def setUp(self):
super(TestHTMLRendering, self).setUp()
self.plugin = self.w3afcore.plugins.get_plugin_inst('output',
'html_file')
HistoryItem().init()
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
url = URL('http://w3af.com/foo.py')
request = HTTPRequest(url, data='text=xss')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>empty</html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(4)
h1.response = res
h1.save()
def setUp(self):
super(TestHTMLRendering, self).setUp()
self.plugin = self.w3afcore.plugins.get_plugin_inst(
'output', 'html_file')
HistoryItem().init()
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
url = URL('http://w3af.com/foo.py')
request = HTTPRequest(url, data='text=xss')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>empty</html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(4)
h1.response = res
h1.save()
def test_find(self):
find_id = random.randint(1, 499)
url = URL('http://w3af.org/a/b/foobar.php?foo=123')
tag_value = rand_alnum(10)
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
code = 200
if i == find_id:
code = 302
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(code, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == find_id:
h1.toggle_mark()
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
self.assertEqual(
len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
self.assertEqual(
len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
results = h2.find(
[('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
self.assertEqual(results[0].id, 499)
search_data = []
search_data.append(('id', find_id + 1, "<"))
search_data.append(('id', find_id - 1, ">"))
self.assertEqual(len(h2.find(search_data)), 1)
def test_find(self):
find_id = random.randint(1, 499)
url = URL('http://w3af.org/a/b/foobar.php?foo=123')
tag_value = rand_alnum(10)
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
code = 200
if i == find_id:
code = 302
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(code, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == find_id:
h1.toggle_mark()
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
self.assertEqual(
len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
self.assertEqual(
len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
results = h2.find(
[('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
self.assertEqual(results[0].id, 499)
search_data = []
search_data.append(('id', find_id + 1, "<"))
search_data.append(('id', find_id - 1, ">"))
self.assertEqual(len(h2.find(search_data)), 1)
def test_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
table_name = h1.get_table_name()
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
clear_result = h1.clear()
self.assertTrue(clear_result)
self.assertFalse(os.path.exists(h1._session_dir),
'%s exists.' % h1._session_dir)
# Changed the meaning of clear a little bit... now it simply removes
# all rows from the table, not the table itself
self.assertTrue(db.table_exists(table_name))
def test_render_attr_with_special_chars(self):
_id = 2
name = 'A long description with special characters: <&">'
vuln = MockVuln(_id=_id)
vuln.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn(name, xml)
self.assertIn('A long description with special characters: <&">', xml)
self.assertValidXML(xml)
def test_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
table_name = h1.get_table_name()
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
clear_result = h1.clear()
self.assertTrue(clear_result)
self.assertFalse(os.path.exists(h1._session_dir),
'%s exists.' % h1._session_dir)
# Changed the meaning of clear a little bit... now it simply removes
# all rows from the table, not the table itself
self.assertTrue(db.table_exists(table_name))
def test_render_with_special_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' characters such as <, & and > which MUST be encoded'
' by jinja2.')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('such as <, & and > which MUST', xml)
self.assertIn('such as <, & and > which MUST', xml)
self.assertValidXML(xml)
def test_render_attr_with_special_chars(self):
_id = 2
name = 'A long description with special characters: <&">'
vuln = MockVuln(_id=_id)
vuln.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn(name, xml)
self.assertIn(
'A long description with special characters: <&">',
xml)
self.assertValidXML(xml)
def test_render_with_unicode_control_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' unicode control characters such as \f and \x09')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('unicode control characters such as \f and \x09', xml)
self.assertIn('unicode control characters such as <character code="000c"/> and <character code="0009"/>', xml)
self.assertValidXML(xml)
def test_render_with_special_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' characters such as <, & and > which MUST be encoded'
