def to_string(self): context = dotdict({}) context.status = self._status['status'] context.is_paused = self._status['is_paused'] context.is_running = self._status['is_running'] context.active_crawl_plugin = self._status['active_plugin']['crawl'] context.active_audit_plugin = self._status['active_plugin']['audit'] context.current_crawl_request = self._status['current_request'][ 'crawl'] context.current_audit_request = self._status['current_request'][ 'audit'] context.crawl_input_speed = self._status['queues']['crawl'][ 'input_speed'] context.crawl_output_speed = self._status['queues']['crawl'][ 'output_speed'] context.crawl_queue_length = self._status['queues']['crawl']['length'] context.audit_input_speed = self._status['queues']['audit'][ 'input_speed'] context.audit_output_speed = self._status['queues']['audit'][ 'output_speed'] context.audit_queue_length = self._status['queues']['audit']['length'] context.crawl_eta = self._status['eta']['crawl'] context.audit_eta = self._status['eta']['audit'] context.rpm = self._status['rpm'] context.total_urls = self._total_urls template = self.get_template(self.TEMPLATE) transaction = template.render(context) return transaction
def to_string(self): info = self._info context = dotdict({}) context.id_list = info.get_id() context.http_method = info.get_method() context.name = info.get_name() context.plugin_name = info.get_plugin_name() context.severity = info.get_severity() context.url = info.get_url().url_string if info.get_url( ) is not None else None context.var = info.get_token_name() context.description = info.get_desc(with_id=False) # # Add the information from the vuln db (if any) # context.long_description = None if info.has_db_details(): context.long_description = info.get_long_description() context.fix_guidance = info.get_fix_guidance() context.fix_effort = info.get_fix_effort() context.references = info.get_references() # # Add the HTTP transactions # context.http_transactions = [] for transaction in info.get_id(): try: xml = HTTPTransaction(self._jinja2_env, transaction).to_string() except (DBException, TraceReadException) as e: msg = ('Failed to retrieve request with id %s from DB: "%s".' ' The "%s" vulnerability will have an incomplete HTTP' ' transaction list.') args = (transaction, e, context.name) om.out.error(msg % args) continue else: context.http_transactions.append(xml) template = self.get_template(self.TEMPLATE) transaction = template.render(context) return transaction
def flush(self): """ Write the XML to the output file :return: None """ # Create the cache path CachedXMLNode.create_cache_path() FindingsCache.create_cache_path() # Create the context context = dotdict({}) self._add_root_info_to_context(context) self._add_scan_info_to_context(context) self._add_scan_status_to_context(context) self._add_findings_to_context(context) self._add_errors_to_context(context) # Write to file self._write_context_to_file(context)
def to_string(self): info = self._info context = dotdict({}) context.id_list = info.get_id() context.http_method = info.get_method() context.name = info.get_name() context.plugin_name = info.get_plugin_name() context.severity = info.get_severity() context.url = info.get_url().url_string if info.get_url( ) is not None else None context.var = info.get_token_name() context.description = info.get_desc(with_id=False) # # Add the information from the vuln db (if any) # context.long_description = None if info.has_db_details(): context.long_description = info.get_long_description() context.fix_guidance = info.get_fix_guidance() context.fix_effort = info.get_fix_effort() context.references = info.get_references() # # Add the HTTP transactions # context.http_transactions = [] for transaction in info.get_id(): try: xml = HTTPTransaction(self._jinja2_env, transaction).to_string() except DBException, e: msg = 'Failed to retrieve request with id %s from DB: "%s"' om.out.error(msg % (transaction, e)) continue else: context.http_transactions.append(xml)
def flush(self): """ Write the XML to the output file :return: None """ # Create the cache path CachedXMLNode.create_cache_path() FindingsCache.create_cache_path() # Create the context context = dotdict({}) try: self._add_scan_status_to_context(context) except RuntimeError, rte: # In some very strange scenarios we get this error: # # Can NOT call get_run_time before start() # # Just "ignore" this call to flush and write the XML in the next call msg = 'xml_file.flush() failed to add scan status to context: "%s"' om.out.debug(msg % rte) return
def to_string(self): """ :return: An xml node (as a string) representing the HTTP request / response. <http-transaction id="..."> <http-request> <status></status> <headers> <header> <field></field> <content></content> </header> </headers> <body content-encoding="base64"></body> </http-request> <http-response> <status></status> <headers> <header> <field></field> <content></content> </header> </headers> <body content-encoding="base64"></body> </http-response> </http-transaction> One of the differences this class has with the previous implementation is that the body is always encoded, no matter the content-type. This helps prevent encoding issues. """ # Get the data from the cache node = self.get_node_from_cache() if node is not None: return node # HistoryItem to get requests/responses req_history = HistoryItem() # This might raise a DBException in some cases (which I still # need to identify and fix). When an exception is raised here # the caller needs to handle it by ignoring this part of the # HTTP transaction request, response = req_history.load_from_file(self._id) data = request.get_data() or '' b64_encoded_request_body = base64.encodestring(smart_str_ignore(data)) body = response.get_body() or '' b64_encoded_response_body = base64.encodestring(smart_str_ignore(body)) context = { 'id': self._id, 'request': { 'status': request.get_request_line().strip(), 'headers': request.get_headers(), 'body': b64_encoded_request_body }, 'response': { 'status': response.get_status_line().strip(), 'headers': response.get_headers(), 'body': b64_encoded_response_body } } context = dotdict(context) template = self.get_template(self.TEMPLATE) transaction = template.render(context) self.save_node_to_cache(transaction) return transaction