本文整理汇总了Python中syntribos._i18n._函数的典型用法代码示例。如果您正苦于以下问题:Python _函数的具体用法?Python _怎么用?Python _使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了_函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_case
def test_case(self):
self.init_signals.register(https_check(self))
if "HTTP_LINKS_PRESENT" in self.init_signals:
self.register_issue(
defect_type=_("SSL_ERROR"),
severity=syntribos.MEDIUM,
confidence=syntribos.HIGH,
description=(_("Make sure that all the returned endpoint URIs"
" use 'https://' and not 'http://'")))示例2: replace_one_variable
def replace_one_variable(cls, var_obj):
"""Evaluate a VariableObject according to its type
A meta variable's type is optional. If a type is given, the parser will
interpret the variable in one of 3 ways according to its type, and
returns that value.
* Type config: The parser will attempt to read the config value
specified by the "val" attribute and returns that value.
* Type function: The parser will call the function named in the "val"
attribute with arguments given in the "args" attribute, and returns
the value from calling the function. This value is cached, and
will be returned on subsequent calls.
* Type generator: works the same way as the function type, but its
results are not cached and the function will be called every time.
Otherwise, the parser will interpret the variable as a static variable,
and will return whatever is in the "val" attribute.
:param var_obj: A :class:`syntribos.clients.http.parser.VariableObject`
:returns: The evaluated value according to its meta variable type
"""
if var_obj.var_type == 'config':
try:
return reduce(getattr, var_obj.val.split("."), CONF)
except AttributeError:
msg = _("Meta json file contains reference to the config "
"option %s, which does not appear to"
"exist.") % var_obj.val
raise TemplateParseException(msg)
elif var_obj.var_type == 'function':
if var_obj.function_return_value:
return var_obj.function_return_value
if not var_obj.val:
msg = _("The type of variable %s is function, but there is no "
"reference to the function.") % var_obj.name
raise TemplateParseException(msg)
else:
var_obj.function_return_value = cls.call_one_external_function(
var_obj.val, var_obj.args)
return var_obj.function_return_value
elif var_obj.var_type == 'generator':
if not var_obj.val:
msg = _("The type of variable %s is generator, but there is no"
" reference to the function.") % var_obj.name
raise TemplateParseException(msg)
return cls.call_one_external_function(var_obj.val, var_obj.args)
else:
return str(var_obj.val)示例3: list_logger_opts
def list_logger_opts():
# TODO(unrahul): Add log formating and verbosity options
return [
cfg.BoolOpt("http_request_compression", default=True,
help=_(
"Request content compression to compress fuzz "
"strings present in the http request content.")),
cfg.StrOpt("log_dir", default="",
sample_default="~/.syntribos/logs",
help=_(
"Where to save debug log files for a syntribos run"
))
]示例4: call_one_external_function
def call_one_external_function(cls, string, args):
"""Calls one function read in from templates and returns the result."""
if not isinstance(string, six.string_types):
return string
match = re.search(cls.FUNC_NO_ARGS, string)
func_string_has_args = False
if not match:
match = re.search(cls.FUNC_WITH_ARGS, string)
func_string_has_args = True
if match:
try:
dot_path = match.group(1)
func_name = match.group(2)
mod = importlib.import_module(dot_path)
func = getattr(mod, func_name)
if func_string_has_args and not args:
arg_list = match.group(3)
args = json.loads(arg_list)
val = func(*args)
except Exception:
msg = _("The reference to the function %s failed to parse "
"correctly, please check the documentation to ensure "
"your function import string adheres to the proper "
"format") % string
raise TemplateParseException(msg)
else:
try:
func_lst = string.split(":")
if len(func_lst) == 2:
args = func_lst[1]
func_str = func_lst[0]
dot_path = ".".join(func_str.split(".")[:-1])
func_name = func_str.split(".")[-1]
mod = importlib.import_module(dot_path)
func = getattr(mod, func_name)
val = func(*args)
except Exception:
msg = _("The reference to the function %s failed to parse "
"correctly, please check the documentation to ensure "
"your function import string adheres to the proper "
"format") % string
raise TemplateParseException(msg)
if isinstance(val, types.GeneratorType):
return str(six.next(val))
else:
return str(val)示例5: list_cli_opts
def list_cli_opts():
return [
cfg.SubCommandOpt(name="sub_command",
handler=sub_commands,
help=_("Available commands"),
title="syntribos Commands"),
cfg.MultiStrOpt("test-types", dest="test_types", short="t",
default=[""], sample_default=["SQL", "XSS"],
help=_(
"Test types to run against the target API")),
cfg.MultiStrOpt("excluded-types", dest="excluded_types", short="e",
