diff --git a/w3af/core/controllers/chrome/devtools/exceptions.py b/w3af/core/controllers/chrome/devtools/exceptions.py
index 38ac0e3561..45214b34c6 100644
--- a/w3af/core/controllers/chrome/devtools/exceptions.py
+++ b/w3af/core/controllers/chrome/devtools/exceptions.py
@@ -27,3 +27,11 @@ class ChromeInterfaceException(Exception):
class ChromeInterfaceTimeout(Exception):
pass
+
+
+class ChromeScriptRuntimeException(Exception):
+ def __init__(self, message, function_called=None, *args):
+ if function_called:
+ message = "function: {}, exception: {}".format(function_called, message)
+ super(ChromeScriptRuntimeException, self).__init__(message, *args)
+ pass
diff --git a/w3af/core/controllers/chrome/instrumented/frame_manager.py b/w3af/core/controllers/chrome/instrumented/frame_manager.py
index 14f660559a..f96f46e8c6 100644
--- a/w3af/core/controllers/chrome/instrumented/frame_manager.py
+++ b/w3af/core/controllers/chrome/instrumented/frame_manager.py
@@ -166,7 +166,7 @@ def _on_frame_navigated(self, message):
# URL all the child frames are removed from Chrome, we should remove
# them from our code too to mirror state
if frame:
- for child_frame_id, child_frame in frame.child_frames:
+ for child_frame_id, child_frame in frame.child_frames.items():
child_frame.detach(self)
frame.set_navigated()
diff --git a/w3af/core/controllers/chrome/instrumented/main.py b/w3af/core/controllers/chrome/instrumented/main.py
index 41262e49ba..9b3672aa95 100644
--- a/w3af/core/controllers/chrome/instrumented/main.py
+++ b/w3af/core/controllers/chrome/instrumented/main.py
@@ -23,6 +23,7 @@
import json
import w3af.core.controllers.output_manager as om
+from w3af.core.controllers.chrome.devtools.exceptions import ChromeScriptRuntimeException
from w3af.core.data.parsers.doc.url import URL
from w3af.core.controllers.chrome.instrumented.instrumented_base import InstrumentedChromeBase
@@ -297,11 +298,20 @@ def dispatch_js_event(self, selector, event_type):
return True
- def get_login_forms(self):
+ def get_login_forms(self, exact_css_selectors):
"""
+ :param dict exact_css_selectors: Optional parameter containing css selectors
+ for part of form like username input or login button.
:return: Yield LoginForm instances
"""
- result = self.js_runtime_evaluate('window._DOMAnalyzer.getLoginForms()')
+ func = (
+ 'window._DOMAnalyzer.getLoginForms("{}", "{}")'
+ )
+ func = func.format(
+ exact_css_selectors.get('username_input', '').replace('"', '\\"'),
+ exact_css_selectors.get('login_button', '').replace('"', '\\"'),
+ )
+ result = self.js_runtime_evaluate(func)
if result is None:
raise EventTimeout('The event execution timed out')
@@ -316,11 +326,20 @@ def get_login_forms(self):
yield login_form
- def get_login_forms_without_form_tags(self):
+ def get_login_forms_without_form_tags(self, exact_css_selectors):
"""
+ :param dict exact_css_selectors: Optional parameter containing css selectors
+ for part of form like username input or login button.
:return: Yield LoginForm instances
"""
- result = self.js_runtime_evaluate('window._DOMAnalyzer.getLoginFormsWithoutFormTags()')
+ func = (
+ 'window._DOMAnalyzer.getLoginFormsWithoutFormTags("{}", "{}")'
+ )
+ func = func.format(
+ exact_css_selectors.get('username_input', '').replace('"', '\\"'),
+ exact_css_selectors.get('login_button', '').replace('"', '\\"'),
+ )
+ result = self.js_runtime_evaluate(func)
if result is None:
raise EventTimeout('The event execution timed out')
@@ -406,9 +425,9 @@ def focus(self, selector):
if result is None:
return None
- node_ids = result.get('result', {}).get('nodeIds', None)
+ node_ids = result.get('result', {}).get('nodeIds')
- if node_ids is None:
+ if not node_ids:
msg = ('The call to chrome.focus() failed.'
' CSS selector "%s" returned no nodes (did: %s)')
args = (selector, self.debugging_id)
@@ -589,19 +608,13 @@ def js_runtime_evaluate(self, expression, timeout=5):
timeout=timeout)
# This is a rare case where the DOM is not present
- if result is None:
- return None
-
- if 'result' not in result:
- return None
-
- if 'result' not in result['result']:
- return None
-
- if 'value' not in result['result']['result']:
- return None
-
- return result['result']['result']['value']
+ runtime_exception = result.get('result', {}).get('exceptionDetails')
+ if runtime_exception:
+ raise ChromeScriptRuntimeException(
+ runtime_exception,
+ function_called=expression
+ )
+ return result.get('result', {}).get('result', {}).get('value', None)
def get_js_variable_value(self, variable_name):
"""
diff --git a/w3af/core/controllers/chrome/js/dom_analyzer.js b/w3af/core/controllers/chrome/js/dom_analyzer.js
index b8077b60a3..9b113de676 100644
--- a/w3af/core/controllers/chrome/js/dom_analyzer.js
+++ b/w3af/core/controllers/chrome/js/dom_analyzer.js
@@ -330,7 +330,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
if( !_DOMAnalyzer.eventIsValidForTagName( tag_name, type ) ) return false;
let selector = OptimalSelect.getSingleSelector(element);
-
+
// node_type is https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType#Node_type_constants
_DOMAnalyzer.event_listeners.push({"tag_name": tag_name,
"node_type": element.nodeType,
@@ -865,6 +865,48 @@ var _DOMAnalyzer = _DOMAnalyzer || {
return false;
},
+ /**
+ * This is naive function which takes parentElement (the login form) and
+ * tries to find username input field within it.
