本文整理汇总了Python中w3af.core.data.db.disk_dict.DiskDict.get方法的典型用法代码示例。如果您正苦于以下问题:Python DiskDict.get方法的具体用法?Python DiskDict.get怎么用?Python DiskDict.get使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.db.disk_dict.DiskDict
的用法示例。
在下文中一共展示了DiskDict.get方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_get
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
def test_get(self):
disk_dict = DiskDict()
disk_dict[0] = 'abc'
abc1 = disk_dict.get(0)
abc2 = disk_dict.get(0, 1)
two = disk_dict.get(1, 2)
self.assertEqual(abc1, 'abc')
self.assertEqual(abc2, 'abc')
self.assertEqual(two, 2)
示例2: VariantDB
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
class VariantDB(object):
def __init__(self, max_variants=DEFAULT_MAX_VARIANTS):
self._disk_dict = DiskDict(table_prefix='variant_db')
self._db_lock = threading.RLock()
self.max_variants = max_variants
def append(self, reference):
"""
Called when a new reference is found and we proved that new
variants are still needed.
:param reference: The reference (as a URL object) to add. This method
will "normalize" it before adding it to the internal
shelve.
"""
clean_reference = self._clean_reference(reference)
with self._db_lock:
count = self._disk_dict.get(clean_reference, None)
if count is not None:
self._disk_dict[clean_reference] = count + 1
else:
self._disk_dict[clean_reference] = 1
def need_more_variants(self, reference):
"""
:return: True if there are not enough variants associated with
this reference in the DB.
"""
clean_reference = self._clean_reference(reference)
# I believe this is atomic enough...
count = self._disk_dict.get(clean_reference, 0)
if count >= self.max_variants:
return False
else:
return True
def _clean_reference(self, reference):
"""
This method is VERY dependent on the are_variants method from
core.data.request.variant_identification , make sure to remember that
when changing stuff here or there.
What this method does is to "normalize" any input reference string so
that they can be compared very simply using string match.
"""
res = reference.get_domain_path() + reference.get_file_name()
if reference.has_query_string():
res += '?'
qs = copy.deepcopy(reference.querystring)
for key, value, path, setter in qs.iter_setters():
if value.isdigit():
setter('number')
else:
setter('string')
res += str(qs)
return res
示例3: html_comments
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
class html_comments(GrepPlugin):
"""
Extract and analyze HTML comments.
:author: Andres Riancho ([email protected])
"""
HTML_RE = re.compile('<[a-zA-Z]*.*?>.*?</[a-zA-Z]>')
INTERESTING_WORDS = (
# In English
'user', 'pass', 'xxx', 'fix', 'bug', 'broken', 'oops', 'hack',
'caution', 'todo', 'note', 'warning', '!!!', '???', 'shit',
'pass', 'password', 'passwd', 'pwd', 'secret', 'stupid',
# In Spanish
'tonto', 'porqueria', 'cuidado', 'usuario', u'contraseña',
'puta', 'email', 'security', 'captcha', 'pinga', 'cojones',
# some in Portuguese
'banco', 'bradesco', 'itau', 'visa', 'bancoreal', u'transfêrencia',
u'depósito', u'cartão', u'crédito', 'dados pessoais'
)
_multi_in = MultiIn([' %s ' % w for w in INTERESTING_WORDS])
def __init__(self):
GrepPlugin.__init__(self)
# Internal variables
self._comments = DiskDict(table_prefix='html_comments')
self._already_reported = ScalableBloomFilter()
self._end_was_called = False
def grep(self, request, response):
"""
Plugin entry point, parse those comments!
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
try:
dp = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException:
return
for comment in dp.get_comments():
# These next two lines fix this issue:
# audit.ssi + grep.html_comments + web app with XSS = false positive
if request.sent(comment):
continue
if self._is_new(comment, response):
self._interesting_word(comment, request, response)
self._html_in_comment(comment, request, response)
def _interesting_word(self, comment, request, response):
"""
Find interesting words in HTML comments
"""
comment = comment.lower()
for word in self._multi_in.query(comment):
if (word, response.get_url()) in self._already_reported:
continue
desc = ('A comment with the string "%s" was found in: "%s".'