' by jinja2.')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('such as <, & and > which MUST', xml)
self.assertIn('such as <, & and > which MUST', xml)
self.assertValidXML(xml)
def test_render_with_unicode_control_chars(self):
_id = 2
desc = ('This is a long description that contains some special'
' unicode control characters such as \f and \x09')
vuln = MockVuln(_id=_id)
vuln.set_desc(desc)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
self.assertNotIn('unicode control characters such as \f and \x09', xml)
self.assertIn(
'unicode control characters such as <character code="000c"/> and <character code="0009"/>',
xml)
self.assertValidXML(xml)
def test_render_url_special_chars(self):
self.maxDiff = None
_id = 2
vuln = MockVuln(_id=_id)
url = URL(
u'https://w3af.com/._basebind/node_modules/lodash._basecreate/'
u'LICENSE.txt\x00=ڞ')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
vuln.set_uri(url)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
expected = (
u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt<character code="0000"/>=\u069e" var="None">\n'
u' <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
u' <http-transactions>\n'
u' <http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST https://w3af.com/._basebind/node_modules/lodash._basecreate/LICENSE.txt%00=%DA%9E HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n'
u'</http-transaction>\n'
u' </http-transactions>\n'
u'</vulnerability>')
self.assertEqual(xml, expected)
self.assertValidXML(xml)
def test_cache(self):
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
_id = 2
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
self.assertIsNone(http_transaction.get_node_from_cache())
# Writes to cache
xml = http_transaction.to_string()
expected = (
u'<http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n</http-transaction>')
self.assertEqual(expected, xml)
# Yup, we're cached
self.assertIsNotNone(http_transaction.get_node_from_cache())
# Make sure they are all the same
cached_xml = http_transaction.get_node_from_cache()
self.assertEqual(cached_xml, expected)
xml = http_transaction.to_string()
self.assertEqual(expected, xml)
def test_cache(self):
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
_id = 2
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
self.assertIsNone(http_transaction.get_node_from_cache())
# Writes to cache
xml = http_transaction.to_string()
expected = (u'<http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n</http-transaction>')
self.assertEqual(expected, xml)
# Yup, we're cached
self.assertIsNotNone(http_transaction.get_node_from_cache())
# Make sure they are all the same
cached_xml = http_transaction.get_node_from_cache()
self.assertEqual(cached_xml, expected)
xml = http_transaction.to_string()
self.assertEqual(expected, xml)
def test_clear_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
h1.clear()
h1.clear()
def test_clear_clear(self):
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(1)
h1.response = res
h1.save()
h1.clear()
h1.clear()
def test_render_simple(self):
_id = 2
vuln = MockVuln(_id=_id)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
expected = (
u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
u' <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
u' <http-transactions>\n'
u' <http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n'
u'</http-transaction>\n'
u' </http-transactions>\n'
u'</vulnerability>')
self.assertEqual(xml, expected)
self.assertValidXML(xml)
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# Write the HTTP request / response to the DB
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
# Create one vulnerability in the KB pointing to the request-
# response we just created
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
kb.kb.append('sqli', 'sqli', v)
self.assertEqual(len(kb.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
plugin_instance.set_w3af_core(self.w3af_core)
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = get_vulns_from_xml(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def test_save_load(self):
i = random.randint(1, 499)
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(i)
self.assertEqual(h1.request, h2.request)
self.assertEqual(h1.response.body, h2.response.body)
def test_save_load(self):
i = random.randint(1, 499)
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(i)
self.assertEqual(h1.request, h2.request)
self.assertEqual(h1.response.body, h2.response.body)
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# Write the HTTP request / response to the DB
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
# Create one vulnerability in the KB pointing to the request-
# response we just created
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
kb.kb.append('sqli', 'sqli', v)