+ * @param {Node} parentElement - parent element to scope to document.querySelectorAll()
+ * @param {String} exactSelector - optional CSS selector. If provided prevents
+ * using standard selectors
+ * @returns {NodeList} - result of querySelectorAll()
+ */
+ _getUsernameInput(parentElement, exactSelector = '') {
+ if (exactSelector) {
+ return document.querySelectorAll(exactSelector, parentElement);
+ }
+ result = document.querySelectorAll("input[type='email']", parentElement);
+ if (!result.length) {
+ result = document.querySelectorAll("input[type='text']", parentElement);
+ }
+ return result;
+ },
+
+ /**
+ * This is naive function which takes parentElement (the login form) and tries
+ * to find submit button within it.
+ * @param {Node} parentElement - parent element to scope to document.querySelectorAll()
+ * @param {String} exactSelector - optional CSS selector. If provided prevents
+ * using standard selectors
+ * @returns {NodeList} - result of querySelectorAll()
+ */
+ _getSubmitButton(parentElement, exactSelector = '') {
+ if (exactSelector) {
+ return document.querySelectorAll(exactSelector, parentElement);
+ }
+ result = document.querySelectorAll("input[type='submit']", parentElement);
+ if (!result.length) {
+ result = document.querySelectorAll("button[type='submit']", parentElement);
+ }
+ // Maybe it's just normal button without type="submit"...
+ if (!result.length) {
+ result = document.querySelectorAll('button', parentElement);
+ }
+ return result;
+ },
+
/**
* Return the CSS selector for the login forms which exist in the DOM.
*
@@ -874,8 +916,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
* - , and
* -
*
+ * @param {String} usernameCssSelector - CSS selector for username input. If
+ * provided we won't try to find username input automatically.
+ * @param {String} submitButtonCssSelector - CSS selector for submit button. If
+ * provided we won't try to find submit button autmatically.
*/
- getLoginForms: function () {
+ getLoginForms: function (usernameCssSelector = '', submitButtonCssSelector = '') {
let login_forms = [];
// First we identify the forms with a password field using a descendant Selector
@@ -898,7 +944,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
let form = forms[0];
// Finally we confirm that the form has a type=text input
- let text_fields = document.querySelectorAll("input[type='text']", form)
+ let text_fields = this._getUsernameInput(form, usernameCssSelector);
// Zero text fields is most likely a password-only login form
// Two text fields or more is most likely a registration from
@@ -906,7 +952,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
if (text_fields.length !== 1) continue;
// And if there is a submit button I want that selector too
- let submit_fields = document.querySelectorAll("input[type='submit']", form)
+ let submit_fields = this._getSubmitButton(form, submitButtonCssSelector);
let submit_selector = null;
if (submit_fields.length !== 0) {
@@ -936,8 +982,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
* - , and
* -
*
+ * @param {String} usernameCssSelector - CSS selector for username input. If
+ * provided we won't try to find username input automatically.
+ * @param {String} submitButtonCssSelector - CSS selector for submit button. If
+ * provided we won't try to find submit button autmatically.
*/
- getLoginFormsWithoutFormTags: function () {
+ getLoginFormsWithoutFormTags: function (usernameCssSelector = '', submitButtonCssSelector = '') {
let login_forms = [];
// First we identify the password fields
@@ -962,7 +1012,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
// go up one more level, and so one.
//
// Find if this parent has a type=text input
- let text_fields = document.querySelectorAll("input[type='text']", parent)
+ let text_fields = this._getUsernameInput(parent, usernameCssSelector);
// Zero text fields is most likely a password-only login form
// Two text fields or more is most likely a registration from
@@ -974,7 +1024,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
}
// And if there is a submit button I want that selector too
- let submit_fields = document.querySelectorAll("input[type='submit']", parent)
+ let submit_fields = this._getSubmitButton(parent, submitButtonCssSelector)
let submit_selector = null;
if (submit_fields.length !== 0) {
@@ -999,6 +1049,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
return JSON.stringify(login_forms);
},
+ clickOnSelector(exactSelector) {
+ let element = document.querySelector(exactSelector);
+ element.click();
+ return 'success'
+ },
+
sliceAndSerialize: function (filtered_event_listeners, start, count) {
return JSON.stringify(filtered_event_listeners.slice(start, start + count));
},
@@ -1142,4 +1198,4 @@ var _DOMAnalyzer = _DOMAnalyzer || {
};
-_DOMAnalyzer.initialize();
\ No newline at end of file
+_DOMAnalyzer.initialize();
diff --git a/w3af/core/controllers/chrome/login/find_form/main.py b/w3af/core/controllers/chrome/login/find_form/main.py
index 2ee45ad7f5..2e42e13c57 100644
--- a/w3af/core/controllers/chrome/login/find_form/main.py
+++ b/w3af/core/controllers/chrome/login/find_form/main.py
@@ -36,16 +36,24 @@ def __init__(self, chrome, debugging_id):
self.chrome = chrome
self.debugging_id = debugging_id
- def find_forms(self):
+ def find_forms(self, css_selectors=None):
"""
+ :param dict css_selectors: optional dict of css selectors used to find
+ elements of form (like username input or login button)
:return: Yield forms as they are found by each strategy
"""
+ if css_selectors:
+ msg = 'Form finder uses the CSS selectors: "%s" (did: %s)'
+ args = (css_selectors, self.debugging_id)
+ om.out.debug(msg % args)
+
identified_forms = []
for strategy_klass in self.STRATEGIES:
- strategy = strategy_klass(self.chrome, self.debugging_id)
+ strategy = strategy_klass(self.chrome, self.debugging_id, css_selectors)
try:
+ strategy.prepare()
for form in strategy.find_forms():
if form in identified_forms:
continue
@@ -55,6 +63,6 @@ def find_forms(self):
except Exception as e:
msg = 'Form finder strategy %s raised exception: "%s" (did: %s)'
args = (strategy.get_name(),
- e,
+ repr(e),
self.debugging_id)
om.out.debug(msg % args)
diff --git a/w3af/core/controllers/chrome/login/find_form/strategies/base_find_form_strategy.py b/w3af/core/controllers/chrome/login/find_form/strategies/base_find_form_strategy.py
new file mode 100644
index 0000000000..6c635adc44
--- /dev/null
+++ b/w3af/core/controllers/chrome/login/find_form/strategies/base_find_form_strategy.py
@@ -0,0 +1,35 @@
+from w3af.core.controllers.chrome.instrumented.exceptions import EventTimeout
+
+
+class BaseFindFormStrategy:
+ def __init__(self, chrome, debugging_id, exact_css_selectors=None):
+ """
+ :param InstrumentedChrome chrome:
+ :param String debugging_id:
+ :param dict exact_css_selectors: Optional parameter containing css selectors
+ for part of form like username input or login button.
