
def test_append_uniq_var_default(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1')) i1.set_dc(QueryString([('id', ['1'])])) i1.set_token(('id', 0)) i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html?id=3')) i2.set_dc(QueryString([('id', ['3'])])) i2.set_token(('id', 0)) kb.append_uniq('a', 'b', i1) kb.append_uniq('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, ])
def test_append_uniq_url_different(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1')) i1.set_dc(QueryString([('id', ['1'])])) i1.set_token(('id', 0)) i2 = MockInfo() i2.set_uri(URL('http://moth/def.html?id=3')) i2.set_dc(QueryString([('id', ['3'])])) i2.set_token(('id', 0)) kb.append_uniq('a', 'b', i1, filter_by='URL') kb.append_uniq('a', 'b', i2, filter_by='URL') self.assertEqual(kb.get('a', 'b'), [i1, i2])
def test_save_append(self): """ Although calling raw_write and then append is highly discouraged, someone would want to use it. """ i0 = MockInfo() self.assertRaises(TypeError, kb.raw_write, 'a', 'b', i0) i1 = MockInfo() i2 = MockInfo() kb.append('a', 'b', i1) kb.append('a', 'b', i2) self.assertEqual(kb.get('a', 'b'), [i1, i2])
def test_pickleable_shells(self): pool = Pool(1) xurllib = ExtendedUrllib() original_shell = Shell(MockVuln(), xurllib, pool) kb.append('a', 'b', original_shell) unpickled_shell = kb.get('a', 'b')[0] self.assertEqual(original_shell, unpickled_shell) self.assertEqual(unpickled_shell.worker_pool, None) self.assertEqual(unpickled_shell._uri_opener, None) pool.terminate() pool.join() xurllib.end()
def test_append_uniq_var_specific(self): i1 = MockInfo() i1.set_uri(URL('http://moth/abc.html?id=1')) i1.set_dc(QueryString([('id', '1')])) i1.set_var('id') i2 = MockInfo() i2.set_uri(URL('http://moth/abc.html?id=3')) i2.set_dc(QueryString([('id', '3')])) i2.set_var('id') kb.append_uniq('a', 'b', i1, filter_by='VAR') kb.append_uniq('a', 'b', i2, filter_by='VAR') self.assertEqual(kb.get('a', 'b'), [ i1, ])
def test_append_uniq_group_filter_func_specific(self): vuln1 = MockVuln(name='Foos') vuln2 = MockVuln(name='Bars') vuln3 = MockVuln(name='Foos', _id=42) kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetNames) kb.append_uniq_group('a', 'b', vuln2, group_klass=MockInfoSetNames) kb.append_uniq_group('a', 'b', vuln3, group_klass=MockInfoSetNames) raw_data = kb.get('a', 'b') self.assertEqual(len(raw_data), 2) self.assertIsInstance(raw_data[0], InfoSet) self.assertIsInstance(raw_data[1], InfoSet) self.assertEqual(raw_data[0].get_name(), 'Foos') self.assertEqual(len(raw_data[0].infos), 2) self.assertEqual(raw_data[0].infos[1].get_id(), [42]) self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
def test_append_uniq_group_no_match_filter_func(self): vuln1 = MockVuln(name='Foos') vuln2 = MockVuln(name='Bars') kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetFalse) info_set, created = kb.append_uniq_group('a', 'b', vuln2, group_klass=MockInfoSetFalse) self.assertIsInstance(info_set, InfoSet) self.assertTrue(created) self.assertEqual(len(info_set.infos), 1) raw_data = kb.get('a', 'b') self.assertEqual(len(raw_data), 2) self.assertIsInstance(raw_data[0], InfoSet) self.assertIsInstance(raw_data[1], InfoSet) self.assertEqual(raw_data[0].first_info.get_name(), 'Foos') self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
def test_info_set_keep_uniq_id_after_max_info_instances(self): # # Create one InfoSet, add MAX_INFO_INSTANCES, assert that the ID is not # changed afterwards # vuln = MockVuln(name='Foos') for _ in xrange(MockInfoSetNames.MAX_INFO_INSTANCES + 1): kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) info_set_before = kb.get('a', 'b')[0] # Now some rounds of testing for _ in xrange(5): info_set_after, _ = kb.append_uniq_group( 'a', 'b', vuln, group_klass=MockInfoSetNames) self.assertEqual(info_set_before.get_uniq_id(), info_set_after.get_uniq_id())
