contribution at 14-07-2020

w3af/conftest.py

@@ -0,0 +1,30 @@
+import pytest
+
+from w3af.core.data.dc.headers import Headers
+from w3af.core.data.parsers.doc.url import URL
+from w3af.core.data.url.HTTPRequest import HTTPRequest
+from w3af.core.data.url.HTTPResponse import HTTPResponse
+
+
+@pytest.fixture
+def http_response():
+    url = URL('http://example.com/')
+    headers = Headers([('content-type', 'text/html')])
+    return HTTPResponse(
+        200,
+        '<body></body>',
+        headers,
+        url,
+        url,
+    )
+
+
+@pytest.fixture
+def http_request():
+    url = URL('http://example.com/')
+    headers = Headers([('content-type', 'text/html')])
+    return HTTPRequest(
+        url,
+        headers,
+        method='GET',
+    )

w3af/core/controllers/chrome/crawler/tests/frameworks/test_angularjs_basics.py

@@ -24,6 +24,7 @@
 from w3af.core.controllers.chrome.tests.helpers import ExtendedHttpRequestHandler
 
 
+@pytest.mark.skip('uses internet')
 class AngularBasicTest(BaseChromeCrawlerTest):
     def test_angular_click(self):
         self._unittest_setup(AngularButtonClickRequestHandler)

w3af/core/controllers/chrome/crawler/tests/frameworks/test_react_basics.py

@@ -23,6 +23,7 @@
 from w3af.core.controllers.chrome.crawler.tests.base import BaseChromeCrawlerTest
 
 
+@pytest.mark.skip('uses internet')
 class ReactBasicTest(BaseChromeCrawlerTest):
     def test_react_hello_world_app(self):
         url = 'http://react-hello-world-app.surge.sh/'

w3af/core/controllers/chrome/crawler/tests/frameworks/test_vue_basics.py

@@ -18,10 +18,13 @@
 along with w3af; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
+import pytest
+
 from w3af.core.controllers.chrome.crawler.tests.base import BaseChromeCrawlerTest
 
 
 class ReactBasicTest(BaseChromeCrawlerTest):
+    @pytest.mark.skip('uses internet')
     def test_vue_todo_list(self):
         url = 'http://vue-todo-test.surge.sh'
         found_uris = self._crawl(url)

w3af/core/controllers/chrome/devtools/exceptions.py

@@ -27,3 +27,11 @@ class ChromeInterfaceException(Exception):
 
 class ChromeInterfaceTimeout(Exception):
     pass
+
+
+class ChromeScriptRuntimeException(Exception):
+    def __init__(self, message, function_called=None, *args):
+        if function_called:
+            message = "function: {}, exception: {}".format(function_called, message)
+        super(ChromeScriptRuntimeException, self).__init__(message, *args)
+    pass

w3af/core/controllers/chrome/instrumented/frame_manager.py

@@ -166,7 +166,7 @@ def _on_frame_navigated(self, message):
         # URL all the child frames are removed from Chrome, we should remove
         # them from our code too to mirror state
         if frame:
-            for child_frame_id, child_frame in frame.child_frames:
+            for child_frame_id, child_frame in frame.child_frames.items():
                 child_frame.detach(self)
 
             frame.set_navigated()

w3af/core/controllers/chrome/instrumented/main.py

@@ -23,6 +23,7 @@
 import json
 
 import w3af.core.controllers.output_manager as om
+from w3af.core.controllers.chrome.devtools.exceptions import ChromeScriptRuntimeException
 
 from w3af.core.data.parsers.doc.url import URL
 from w3af.core.controllers.chrome.instrumented.instrumented_base import InstrumentedChromeBase
@@ -297,11 +298,20 @@ def dispatch_js_event(self, selector, event_type):
 
         return True
 
-    def get_login_forms(self):
+    def get_login_forms(self, exact_css_selectors):
         """
+        :param dict exact_css_selectors: Optional parameter containing css selectors
+        for part of form like username input or login button.
         :return: Yield LoginForm instances
         """
-        result = self.js_runtime_evaluate('window._DOMAnalyzer.getLoginForms()')
+        func = (
+            'window._DOMAnalyzer.getLoginForms("{}", "{}")'
+        )
+        func = func.format(
+            exact_css_selectors.get('username_input', '').replace('"', '\\"'),
+            exact_css_selectors.get('login_button', '').replace('"', '\\"'),
+        )
+        result = self.js_runtime_evaluate(func)
 
         if result is None:
             raise EventTimeout('The event execution timed out')
@@ -316,11 +326,20 @@ def get_login_forms(self):
 
             yield login_form
 
-    def get_login_forms_without_form_tags(self):
+    def get_login_forms_without_form_tags(self, exact_css_selectors):
         """
+        :param dict exact_css_selectors: Optional parameter containing css selectors
+        for part of form like username input or login button.
         :return: Yield LoginForm instances
         """
-        result = self.js_runtime_evaluate('window._DOMAnalyzer.getLoginFormsWithoutFormTags()')
+        func = (
+            'window._DOMAnalyzer.getLoginFormsWithoutFormTags("{}", "{}")'
+        )
+        func = func.format(
+            exact_css_selectors.get('username_input', '').replace('"', '\\"'),
+            exact_css_selectors.get('login_button', '').replace('"', '\\"'),
+        )
+        result = self.js_runtime_evaluate(func)
 
         if result is None:
             raise EventTimeout('The event execution timed out')
@@ -406,9 +425,9 @@ def focus(self, selector):
         if result is None:
             return None
 