+ """
+ self.chrome = chrome
+ self.debugging_id = debugging_id
+ self.exact_css_selectors = exact_css_selectors or {}
+
+ def prepare(self):
+ """
+ :raises EventTimeout:
+ Hook called before find_forms()
+ """
+ form_activator_selector = self.exact_css_selectors.get('form_activator')
+ if form_activator_selector:
+ func = 'window._DOMAnalyzer.clickOnSelector("{}")'.format(
+ form_activator_selector.replace('"', '\\"')
+ )
+ result = self.chrome.js_runtime_evaluate(func)
+ if result is None:
+ raise EventTimeout('The event execution timed out')
+
+ def find_forms(self):
+ raise NotImplementedError
+
+ @staticmethod
+ def get_name():
+ return 'BaseFindFormStrategy'
diff --git a/w3af/core/controllers/chrome/login/find_form/strategies/form_tag.py b/w3af/core/controllers/chrome/login/find_form/strategies/form_tag.py
index bf47ba4a17..ec6da6aab0 100644
--- a/w3af/core/controllers/chrome/login/find_form/strategies/form_tag.py
+++ b/w3af/core/controllers/chrome/login/find_form/strategies/form_tag.py
@@ -19,12 +19,11 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
+from w3af.core.controllers.chrome.login.find_form.strategies.base_find_form_strategy import \
+ BaseFindFormStrategy
-class FormTagStrategy(object):
- def __init__(self, chrome, debugging_id):
- self.chrome = chrome
- self.debugging_id = debugging_id
+class FormTagStrategy(BaseFindFormStrategy):
def find_forms(self):
"""
@@ -37,7 +36,7 @@ def _simple_form_with_username_password_submit(self):
"""
:return: Yield forms that have username, password and submit inputs
"""
- for login_form in self.chrome.get_login_forms():
+ for login_form in self.chrome.get_login_forms(self.exact_css_selectors):
yield login_form
@staticmethod
diff --git a/w3af/core/controllers/chrome/login/find_form/strategies/password_and_parent.py b/w3af/core/controllers/chrome/login/find_form/strategies/password_and_parent.py
index 1f64780502..4dbf7c654a 100644
--- a/w3af/core/controllers/chrome/login/find_form/strategies/password_and_parent.py
+++ b/w3af/core/controllers/chrome/login/find_form/strategies/password_and_parent.py
@@ -19,12 +19,11 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
+from w3af.core.controllers.chrome.login.find_form.strategies.base_find_form_strategy import \
+ BaseFindFormStrategy
-class PasswordAndParentStrategy(object):
- def __init__(self, chrome, debugging_id):
- self.chrome = chrome
- self.debugging_id = debugging_id
+class PasswordAndParentStrategy(BaseFindFormStrategy):
def find_forms(self):
"""
@@ -32,8 +31,9 @@ def find_forms(self):
:return: Yield forms which are identified by the strategy algorithm
"""
- for login_form in self.chrome.get_login_forms_without_form_tags():
+ for login_form in self.chrome.get_login_forms_without_form_tags(self.exact_css_selectors):
yield login_form
- def get_name(self):
+ @staticmethod
+ def get_name():
return 'PasswordAndParent'
diff --git a/w3af/core/controllers/chrome/login/submit_form/main.py b/w3af/core/controllers/chrome/login/submit_form/main.py
index b3954a5b92..a4726663c8 100644
--- a/w3af/core/controllers/chrome/login/submit_form/main.py
+++ b/w3af/core/controllers/chrome/login/submit_form/main.py
@@ -19,6 +19,8 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
+import traceback
+
from w3af.core.controllers import output_manager as om
from w3af.core.controllers.chrome.login.submit_form.strategies.press_enter import PressEnterStrategy
@@ -31,7 +33,7 @@ class FormSubmitter(object):
STRATEGIES = [
PressEnterStrategy,
PressTabEnterStrategy,
- #FormInputSubmitStrategy
+ # FormInputSubmitStrategy
]
def __init__(self, chrome, form, login_form_url, username, password, debugging_id):
@@ -91,3 +93,4 @@ def _handle_exception(self, strategy, e):
e,
self.debugging_id)
om.out.debug(msg % args)
+ om.out.error(traceback.format_exc())
diff --git a/w3af/core/controllers/chrome/proxy/tests/test_proxy.py b/w3af/core/controllers/chrome/proxy/tests/test_proxy.py
index 1dcf836e46..873f7f21dc 100644
--- a/w3af/core/controllers/chrome/proxy/tests/test_proxy.py
+++ b/w3af/core/controllers/chrome/proxy/tests/test_proxy.py
@@ -36,7 +36,7 @@
from w3af.core.data.url.extended_urllib import ExtendedUrllib
-pytestmarks = pytest.mark.deprecated
+pytestmark = pytest.mark.deprecated
class TestProxy(unittest.TestCase):
diff --git a/w3af/core/controllers/daemons/proxy/tests/test_proxy.py b/w3af/core/controllers/daemons/proxy/tests/test_proxy.py
index 1d5b1dc837..e1ded8af38 100644
--- a/w3af/core/controllers/daemons/proxy/tests/test_proxy.py
+++ b/w3af/core/controllers/daemons/proxy/tests/test_proxy.py
