def test_add_QsRequest(self):
ds = DiskSet()
uri = URL('http://w3af.org/?id=2')
hdr = Headers([('Referer', 'http://w3af.org/')])
qsr1 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=3')
qsr2 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=7')
qsr3 = FuzzableRequest(uri, method='FOO', headers=hdr)
ds.add(qsr1)
ds.add(qsr2)
ds.add(qsr2)
ds.add(qsr1)
self.assertEqual(ds[0], qsr1)
self.assertEqual(ds[1], qsr2)
self.assertFalse(qsr3 in ds)
self.assertTrue(qsr2 in ds)
self.assertEqual(len(ds), 2)
# This forces an internal change in the URL object
qsr2.get_url().url_string
self.assertIn(qsr2, ds)
def test_add_QsRequest(self):
ds = DiskSet()
uri = URL('http://w3af.org/?id=2')
hdr = Headers([('Referer', 'http://w3af.org/')])
qsr1 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=3')
qsr2 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=7')
qsr3 = FuzzableRequest(uri, method='FOO', headers=hdr)
ds.add(qsr1)
ds.add(qsr2)
ds.add(qsr2)
ds.add(qsr1)
self.assertEqual(ds[0], qsr1)
self.assertEqual(ds[1], qsr2)
self.assertFalse(qsr3 in ds)
self.assertTrue(qsr2 in ds)
self.assertEqual(len(ds), 2)
# This forces an internal change in the URL object
qsr2.get_url().url_string
self.assertIn(qsr2, ds)
def test_audit_plugin_timeout_threads(self):
"""
I want to make sure that when stopit kills the real audit function,
the threads which are called from it won't do anything strange.
The plan is to scan something large with httpretty, with delays in the
HTTP responses to simulate a slow network and a low PLUGIN_TIMEOUT to
make the test quicker.
"""
plugin_inst = self.w3afcore.plugins.get_plugin_inst('audit', 'sqli')
url = URL(self.target_url)
freq = FuzzableRequest(url)
orig_response = plugin_inst.get_original_response(freq)
mod = 'w3af.core.controllers.plugins.audit_plugin.%s'
with patch(mod % 'om.out') as om_mock,\
patch(mod % 'AuditPlugin.PLUGIN_TIMEOUT', new_callable=PropertyMock) as timeout_mock:
timeout_mock.return_value = 2
plugin_inst.audit_with_copy(freq, orig_response)
msg = '[timeout] The "%s" plugin took more than %s seconds to'\
' complete the analysis of "%s", killing it!'
error = msg % (plugin_inst.get_name(), plugin_inst.PLUGIN_TIMEOUT,
freq.get_url())
self.assertIn(call.debug(error), om_mock.mock_calls)
def test_audit_plugin_timeout_threads(self):
"""
I want to make sure that when stopit kills the real audit function,
the threads which are called from it won't do anything strange.
The plan is to scan something large with httpretty, with delays in the
HTTP responses to simulate a slow network and a low PLUGIN_TIMEOUT to
make the test quicker.
"""
plugin_inst = self.w3afcore.plugins.get_plugin_inst('audit', 'sqli')
url = URL(self.target_url)
freq = FuzzableRequest(url)
orig_response = plugin_inst.get_original_response(freq)
mod = 'w3af.core.controllers.plugins.audit_plugin.%s'
with patch(mod % 'om.out') as om_mock,\
patch(mod % 'AuditPlugin.PLUGIN_TIMEOUT', new_callable=PropertyMock) as timeout_mock:
timeout_mock.return_value = 2
plugin_inst.audit_with_copy(freq, orig_response)
msg = '[timeout] The "%s" plugin took more than %s seconds to'\
' complete the analysis of "%s", killing it!'
error = msg % (plugin_inst.get_name(),
plugin_inst.PLUGIN_TIMEOUT,
freq.get_url())
self.assertIn(call.debug(error), om_mock.mock_calls)
def test_audit_plugin_timeout(self):
plugin_inst = self.w3af.plugins.get_plugin_inst('audit', 'sqli')
url = URL(get_moth_http('/'))
freq = FuzzableRequest(url)
def delay(x, y):
"""
According to the stopit docs it can't kill a thread running an
atomic python function such as time.sleep() , so I have to create
a function like this. I don't mind, since it's realistic with what
we do in w3af anyways.
"""
total_delay = 3.0
for _ in xrange(100):
time.sleep(total_delay/100)
plugin_inst.audit = delay
mod = 'w3af.core.controllers.plugins.audit_plugin.%s'
mock_plugin_timeout = 2
msg = '[timeout] The "%s" plugin took more than %s seconds to'\
' complete the analysis of "%s", killing it!'
error = msg % (plugin_inst.get_name(),
mock_plugin_timeout,
freq.get_url())
with patch(mod % 'om.out') as om_mock,\
patch(mod % 'AuditPlugin.PLUGIN_TIMEOUT', new_callable=PropertyMock) as timeout_mock:
timeout_mock.return_value = mock_plugin_timeout
plugin_inst.audit_with_copy(freq, None)
self.assertIn(call.debug(error), om_mock.mock_calls)
# Just to make sure we didn't affect the class attribute with our test
self.assertEqual(plugin_inst.PLUGIN_TIMEOUT, 5 * 60)
def test_audit_plugin_timeout(self):
plugin_inst = self.w3af.plugins.get_plugin_inst('audit', 'sqli')
url = URL(get_moth_http('/'))
freq = FuzzableRequest(url)
def delay(x, y):
"""
According to the stopit docs it can't kill a thread running an
atomic python function such as time.sleep() , so I have to create
a function like this. I don't mind, since it's realistic with what
we do in w3af anyways.
"""
total_delay = 3.0
for _ in xrange(100):
time.sleep(total_delay / 100)
plugin_inst.audit = delay
mod = 'w3af.core.controllers.plugins.audit_plugin.%s'
mock_plugin_timeout = 2
msg = '[timeout] The "%s" plugin took more than %s seconds to'\
' complete the analysis of "%s", killing it!'
error = msg % (plugin_inst.get_name(), mock_plugin_timeout,
freq.get_url())
with patch(mod % 'om.out') as om_mock,\
patch(mod % 'AuditPlugin.PLUGIN_TIMEOUT', new_callable=PropertyMock) as timeout_mock:
timeout_mock.return_value = mock_plugin_timeout
plugin_inst.audit_with_copy(freq, None)
self.assertIn(call.debug(error), om_mock.mock_calls)
# Just to make sure we didn't affect the class attribute with our test
self.assertEqual(plugin_inst.PLUGIN_TIMEOUT, 5 * 60)
def test_set_url(self):
self.assertRaises(TypeError, FuzzableRequest, 'http://www.google.com/')
url = URL('http://www.google.com/')
r = FuzzableRequest(url)
self.assertEqual(r.get_url(), url)
def test_set_url(self):
self.assertRaises(TypeError, FuzzableRequest, 'http://www.google.com/')
url = URL('http://www.google.com/')
r = FuzzableRequest(url)
self.assertEqual(r.get_url(), url)