def test_info_set_keep_uniq_id_after_max_info_instances(self): # # Create one InfoSet, add MAX_INFO_INSTANCES, assert that the ID is not # changed afterwards # vuln = MockVuln(name='Foos') for _ in xrange(MockInfoSetNames.MAX_INFO_INSTANCES + 1): kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) info_set_before = kb.get('a', 'b')[0] # Now some rounds of testing for _ in xrange(5): info_set_after, _ = kb.append_uniq_group('a', 'b', vuln, group_klass=MockInfoSetNames) self.assertEqual(info_set_before.get_uniq_id(), info_set_after.get_uniq_id())
def test_strategy_run(self): core = w3afCore() target = core.target.get_options() target['target'].set_value(self.TARGET_URL) core.target.set_options(target) core.plugins.set_plugins([ 'sqli', ], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() def verify_threads_running(functor): thread_names = [t.name for t in threading.enumerate()] self.assertIn('WorkerThread', thread_names) self.called_teardown_audit = True return functor self.called_teardown_audit = False strategy = w3af_core_strategy(core) strategy._teardown_audit = verify_threads_running( strategy._teardown_audit) strategy.start() # Now test that those threads are being terminated self.assertTrue(self.called_teardown_audit) vulns = kb.get('sqli', 'sqli') self.assertEqual(len(vulns), 1, vulns) # Tell the core that we've finished, this should kill the WorkerThreads core.exploit_phase_prerequisites = lambda: 42 core.scan_end_hook() self._assert_thread_names()
def test_if_cdns_are_grouped_by_provider_name(self): netlify_header = Headers([('server', 'Netlify')]) cloudflare_header = Headers([('server', 'cloudflare')]) url = URL('https://example.com/') request = FuzzableRequest(url, method='GET') response = HTTPResponse(200, '', netlify_header, url, url, _id=1) self.plugin.grep(request, response) # this request should be grouped with the request above url = URL('https://example.com/another-netflify/') request = FuzzableRequest(url, method='GET') response = HTTPResponse(200, '', netlify_header, url, url, _id=2) self.plugin.grep(request, response) # this request should be stored separately in kb as it comes from another provider url = URL('https://example.com/cloudflare/') request = FuzzableRequest(url, method='GET') response = HTTPResponse(200, '', cloudflare_header, url, url, _id=3) self.plugin.grep(request, response) self.assertEqual(len(kb.get('cdn_providers', 'cdn_providers')), 2)
def test_append_uniq_group_filter_func_attribute_match(self): vuln1 = MockVuln(name='Foos') vuln1['tag'] = 'foo' vuln2 = MockVuln(name='Bars') vuln2['tag'] = 'bar' vuln3 = MockVuln(_id=42) vuln3['tag'] = 'foo' kb.append_uniq_group('a', 'b', vuln1, group_klass=MockInfoSetITag) kb.append_uniq_group('a', 'b', vuln2, group_klass=MockInfoSetITag) kb.append_uniq_group('a', 'b', vuln3, group_klass=MockInfoSetITag) raw_data = kb.get('a', 'b') self.assertEqual(len(raw_data), 2) self.assertIsInstance(raw_data[0], InfoSet) self.assertIsInstance(raw_data[1], InfoSet) self.assertEqual(raw_data[0].get_name(), 'Foos') self.assertEqual(len(raw_data[0].infos), 2) self.assertEqual(raw_data[0].infos[1].get_id(), [42]) self.assertEqual(raw_data[1].first_info.get_name(), 'Bars')
def test_strategy_run(self): core = w3afCore() target = core.target.get_options() target['target'].set_value(self.TARGET_URL) core.target.set_options(target) core.plugins.set_plugins(['sqli'], 'audit') core.plugins.init_plugins() core.verify_environment() core.scan_start_hook() def verify_threads_running(functor): thread_names = [t.name for t in threading.enumerate()] self.assertIn('WorkerThread', thread_names) self.called_teardown_audit = True return functor self.called_teardown_audit = False strategy = CoreStrategy(core) strategy._teardown_audit = verify_threads_running(strategy._teardown_audit) strategy.start() # Now test that those threads are being terminated self.assertTrue(self.called_teardown_audit) vulns = kb.get('sqli', 'sqli') self.assertEqual(len(vulns), 1, vulns) # Tell the core that we've finished, this should kill the WorkerThreads core.exploit_phase_prerequisites = lambda: 42 core.scan_end_hook() self._assert_thread_names()
def test_default_first_saved(self): kb.raw_write('a', 'b', 'c') self.assertEqual(kb.get('a', 'not-exist'), []) self.assertEqual(kb.raw_read('a', 'not-exist'), [])
def test_default_get(self): self.assertEqual(kb.get('a', 'b'), [])