def remove_profile(self, profile_name):
'''
:return: True if the profile was successfully removed. Else, raise a w3afException.
'''
profile_inst = profile(profile_name)
profile_inst.remove()
return True
def removeProfile( self, profile_name ):
'''
@return: True if the profile was successfully removed. Else, raise a w3afException.
'''
profileInstance = profile( profile_name )
profileInstance.remove()
return True
def get_profile_list(self, directory=HOME_DIR):
'''
:param directory: The directory from which profiles are loaded
:return: Two different lists:
- One that contains the instances of the valid profiles that were loaded
- One with the file names of the profiles that are invalid
>>> HOME_DIR = '.'
>>> p = w3af_core_profiles(None)
>>> valid, invalid = p.get_profile_list(HOME_DIR)
>>> valid_lower = [prof.get_name().lower() for prof in valid]
>>> 'owasp_top10' in valid_lower
True
'''
profile_home = os.path.join(directory, 'profiles')
str_profile_list = get_file_list(profile_home, extension='.pw3af')
instance_list = []
invalid_profiles = []
for profile_name in str_profile_list:
profile_filename = os.path.join(
profile_home, profile_name + '.pw3af')
try:
profile_instance = profile(profile_filename)
except w3afException:
invalid_profiles.append(profile_filename)
else:
instance_list.append(profile_instance)
return instance_list, invalid_profiles
def saveCurrentToNewProfile( self, profile_name, profileDesc='' ):
'''
Saves current config to a newly created profile.
@parameter profile_name: The profile to clone
@parameter profileDesc: The description of the new profile
@return: The new profile instance if the profile was successfully saved. Else, raise a w3afException.
'''
# Create the new profile.
profileInstance = profile()
profileInstance.setDesc( profileDesc )
profileInstance.setName( profile_name )
profileInstance.save( profile_name )
# Save current to profile
return self.saveCurrentToProfile( profile_name, profileDesc )
def save_current_to_profile(self, profile_name, prof_desc='', prof_path=''):
'''
Save the current configuration of the core to the profile called
profile_name.
:return: The new profile instance if the profile was successfully saved.
otherwise raise a w3afException.
'''
# Open the already existing profile
new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))
# Save the enabled plugins
for pType in self._w3af_core.plugins.get_plugin_types():
enabledPlugins = []
for pName in self._w3af_core.plugins.get_enabled_plugins(pType):
enabledPlugins.append(pName)
new_profile.set_enabled_plugins(pType, enabledPlugins)
# Save the profile options
for pType in self._w3af_core.plugins.get_plugin_types():
for pName in self._w3af_core.plugins.get_enabled_plugins(pType):
pOptions = self._w3af_core.plugins.get_plugin_options(
pType, pName)
if pOptions:
new_profile.set_plugin_options(pType, pName, pOptions)
# Save the profile targets
targets = cf.cf.get('targets')
if targets:
new_profile.set_target(' , '.join(t.url_string for t in targets))
# Save the misc and http settings
misc_settings = MiscSettings()
new_profile.set_misc_settings(misc_settings.get_options())
new_profile.set_http_settings(
self._w3af_core.uri_opener.settings.get_options())
# Save the profile name and description
new_profile.set_desc(prof_desc)
new_profile.set_name(profile_name)
# Save the profile to the file
new_profile.save(profile_name)
return new_profile
def save_current_to_new_profile(self, profile_name, profileDesc=''):
'''
Saves current config to a newly created profile.
:param profile_name: The profile to clone
:param profileDesc: The description of the new profile
:return: The new profile instance if the profile was successfully saved.
Else, raise a w3afException.
'''
# Create the new profile.
profile_inst = profile()
profile_inst.set_desc(profileDesc)
profile_inst.set_name(profile_name)
profile_inst.save(profile_name)
# Save current to profile
return self.save_current_to_profile(profile_name, profileDesc)
def use_profile(self, profile_name, workdir=None):
'''
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise w3afException: if the profile to load has some type of problem.
'''
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if 'local_ip_address' in profile_inst.get_misc_settings():
profile_misc_settings['local_ip_address'].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(
profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
' outdated, this is a common issue which happens when the'
' framework is updated and one of its plugins adds/removes'
' one of the configuration parameters referenced by a profile'
', or the plugin is removed all together.\n\n'
'The profile was loaded but some of your settings might'
' have been lost. This is the list of issues that were found:\n\n'
' - %s\n'
'\nWe recommend you review the specific plugin configurations,'
' apply the required changes and save the profile in order'
' to update it and avoid this message. If this warning does not'
' disappear you can manually edit the profile file to fix it.')
error_messages = []
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
plugin_type,
raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is'\
' unknown to the w3af framework.'
