本文整理汇总了Python中w3af.core.data.db.disk_set.DiskSet.cleanup方法的典型用法代码示例。如果您正苦于以下问题:Python DiskSet.cleanup方法的具体用法?Python DiskSet.cleanup怎么用?Python DiskSet.cleanup使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.db.disk_set.DiskSet的用法示例。
在下文中一共展示了DiskSet.cleanup方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_table_name_with_prefix
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
def test_table_name_with_prefix(self):
_unittest = 'unittest'
disk_set = DiskSet(_unittest)
self.assertIn(_unittest, disk_set.table_name)
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(disk_set.table_name))
disk_set.cleanup()
self.assertFalse(db.table_exists(disk_set.table_name))示例2: test_remove_table
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
def test_remove_table(self):
disk_set = DiskSet()
disk_set.add(1)
disk_set.add(2)
table_name = disk_set.table_name
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
disk_set.cleanup()
self.assertFalse(db.table_exists(table_name))示例3: DBKnowledgeBase
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
#.........这里部分代码省略.........
def get_all_infos(self):
"""
:return: A list of all info instances with severity eq INFORMATION
"""
query = 'SELECT pickle FROM %s'
results = self.db.select(query % self.table_name)
result_lst = []
for r in results:
obj = cPickle.loads(r[0])
if hasattr(obj, 'get_severity'):
severity = obj.get_severity()
if severity in (INFORMATION,):
result_lst.append(obj)
return result_lst
@requires_setup
def dump(self):
result_dict = {}
query = 'SELECT location_a, location_b, pickle FROM %s'
results = self.db.select(query % self.table_name)
for location_a, location_b, pickle in results:
obj = cPickle.loads(pickle)
if location_a not in result_dict:
result_dict[location_a] = {location_b: [obj,]}
elif location_b not in result_dict[location_a]:
result_dict[location_a][location_b] = [obj,]
else:
result_dict[location_a][location_b].append(obj)
return result_dict
@requires_setup
def cleanup(self):
"""
Cleanup internal data.
"""
self.db.execute("DELETE FROM %s WHERE 1=1" % self.table_name)
# Remove the old, create new.
old_urls = self.urls
self.urls = DiskSet(table_prefix='kb_urls')
old_urls.cleanup()
old_fuzzable_requests = self.fuzzable_requests
self.fuzzable_requests = DiskSet(table_prefix='kb_fuzzable_requests')
old_fuzzable_requests.cleanup()
self.observers.clear()
@requires_setup
def remove(self):
self.db.drop_table(self.table_name)
self.urls.cleanup()
self.fuzzable_requests.cleanup()
self.observers.clear()
@requires_setup
def get_all_known_urls(self):
"""
:return: A DiskSet with all the known URLs as URL objects.
"""
return self.urls
@requires_setup
def add_url(self, url):
"""
:return: True if the URL was previously unknown
"""
if not isinstance(url, URL):
msg = 'add_url requires a URL as parameter got %s instead.'
raise TypeError(msg % type(url))
self._notify_observers(self.ADD_URL, url)
return self.urls.add(url)
@requires_setup
def get_all_known_fuzzable_requests(self):
"""
:return: A DiskSet with all the known URLs as URL objects.
"""
return self.fuzzable_requests
@requires_setup
def add_fuzzable_request(self, fuzzable_request):
"""
:return: True if the FuzzableRequest was previously unknown
"""
if not isinstance(fuzzable_request, FuzzableRequest):
msg = ('add_fuzzable_request requires a FuzzableRequest as'
' parameter, got "%s" instead.')
raise TypeError(msg % type(fuzzable_request))
self.add_url(fuzzable_request.get_url())
return self.fuzzable_requests.add(fuzzable_request)示例4: find_captchas
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
#.........这里部分代码省略.........
om.out.information(i.get_desc())
def _identify_captchas(self, fuzzable_request):
"""
:return: A tuple with the following information:
* True indicating that the page has CAPTCHAs
* A list with tuples that contain:
* The CAPTCHA image source
* The http responses used to verify that the image was
indeed a CAPTCHA
"""
found_captcha = False
captchas = []
# GET the document, and fetch the images
images_1 = self._get_images(fuzzable_request)
# Re-GET the document, and fetch the images
images_2 = self._get_images(fuzzable_request)
# If the number of images in each response is different, don't even
# bother to perform any analysis since our simplistic approach will fail
# TODO: Add something more advanced.
if len(images_1) == len(images_2):
not_in_2 = []
for img_src_1, img_hash_1, http_response_1 in images_1:
for _, img_hash_2, http_response_2 in images_2:
if img_hash_1 == img_hash_2:
# The image is in both lists, can't be a CAPTCHA
break
else:
not_in_2.append((img_src_1, img_hash_1, [http_response_1, http_response_2]))
# Results
#
# TODO: This allows for more than one CAPTCHA in the same page. Does
# that make sense? When that's found, should I simply declare
# defeat and don't report anything?
for img_src, _, http_responses in not_in_2:
CaptchaInfo = namedtuple('CaptchaInfo', ['img_src',
'http_responses'])
img_src = img_src.uri2url()
if img_src not in self._captchas_found:
self._captchas_found.add(img_src)
found_captcha = True
captchas.append(CaptchaInfo(img_src, http_responses))
return found_captcha, captchas
def _get_images(self, fuzzable_request):
"""
Get all img tags and retrieve the src.