@@ -54,7 +54,6 @@ def setUp(self):
self.proxy_opener = urllib2.build_opener(proxy_handler,
urllib2.HTTPHandler)
- @pytest.mark.deprecated
def tearDown(self):
# Shutdown the proxy server
self._proxy.stop()
diff --git a/w3af/core/data/options/option_list.py b/w3af/core/data/options/option_list.py
index 74f3c4820d..ff4a1d5207 100644
--- a/w3af/core/data/options/option_list.py
+++ b/w3af/core/data/options/option_list.py
@@ -35,6 +35,18 @@ def add(self, option):
self._internal_opt_list.append(option)
append = add
+ def pop(self, option):
+ """
+ DANGEROUS!!
+ You will probably want to deepcopy the OptionList instance before
+ modifying it with this method to don't block the user from accessing options
+ again.
+ """
+ if not isinstance(option, int):
+ option_names = [item.get_name() for item in self._internal_opt_list]
+ option = option_names.index(option)
+ return self._internal_opt_list.pop(option)
+
def __len__(self):
return len(self._internal_opt_list)
diff --git a/w3af/core/data/parsers/doc/open_api/requests.py b/w3af/core/data/parsers/doc/open_api/requests.py
index 19366b0d7f..1a28daef88 100644
--- a/w3af/core/data/parsers/doc/open_api/requests.py
+++ b/w3af/core/data/parsers/doc/open_api/requests.py
@@ -184,6 +184,8 @@ def get_uri(self):
continue
if param_def.param_spec['type'] == 'array':
+ if not parameters[param_name] and not param_def.required:
+ continue
parameters[param_name] = parameters[param_name][0]
if parameters:
diff --git a/w3af/core/data/parsers/doc/open_api/specification.py b/w3af/core/data/parsers/doc/open_api/specification.py
index 4aaa93344e..dc338fcf72 100644
--- a/w3af/core/data/parsers/doc/open_api/specification.py
+++ b/w3af/core/data/parsers/doc/open_api/specification.py
@@ -21,7 +21,6 @@
"""
import json
-import yaml
import logging
from yaml import load
@@ -232,7 +231,8 @@ def _load_spec_dict(self):
:return: The dict with the open api data
"""
try:
- spec_dict = json.loads(self.http_response.body)
+ decoded_response = self.http_response.body.decode('ascii', 'ignore')
+ spec_dict = json.loads(decoded_response)
except ValueError:
# Seems like the OpenAPI was specified using Yaml instead of
# JSON. Let's parse the Yaml data!
diff --git a/w3af/core/data/parsers/doc/open_api/tests/data/array_not_required_model_items.json b/w3af/core/data/parsers/doc/open_api/tests/data/array_not_required_model_items.json
new file mode 100644
index 0000000000..7a7877738f
--- /dev/null
+++ b/w3af/core/data/parsers/doc/open_api/tests/data/array_not_required_model_items.json
@@ -0,0 +1,71 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "version": "1.0.0",
+ "title": "Swagger Petstore",
+ "description": "A sample API that uses a petstore as an example to demonstrate features in the swagger-2.0 specification",
+ "termsOfService": "http://swagger.io/terms/",
+ "contact": {
+ "name": "Swagger API Team"
+ },
+ "license": {
+ "name": "MIT"
+ }
+ },
+ "host": "petstore.swagger.io",
+ "basePath": "/api",
+ "schemes": [
+ "http"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "paths": {
+ "/pets": {
+ "post": {
+ "description": "Add multiple pets",
+ "operationId": "addMultiplePets",
+ "produces": [
+ "application/json"
+ ],
+ "parameters": [
+ {
+ "name": "pets",
+ "in": "query",
+ "description": "array with pets to add",
+ "required": false,
+ "type": "array",
+ "items": {}
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "pet response",
+ "schema": {
+ "$ref": "#/definitions/Pet"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "Pet": {
+ "type": "object",
+ "required": [
+ "name"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ }
+ }
+ }
+}
diff --git a/w3af/core/data/parsers/doc/open_api/tests/data/swagger-special-chars.json b/w3af/core/data/parsers/doc/open_api/tests/data/swagger-special-chars.json
new file mode 100644
index 0000000000..a3eeff15d9
--- /dev/null
+++ b/w3af/core/data/parsers/doc/open_api/tests/data/swagger-special-chars.json
@@ -0,0 +1,73 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "version": "1.0.0",
+ "title": "Swagger Petstore, special chars: ąęćźżó^żć√≤Ķńå",
+ "description": "A sample API that uses a petstore as an example to demonstrate features in the swagger-2.0 specification",
+ "termsOfService": "http://swagger.io/terms/",
+ "contact": {
+ "name": "Swagger API Team"
+ },
+ "license": {
+ "name": "MIT"
+ }
+ },
+ "host": "petstore.swagger.io",
+ "basePath": "/api",
+ "schemes": [
+ "http"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "paths": {
+ "/pets": {
+ "get": {
+ "description": "Returns all pets from the system that the user has access to",
