def _has_no_bug(self, fuzz_req, varname='', pname='', kb_varname=''): """ Test if the current combination of `fuzz_req`, `varname` hasn't already been reported to the knowledge base. :param fuzz_req: A FuzzableRequest like object. :param varname: Typically the name of the injection parameter. :param pname: The name of the plugin that presumably reported the vulnerability. Defaults to self.name. :param kb_varname: The name of the variable in the kb, where the vulnerability was saved. Defaults to self.name. """ with self._plugin_lock: if not varname: if hasattr(fuzz_req, 'get_var'): varname = fuzz_req.get_var() else: raise ValueError("Invalid arg 'varname': %s" % varname) pname = pname or self.get_name() kb_varname = kb_varname or pname vulns = kb.kb.get(pname, kb_varname) for vuln in vulns: if vuln.get_var() == varname and\ fuzz_req.get_dc().keys() == vuln.get_dc().keys() and\ are_variants(vuln.get_uri(), fuzz_req.get_uri()): return False return True
def _has_no_bug(self, mutant, varname='', pname='', kb_varname=''): """ Test if the current combination of `fuzz_req`, `varname` hasn't already been reported to the knowledge base. :param mutant: A Mutant sub-class. :param varname: Typically the name of the injection parameter. :param pname: The name of the plugin that presumably reported the vulnerability. Defaults to self.name. :param kb_varname: The name of the variable in the kb, where the vulnerability was saved. Defaults to self.name. """ with self._plugin_lock: pname = pname or self.get_name() kb_varname = kb_varname or pname if not varname: varname = mutant.get_token_name() vulns = kb.kb.get(pname, kb_varname) for vuln in vulns: if vuln.get_token_name() == varname and\ mutant.get_dc().keys() == vuln.get_dc().keys() and\ are_variants(vuln.get_uri(), mutant.get_uri()): return False return True
def test_same_param_diff_value_type(self): self.assertFalse( are_variants(URL('http://w3af.com/foo.php?id=1111'), URL('http://w3af.com/foo.php?id=spam')))
def test_same_params_diff_values(self): self.assertTrue( are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'), URL('http://w3af.com/foo.php?id=333&foo=spam')))
def test_diff_domain_params(self): self.assertFalse( are_variants(URL('http://w3af.com/foo.php?id=1&foo=bar'), URL('http://w3af.org/foo.php?id=1')))
def test_diff_domain(self): self.assertFalse( are_variants(URL('http://w3af.com/foo.php?id=1'), URL('http://bonsai-sec.com/foo.php?id=1')))
def test_diff_file_param(self): self.assertFalse( are_variants(URL('http://w3af.com/bar.php?id=1'), URL('http://w3af.com/foo.php?foo=1')))
def test_diff_params(self): self.assertFalse( are_variants(URL('http://w3af.com/foo.php?x=1'), URL('http://w3af.com/foo.php?y=1')))
def test_eq(self): self.assertTrue( are_variants(URL('http://w3af.com/foo.php'), URL('http://w3af.com/foo.php')))
def test_same_param_diff_value_type(self): self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1111'), URL('http://w3af.com/foo.php?id=spam')))
def test_eq(self): self.assertTrue(are_variants(URL('http://w3af.com/foo.php'), URL('http://w3af.com/foo.php')))
def test_diff_domain(self): self.assertFalse(are_variants(URL('http://w3af.com/foo.php?id=1'), URL('http://bonsai-sec.com/foo.php?id=1')))
def test_diff_file_param(self): self.assertFalse(are_variants(URL('http://w3af.com/bar.php?id=1'), URL('http://w3af.com/foo.php?foo=1')))
def test_diff_params(self): self.assertFalse(are_variants(URL('http://w3af.com/foo.php?x=1'), URL('http://w3af.com/foo.php?y=1')))