本文整理汇总了Python中w3af.core.data.kb.info.Info.add_to_highlight方法的典型用法代码示例。如果您正苦于以下问题:Python Info.add_to_highlight方法的具体用法?Python Info.add_to_highlight怎么用?Python Info.add_to_highlight使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.kb.info.Info
的用法示例。
在下文中一共展示了Info.add_to_highlight方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: end
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def end(self):
"""
This method is called when the plugin wont be used anymore.
"""
all_findings = kb.kb.get_all_findings()
for title, desc, _id, url, highlight in self._potential_vulns:
for info in all_findings:
# This makes sure that if the sqli plugin found a vulnerability
# in the same URL as we found a detailed error, we won't report
# the detailed error.
#
# If the user fixes the sqli vulnerability and runs the scan again
# most likely the detailed error will disappear too. If the sqli
# vulnerability disappears and this one remains, it will appear
# as a new vulnerability in the second scan.
if info.get_url() == url:
break
else:
i = Info(title, desc, _id, self.get_name())
i.set_url(url)
i.add_to_highlight(highlight)
self.kb_append_uniq(self, 'error_page', i)
self._potential_vulns.cleanup()
示例2: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if not response.is_text_or_html():
return
url = response.get_url()
dom = response.get_dom()
# In some strange cases, we fail to normalize the document
if dom is None:
return
script_elements = self._script_xpath(dom)
for element in script_elements:
# returns the text between <script> and </script>
script_content = element.text
if script_content is not None:
res = self._ajax_regex_re.search(script_content)
if res:
desc = 'The URL: "%s" has AJAX code.' % url
i = Info('AJAX code', desc, response.id,
self.get_name())
i.set_url(url)
i.add_to_highlight(res.group(0))
self.kb_append_uniq(self, 'ajax', i, 'URL')
示例3: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Check if the header names are common or not
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
# Check for protocol anomalies
self._content_location_not_300(request, response)
# Check header names
for header_name in response.get_headers().keys():
if header_name.upper() in self.COMMON_HEADERS:
continue
# Create a new info object and save it to the KB
hvalue = response.get_headers()[header_name]
desc = 'The remote web server sent the HTTP header: "%s"'\
' with value: "%s", which is quite uncommon and'\
' requires manual analysis.'
desc = desc % (header_name, hvalue)
i = Info('Strange header', desc, response.id, self.get_name())
i.add_to_highlight(hvalue, header_name)
i.set_url(response.get_url())
i[StrangeHeaderInfoSet.ITAG] = header_name
i['header_value'] = hvalue
self.kb_append_uniq_group(self, 'strange_headers', i,
group_klass=StrangeHeaderInfoSet)
示例4: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point. Parse the object tags.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
url = response.get_url()
dom = response.get_dom()
if response.is_text_or_html() and dom is not None:
elem_list = self._tag_xpath(dom)
for element in elem_list:
tag_name = element.tag
desc = 'The URL: "%s" has an "%s" tag. We recommend you download'\
' the client side code and analyze it manually.'
desc = desc % (response.get_uri(), tag_name)
i = Info('Browser plugin content', desc, response.id,
self.get_name())
i.set_url(url)
i.add_to_highlight(tag_name)
self.kb_append_uniq(self, tag_name, i, 'URL')
示例5: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, verify if the HTML has a form with file uploads.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
dom = response.get_dom()
url = response.get_url()
# In some strange cases, we fail to normalize the document
if dom is not None:
# Loop through file inputs tags
for input_file in self._file_input_xpath(dom):
msg = 'The URL: "%s" has form with file upload capabilities.'
msg = msg % url
i = Info('File upload form', msg, response.id,
self.get_name())
i.set_url(url)
to_highlight = etree.tostring(input_file)
i.add_to_highlight(to_highlight)
self.kb_append_uniq(self, 'file_upload', i, 'URL')
示例6: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point. Analyze if the HTTP response codes are strange.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if response.get_code() in self.COMMON_HTTP_CODES:
return
# Create a new info object from scratch and save it to the kb
desc = ('The remote Web server sent a strange HTTP response code:'
' "%s" with the message: "%s", manual inspection is'
' recommended.')
desc %= (response.get_code(), response.get_msg())
i = Info('Strange HTTP response code',
desc, response.id, self.get_name())
i.add_to_highlight(str(response.get_code()), response.get_msg())
i.set_url(response.get_url())
i[StrangeCodesInfoSet.ITAG] = response.get_code()
i['message'] = response.get_msg()
self.kb_append_uniq_group(self, 'strange_http_codes', i,
group_klass=StrangeCodesInfoSet)
示例7: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Analyze if the HTTP response reason messages are strange.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
response_code = response.get_code()
msg_list = W3C_REASONS.get(response_code, None)
if msg_list is None:
return
response_reason = response.get_msg().lower()
if response_reason in msg_list:
# It's common, nothing to do here.
return
# Create a new info object from scratch and save it to the kb:
desc = "The remote Web server sent a strange HTTP reason" 'message "%s", manual inspection is recommended.'