+ "produces": [
+ "application/json"
+ ],
+ "responses": {
+ "200": {
+ "description": "A list of pets.",
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/Pet"
+ }
+ }
+ }
+ }
+ }
+ },
+ "/pets/{ąęćźżó^żć√≤Ķńå}": {
+ "get": {
+ "description": "Let's see if I'll return an error"
+ }
+ }
+ },
+ "definitions": {
+ "Pet": {
+ "type": "object",
+ "required": [
+ "id",
+ "name"
+ ],
+ "properties": {
+ "id": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "name": {
+ "type": "string"
+ },
+ "tag": {
+ "type": "string"
+ }
+ }
+ }
+ }
+}
diff --git a/w3af/core/data/parsers/doc/open_api/tests/test_requests.py b/w3af/core/data/parsers/doc/open_api/tests/test_requests.py
index 45027e6090..2a454e128a 100644
--- a/w3af/core/data/parsers/doc/open_api/tests/test_requests.py
+++ b/w3af/core/data/parsers/doc/open_api/tests/test_requests.py
@@ -20,6 +20,7 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
+import json
import unittest
from w3af.core.data.parsers.doc.url import URL
@@ -312,6 +313,24 @@ def test_array_with_model_items_param_in_json(self):
self.assertEqual(fuzzable_request.get_headers(), e_headers)
self.assertEqual(fuzzable_request.get_data(), e_data)
+ def test_array_param_not_required_in_json(self):
+ """
+ Regression test when param type is array and param is not required.
+ Param must be in query, not in body.
+ """
+ test_spec_filename = (
+ 'w3af/core/data/parsers/doc/open_api/tests/data/array_not_required_model_items.json'
+ )
+ with open(test_spec_filename, 'r') as file_:
+ specification_as_string = file_.read()
+
+ http_response = self.generate_response(specification_as_string)
+ handler = SpecificationHandler(http_response)
+ data = [item for item in handler.get_api_information()]
+ for spec_obj in data:
+ factory = RequestFactory(*spec_obj)
+ req = factory.get_fuzzable_request()
+
def test_model_param_nested_allOf_in_json(self):
specification_as_string = NestedModel().get_specification()
http_response = self.generate_response(specification_as_string)
diff --git a/w3af/core/data/parsers/doc/open_api/tests/test_specification.py b/w3af/core/data/parsers/doc/open_api/tests/test_specification.py
index e6e96efb6a..3eb9636167 100644
--- a/w3af/core/data/parsers/doc/open_api/tests/test_specification.py
+++ b/w3af/core/data/parsers/doc/open_api/tests/test_specification.py
@@ -595,6 +595,18 @@ def test_parameter_handler_multiple_paths_and_headers(self):
handler = SpecificationHandler(http_response)
self.check_parameter_setting(handler)
+ def test_specification_handler_can_handle_spec_with_non_ascii_chars(self):
+ with open(
+ 'w3af/core/data/parsers/doc/open_api/tests/data/swagger-special-chars.json',
+ ) as file_:
+ spec_as_string = file_.read()
+ http_response = self.generate_response(spec_as_string)
+ spec_handler = SpecificationHandler(http_response)
+ result = spec_handler.get_api_information()
+ for _ in result:
+ pass
+ self.assertFalse(spec_handler._parsing_errors)
+
def check_parameter_setting(self, spec_handler):
data = [d for d in spec_handler.get_api_information()]
self.assertIsNotNone(data)
diff --git a/w3af/plugins/auth/autocomplete_js.py b/w3af/plugins/auth/autocomplete_js.py
index 6b1d39e2cd..f86caf5b3d 100644
--- a/w3af/plugins/auth/autocomplete_js.py
+++ b/w3af/plugins/auth/autocomplete_js.py
@@ -20,7 +20,10 @@
"""
import Queue
+from copy import deepcopy
+from w3af.core.data.options.opt_factory import opt_factory
+from w3af.core.data.options.option_types import STRING
from w3af.core.data.request.fuzzable_request import FuzzableRequest
from w3af.core.controllers.chrome.instrumented.main import InstrumentedChrome
from w3af.core.controllers.chrome.login.find_form.main import FormFinder
@@ -36,6 +39,12 @@ class autocomplete_js(autocomplete):
def __init__(self):
autocomplete.__init__(self)
+ # default values for autocomplete_js options
+ self.username_field_css_selector = ''
+ self.login_button_css_selector = ''
+ self.login_form_activator_css_selector = ''
+ self._did_css_selectors_work = False
+
self._login_form = None
self._http_traffic_queue = None
@@ -81,6 +90,7 @@ def login(self, debugging_id=None):
return True
def _handle_authentication_success(self):
+ self._login_result_log.append(True)
#
# Logging
#
@@ -107,6 +117,17 @@ def _handle_authentication_success(self):
self._configure_audit_blacklist(*login_urls)
+ def end(self):
+ super(autocomplete_js, self).end()
+ if not self._did_css_selectors_work:
+ message = (
+ "The `{}` authentication plugin was never able to find "
+ "one or more CSS selectors specified in options."
