Fix list index out of range #16905 #16916

andresriancho · May 3, 2018 · c2c5fe1 · c2c5fe1
1 parent dad394c
commit c2c5fe1
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 16 deletions.
diff --git a/w3af/plugins/output/html_file.py b/w3af/plugins/output/html_file.py
@@ -175,7 +175,11 @@ def flush(self):
             * Send all the data to jinja2 for rendering the template
         """
         target_urls = [t.url_string for t in cf.cf.get('targets')]
-        target_domain = cf.cf.get('target_domains')[0]
+
+        target_domain = 'unknown'
+        if cf.cf.get('target_domains'):
+            target_domain = cf.cf.get('target_domains')[0]
+
         enabled_plugins = self._enabled_plugins
         findings = kb.kb.get_all_findings_iter()
         debug_log = ((t, l, smart_unicode(m)) for (t, l, m) in self._additional_info)

diff --git a/w3af/plugins/output/json_file.py b/w3af/plugins/output/json_file.py
@@ -93,13 +93,19 @@ def flush(self):
             return
 
         target_urls = [t.url_string for t in cf.cf.get('targets')]
-        target_domain = cf.cf.get('target_domains')[0]
+
+        target_domain = 'unknown'
+        if cf.cf.get('target_domains'):
+            target_domain = cf.cf.get('target_domains')[0]
+
         enabled_plugins = self._enabled_plugins
+
         def _get_desc(x):
             try:
                 return x._desc
             except AttributeError:
                 return None
+
         findings = filter(None, [_get_desc(x) for x in kb.kb.get_all_findings_iter()])
         known_urls = [str(x) for x in kb.kb.get_all_known_urls()]
 
@@ -155,24 +161,27 @@ def get_long_desc(self):
           * Target URLs
           * Target domain
           * Findings
-            Each finding in the sequence contains the following fields:
-            * Severity
-            * Name
-            * HTTP method
-            * URL
-            * Vulnerable parameter
-            * Base64 encoded POST-data
-            * Unique vulnerability ID
-            * CWE IDs
-            * WASC IDs
-            * Tags
-            * VulnDB ID
-            * Severity
-            * Description
+        
+        Each finding in the sequence contains the following fields:
+          * Severity
+          * Name
+          * HTTP method
+          * URL
+          * Vulnerable parameter
+          * Base64 encoded POST-data
+          * Unique vulnerability ID
+          * CWE IDs
+          * WASC IDs
+          * Tags
+          * VulnDB ID
+          * Severity
+          * Description
+            
         The JSON plugin should be used for quick and easy integrations with w3af,
         external tools which require more details, such as the HTTP request and
         response associated with each vulnerability, should use the xml_file
         output plugin.
+        
         One configurable parameter exists:
             - output_file
         """