def _login(self, function_id):
"""
This is the method that actually calls the plugins in order to login
to the web application.
"""
for plugin in self._consumer_plugins:
debugging_id = rand_alnum(8)
args = (plugin.get_name(), plugin.get_name(), debugging_id)
msg = 'auth consumer is calling %s.has_active_session() and %s.login() (did:%s)'
om.out.debug(msg % args)
took_line = TookLine(self._w3af_core,
'auth',
'_login',
debugging_id=debugging_id)
try:
if not plugin.has_active_session(debugging_id=debugging_id):
plugin.login(debugging_id=debugging_id)
except Exception as e:
self.handle_exception('auth', plugin.get_name(), None, e)
took_line.send()
def test_took_simple(self):
w3af_core = w3afCore()
took_line = TookLine(w3af_core,
'plugin_name',
'method_name',
debugging_id='ML7aEYsa',
method_params={'test': 'yes'})
with patch('w3af.core.controllers.profiling.took_helper.om.out') as om_mock:
took_line.send()
self.assertEqual(om_mock.debug.call_count, 1)
sent_message = om_mock.debug.call_args[0][0]
self.assertRegexpMatches(sent_message,
'plugin_name.method_name\(test="yes",did="ML7aEYsa"\)'
' took .*? seconds to run \(.*? seconds / .*?% consuming CPU cycles\)')
def _login(self, function_id):
"""
This is the method that actually calls the plugins in order to login
to the web application.
"""
for plugin in self._consumer_plugins:
args = (plugin.get_name(), plugin.get_name())
om.out.debug('%s.is_logged() and %s.login()' % args)
took_line = TookLine(self._w3af_core, plugin.get_name(), '_login')
try:
if not plugin.is_logged():
plugin.login()
except Exception, e:
self.handle_exception('auth', plugin.get_name(), None, e)
took_line.send()
def _bruteforce(self, function_id, plugin, fuzzable_request):
"""
Since threadpool's apply_async runs the callback only when the call to
this method ends without any exceptions, it is *very important* to
handle exceptions correctly here. Failure to do so will end up in
_task_done not called, which will make has_pending_work always return
True.
Python 3 has an error_callback in the apply_async method, which we could
use in the future.
:param fuzzable_request: The fuzzable request that (if suitable) will be
bruteforced by @plugin.
:return: A list of the URL's that have been successfully bruteforced
"""
res = set()
# Logging
args = (plugin.get_name(), fuzzable_request.get_uri())
om.out.debug('%s.bruteforce(%s)' % args)
took_line = TookLine(self._w3af_core,
plugin.get_name(),
'bruteforce',
method_params={'uri': fuzzable_request.get_uri()})
# Status
self._w3af_core.status.set_running_plugin('bruteforce',
plugin.get_name())
self._w3af_core.status.set_current_fuzzable_request(
'bruteforce', fuzzable_request)
# TODO: Report progress to the core.
try:
new_frs = plugin.bruteforce_wrapper(fuzzable_request)
except Exception as e:
self.handle_exception('bruteforce', plugin.get_name(),
fuzzable_request, e)
else:
res.update(new_frs)
took_line.send()
return res
def _login(self, function_id):
"""
This is the method that actually calls the plugins in order to login
to the web application.
"""
for plugin in self._consumer_plugins:
args = (plugin.get_name(), plugin.get_name())
om.out.debug('%s.is_logged() and %s.login()' % args)
took_line = TookLine(self._w3af_core,
plugin.get_name(),
'_login')
try:
if not plugin.is_logged():
plugin.login()
except Exception, e:
self.handle_exception('auth', plugin.get_name(), None, e)
took_line.send()
def _inner_consume(self, request, response):
"""
Run one plugin against a request/response.
:param request: The HTTP request
:param response: The HTTP response
:return: None, results are saved to KB
"""
for plugin in self._consumer_plugins:
took_line = TookLine(self._w3af_core,
plugin.get_name(),
'grep',
debugging_id=None,
method_params={'uri': request.get_uri()})
try:
plugin.grep_wrapper(request, response)
except Exception, e:
self.handle_exception('grep', plugin.get_name(), request, e)
else:
took_line.send()