+ )
+ message = message.format(self.get_name())
+ self._log_info_to_kb(title='CSS selectors failed', message=message)
+ self._log_error(message)
+
def _do_login(self, chrome):
"""
Login to the application in two different scenarios:
@@ -129,7 +150,12 @@ def _login_using_existing_form(self, chrome):
:param chrome: The chrome instance to use during login
:return: True if login was successful
"""
- raise NotImplementedError
+ form_submit_strategy = self._find_form_submit_strategy(chrome, self._login_form)
+ if form_submit_strategy is None:
+ return False
+ self._login_form.set_submit_strategy(form_submit_strategy)
+ self._log_debug('Identified valid login form: %s' % self._login_form)
+ return True
def _login_and_save_form(self, chrome):
"""
@@ -207,13 +233,20 @@ def _find_all_login_forms(self, chrome):
* Use the FormFinder class to yield all existing forms
"""
form_finder = FormFinder(chrome, self._debugging_id)
+ css_selectors = {
+ 'username_input': self.username_field_css_selector,
+ 'login_button': self.login_button_css_selector,
+ 'form_activator': self.login_form_activator_css_selector,
+ }
- for form in form_finder.find_forms():
+ for form in form_finder.find_forms(css_selectors):
msg = 'Found potential login form: %s'
args = (form,)
self._log_debug(msg % args)
+ self._did_css_selectors_work = True
+
yield form
def _find_form_submit_strategy(self, chrome, form):
@@ -239,7 +272,10 @@ def _find_form_submit_strategy(self, chrome, form):
for form_submit_strategy in form_submitter.submit_form():
- if not self.has_active_session(debugging_id=self._debugging_id):
+ if not self.has_active_session(debugging_id=self._debugging_id, chrome=chrome):
+ msg = '%s is invalid form submit strategy for %s'
+ args = (form_submit_strategy.get_name(), form)
+ self._log_debug(msg % args)
# No need to set the state of the chrome browser back to the
# login page, that is performed inside the FormSubmitter
continue
@@ -256,22 +292,89 @@ def _find_form_submit_strategy(self, chrome, form):
return None
- def has_active_session(self, debugging_id=None):
+ def has_active_session(self, debugging_id=None, chrome=None):
"""
Check user session with chrome
+ :param str debugging_id: string representing debugging id.
+ :param InstrumentedChrome chrome: chrome instance passed from outer scope
+ to reuse. EDGE CASE EXAMPLE:
+ Sometimes we don't want to create new chrome instance. For example
+ when we login for the first time to webapp and in _find_form_submit_strategy()
+ we just pressed enter in login form. Browser may take some actions under
+ the hood like sending XHR to backend API and after receiving response
+ setting API token at localStorage. Before token will be saved to localStorage
+ it may exist only in webapp's code, so using the same chrome will prevent
+ us from performing check without credentials.
"""
has_active_session = False
+ is_new_chrome_instance_created = False
self._set_debugging_id(debugging_id)
- chrome = self._get_chrome_instance(load_url=False)
+ if not chrome or not chrome.chrome_conn:
+ chrome = self._get_chrome_instance(load_url=False)
+ is_new_chrome_instance_created = True
try:
chrome.load_url(self.check_url)
chrome.wait_for_load()
has_active_session = self.check_string in chrome.get_dom()
finally:
- chrome.terminate()
+ if is_new_chrome_instance_created:
+ chrome.terminate()
return has_active_session
+ def get_options(self):
+ """
+ :returns OptionList: list of option objects for plugin
+ """
+ option_list = super(autocomplete_js, self).get_options()
+ autocomplete_js_options = [
+ (
+ 'username_field_css_selector',
+ self.username_field_css_selector,
+ STRING,
+ "(Optional) Exact CSS selector which will be used to retrieve "
+ "the username input field. When provided the scanner is not going"
+ " to try to detect the input field in an automated way"
+ ),
+ (
+ 'login_button_css_selector',
+ self.login_button_css_selector,
+ STRING,
+ "(Optional) Exact CSS selector which will be used to retrieve "
+ "the login button field. When provided the scanner is not going "
+ "to try to detect the login button in an automated way"
+ ),
+ (
+ 'login_form_activator_css_selector',
+ self.login_form_activator_css_selector,
+ STRING,
+ "(Optional) Exact CSS selector for the element which needs to be "
+ "clicked to show login form."
+ )
+ ]
+ for option in autocomplete_js_options:
+ option_list.add(opt_factory(
+ option[0],
+ option[1],
+ option[3],
+ option[2],
+ help=option[3],
+ ))
+ return option_list
+
+ def set_options(self, options_list):
+ options_list_copy = deepcopy(options_list) # we don't want to touch real option_list
+ self.username_field_css_selector = options_list_copy.pop(
+ 'username_field_css_selector'
+ ).get_value()
+ self.login_button_css_selector = options_list_copy.pop(
+ 'login_button_css_selector'
+ ).get_value()
+ self.login_form_activator_css_selector = options_list_copy.pop(
+ 'login_form_activator_css_selector'
+ ).get_value()
+ super(autocomplete_js, self).set_options(options_list_copy)
+
def get_long_desc(self):
"""
:return: A DETAILED description of the plugin functions and features.
@@ -283,7 +386,15 @@ def get_long_desc(self):
The plugin loads the `login_form_url` to obtain the login form, automatically
identifies the inputs where the `username` and `password` should be entered,
- and then submits the form by clicking on the login button.