self.assertEqual(len(kb.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = get_vulns_from_xml(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def test_render_simple(self):
_id = 2
vuln = MockVuln(_id=_id)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
finding = Finding(x._get_jinja2_env(), vuln)
xml = finding.to_string()
expected = (u'<vulnerability id="[2]" method="GET" name="TestCase" plugin="plugin_name" severity="High" url="None" var="None">\n'
u' <description>Foo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggsFoo bar spam eggs</description>\n\n\n'
u' <http-transactions>\n'
u' <http-transaction id="2">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n'
u'</http-transaction>\n'
u' </http-transactions>\n'
u'</vulnerability>')
self.assertEqual(xml, expected)
self.assertValidXML(xml)
def test_save_load_unicode_decode_error(self):
url = URL('http://w3af.com/a/b/é.php?x=á')
request = HTTPRequest(url, data='a=1')
headers = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', headers, url, url)
res.set_id(1)
h1 = HistoryItem()
h1.request = request
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(1)
self.assertEqual(h1.request, h2.request)
self.assertEqual(h1.response.body, h2.response.body)
self.assertEqual(h1.request.url_object, h2.request.url_object)
def test_save_load_unicode_decode_error(self):
url = URL('http://w3af.com/a/b/é.php?x=á')
request = HTTPRequest(url, data='a=1')
headers = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', headers, url, url)
res.set_id(1)
h1 = HistoryItem()
h1.request = request
h1.response = res
h1.save()
h2 = HistoryItem()
h2.load(1)
self.assertEqual(h1.request.to_dict(), h2.request.to_dict())
self.assertEqual(h1.response.body, h2.response.body)
self.assertEqual(h1.request.url_object, h2.request.url_object)
def test_tag(self):
tag_id = random.randint(501, 999)
tag_value = rand_alnum(10)
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(501, 1000):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == tag_id:
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
h2.load(tag_id)
self.assertEqual(h2.tag, tag_value)
def test_tag(self):
tag_id = random.randint(501, 999)
tag_value = rand_alnum(10)
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(501, 1000):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == tag_id:
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
h2.load(tag_id)
self.assertEqual(h2.tag, tag_value)
def test_save_load_compressed(self):
force_compression_count = HistoryItem._UNCOMPRESSED_FILES + HistoryItem._COMPRESSED_FILE_BATCH
force_compression_count += 150
url = URL('http://w3af.com/a/b/c.php')
headers = Headers([('Content-Type', 'text/html')])
body = '<html>' + LOREM * 20
for i in xrange(1, force_compression_count):
request = HTTPRequest(url, data='a=%s' % i)
response = HTTPResponse(200, body, headers, url, url)
response.set_id(i)
h = HistoryItem()
h.request = request
h.response = response
h.save()
compressed_file = os.path.join(h.get_session_dir(), '1-150.zip')
self.assertTrue(os.path.exists(compressed_file))
compressed_file_temp = os.path.join(h.get_session_dir(),
'1-150.zip.tmp')
self.assertFalse(os.path.exists(compressed_file_temp))
expected_files = [
'%s.trace' % i
for i in range(1, HistoryItem._COMPRESSED_FILE_BATCH + 1)
]
_zip = zipfile.ZipFile(compressed_file, mode='r')
self.assertEqual(_zip.namelist(), expected_files)
for i in xrange(1, 100):
h = HistoryItem()
h.load(i)
self.assertEqual(h.request.get_uri(), url)
self.assertEqual(h.response.get_headers(), headers)
self.assertEqual(h.response.get_body(), body)
def test_delete(self):
i = random.randint(1, 499)
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
res.set_id(i)
h1 = HistoryItem()
h1.request = request
h1.response = res
h1.save()
fname = h1._get_trace_filename_for_id(i)
self.assertTrue(os.path.exists(fname))
h1.delete(i)
self.assertRaises(DBException, h1.read, i)
self.assertFalse(os.path.exists(fname))
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise ScanMustStopException(msg)
def test_delete(self):
i = random.randint(1, 499)
url = URL('http://w3af.com/a/b/c.php')
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
res.set_id(i)
h1 = HistoryItem()
h1.request = request
h1.response = res
h1.save()
fname = h1._get_fname_for_id(i)
self.assertTrue(os.path.exists(fname))
h1.delete(i)
self.assertRaises(DBException, h1.read, i)
self.assertFalse(os.path.exists(fname))
def store_in_cache(request, response):
# Create the http response object
resp = HTTPResponse.from_httplib_resp(response,
original_url=request.url_object)
resp.set_id(response.id)
resp.set_alias(gen_hash(request))
hi = HistoryItem()
hi.request = request
hi.response = resp
# Now save them
try:
hi.save()
except sqlite3.Error, e:
msg = 'A sqlite3 error was raised: "%s".' % e
if 'disk' in str(e).lower():
msg += ' Please check if your disk is full.'