default=[""], sample_default=["SQL", "XSS"],
help=_("Test types to be excluded from "
"current run against the target API")),
cfg.BoolOpt("colorize", dest="colorize", short="cl", default=False,
help=_("Enable color in syntribos terminal output")),
cfg.StrOpt("outfile", short="o",
sample_default="out.json", help=_("File to print "
"output to")),
cfg.StrOpt("format", dest="output_format", short="f", default="json",
choices=["json"], ignore_case=True,
help=_("The format for outputting results")),
cfg.StrOpt("min-severity", dest="min_severity", short="S",
default="LOW", choices=syntribos.RANKING,
help=_("Select a minimum severity for reported "
"defects")),
cfg.StrOpt("min-confidence", dest="min_confidence", short="C",
default="LOW", choices=syntribos.RANKING,
help=_("Select a minimum confidence for reported "
"defects"))
]示例6: handle_config_exception
def handle_config_exception(exc):
msg = ""
if not any(LOG.handlers):
logging.basicConfig(level=logging.DEBUG)
if isinstance(exc, cfg.RequiredOptError):
msg = "Missing option '{opt}'".format(opt=exc.opt_name)
if exc.group:
msg += " in group '{}'".format(exc.group)
CONF.print_help()
elif isinstance(exc, cfg.ConfigFilesNotFoundError):
if CONF._args[0] == "init":
return
msg = (_("Configuration file specified ('%s') wasn't "
"found or was unreadable.") % ",".join(
CONF.config_file))
if msg:
LOG.warning(msg)
print(syntribos.SEP)
sys.exit(0)
else:
LOG.exception(exc)示例7: test_case
def test_case(self):
self.run_default_checks()
self.test_signals.register(has_string(self))
if "FAILURE_KEYS_PRESENT" in self.test_signals:
failed_strings = self.test_signals.find(
slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
self.register_issue(
defect_type="bof_strings",
severity=syntribos.MEDIUM,
confidence=syntribos.LOW,
description=("The string(s): '{0}', known to be commonly "
"returned after a successful buffer overflow "
"attack, have been found in the response. This "
"could indicate a vulnerability to buffer "
"overflow attacks.").format(failed_strings))
self.diff_signals.register(time_diff(self))
if "TIME_DIFF_OVER" in self.diff_signals:
self.register_issue(
defect_type="bof_timing",
severity=syntribos.MEDIUM,
confidence=syntribos.MEDIUM,
description=(_("The time it took to resolve a request with a "
"long string was too long compared to the "
"baseline request. This could indicate a "
"vulnerability to buffer overflow attacks")))示例8: list_tests
def list_tests(cls):
"""Print out the list of available tests types that can be run."""
print(_("List of available tests...:\n"))
print("{:<50}{}\n".format(_("[Test Name]"),
_("[Description]")))
testdict = {name: clss.__doc__ for name, clss in cls.get_tests()}
for test in sorted(testdict):
if testdict[test] is None:
raise Exception(
_("No test description provided"
" as doc string for the test: %s") % test)
else:
test_description = testdict[test].split(".")[0]
print("{test:<50}{desc}\r".format(
test=test, desc=test_description))
print("\n")示例9: test_case
def test_case(self):
self.run_default_checks()
self.test_signals.register(has_string(self))
if "FAILURE_KEYS_PRESENT" in self.test_signals:
failed_strings = self.test_signals.find(
slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
self.register_issue(
defect_type="json_depth_limit_strings",
severity=syntribos.MEDIUM,
confidence=syntribos.HIGH,
description=(
"The string(s): '{0}', is known to be commonly "
"returned after a successful overflow of the json"
" parsers depth limit. This could possibly "
"result in a dos vulnerability.").format(failed_strings))
self.diff_signals.register(time_diff(self))
if "TIME_DIFF_OVER" in self.diff_signals:
self.register_issue(
defect_type="json_depth_timing",
severity=syntribos.MEDIUM,
confidence=syntribos.LOW,
description=(_("The time it took to resolve a request "
"was too long compared to the "
"baseline request. This could indicate a "
"vulnerability to denial of service attacks.")))示例10: _parse_data
def _parse_data(cls, lines):
"""Parse the body of the HTTP request (e.g. POST variables)
:param list lines: lines of the HTTP body
:returns: object representation of body data (JSON or XML)
"""
postdat_regex = r"([\w%]+=[\w%]+&?)+"
data = "\n".join(lines).strip()
if not data:
return ""
try:
data = json.loads(data)
# TODO(cneill): Make this less hacky
if isinstance(data, list):
data = json.dumps(data)
if isinstance(data, dict):
return cls._replace_dict_variables(data)
else:
return cls._replace_str_variables(data)
except TemplateParseException:
raise
except (TypeError, ValueError):
try:
data = ElementTree.fromstring(data)
except Exception:
if not re.match(postdat_regex, data):
raise TypeError(_("Unknown data format"))
except Exception:
raise
return data示例11: _replace_dict_variables
def _replace_dict_variables(cls, dic):
"""Recursively evaluates all meta variables in a given dict."""
