def _to_libmproxy_response(self, request, response): """ Convert w3af.core.data.url.HTTPResponse.HTTPResponse to libmproxy.http.HTTPResponse """ charset = response.charset body = smart_str(response.body, charset, errors='ignore') header_items = [] for header_name, header_value in response.headers.items(): header_name = smart_str(header_name, charset, errors='ignore') header_value = smart_str(header_value, charset, errors='ignore') header_items.append((header_name, header_value)) headers = ODictCaseless(header_items) # This is an important step! The ExtendedUrllib will gunzip the body # for us, which is great, but we need to change the content-encoding # for the response in order to match the decoded body and avoid the # HTTP client using the proxy from failing headers['content-encoding'] = ['identity'] return LibMITMProxyHTTPResponse(request.httpversion, response.get_code(), str(response.get_msg()), headers, body)
def multipart_encode(_vars, files, boundary=None, _buffer=None): if boundary is None: # Before: # boundary = mimetools.choose_boundary() # '127.0.0.1.1000.6267.1173556103.828.1' # This contains my IP address, I don't like that... # Now: boundary = get_boundary() if _buffer is None: _buffer = '' for key, value in _vars: _buffer += '--%s\r\n' % boundary _buffer += 'Content-Disposition: form-data; name="%s"' % key _buffer += '\r\n\r\n' + value + '\r\n' for key, fd in files: fd.seek(0) filename = fd.name.split(os.path.sep)[-1] guessed_mime = mimetypes.guess_type(filename)[0] content_type = guessed_mime or 'application/octet-stream' args = (smart_str(key), smart_str(filename)) _buffer += '--%s\r\n' % boundary _buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % args _buffer += 'Content-Type: %s\r\n' % content_type _buffer += '\r\n%s\r\n' % fd.read() _buffer += '--%s--\r\n\r\n' % boundary return boundary, _buffer
def _split_vars_files(data): """ Based on the request it decides if we should send the request as multipart or not. :return: (List with string variables, List with file variables) """ v_vars = [] v_files = [] for token in data.iter_tokens(): pname = token.get_name() value = token.get_value() enc_pname = smart_str(pname, encoding=DEFAULT_ENCODING) if is_file_like(value): if not value.closed: v_files.append((enc_pname, value)) else: v_vars.append((enc_pname, '')) elif hasattr(value, 'isFile'): v_files.append((enc_pname, value)) else: # Ensuring we actually send a string value = smart_str(value, encoding=DEFAULT_ENCODING) v_vars.append((enc_pname, value)) return v_vars, v_files
def get_desc(self, with_id=False): if self.TEMPLATE is None: return self.first_info.get_desc(with_id=with_id) # We render the template using the information set data context = {'urls': [smart_unicode(u) for u in self.get_urls()], 'uris': [smart_unicode(u) for u in self.get_uris()], 'severity': self.get_severity(), 'name': self.get_name(), 'id': self.get_id(), 'method': smart_unicode(self.get_method()), 'plugin': self.get_plugin_name()} context.update(self.first_info.items()) template_str = textwrap.dedent(self.TEMPLATE) template = self.JINJA2_ENV.from_string(template_str) try: rendered_desc = template.render(context) except UnicodeDecodeError: context_pp = pprint.pformat(context, indent=4) msg = ('UnicodeDecodeError found while rendering:\n\n%s\n\n' 'Using the following context:\n\n%r\n\n') om.out.debug(msg % (smart_str(template_str), smart_str(context_pp))) raise return rendered_desc
def get_desc(self, with_id=False): if self.TEMPLATE is None: return self.first_info.get_desc(with_id=with_id) # We render the template using the information set data context = { 'urls': [smart_unicode(u) for u in self.get_urls()], 'uris': [smart_unicode(u) for u in self.get_uris()], 'severity': self.get_severity(), 'name': self.get_name(), 'id': self.get_id(), 'method': smart_unicode(self.get_method()), 'plugin': self.get_plugin_name() } context.update(self.first_info.items()) template_str = textwrap.dedent(self.TEMPLATE) template = self.JINJA2_ENV.from_string(template_str) try: rendered_desc = template.render(context) except UnicodeDecodeError: context_pp = pprint.pformat(context, indent=4) msg = ('UnicodeDecodeError found while rendering:\n\n%s\n\n' 'Using the following context:\n\n%r\n\n') om.out.debug(msg % (smart_str(template_str), smart_str(context_pp))) raise return rendered_desc
