Skip to content

Commit

Permalink
Refactoring phpinfo plugin, adding unittests, making sure everything …
Browse files Browse the repository at this point in the history 
…works as expected.
  • Loading branch information
@andresriancho
andresriancho committed Aug 9, 2018
1 parent f7b2744 commit f8e56c1
Show file tree
Hide file tree
Showing 8 changed files with 2,926 additions and 464 deletions.
562 changes: 115 additions & 447 deletions w3af/plugins/crawl/phpinfo.py
View file

Large diffs are not rendered by default.

Empty file added w3af/plugins/crawl/phpinfo_analysis/__init__.py
View file
Empty file.
525 changes: 525 additions & 0 deletions w3af/plugins/crawl/phpinfo_analysis/analysis.py
View file

Large diffs are not rendered by default.

543 changes: 543 additions & 0 deletions w3af/plugins/tests/crawl/phpinfo/phpinfo-4.3.11.html
View file

Large diffs are not rendered by default.

502 changes: 502 additions & 0 deletions w3af/plugins/tests/crawl/phpinfo/phpinfo-4.3.3.html
View file

Large diffs are not rendered by default.

574 changes: 574 additions & 0 deletions w3af/plugins/tests/crawl/phpinfo/phpinfo-5.1.3-rc4dev.html
View file

Large diffs are not rendered by default.

626 changes: 626 additions & 0 deletions w3af/plugins/tests/crawl/phpinfo/phpinfo-5.1.6.html
View file

Large diffs are not rendered by default.

58 changes: 41 additions & 17 deletions w3af/plugins/tests/crawl/test_phpinfo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,41 +18,65 @@
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
from nose.plugins.attrib import attr
from w3af.plugins.tests.helper import PluginTest, PluginConfig
import os

from w3af import ROOT_PATH
from w3af.plugins.tests.helper import PluginTest, PluginConfig, MockResponse

class TestPHPInfo(PluginTest):

base_url = 'https://moth/'
class TestPHPInfo516(PluginTest):

target_url = 'http://httpretty/'

PHPINFO = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl', 'phpinfo', 'phpinfo-5.1.6.html')

MOCK_RESPONSES = [MockResponse('http://httpretty/',
body='index home page',
method='GET',
status=200),
MockResponse('http://httpretty/phpversion.php',
body=file(PHPINFO).read(),
method='GET',
status=200),
]

_run_config = {
'target': base_url,
'target': target_url,
'plugins': {'crawl': (PluginConfig('phpinfo'),)}
}

@attr('smoke')
@attr('ci_fails')
def test_phpinfo(self):
self._scan(self._run_config['target'], self._run_config['plugins'])

urls = self.kb.get_all_known_urls()
urls = [url.url_string for url in urls]

self.assertTrue(self.base_url + 'phpinfo.php' in urls)
self.assertIn(self.target_url + 'phpversion.php', urls)

infos = self.kb.get('phpinfo', 'phpinfo')
self.assertTrue(len(infos) > 5, infos)

EXPECTED_INFOS = set([
'PHP register_globals: Off',
'PHP expose_php: On',
'PHP session.hash_function:md5',
'phpinfo() file found'])

info_urls = [i.get_url().url_string for i in infos]
self.assertIn(self.base_url + 'phpinfo.php', info_urls)
self.assertIn(self.target_url + 'phpversion.php', info_urls)

found_infos = set([i.get_name() for i in infos])

self.assertTrue(found_infos.issuperset(EXPECTED_INFOS))

expected_infos = {'PHP register_globals: On',
'PHP expose_php: On',
'PHP session.hash_function:md5',
'phpinfo() file found'}

for expected_info in expected_infos:
self.assertIn(expected_info, found_infos)


class TestPHPInfo4311(TestPHPInfo516):
PHPINFO = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl', 'phpinfo', 'phpinfo-4.3.11.html')


class TestPHPInfo513rc4dev(TestPHPInfo516):
PHPINFO = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl', 'phpinfo', 'phpinfo-5.1.3-rc4dev.html')


class TestPHPInfo433(TestPHPInfo516):
PHPINFO = os.path.join(ROOT_PATH, 'plugins', 'tests', 'crawl', 'phpinfo', 'phpinfo-4.3.3.html')

0 comments on commit f8e56c1

Please sign in to comment.