' This could be interesting.')
desc %= (word, response.get_url())
i = Info.from_fr('Interesting HTML comment', desc, response.id,
self.get_name(), request)
i.add_to_highlight(word)
kb.kb.append(self, 'interesting_comments', i)
om.out.information(i.get_desc())
self._already_reported.add((word, response.get_url()))
def _html_in_comment(self, comment, request, response):
"""
Find HTML code in HTML comments
"""
html_in_comment = self.HTML_RE.search(comment)
if html_in_comment is None:
return
if (comment, response.get_url()) in self._already_reported:
return
# There is HTML code in the comment.
comment = comment.strip()
comment = comment.replace('\n', '')
comment = comment.replace('\r', '')
#.........这里部分代码省略.........
示例4: VariantDB
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
class VariantDB(object):
"""
See the notes on PARAMS_MAX_VARIANTS and PATH_MAX_VARIANTS above. Also
understand that we'll keep "dirty" versions of the references/fuzzable
requests in order to be able to answer "False" to a call for
need_more_variants in a situation like this:
need_more_variants('http://foo.com/abc?id=32') --> True
append('http://foo.com/abc?id=32')
need_more_variants('http://foo.com/abc?id=32') --> False
"""
HASH_IGNORE_HEADERS = ('referer',)
TAG = '[variant_db]'
def __init__(self, params_max_variants=PARAMS_MAX_VARIANTS,
path_max_variants=PATH_MAX_VARIANTS):
self._variants_eq = DiskDict(table_prefix='variant_db_eq')
self._variants = DiskDict(table_prefix='variant_db')
self.params_max_variants = params_max_variants
self.path_max_variants = path_max_variants
self._db_lock = threading.RLock()
def cleanup(self):
self._variants_eq.cleanup()
self._variants.cleanup()
def append(self, fuzzable_request):
"""
:return: True if we added a new fuzzable request variant to the DB,
False if no more variants are required for this fuzzable
request.
"""
with self._db_lock:
#
# Is the fuzzable request already known to us? (exactly the same)
#
request_hash = fuzzable_request.get_request_hash(self.HASH_IGNORE_HEADERS)
already_seen = self._variants_eq.get(request_hash, False)
if already_seen:
return False
# Store it to avoid duplicated fuzzable requests in our framework
self._variants_eq[request_hash] = True
#
# Do we need more variants for the fuzzable request? (similar match)
#
clean_dict_key = clean_fuzzable_request(fuzzable_request)
count = self._variants.get(clean_dict_key, None)
if count is None:
self._variants[clean_dict_key] = 1
return True
# We've seen at least one fuzzable request with this pattern...
url = fuzzable_request.get_uri()
has_params = url.has_query_string() or fuzzable_request.get_raw_data()
# Choose which max_variants to use
if has_params:
max_variants = self.params_max_variants
else:
max_variants = self.path_max_variants
if count >= max_variants:
return False
else:
self._variants[clean_dict_key] = count + 1
return True
示例5: html_comments
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
class html_comments(GrepPlugin):
"""
Extract and analyze HTML comments.
:author: Andres Riancho ([email protected])
"""
HTML_RE = re.compile('<[a-zA-Z]*.*?>.*?</[a-zA-Z]>')
INTERESTING_WORDS = (
# In English
'user', 'pass', 'xxx', 'fix', 'bug', 'broken', 'oops', 'hack',
'caution', 'todo', 'note', 'warning', '!!!', '???', 'shit',
'pass', 'password', 'passwd', 'pwd', 'secret', 'stupid',
# In Spanish
'tonto', 'porqueria', 'cuidado', 'usuario', u'contraseña',
'puta', 'email', 'security', 'captcha', 'pinga', 'cojones',
# some in Portuguese
'banco', 'bradesco', 'itau', 'visa', 'bancoreal', u'transfêrencia',
u'depósito', u'cartão', u'crédito', 'dados pessoais'
)
_multi_in = multi_in([' %s ' % w for w in INTERESTING_WORDS])
def __init__(self):
GrepPlugin.__init__(self)
# Internal variables
self._comments = DiskDict()
self._already_reported_interesting = ScalableBloomFilter()
def grep(self, request, response):
"""
Plugin entry point, parse those comments!