:param fuzzable_request: The request to modify
:return: A list with tuples containing (img_src, image_hash, http_response)
"""
res = []
try:
response = self._uri_opener.GET(fuzzable_request.get_uri(),
cache=False)
except:
om.out.debug('Failed to retrieve the page for finding captchas.')
else:
# Do not use parser_cache here, it's not good since CAPTCHA implementations
# *might* change the image name for each request of the HTML
#dp = parser_cache.dpc.get_document_parser_for( response )
try:
document_parser = DocumentParser.DocumentParser(response)
except BaseFrameworkException:
return []
image_path_list = document_parser.get_references_of_tag('img')
GET = self._uri_opener.GET
sha1 = hashlib.sha1
result_iter = self.worker_pool.imap_unordered(GET, image_path_list)
for image_response in result_iter:
if image_response.is_image():
img_src = image_response.get_uri()
img_hash = sha1(image_response.get_body()).hexdigest()
res.append((img_src, img_hash, response))
return res
def end(self):
self._captchas_found.cleanup()
def get_long_desc(self):
"""
:return: A DETAILED description of the plugin functions and features.
"""
return """示例5: error_500
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
class error_500(GrepPlugin):
"""
Grep every page for error 500 pages that haven't been identified as bugs by
other plugins.
:author: Andres Riancho ([email protected])
"""
IGNORE_CODES = (404, 403, 401, 405, 400, 501)
FALSE_POSITIVE_STRINGS = ('<h1>Bad Request (Invalid URL)</h1>',
)
def __init__(self):
GrepPlugin.__init__(self)
self._error_500_responses = DiskSet(table_prefix='error_500')
def grep(self, request, response):
"""
Plugin entry point, identify which requests generated a 500 error.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if response.is_text_or_html() \
and 400 < response.get_code() < 600 \
and response.get_code() not in self.IGNORE_CODES\
and not self._is_false_positive(response):
self._error_500_responses.add((request, response.id))
def _is_false_positive(self, response):
"""
Filters out some false positives like this one:
This false positive is generated by IIS when I send an URL that's "odd"
Some examples of URLs that trigger this false positive:
- http://127.0.0.2/ext.ini.%00.txt
- http://127.0.0.2/%00/
- http://127.0.0.2/%0a%0a<script>alert(\Vulnerable\)</script>.jsp
:return: True if the response is a false positive.
"""
for fps in self.FALSE_POSITIVE_STRINGS:
if fps in response.get_body():
return True
return False
def end(self):
"""
This method is called when the plugin wont be used anymore.
The real job of this plugin is done here, where I will try to see if
one of the error_500 responses were not identified as a vuln by some
of my audit plugins
"""
all_vuln_ids = set()
for info in kb.kb.get_all_findings():
for _id in info.get_id():
all_vuln_ids.add(_id)
for request, error_500_response_id in self._error_500_responses:
if error_500_response_id not in all_vuln_ids:
# Found a error 500 that wasn't identified !
desc = 'An unidentified web application error (HTTP response'\
' code 500) was found at: "%s". Enable all plugins and'\
' try again, if the vulnerability still is not'\
' identified, please verify manually and report it to'\
' the w3af developers.'
desc = desc % request.get_url()
v = Vuln('Unhandled error in web application', desc,
severity.MEDIUM, error_500_response_id,
self.get_name())
v.set_uri(request.get_uri())
self.kb_append_uniq(self, 'error_500', v, 'VAR')
self._error_500_responses.cleanup()
def get_long_desc(self):
"""
:return: A DETAILED description of the plugin functions and features.
"""
return """示例6: DBKnowledgeBase
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import cleanup [as 别名]
#.........这里部分代码省略.........
:return: A list of all objects of class == klass that are saved in the
kb.
"""
query = 'SELECT pickle FROM %s'
results = self.db.select(query % self.table_name)
result_lst = []
for r in results:
obj = cPickle.loads(r[0])
if isinstance(obj, klass):
result_lst.append(obj)
return result_lst
def dump(self):
result_dict = {}
query = 'SELECT location_a, location_b, pickle FROM %s'
results = self.db.select(query % self.table_name)
for location_a, location_b, pickle in results:
obj = cPickle.loads(pickle)
if location_a not in result_dict:
result_dict[location_a] = {location_b: [obj,]}
elif location_b not in result_dict[location_a]:
result_dict[location_a][location_b] = [obj,]
else:
result_dict[location_a][location_b].append(obj)
return result_dict
def cleanup(self):
"""
Cleanup internal data.
"""
self.db.execute("DELETE FROM %s WHERE 1=1" % self.table_name)
# Remove the old, create new.
self.urls.cleanup()
self.urls = DiskSet(table_prefix='kb_urls')
self.fuzzable_requests.cleanup()
self.fuzzable_requests = DiskSet(table_prefix='kb_fuzzable_requests')
self.observers.clear()
def remove(self):
self.db.drop_table(self.table_name)
self.urls.cleanup()
self.fuzzable_requests.cleanup()
self.observers.clear()
def get_all_known_urls(self):
"""
:return: A DiskSet with all the known URLs as URL objects.
"""
return self.urls
def add_url_observer(self, observer):
self.url_observers.append(observer)
def _notify_url_observers(self, new_url):
"""
Call the observer with new_url.