+ and then submits the form by clicking on the login button. You can specify
+ the exact CSS selectors (like ".login > input #password") in
+ `username_filed_css_selector` and `login_button_css_selector` to force
+ plugin to use those selectors in case when it can't find username field
+ or login button automatically.
+
+ If the page requires to click on something to show the login form you
+ can set `login_form_activator_css_selector` and scanner will use it
+ find and click on element
The following configurable parameters exist:
- username
@@ -291,4 +402,7 @@ def get_long_desc(self):
- login_form_url
- check_url
- check_string
+ - username_field_css_selector
+ - login_button_css_selector
+ - login_form_activator_css_selector
"""
diff --git a/w3af/plugins/tests/auth/test_autocomplete_js.py b/w3af/plugins/tests/auth/test_autocomplete_js.py
index a22fb3f298..db2c297b27 100644
--- a/w3af/plugins/tests/auth/test_autocomplete_js.py
+++ b/w3af/plugins/tests/auth/test_autocomplete_js.py
@@ -26,6 +26,7 @@
import pytest
from w3af import ROOT_PATH
+from w3af.plugins.auth.autocomplete_js import autocomplete_js
from w3af.plugins.tests.helper import PluginTest, PluginConfig
from w3af.core.controllers.daemons.webserver import start_webserver_any_free_port
from w3af.core.controllers.chrome.tests.helpers import ExtendedHttpRequestHandler
@@ -44,9 +45,6 @@
PASS = 'passw0rd'
-pytestmark = pytest.mark.deprecated
-
-
class BasicLoginRequestHandler(ExtendedHttpRequestHandler):
LOGIN_FORM = VANILLA_JS_LOGIN_1
ADMIN_HOME = u'Hello admin!'
@@ -122,6 +120,7 @@ def do_login(self):
return self.send_response_to_client(302, 'Success', headers)
+@pytest.mark.deprecated
class TestVanillaJavaScript1(PluginTest):
SERVER_HOST = '127.0.0.1'
@@ -233,3 +232,55 @@ def test_js_auth(self):
self.assertIn('/login_post.py', FakeFormLoginRequestHandler.EVENTS)
self.assertIn('/admin', FakeFormLoginRequestHandler.EVENTS)
self.assertIn('ADMIN_REQUEST_SUCCESS', FakeFormLoginRequestHandler.EVENTS)
+
+
+def test_autocomplete_js_reports_if_it_fails_to_use_css_selectors(
+ plugin_runner,
+ knowledge_base,
+):
+ autocomplete_js_config = {
+ 'username': 'test@example.com',
+ 'password': 'pass',
+ 'check_url': 'http://example.com/me/',
+ 'login_form_url': 'http://example.com/login/',
+ 'check_string': 'logged as',
+ 'username_field_css_selector': '#username',
+ 'login_button_css_selector': '#login',
+ 'login_form_activator_css_selector': '#activator',
+ }
+ autocomplete_js_plugin = autocomplete_js()
+ plugin_runner.run_plugin(autocomplete_js_plugin, autocomplete_js_config)
+ kb_result = knowledge_base.dump()
+ errors = kb_result.get('authentication').get('error')
+ css_error_count = 0
+ for error in errors:
+ if 'CSS selectors failed' in error.get_name():
+ css_error_count += 1
+ assert css_error_count
+
+
+def test_autocomplete_js_doesnt_report_if_it_can_find_css_selectors(
+ plugin_runner,
+ knowledge_base,
+ js_domain_with_login_form,
+):
+ autocomplete_js_config = {
+ 'username': 'test@example.com',
+ 'password': 'pass',
+ 'check_url': 'http://example.com/me/',
+ 'login_form_url': 'http://example.com/login/',
+ 'check_string': 'logged as',
+ 'username_field_css_selector': '#username',
+ 'login_button_css_selector': '#login',
+ }
+ autocomplete_js_plugin = autocomplete_js()
+ for _ in range(1):
+ plugin_runner.run_plugin(
+ autocomplete_js_plugin,
+ autocomplete_js_config,
+ mock_domain=js_domain_with_login_form,
+ do_end_call=False,
+ )
+ plugin_runner.plugin_last_ran.end()
+ kb_result = knowledge_base.dump()
+ assert not kb_result.get('authentication', {}).get('error')
diff --git a/w3af/plugins/tests/conftest.py b/w3af/plugins/tests/conftest.py
new file mode 100644
index 0000000000..7626a6eda6
--- /dev/null
+++ b/w3af/plugins/tests/conftest.py
@@ -0,0 +1,38 @@
+import pytest
+
+from w3af.plugins.tests.plugin_testing_tools import TestPluginRunner
+
+
+@pytest.fixture
+def plugin_runner():
+ """
+ This fixture returns PluginRunner instance which can run the plugin inside
+ sandbox environment.
+
+ It's "core" fixture in testing w3af. 99% of time when developer wants to test
+ something he runs plugin and sees what happens.