desc = desc % response.get_msg()
i = Info("Strange HTTP Reason message", desc, response.id, self.get_name())
i.set_url(response.get_url())
i.add_to_highlight(response.get_msg())
i[StrangeHeaderInfoSet.ITAG] = response.get_msg()
self.kb_append_uniq_group(self, "strange_reason", i, group_klass=StrangeHeaderInfoSet)
示例8: _analyze_domain
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def _analyze_domain(self, response, script_full_url, script_tag):
"""
Checks if the domain is the same, or if it's considered secure.
"""
url = response.get_url()
script_domain = script_full_url.get_domain()
if script_domain != response.get_url().get_domain():
for secure_domain in self._secure_js_domains:
# We do a "in" because the secure js domains list contains
# entries such as ".google." which should be match. This is to
# take into account things like ".google.com.br" without having
# to list all of them.
#
# Not the best, could raise some false negatives, but... bleh!
if secure_domain in script_domain:
# It's a third party that we trust
return
to_highlight = script_tag.attrib.get('src')
desc = ('The URL: "%s" has a script tag with a source that points'
' to a third party site ("%s"). This practice is not'
' recommended, the security of the current site is being'
' delegated to the external entity.')
desc %= (url, script_domain)
i = Info('Cross-domain javascript source', desc,
response.id, self.get_name())
i.set_url(url)
i.add_to_highlight(to_highlight)
i[CrossDomainInfoSet.ITAG] = script_domain
self.kb_append_uniq_group(self, 'cross_domain_js', i,
group_klass=CrossDomainInfoSet)
示例9: _html_in_comment
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def _html_in_comment(self, comment, request, response):
"""
Find HTML code in HTML comments
"""
html_in_comment = self.HTML_RE.search(comment)
if html_in_comment and \
(comment, response.get_url()) not in self._already_reported_interesting:
# There is HTML code in the comment.
comment = comment.strip()
comment = comment.replace('\n', '')
comment = comment.replace('\r', '')
comment = comment[:40]
desc = 'A comment with the string "%s" was found in: "%s".'\
' This could be interesting.'
desc = desc % (comment, response.get_url())
i = Info('HTML comment contains HTML code', desc,
response.id, self.get_name())
i.set_dc(request.get_dc())
i.set_uri(response.get_uri())
i.add_to_highlight(html_in_comment.group(0))
kb.kb.append(self, 'html_comment_hides_html', i)
om.out.information(i.get_desc())
self._already_reported_interesting.add(
(comment, response.get_url()))
示例10: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, find feeds.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
dom = response.get_dom()
uri = response.get_uri()
# In some strange cases, we fail to normalize the document
if dom is None:
return
# Find all feed tags
element_list = self._tag_xpath(dom)
for element in element_list:
feed_tag = element.tag
feed_type = self._feed_types[feed_tag.lower()]
version = element.attrib.get('version', 'unknown')
fmt = 'The URL "%s" is a %s version %s feed.'