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is unknown.'
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(
plugin_type,
plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type,
plugin_name,
plugin_options)
except w3afException, w3e:
msg = 'Setting the options for plugin "%s.%s" raised an' \
' exception due to unknown or invalid configuration' \
' parameters.'
msg += ' ' + str(w3e)
error_messages.append(msg % (plugin_type, plugin_name))
def load_profiles(self, selected=None, retry=True):
'''Load the profiles.
:param selected: which profile is already selected.
'''
# create the ListStore, with the info listed below
liststore = gtk.ListStore(str, str, str, int, str)
# we will keep the profile instances here
self.profile_instances = {None: None}
# build the list with the profiles name, description, profile_instance
instance_list, invalid_profiles = self.w3af.profiles.get_profile_list()
tmpprofiles = []
for profile_obj in instance_list:
nom = profile_obj.get_name()
desc = profile_obj.get_desc()
tmpprofiles.append((nom, desc, profile_obj))
# Also add to that list the "selected" profile, that was specified by the user with the
# "-p" parameter when executing w3af
if self._parameter_profile:
try:
profile_obj = profile(self._parameter_profile)
except w3afException:
raise ValueError(_("The profile %r does not exists!")
% self._parameter_profile)
else:
nom = profile_obj.get_name()
desc = profile_obj.get_desc()
# I don't want to add duplicates, so I perform this test:
add_to_list = True
for nom_tmp, desc_tmp, profile_tmp in tmpprofiles:
if nom_tmp == nom and desc_tmp == desc:
add_to_list = False
break
if add_to_list:
tmpprofiles.append((nom, desc, profile_obj))
# Create the liststore using a specially sorted list, what I basically want is the
# empty profile at the beginning of the list, and the rest sorted in alpha order
tmpprofiles = sorted(tmpprofiles)
tmpprofiles_special_order = []
for nom, desc, profile_obj in tmpprofiles:
if nom == 'empty_profile':
tmpprofiles_special_order.insert(0, (nom, desc, profile_obj))
else:
tmpprofiles_special_order.append((nom, desc, profile_obj))
# And now create the liststore and the internal dict
for nom, desc, profile_obj in tmpprofiles_special_order:
prfid = str(id(profile_obj))
self.profile_instances[prfid] = profile_obj
liststore.append([nom, desc, prfid, 0, nom])
# set this liststore
self.liststore = liststore
self.set_model(liststore)
# select the indicated one
self.selectedProfile = None
if selected is None:
self.set_cursor(0)
self._use_profile()
else:
for i, (nom, desc, prfid, changed, perm) in enumerate(liststore):
the_prof = self.profile_instances[prfid]
if selected == the_prof.get_profile_file() or \
selected == the_prof.get_name():
self.set_cursor(i)
self._use_profile()
break
else:
# In some cases, this function is called in a thread while
# the profile file is being stored to disk. Because of that
# it might happen that the profile "is there" but didn't get
# loaded properly in the first call to load_profiles.
if retry:
self.load_profiles(selected, retry=False)
else:
self.set_cursor(0)
# Now that we've finished loading everything, show the invalid profiles in a nice pop-up window
if invalid_profiles:
message = 'The following profiles are invalid and failed to load:\n'
for i in invalid_profiles:
message += '\n\t- ' + i
message += '\n\nPlease click OK to continue without these profiles.'
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL,
gtk.MESSAGE_WARNING,
gtk.BUTTONS_OK, message)
dlg.run()
dlg.destroy()
def useProfile(self, profile_name, workdir=None):
'''
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise w3afException: if the profile to load has some type of problem.
'''
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
try:
profileInstance = profile(profile_name, workdir)
except w3afException:
# The profile doesn't exist!
raise
else:
# It exists, work with it!
for pluginType in self._w3af_core.plugins.getPluginTypes():
pluginNames = profileInstance.getEnabledPlugins( pluginType )
# Handle errors that might have been triggered from a possibly invalid profile
unknown_plugins = self._w3af_core.plugins.setPlugins( pluginNames, pluginType )
if unknown_plugins:
om.out.error('The profile references the following missing plugins:')
for unknown_plugin_name in unknown_plugins:
om.out.error('- ' + unknown_plugin_name)
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for pluginName in profileInstance.getEnabledPlugins( pluginType ):
pluginOptions = profileInstance.getPluginOptions( pluginType, pluginName )
try:
