def test_help_contents(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help(None)
self.assertNotIn('execute', _help)
self.assertNotIn('upload', _help)
self.assertIn('read', _help)
def test_help_contents(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help(None)
self.assertNotIn('execute', _help)
self.assertNotIn('upload', _help)
self.assertIn('read', _help)
def test_help_contents_specific(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help('read')
self.assertIn('read', _help)
self.assertIn('/etc/passwd', _help)
def test_help_format(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help(None)
self.assertFalse(_help.startswith(' '))
self.assertIn(' help', _help)
# Note that I add an extra space
self.assertNotIn(' help', _help)
def test_help_format(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help(None)
self.assertFalse(_help.startswith(' '))
self.assertIn(' help', _help)
# Note that I add an extra space
self.assertNotIn(' help', _help)
def specific_user_input(self, command, params, return_err=True):
# Call the parent in order to get read/download without duplicating
# any code.
#
# Not using super() due to some issues I've found in real life
# https://github.com/andresriancho/w3af/issues/3610
#
# Documented here:
# http://goo.gl/jhRznU
# http://thomas-cokelaer.info/blog/2011/09/382/
resp = ReadShell.specific_user_input(self,
command,
params,
return_err=False)
if resp is not None:
return resp
# SQLMap specific code starts
params = tuple(params)
functor = None
if command in self.ALIAS:
functor = getattr(self.sqlmap, command)
if command == 'sqlmap':
functor = self.sqlmap.direct
if functor is not None:
# TODO: I run this in a different thread in order to be able to
# (in the future) handle stdin and all other UI inputs.
sqlmap_thread = RunFunctor(functor, params)
sqlmap_thread.start()
sqlmap_thread.join()
# Returning this empty string makes the console avoid printing
# a message that says that the command was not found
return ''
return
def specific_user_input(self, command, params, return_err=True):
# Call the parent in order to get read/download without duplicating
# any code.
#
# Not using super() due to some issues I've found in real life
# https://github.com/andresriancho/w3af/issues/3610
#
# Documented here:
# http://goo.gl/jhRznU
# http://thomas-cokelaer.info/blog/2011/09/382/
resp = ReadShell.specific_user_input(self, command, params,
return_err=False)
if resp is not None:
return resp
# SQLMap specific code starts
params = tuple(params)
functor = None
if command in self.ALIAS:
functor = getattr(self.sqlmap, command)
if command == 'sqlmap':
functor = self.sqlmap.direct
if functor is not None:
# TODO: I run this in a different thread in order to be able to
# (in the future) handle stdin and all other UI inputs.
sqlmap_thread = RunFunctor(functor, params)
sqlmap_thread.start()
sqlmap_thread.join()
# Returning this empty string makes the console avoid printing
# a message that says that the command was not found
return ''
return
def test_help_contents_specific(self):
shell = ReadShell(MockVuln(), None, None)
_help = shell.help('read')
self.assertIn('read', _help)
self.assertIn('/etc/passwd', _help)