raise ScanMustStopException(msg)
def test_render_simple(self):
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
xml = http_transaction.to_string()
expected = (
u'<http-transaction id="1">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n</http-transaction>')
self.assertEqual(expected, xml)
self.assertValidXML(xml)
def test_render_simple(self):
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
x = xml_file()
http_transaction = HTTPTransaction(x._get_jinja2_env(), _id)
xml = http_transaction.to_string()
expected = (u'<http-transaction id="1">\n\n'
u' <http-request>\n'
u' <status>POST http://w3af.com/a/b/c.php HTTP/1.1</status>\n'
u' <headers>\n'
u' <header field="User-agent" content="w3af" />\n'
u' </headers>\n'
u' <body content-encoding="base64">YT0x\n</body>\n'
u' </http-request>\n\n'
u' <http-response>\n'
u' <status>HTTP/1.1 200 OK</status>\n'
u' <headers>\n'
u' <header field="Content-Type" content="text/html" />\n'
u' </headers>\n'
u' <body content-encoding="base64">PGh0bWw+\n</body>\n'
u' </http-response>\n\n</http-transaction>')
self.assertEqual(expected, xml)
self.assertValidXML(xml)
def test_mark(self):
mark_id = 3
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == mark_id:
h1.toggle_mark()
h1.save()
h2 = HistoryItem()
h2.load(mark_id)
self.assertTrue(h2.mark)
h3 = HistoryItem()
h3.load(mark_id-1)
self.assertFalse(h3.mark)
def test_mark(self):
mark_id = 3
url = URL('http://w3af.org/a/b/c.php')
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == mark_id:
h1.toggle_mark()
h1.save()
h2 = HistoryItem()
h2.load(mark_id)
self.assertTrue(h2.mark)
h3 = HistoryItem()
h3.load(mark_id - 1)
self.assertFalse(h3.mark)
def test_cache_works_as_expected(self):
#
# Cache starts empty
#
cache = FindingsCache()
self.assertEquals(cache.list(), [])
#
# Create two vulnerabilities with their HTTP requests and responses
#
_id = 1
name = 'I have a name'
vuln1 = MockVuln(_id=_id)
vuln1.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
_id = 2
name = 'Just a name'
vuln2 = MockVuln(_id=_id)
vuln2.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h2 = HistoryItem()
h2.request = request
res.set_id(_id)
h2.response = res
h2.save()
#
# Save one vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'b', vuln1)
x = xml_file()
list(x.findings())
self.assertEquals(cache.list(), [vuln1.get_uniq_id()])
#
# Save another vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'c', vuln2)
list(x.findings())
expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
#
# Remove one vulnerability and see how it is removed from the cache
#
kb.kb.raw_write('a', 'c', 'noop')
list(x.findings())
expected = {vuln1.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
def test_cache_works_as_expected(self):
#
# Cache starts empty
#
cache = FindingsCache()
self.assertEquals(cache.list(), [])
#
# Create two vulnerabilities with their HTTP requests and responses
#
_id = 1
name = 'I have a name'
vuln1 = MockVuln(_id=_id)
vuln1.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
_id = 2
name = 'Just a name'
vuln2 = MockVuln(_id=_id)
vuln2.set_name(name)
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>', hdr, url, url)
h2 = HistoryItem()
h2.request = request
res.set_id(_id)
h2.response = res
h2.save()
#
# Save one vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'b', vuln1)
x = xml_file()
list(x.findings())
self.assertEquals(cache.list(), [vuln1.get_uniq_id()])
#
# Save another vulnerability to the KB and call the cache-user
#
kb.kb.append('a', 'c', vuln2)
list(x.findings())
expected = {vuln1.get_uniq_id(), vuln2.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)
#
# Remove one vulnerability and see how it is removed from the cache
#
kb.kb.raw_write('a', 'c', 'noop')
list(x.findings())
expected = {vuln1.get_uniq_id()}
self.assertEquals(set(cache.list()), expected)