# FIXME: Does this work with output plugin options?
# What about target, http-settings, etc?
self._w3af_core.plugins.setPluginOptions( pluginType,
pluginName,
pluginOptions )
except Exception, e:
# This is because of an invalid plugin, or something like that...
# Added as a part of the fix of bug #1937272
msg = ('The profile you are trying to load seems to be'
' outdated, one of the enabled plugins has a bug or an'
' plugin option that was valid when you created the '
'profile was now removed from the framework. The plugin'
' that triggered this exception is "%s", and the '
'original exception is: "%s"' % (pluginName, e))
om.out.error(msg)
# Set the target settings of the profile to the core
self._w3af_core.target.setOptions( profileInstance.getTarget() )
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - miscSettings.localAddress
#
profile_misc_settings = profileInstance.getMiscSettings()
if 'localAddress' in profileInstance.getMiscSettings():
profile_misc_settings['localAddress'].setValue(get_local_ip())
misc_settings = miscSettings.miscSettings()
misc_settings.setOptions( profile_misc_settings )
self._w3af_core.uriOpener.settings.setOptions( profileInstance.getHttpSettings() )
def _assert_exists(self, profile_name):
try:
profile(profile_name)
except:
assert False, 'The %s profile does NOT exist!' % profile_name
def _remove_if_exists(self, profile_name):
try:
profile_inst = profile(profile_name)
profile_inst.remove()
except:
pass
def load_profiles(self, selected=None, retry=True):
'''Load the profiles.
:param selected: which profile is already selected.
'''
# create the ListStore, with the info listed below
liststore = gtk.ListStore(str, str, str, int, str)
# we will keep the profile instances here
self.profile_instances = {None: None}
# build the list with the profiles name, description, profile_instance
instance_list, invalid_profiles = self.w3af.profiles.get_profile_list()
tmpprofiles = []
for profile_obj in instance_list:
nom = profile_obj.get_name()
desc = profile_obj.get_desc()
tmpprofiles.append((nom, desc, profile_obj))
# Also add to that list the "selected" profile, that was specified by the user with the
# "-p" parameter when executing w3af
if self._parameter_profile:
try:
profile_obj = profile(self._parameter_profile)
except w3afException:
raise ValueError(
_("The profile %r does not exists!") %
self._parameter_profile)
else:
nom = profile_obj.get_name()
desc = profile_obj.get_desc()
# I don't want to add duplicates, so I perform this test:
add_to_list = True
for nom_tmp, desc_tmp, profile_tmp in tmpprofiles:
if nom_tmp == nom and desc_tmp == desc:
add_to_list = False
break
if add_to_list:
tmpprofiles.append((nom, desc, profile_obj))
# Create the liststore using a specially sorted list, what I basically want is the
# empty profile at the beginning of the list, and the rest sorted in alpha order
tmpprofiles = sorted(tmpprofiles)
tmpprofiles_special_order = []
for nom, desc, profile_obj in tmpprofiles:
if nom == 'empty_profile':
tmpprofiles_special_order.insert(0, (nom, desc, profile_obj))
else:
tmpprofiles_special_order.append((nom, desc, profile_obj))
# And now create the liststore and the internal dict
for nom, desc, profile_obj in tmpprofiles_special_order:
prfid = str(id(profile_obj))
self.profile_instances[prfid] = profile_obj
liststore.append([nom, desc, prfid, 0, nom])
# set this liststore
self.liststore = liststore
self.set_model(liststore)
# select the indicated one
self.selectedProfile = None
if selected is None:
self.set_cursor(0)
self._use_profile()
else:
for i, (nom, desc, prfid, changed, perm) in enumerate(liststore):
the_prof = self.profile_instances[prfid]
if selected == the_prof.get_profile_file() or \
selected == the_prof.get_name():
self.set_cursor(i)
self._use_profile()
break
else:
# In some cases, this function is called in a thread while
# the profile file is being stored to disk. Because of that
# it might happen that the profile "is there" but didn't get
# loaded properly in the first call to load_profiles.
if retry:
self.load_profiles(selected, retry=False)
else:
self.set_cursor(0)
# Now that we've finished loading everything, show the invalid profiles in a nice pop-up window
if invalid_profiles:
message = 'The following profiles are invalid and failed to load:\n'
for i in invalid_profiles:
message += '\n\t- ' + i
message += '\n\nPlease click OK to continue without these profiles.'
dlg = gtk.MessageDialog(None, gtk.DIALOG_MODAL,
gtk.MESSAGE_WARNING, gtk.BUTTONS_OK,
message)
dlg.run()
dlg.destroy()