def multipart_encode(_vars, files, boundary=None, _buffer=None): if boundary is None: boundary = get_boundary() if _buffer is None: _buffer = '' for key, value in _vars: _buffer += '--%s\r\n' % boundary _buffer += 'Content-Disposition: form-data; name="%s"' % key _buffer += '\r\n\r\n' + value + '\r\n' for key, fd in files: fd.seek(0) filename = fd.name.split(os.path.sep)[-1] guessed_mime = mimetypes.guess_type(filename)[0] content_type = guessed_mime or 'application/octet-stream' args = (smart_str(key), smart_str(filename)) _buffer += '--%s\r\n' % boundary _buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % args _buffer += 'Content-Type: %s\r\n' % content_type _buffer += '\r\n%s\r\n' % fd.read() _buffer += '--%s--\r\n\r\n' % boundary return boundary, _buffer
def test_get_path_qs_string(self): u = URL('https://domain/konto/insättning?amount=1&method=abc') self.assertEqual(smart_str(u.get_path_qs()), '/konto/insättning?amount=1&method=abc') u = URL('https://domain/konto/insättning;x=1?amount=1&method=abc') self.assertEqual(smart_str(u.get_path_qs()), '/konto/insättning;x=1?amount=1&method=abc') u = URL('https://domain/konto/insättning;insättning=1?amount=1&method=abc') self.assertEqual(smart_str(u.get_path_qs()), '/konto/insättning;insättning=1?amount=1&method=abc')
def __str__(self): """ :return: A string representation of self """ urlstr = smart_str(self.url_string, self._encoding, errors=PERCENT_ENCODE) return urlstr.replace(' ', '%20')
def __str__(self): """ :return: A string representation of myself """ urlstr = smart_str( self.url_string, self._encoding, errors=PERCENT_ENCODE ) return urlstr.replace(' ', '%20')
def _to_libmproxy_response(self, request, response): """ Convert w3af.core.data.url.HTTPResponse.HTTPResponse to libmproxy.http.HTTPResponse """ charset = response.charset body = smart_str(response.body, charset, errors='ignore') header_items = [] for header_name, header_value in response.headers.items(): header_name = smart_str(header_name, charset, errors='ignore') header_value = smart_str(header_value, charset, errors='ignore') header_items.append((header_name, header_value)) headers = ODictCaseless(header_items) return LibMITMProxyHTTPResponse(request.httpversion, response.get_code(), str(response.get_msg()), headers, body)
def xml_str(s): """ Avoid encoding errors while generating objects' utf8 byte-string representations. Should fix issues similar to: https://github.com/andresriancho/w3af/issues/12924 :param s: The input string/unicode :return: A string ready to be sent to the XML file """ encoded_str = smart_str(s, encoding='utf8', errors='xmlcharrefreplace') encoded_str = re.sub(INVALID_XML, '?', encoded_str) return encoded_str
def _handle_first_level(self, data): """ If data.location_a is not already in the treestore, add it. If data.location_a is in the treestore, make sure we paint it the right color based on data.color_level Update the child count, keep in mind that the child count for this level is increased only when a new data.location_b is added. :param data: The data for the new item to add. """ contains_location_a = [r for r in self.treestore if r[1] == data.location_a] if not contains_location_a: # Add the new data to the treestore child_count = '( 1 )' color = helpers.KB_COLORS[data.color_level] location_a = smart_str(data.location_a, errors='ignore') store_iter = self.treestore.append(None, [None, location_a, 0, None, 0, color, child_count]) else: # There's already data in location_a, might need to update the # child count assert len(contains_location_a), 1 location_a_row = contains_location_a[0] location_a_b_iter = location_a_row.iterchildren() stored_locations_b = [r[1] for r in location_a_b_iter] store_iter = location_a_row.iter if data.location_b not in stored_locations_b: # Update the child count child_count = '( %s )' % (len(stored_locations_b) + 1) self.treestore[store_iter][6] = child_count # Make sure we paint it the right color, if it was originally of color # X and then we add a vulnerability that has a higher color level then # we need to "upgrade" the color if data.color_level > self.treestore[store_iter][4]: color = helpers.KB_COLORS[data.color_level] self.treestore[store_iter][5] = color
def xml_str(s, replace_invalid=True): """ Avoid encoding errors while generating objects' utf8 byte-string representations. Should fix issues similar to: https://github.com/andresriancho/w3af/issues/12924 :param s: The input string/unicode :param replace_invalid: If there are invalid XML chars, replace them. :return: A string ready to be sent to the XML file """ encoded_str = smart_str(s, encoding='utf8', errors='xmlcharrefreplace') if replace_invalid: encoded_str = INVALID_XML.sub('?', encoded_str) return encoded_str
def __str__(self): return smart_str(self._value, errors='ignore')
def get_template_with_payload(extension, payload): success, file_content, file_name = get_file_from_template(extension) # TODO: Add support for file types which have some type of CRC file_content = file_content.replace('A' * 239, smart_str(payload)) return success, file_content, file_name