-        node_ids = result.get('result', {}).get('nodeIds', None)
+        node_ids = result.get('result', {}).get('nodeIds')
 
-        if node_ids is None:
+        if not node_ids:
             msg = ('The call to chrome.focus() failed.'
                    ' CSS selector "%s" returned no nodes (did: %s)')
             args = (selector, self.debugging_id)
@@ -589,19 +608,13 @@ def js_runtime_evaluate(self, expression, timeout=5):
                                                    timeout=timeout)
 
         # This is a rare case where the DOM is not present
-        if result is None:
-            return None
-
-        if 'result' not in result:
-            return None
-
-        if 'result' not in result['result']:
-            return None
-
-        if 'value' not in result['result']['result']:
-            return None
-
-        return result['result']['result']['value']
+        runtime_exception = result.get('result', {}).get('exceptionDetails')
+        if runtime_exception:
+            raise ChromeScriptRuntimeException(
+                runtime_exception,
+                function_called=expression
+            )
+        return result.get('result', {}).get('result', {}).get('value', None)
 
     def get_js_variable_value(self, variable_name):
         """

w3af/core/controllers/chrome/js/dom_analyzer.js

@@ -330,7 +330,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
         if( !_DOMAnalyzer.eventIsValidForTagName( tag_name, type ) ) return false;
 
         let selector = OptimalSelect.getSingleSelector(element);
-        
+
         // node_type is https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeType#Node_type_constants
         _DOMAnalyzer.event_listeners.push({"tag_name": tag_name,
                                            "node_type": element.nodeType,
@@ -865,6 +865,48 @@ var _DOMAnalyzer = _DOMAnalyzer || {
         return false;
     },
 
+    /**
+     * This is naive function which takes parentElement (the login form) and
+     * tries to find username input field within it.
+     * @param {Node} parentElement - parent element to scope to document.querySelectorAll()
+     * @param {String} exactSelector - optional CSS selector. If provided prevents
+     * using standard selectors
+     * @returns {NodeList} - result of querySelectorAll()
+     */
+    _getUsernameInput(parentElement, exactSelector = '') {
+        if (exactSelector) {
+            return document.querySelectorAll(exactSelector, parentElement);
+        }
+        result = document.querySelectorAll("input[type='email']", parentElement);
+        if (!result.length) {
+            result = document.querySelectorAll("input[type='text']", parentElement);
+        }
+        return result;
+    },
+
+    /**
+     * This is naive function which takes parentElement (the login form) and tries
+     * to find submit button within it.
+     * @param {Node} parentElement - parent element to scope to document.querySelectorAll()
+     * @param {String} exactSelector - optional CSS selector. If provided prevents
+     * using standard selectors
+     * @returns {NodeList} - result of querySelectorAll()
+     */
+    _getSubmitButton(parentElement, exactSelector = '') {
+        if (exactSelector) {
+            return document.querySelectorAll(exactSelector, parentElement);
+        }
+        result = document.querySelectorAll("input[type='submit']", parentElement);
+        if (!result.length) {
+            result = document.querySelectorAll("button[type='submit']", parentElement);
+        }
+        // Maybe it's just normal button without type="submit"...
+        if (!result.length) {
+            result = document.querySelectorAll('button', parentElement);
+        }
+        return result;
+    },
+
     /**
     * Return the CSS selector for the login forms which exist in the DOM.
     *
@@ -874,8 +916,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
     *       - <input type=text>, and
     *       - <input type=password>
     *
+    * @param {String} usernameCssSelector - CSS selector for username input. If
+    * provided we won't try to find username input automatically.
+    * @param {String} submitButtonCssSelector - CSS selector for submit button. If
+    * provided we won't try to find submit button autmatically.
     */
-    getLoginForms: function () {
+    getLoginForms: function (usernameCssSelector = '', submitButtonCssSelector = '') {
         let login_forms = [];
 
         // First we identify the forms with a password field using a descendant Selector
@@ -898,15 +944,15 @@ var _DOMAnalyzer = _DOMAnalyzer || {
             let form = forms[0];
 
             // Finally we confirm that the form has a type=text input
-            let text_fields = document.querySelectorAll("input[type='text']", form)
+            let text_fields = this._getUsernameInput(form, usernameCssSelector);
 
             // Zero text fields is most likely a password-only login form
             // Two text fields or more is most likely a registration from
             // One text field is 99% of login forms
             if (text_fields.length !== 1) continue;
 