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
try:
dp = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException:
return
for comment in dp.get_comments():
# These next two lines fix this issue:
# audit.ssi + grep.html_comments + web app with XSS = false positive
if request.sent(comment):
continue
if self._is_new(comment, response):
self._interesting_word(comment, request, response)
self._html_in_comment(comment, request, response)
def _interesting_word(self, comment, request, response):
"""
Find interesting words in HTML comments
"""
comment = comment.lower()
for word in self._multi_in.query(comment):
if (word, response.get_url()) not in self._already_reported_interesting:
desc = 'A comment with the string "%s" was found in: "%s".'\
' This could be interesting.'
desc = desc % (word, response.get_url())
i = Info('Interesting HTML comment', desc,
response.id, self.get_name())
i.set_dc(request.get_dc())
i.set_uri(response.get_uri())
i.add_to_highlight(word)
kb.kb.append(self, 'interesting_comments', i)
om.out.information(i.get_desc())
self._already_reported_interesting.add((word,
response.get_url()))
def _html_in_comment(self, comment, request, response):
"""
Find HTML code in HTML comments
"""
html_in_comment = self.HTML_RE.search(comment)
if html_in_comment and \
(comment, response.get_url()) not in self._already_reported_interesting:
# There is HTML code in the comment.
comment = comment.strip()
comment = comment.replace('\n', '')
comment = comment.replace('\r', '')
comment = comment[:40]
desc = 'A comment with the string "%s" was found in: "%s".'\
' This could be interesting.'
desc = desc % (comment, response.get_url())
#.........这里部分代码省略.........
示例6: VariantDB
# 需要导入模块: from w3af.core.data.db.disk_dict import DiskDict [as 别名]
# 或者: from w3af.core.data.db.disk_dict.DiskDict import get [as 别名]
class VariantDB(object):
def __init__(self, max_variants=DEFAULT_MAX_VARIANTS):
self._disk_dict = DiskDict(table_prefix='variant_db')
self._db_lock = threading.RLock()
self.max_variants = max_variants
def append(self, reference):
"""
Called when a new reference is found and we proved that new
variants are still needed.
:param reference: The reference (as a URL object) to add. This method
will "normalize" it before adding it to the internal
shelve.
"""
clean_reference = self._clean_reference(reference)
with self._db_lock:
count = self._disk_dict.get(clean_reference, None)
if count is not None:
self._disk_dict[clean_reference] = count + 1
else:
self._disk_dict[clean_reference] = 1
def append_fr(self, fuzzable_request):
"""
See append()'s documentation
"""
clean_fuzzable_request = self._clean_fuzzable_request(fuzzable_request)
with self._db_lock:
count = self._disk_dict.get(clean_fuzzable_request, None)
if count is not None:
self._disk_dict[clean_fuzzable_request] = count + 1
else:
self._disk_dict[clean_fuzzable_request] = 1
def need_more_variants(self, reference):
"""
:return: True if there are not enough variants associated with
this reference in the DB.
"""
clean_reference = self._clean_reference(reference)
has_qs = reference.has_query_string()
# I believe this is atomic enough...
count = self._disk_dict.get(clean_reference, 0)
# When we're analyzing a path (without QS), we just need 1
max_variants = self.max_variants if has_qs else 1
if count >= max_variants:
return False
else:
return True
def need_more_variants_for_fr(self, fuzzable_request):
"""
:return: True if there are not enough variants associated with
this reference in the DB.
"""
clean_fuzzable_request = self._clean_fuzzable_request(fuzzable_request)
# I believe this is atomic enough...
count = self._disk_dict.get(clean_fuzzable_request, 0)
if count >= self.max_variants:
return False
else:
return True
def _clean_reference(self, reference):
"""
This method is VERY dependent on the are_variants method from
core.data.request.variant_identification , make sure to remember that
when changing stuff here or there.
What this method does is to "normalize" any input reference string so
that they can be compared very simply using string match.
Since this is a reference (link) we'll prepend '(GET)-' to the result,
which will help us add support for forms/fuzzable requests with
'(POST)-' in the future.
"""
res = '(GET)-'
res += reference.get_domain_path().url_string.encode(DEFAULT_ENCODING)
res += reference.get_file_name()
if reference.has_query_string():
res += '?' + self._clean_data_container(reference.querystring)
return res
def _clean_data_container(self, data_container):
"""
A simplified/serialized version of the query string
"""
#.........这里部分代码省略.........