Skip to content

Commit

Permalink
Fixing false positive with 204
Browse files Browse the repository at this point in the history 
Modified unittest to remove moth dependency
  • Loading branch information
@andresriancho
andresriancho committed Sep 18, 2019
1 parent c3f7607 commit 6abf864
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 76 deletions.
141 changes: 77 additions & 64 deletions w3af/plugins/infrastructure/dns_wildcard.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@
from w3af.core.controllers.plugins.infrastructure_plugin import InfrastructurePlugin
from w3af.core.controllers.exceptions import BaseFrameworkException, RunOnce
from w3af.core.controllers.misc.decorators import runonce
from w3af.core.controllers.misc.fuzzy_string_cmp import fuzzy_not_equal
from w3af.core.controllers.misc.fuzzy_string_cmp import fuzzy_not_equal, fuzzy_equal
from w3af.core.data.url.helpers import is_no_content_response
from w3af.core.data.dc.headers import Headers
from w3af.core.data.kb.info import Info

Expand All @@ -50,34 +51,34 @@ def discover(self, fuzzable_request, debugging_id):
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
# Only run the plugin if the target is a domain name
if self.SIMPLE_IP_RE.match(fuzzable_request.get_url().get_domain()):
return

# Only do all this if this is a domain name!
if not self.SIMPLE_IP_RE.match(fuzzable_request.get_url().get_domain()):

base_url = fuzzable_request.get_url().base_url()
original_response = self._uri_opener.GET(base_url, cache=True)
base_url = fuzzable_request.get_url().base_url()
original_response = self._uri_opener.GET(base_url, cache=True)

domain = fuzzable_request.get_url().get_domain()
dns_wildcard_url = fuzzable_request.get_url().copy()
domain = base_url.get_domain()
root_domain = base_url.get_root_domain()
dns_wildcard_url = fuzzable_request.get_url().copy()

root_domain = base_url.get_root_domain()
if len(domain) > len(root_domain):
# Remove the last subdomain and test with that
domain_without_subdomain = '.'.join(domain.split('.')[1:])
dns_wildcard_url.set_domain(domain_without_subdomain)
else:
dns_wildcard_url.set_domain('foobar.' + domain)
if len(domain) > len(root_domain):
# Remove the last subdomain and test with that
domain_without_subdomain = '.'.join(domain.split('.')[1:])
dns_wildcard_url.set_domain(domain_without_subdomain)
else:
dns_wildcard_url.set_domain('foobar.' + domain)

self._test_DNS(original_response, dns_wildcard_url)
self._test_IP(original_response, domain)
self._test_dns(original_response, dns_wildcard_url)
self._test_ip_address(original_response, domain)

def _test_IP(self, original_response, domain):
def _test_ip_address(self, original_response, domain):
"""
Check if http://ip(domain)/ == http://domain/
"""
try:
ip_address = socket.gethostbyname(domain)
except:
except socket.error:
return

url = original_response.get_url()
Expand All @@ -86,61 +87,73 @@ def _test_IP(self, original_response, domain):

try:
modified_response = self._uri_opener.GET(ip_url, cache=True)
except BaseFrameworkException, w3:
msg = 'An error occurred while fetching IP address URL in ' \
' dns_wildcard plugin: "%s"' % w3
om.out.debug(msg)
else:
if fuzzy_not_equal(modified_response.get_body(),
original_response.get_body(), 0.35):
except BaseFrameworkException as bfe:
msg = ('An error occurred while fetching IP address URL in '
' dns_wildcard plugin: "%s"')
om.out.debug(msg % bfe)
return

if is_no_content_response(modified_response):
return

desc = 'The contents of %s and %s differ.'
desc = desc % (modified_response.get_uri(),
original_response.get_uri())

i = Info('Default virtual host', desc, modified_response.id,
self.get_name())
i.set_url(modified_response.get_url())
if fuzzy_equal(modified_response.get_body(), original_response.get_body(), 0.35):
return