desc = fmt % (uri, feed_type, version)
i = Info('Content feed resource', desc, response.id,
self.get_name())
i.set_uri(uri)
i.add_to_highlight(feed_type)
self.kb_append_uniq(self, 'feeds', i, 'URL')
示例11: test_to_json
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def test_to_json(self):
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
i['test'] = 'foo'
i.add_to_highlight('abc', 'def')
iset = InfoSet([i])
jd = iset.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd['name'], iset.get_name())
self.assertEqual(jd['url'], str(iset.get_url()))
self.assertEqual(jd['var'], iset.get_token_name())
self.assertEqual(jd['response_ids'], iset.get_id())
self.assertEqual(jd['vulndb_id'], iset.get_vulndb_id())
self.assertEqual(jd['desc'], iset.get_desc(with_id=False))
self.assertEqual(jd['long_description'], iset.get_long_description())
self.assertEqual(jd['fix_guidance'], iset.get_fix_guidance())
self.assertEqual(jd['fix_effort'], iset.get_fix_effort())
self.assertEqual(jd['tags'], iset.get_tags())
self.assertEqual(jd['wasc_ids'], iset.get_wasc_ids())
self.assertEqual(jd['wasc_urls'], list(iset.get_wasc_urls()))
self.assertEqual(jd['cwe_urls'], list(iset.get_cwe_urls()))
self.assertEqual(jd['references'], BLIND_SQLI_REFS)
self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd['plugin_name'], iset.get_plugin_name())
self.assertEqual(jd['severity'], iset.get_severity())
self.assertEqual(jd['attributes'], iset.first_info.copy())
self.assertEqual(jd['highlight'], list(iset.get_to_highlight()))
示例12: test_to_json
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def test_to_json(self):
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")
i["test"] = "foo"
i.add_to_highlight("abc", "def")
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd["name"], i.get_name())
self.assertEqual(jd["url"], str(i.get_url()))
self.assertEqual(jd["var"], i.get_token_name())
self.assertEqual(jd["response_ids"], i.get_id())
self.assertEqual(jd["vulndb_id"], i.get_vulndb_id())
self.assertEqual(jd["desc"], i.get_desc(with_id=False))
self.assertEqual(jd["long_description"], i.get_long_description())
self.assertEqual(jd["fix_guidance"], i.get_fix_guidance())
self.assertEqual(jd["fix_effort"], i.get_fix_effort())
self.assertEqual(jd["tags"], i.get_tags())
self.assertEqual(jd["wasc_ids"], i.get_wasc_ids())
self.assertEqual(jd["wasc_urls"], list(i.get_wasc_urls()))
self.assertEqual(jd["cwe_urls"], list(i.get_cwe_urls()))
self.assertEqual(jd["references"], BLIND_SQLI_REFS)
self.assertEqual(jd["owasp_top_10_references"], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd["plugin_name"], i.get_plugin_name())
self.assertEqual(jd["severity"], i.get_severity())
self.assertEqual(jd["attributes"], i.copy())
self.assertEqual(jd["highlight"], list(i.get_to_highlight()))
示例13: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for meta tags.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html() or is_404(response):
return
try:
dp = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException:
return
meta_tag_list = dp.get_meta_tags()
for tag in meta_tag_list:
for attr_name, attr_value in tag.items():
if not attr_name or not attr_value:
# https://github.com/andresriancho/w3af/issues/2012
continue
for word in self.INTERESTING_WORDS:
# Check if we have something interesting and WHERE that
# thing actually is
if word in attr_name:
where = ATTR_NAME
content = attr_name
elif word in attr_value:
where = ATTR_VALUE
content = attr_value
else:
# Go to the next one if nothing is found
continue
# Now... if we found something, report it =)
desc = ('The URI: "%s" sent a <meta> tag with the attribute'
' %s set to "%s" which looks interesting.')
desc %= (response.get_uri(), where, content)
tag_name = self._find_tag_name(tag)
usage = self.INTERESTING_WORDS.get(tag_name, None)
if usage is not None:
desc += ' The tag is used for %s.' % usage
i = Info('Interesting META tag', desc, response.id,
self.get_name())
i.set_uri(response.get_uri())
i.add_to_highlight(where, content)
i[CONTENT] = content
i[WHERE] = where
self.kb_append_uniq_group(self, 'meta_tags', i,
group_klass=MetaTagsInfoSet)
示例14: grep
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for meta tags.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html() or is_404(response):
return
try:
dp = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException:
return
meta_tag_list = dp.get_meta_tags()
for tag in meta_tag_list:
for attr_name, attr_value in tag.items():
for word in self.INTERESTING_WORDS:
# Check if we have something interesting
# and WHERE that thing actually is
where = content = None
if word in attr_name:
where = self.ATTR_NAME
content = attr_name
elif word in attr_value:
where = self.ATTR_VALUE
content = attr_value
# Now... if we found something, report it =)
if self._should_report(attr_name, attr_value, where):
# The attribute is interesting!
fmt = 'The URI: "%s" sent a <meta> tag with attribute'\
' %s set to "%s" which looks interesting.'
desc = fmt % (response.get_uri(), where, content)
tag_name = self._find_name(tag)
if self.INTERESTING_WORDS.get(tag_name, None):
usage = self.INTERESTING_WORDS[tag_name]
desc += ' The tag is used for %s.' % usage
i = Info('Interesting META tag', desc, response.id,
self.get_name())
i.set_uri(response.get_uri())
i.add_to_highlight(where, content)
self.kb_append_uniq(self, 'meta_tags', i, 'URL')
示例15: analyze_disco
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import add_to_highlight [as 别名]
def analyze_disco(self, request, response):
for disco_string in self._disco_strings:
if disco_string in response:
desc = 'The URL: "%s" is a DISCO file that contains references'\
' to WSDL URLs.'
desc = desc % response.get_url()
i = Info('DISCO resource', desc, response.id,
self.get_name())
i.set_url(response.get_url())
i.add_to_highlight(disco_string)
self.kb_append_uniq(self, 'disco', i, 'URL')
break