+ """
+ return TestPluginRunner()
+
+
+@pytest.fixture
+def js_domain_with_login_form():
+ mapping = {
+ 0: 'example
',
+ '/login/': (
+ ''
+ ''
+ ''
+ ''
+ '
'
+ ),
+ '/me/': 'logged as
',
+ }
+ return mapping
+
+
+@pytest.fixture
+def knowledge_base():
+ from w3af.core.data.kb import knowledge_base
+ kb = knowledge_base.kb = knowledge_base.DBKnowledgeBase() # create new kb instance
+ return kb
diff --git a/w3af/plugins/tests/plugin_testing_tools.py b/w3af/plugins/tests/plugin_testing_tools.py
new file mode 100644
index 0000000000..cf8cf314d1
--- /dev/null
+++ b/w3af/plugins/tests/plugin_testing_tools.py
@@ -0,0 +1,164 @@
+import inspect
+
+from mock import patch
+
+from w3af.core.controllers.plugins.auth_plugin import AuthPlugin
+from w3af.core.data.url.HTTPResponse import HTTPResponse
+
+
+class TestPluginError(Exception):
+ pass
+
+
+class TestPluginRunner:
+ """
+ This class prepares everything needed to run w3af plugin, offers network
+ mocking (like mock_domain). The main method is `run_plugin` and it should
+ be used in tests. Also it exposes `plugin_last_ran` and `mocked_server`
+ as parameters.
+ """
+ def __init__(self):
+ self.plugin_last_ran = None # last plugin instance used at self.run_plugin().
+ # Useful for debugging.
+ self.mocked_server = None
+
+ def run_plugin(self, plugin, plugin_config=None, mock_domain=None, do_end_call=True):
+ """
+ :param Plugin plugin: plugin class or instance
+ :param dict plugin_config:
+ :param pytest.fixture mock_domain: pytest fixture to mock requests to
+ specific domain
+ :param bool do_end_call: if False plugin.end() won't be called
+ """
+ self._patch_network(mock_domain)
+
+ if inspect.isclass(plugin):
+ plugin_instance = plugin()
+ else:
+ plugin_instance = plugin
+
+ self.plugin_last_ran = plugin_instance
+
+ if plugin_config:
+ self.set_options_to_plugin(plugin_instance, plugin_config)
+
+ result = None
+ did_plugin_run = False
+ if isinstance(plugin_instance, AuthPlugin):
+ result = self.run_auth_plugin(plugin_instance)
+ did_plugin_run = True
+
+ if do_end_call:
+ plugin_instance.end()
+
+ if not did_plugin_run:
+ raise TestPluginError(
+ "Can't find any way to run plugin {}. Is it already implemented?".format(
+ plugin_instance,
+ )
+ )
+ return result
+
+ @staticmethod
+ def run_auth_plugin(plugin):
+ if not plugin.has_active_session():
+ return plugin.login()
+ return False
+
+ @staticmethod
+ def set_options_to_plugin(plugin, options):
+ """
+ :param Plugin plugin: the plugin instance
+ :param dict options: dict of options that will be set to plugin
+ """
+ options_list = plugin.get_options()
+ for option_name, option_value in options.items():
+ option = options_list[option_name]
+ option.set_value(option_value)
+ plugin.set_options(options_list)
+
+ def _patch_network(self, mock_domain):
+ self.mocked_server = MockedServer(url_mapping=mock_domain)
+ patcher = patch(
+ 'w3af.core.data.url.extended_urllib.ExtendedUrllib.GET',
+ self.mocked_server.mocked_GET,
+ )
+ patcher.start()
+ chrome_patcher = patch(
+ 'w3af.core.controllers.chrome.instrumented.main.InstrumentedChrome.load_url',
+ self.mocked_server.mocked_chrome_load_url(),
+ )
+ chrome_patcher.start()
+
+
+class MockedServer:
+ """
+ This is class used to mock whole network for TestPluginRunner. It provides
+ `mocked_GET` and `mocked_chrome_load_url` which are methods to monkey-patch
+ the real w3af methods.
+ """
+ def __init__(self, url_mapping=None):
+ """
+ :param dict or None url_mapping: url_mapping should be a dict with data
+ formatted in following way: {'url_path': 'response_content'} or
+ {request_number: 'response_content'}. So for example:
+ {
+ 1: 'first response
',
+ 2: 'second response
',
+ 7: 'seventh response
',
+ '/login/': ''
+ '/me/': 'user@example.com'
+ }
+ """
+ self.url_mapping = url_mapping or {}
+ self.default_content = 'example.com'
+ self.response_count = 0
+ self.urls_requested = []
+
+ def mocked_GET(self, url, *args, **kwargs):
+ if url in self.url_mapping:
+ return self._mocked_resp(url, self._match_response(url))
+ return self.default_content
+
+ def mocked_chrome_load_url(self, *args, **kwargs):
+ def real_mock(self_, url, *args, **kwargs):
+ self_.chrome_conn.Page.reload() # this enabled dom_analyzer.js
+ response_content = self._match_response(url)
+ result = self_.chrome_conn.Runtime.evaluate(
+ expression='document.write(`{}`)'.format(response_content)
+ )
+ if result['result'].get('exceptionDetails'):
+ error_text = (
+ "Can't mock the response for url\n"
+ "URL: {}\n"
+ "response_content: {}\n"
+ "JavaScript exception: {}"
+ )
+ raise TestPluginError(error_text.format(
+ url,
+ response_content,
+ result['result']['exceptionDetails']
+ ))
+ return None
+ return real_mock
+
+ def _match_response(self, url):
+ current_response_count = self.response_count
+ self.response_count += 1
+ self.urls_requested.append(url)
+ if self.url_mapping.get(current_response_count):
+ return self.url_mapping[current_response_count]
+ if self.url_mapping.get(url.path):
+ return self.url_mapping[url.path]
+ return self.default_content
+
+ @staticmethod
+ def _mocked_resp(url, text_resp, *args, **kwargs):
+ return HTTPResponse(
+ code=200,
+ read=text_resp,
+ headers={},
+ geturl=url,
+ original_url=url,
+ )
+