for (key, value) in dic.items():
# Keys dont get fuzzed, so can handle them here
match = re.search(cls.METAVAR, key)
if match:
replaced_key = match.group(0).strip("|")
key_obj = cls._create_var_obj(replaced_key)
replaced_key = cls.replace_one_variable(key_obj)
new_key = re.sub(cls.METAVAR, replaced_key, key)
del dic[key]
dic[new_key] = value
# Vals are fuzzed so they need to be passed to datagen as an object
if isinstance(value, six.string_types):
match = re.search(cls.METAVAR, value)
if match:
var_str = match.group(0).strip("|")
if var_str != value.strip("|%s" % string.whitespace):
msg = _("Meta-variable references cannot come in the "
"middle of the value %s") % value
raise TemplateParseException(msg)
val_obj = cls._create_var_obj(var_str)
if key in dic:
dic[key] = val_obj
elif new_key in dic:
dic[new_key] = val_obj
elif isinstance(value, dict):
cls._replace_dict_variables(value)
return dic示例12: test_case
def test_case(self):
self.run_default_checks()
self.test_signals.register(has_string(self))
if "FAILURE_KEYS_PRESENT" in self.test_signals:
failed_strings = self.test_signals.find(
slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
self.register_issue(
defect_type="user_defined_strings",
severity=syntribos.MEDIUM,
confidence=syntribos.LOW,
description=("The string(s): '{0}', is in the list of "
"possible vulnerable keys. This may "
"indicate a vulnerability to this form of "
"user defined attack.").format(failed_strings))
self.diff_signals.register(time_diff(self))
if "TIME_DIFF_OVER" in self.diff_signals:
self.register_issue(
defect_type="user_defined_string_timing",
severity=syntribos.MEDIUM,
confidence=syntribos.MEDIUM,
description=(_("A response to one of the payload requests has "
"taken too long compared to the baseline "
"request. This could indicate a vulnerability "
"to time-based injection attacks using the user"
" provided strings.")))示例13: safe_makedirs
def safe_makedirs(path, force=False):
if not os.path.exists(path):
try:
os.makedirs(path)
except (OSError, IOError):
LOG.exception(_("Error creating folder (%s).") % path)
elif os.path.exists(path) and force:
try:
shutil.rmtree(path)
os.makedirs(path)
except (OSError, IOError):
LOG.exception(
_("Error overwriting existing folder (%s).") % path)
else:
LOG.warning(
_LW("Folder was already found (%s). Skipping.") % path)示例14: test_case
def test_case(self):
self.run_default_checks()
self.test_signals.register(has_string(self))
if "FAILURE_KEYS_PRESENT" in self.test_signals:
failed_strings = self.test_signals.find(
slugs="FAILURE_KEYS_PRESENT")[0].data["failed_strings"]
self.register_issue(
defect_type="sql_strings",
severity=syntribos.MEDIUM,
confidence=syntribos.LOW,
description=("The string(s): '{0}', known to be commonly "
"returned after a successful SQL injection attack"
", have been found in the response. This could "
"indicate a vulnerability to SQL injection "
"attacks.").format(failed_strings))
self.diff_signals.register(time_diff(self))
if "TIME_DIFF_OVER" in self.diff_signals:
self.register_issue(
defect_type="sql_timing",
severity=syntribos.MEDIUM,
confidence=syntribos.LOW,
description=(_("A response to one of our payload requests has "
"taken too long compared to the baseline "
"request. This could indicate a vulnerability "
"to time-based SQL injection attacks")))示例15: _parse_url_line
def _parse_url_line(cls, line, endpoint):
"""Split first line of an HTTP request into its components
:param str line: the first line of the HTTP request
:param str endpoint: the full URL of the endpoint to test
:rtype: tuple
:returns: HTTP method, URL, request parameters, HTTP version
"""
valid_methods = ["GET", "POST", "HEAD", "OPTIONS", "PUT", "DELETE",
"TRACE", "CONNECT", "PATCH"]
params = {}
method, url, version = line.split()
url = url.split("?", 1)
if len(url) == 2:
for param in url[1].split("&"):
param = param.split("=", 1)
if len(param) > 1:
params[param[0]] = param[1]
else:
params[param[0]] = ""
url = url[0]
url = urlparse.urljoin(endpoint, url)
if method not in valid_methods:
raise ValueError(_("Invalid HTTP method: %s") % method)
return (method, cls._replace_str_variables(url),
cls._replace_dict_variables(params), version)