             // And if there is a submit button I want that selector too
-            let submit_fields = document.querySelectorAll("input[type='submit']", form)
+            let submit_fields = this._getSubmitButton(form, submitButtonCssSelector);
             let submit_selector = null;
 
             if (submit_fields.length !== 0) {
@@ -936,8 +982,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
     *       - <input type=text>, and
     *       - <input type=password>
     *
+    * @param {String} usernameCssSelector - CSS selector for username input. If
+    * provided we won't try to find username input automatically.
+    * @param {String} submitButtonCssSelector - CSS selector for submit button. If
+    * provided we won't try to find submit button autmatically.
     */
-    getLoginFormsWithoutFormTags: function () {
+    getLoginFormsWithoutFormTags: function (usernameCssSelector = '', submitButtonCssSelector = '') {
         let login_forms = [];
 
         // First we identify the password fields
@@ -962,7 +1012,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
                 // go up one more level, and so one.
                 //
                 // Find if this parent has a type=text input
-                let text_fields = document.querySelectorAll("input[type='text']", parent)
+                let text_fields = this._getUsernameInput(parent, usernameCssSelector);
 
                 // Zero text fields is most likely a password-only login form
                 // Two text fields or more is most likely a registration from
@@ -974,7 +1024,7 @@ var _DOMAnalyzer = _DOMAnalyzer || {
                 }
 
                 // And if there is a submit button I want that selector too
-                let submit_fields = document.querySelectorAll("input[type='submit']", parent)
+                let submit_fields = this._getSubmitButton(parent, submitButtonCssSelector)
                 let submit_selector = null;
 
                 if (submit_fields.length !== 0) {
@@ -999,6 +1049,12 @@ var _DOMAnalyzer = _DOMAnalyzer || {
         return JSON.stringify(login_forms);
     },
 
+    clickOnSelector(exactSelector) {
+        let element = document.querySelector(exactSelector);
+        element.click();
+        return 'success'
+    },
+
     sliceAndSerialize: function (filtered_event_listeners, start, count) {
         return JSON.stringify(filtered_event_listeners.slice(start, start + count));
     },
@@ -1142,4 +1198,4 @@ var _DOMAnalyzer = _DOMAnalyzer || {
 
 };
 
-_DOMAnalyzer.initialize();
+_DOMAnalyzer.initialize();

w3af/core/controllers/chrome/login/find_form/main.py

@@ -36,16 +36,24 @@ def __init__(self, chrome, debugging_id):
         self.chrome = chrome
         self.debugging_id = debugging_id
 
-    def find_forms(self):
+    def find_forms(self, css_selectors=None):
         """
+        :param dict css_selectors: optional dict of css selectors used to find
+        elements of form (like username input or login button)
         :return: Yield forms as they are found by each strategy
         """
+        if css_selectors:
+            msg = 'Form finder uses the CSS selectors: "%s" (did: %s)'
+            args = (css_selectors, self.debugging_id)
+            om.out.debug(msg % args)
+
         identified_forms = []
 
         for strategy_klass in self.STRATEGIES:
-            strategy = strategy_klass(self.chrome, self.debugging_id)
+            strategy = strategy_klass(self.chrome, self.debugging_id, css_selectors)
 
             try:
+                strategy.prepare()
                 for form in strategy.find_forms():
                     if form in identified_forms:
                         continue
@@ -55,6 +63,6 @@ def find_forms(self):
             except Exception as e:
                 msg = 'Form finder strategy %s raised exception: "%s" (did: %s)'
                 args = (strategy.get_name(),
-                        e,
+                        repr(e),
                         self.debugging_id)
                 om.out.debug(msg % args)

w3af/core/controllers/chrome/login/find_form/strategies/base_find_form_strategy.py

@@ -0,0 +1,35 @@
+from w3af.core.controllers.chrome.instrumented.exceptions import EventTimeout
+
+
+class BaseFindFormStrategy:
+    def __init__(self, chrome, debugging_id, exact_css_selectors=None):
+        """
+        :param InstrumentedChrome chrome:
+        :param String debugging_id:
+        :param dict exact_css_selectors: Optional parameter containing css selectors
+        for part of form like username input or login button.
+        """
+        self.chrome = chrome
+        self.debugging_id = debugging_id
+        self.exact_css_selectors = exact_css_selectors or {}
+
+    def prepare(self):
+        """
+        :raises EventTimeout:
+        Hook called before find_forms()
+        """
+        form_activator_selector = self.exact_css_selectors.get('form_activator')
+        if form_activator_selector:
+            func = 'window._DOMAnalyzer.clickOnSelector("{}")'.format(
+                form_activator_selector.replace('"', '\\"')
+            )
+            result = self.chrome.js_runtime_evaluate(func)
+            if result is None:
+                raise EventTimeout('The event execution timed out')
+
+    def find_forms(self):
+        raise NotImplementedError
+
+    @staticmethod
+    def get_name():
+        return 'BaseFindFormStrategy'