desc = 'The contents of %s and %s differ.'
args = (modified_response.get_uri(), original_response.get_uri())
desc %= args

kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())
i = Info('Default virtual host',
desc,
modified_response.id,
self.get_name())
i.set_url(modified_response.get_url())

def _test_DNS(self, original_response, dns_wildcard_url):
kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())

def _test_dns(self, original_response, dns_wildcard_url):
"""
Check if http://www.domain.tld/ == http://domain.tld/
"""
headers = Headers([('Host', dns_wildcard_url.get_domain())])

try:
modified_response = self._uri_opener.GET(
original_response.get_url(),
cache=True,
headers=headers)
except BaseFrameworkException:
modified_response = self._uri_opener.GET(original_response.get_url(),
cache=True,
headers=headers)
except BaseFrameworkException as bfe:
msg = ('An error occurred while fetching IP address URL in '
' dns_wildcard plugin: "%s"')
om.out.debug(msg % bfe)
return

if fuzzy_not_equal(modified_response.get_body(), original_response.get_body(), 0.35):
desc = ('The target site has NO DNS wildcard, and the contents'
' of "%s" differ from the contents of "%s".')
desc %= (dns_wildcard_url, original_response.get_url())

i = Info('No DNS wildcard',
desc,
[original_response.id, modified_response.id],
self.get_name())
i.set_url(dns_wildcard_url)

kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())
else:
if fuzzy_not_equal(modified_response.get_body(),
original_response.get_body(), 0.35):
desc = 'The target site has NO DNS wildcard, and the contents' \
' of "%s" differ from the contents of "%s".'
desc = desc % (dns_wildcard_url, original_response.get_url())

i = Info('No DNS wildcard', desc, modified_response.id,
self.get_name())
i.set_url(dns_wildcard_url)

kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())
else:
desc = 'The target site has a DNS wildcard configuration, the'\
' contents of "%s" are equal to the ones of "%s".'
desc = desc % (dns_wildcard_url, original_response.get_url())

i = Info('DNS wildcard', desc, modified_response.id,
self.get_name())
i.set_url(original_response.get_url())

kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())
desc = ('The target site has a DNS wildcard configuration, the'
' contents of "%s" are equal to the ones of "%s".')
desc %= (dns_wildcard_url, original_response.get_url())

i = Info('DNS wildcard',
desc,
[original_response.id, modified_response.id],
self.get_name())
i.set_url(original_response.get_url())

kb.kb.append(self, 'dns_wildcard', i)
om.out.information(i.get_desc())

def get_long_desc(self):
"""
Expand Down
22 changes: 10 additions & 12 deletions w3af/plugins/tests/infrastructure/test_dns_wildcard.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,32 +18,30 @@
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""

from nose.plugins.attrib import attr
from w3af.plugins.tests.helper import PluginTest, PluginConfig
from w3af.plugins.tests.helper import PluginTest, PluginConfig, MockResponse


class TestDNSWildcard(PluginTest):

base_url = 'http://moth/'
target_url = 'http://httpretty'

MOCK_RESPONSES = [MockResponse('http://httpretty/',
body='Hello world',
method='GET',
status=200)]
_run_configs = {
'cfg': {
'target': base_url,
'target': target_url,
'plugins': {'infrastructure': (PluginConfig('dns_wildcard'),)}
}
}

@attr('ci_fails')
def test_wildcard(self):
cfg = self._run_configs['cfg']
self._scan(cfg['target'], cfg['plugins'])

infos = self.kb.get('dns_wildcard', 'dns_wildcard')

self.assertEqual(len(infos), 2, infos)

expected = set(['Default virtual host', 'No DNS wildcard'])

self.assertEqual(expected,
set([i.get_name() for i in infos]))
self.assertEqual(len(infos), 1, infos)
self.assertEqual('DNS wildcard',
infos[0].get_name())

0 comments on commit 6abf864

Please sign in to comment.