Commit Graph

11 Commits

Author SHA1 Message Date
anneborcherding
7fdcbb09e6
added add-ons that enhance the performance of web application scanners. (#3961)
* added add-ons that enhance the performance of web application scanners.

Co-authored-by: weichweich <14820950+weichweich@users.noreply.github.com>
2020-05-04 10:37:13 +02:00
David Kremer
dcd8ba34ab [test/xss_scanner] add fixtures in tests
The previous version of that script made a repetitive use
of the  pytest builtin fixture, with always
the same arguments.

This is a small refactoring and cleanup, mainly adding the 'function'
scope to ensure proper cleaning and using the @pytest.fixture
decorator where I could.
2018-08-15 19:47:55 +02:00
Aldo Cortesi
95e690ba31 test: shift test_data out of our public API 2018-04-23 19:16:33 +12:00
Aldo Cortesi
2fb85553cc Revamp verbosity options
Split verbosity into termlog_verbosity and console_eventlog_verbosity.

This patch also removes printing to console if there are unknown options in the
command-line. Options now live in separate addons, so having uknown options
remaining is common and expected. We definitely shoould have some other way for
users to see what was ignored so they can catch typos and the like, but that's
a different patch.
2018-02-26 09:02:24 +13:00
Deepesh Pathak
9fed4fa40a
Fix test fails in test_xss_scanner when running tox without internet connections.
- Add mock implementation for gethostbyname in test_xss_scanner.
- Fix failed tests when running tox without internet connection.
- Fixes #2867
2018-02-24 16:50:40 +05:30
Arushit Mudgal
91834f98cc Extend mypy checking, fix #2194 (#2819) 2018-02-03 21:37:33 +01:00
David Dworken
04a06eb6b5 Added scanning for CSS injection and iframe injection 2017-10-17 23:39:33 -04:00
Aldo Cortesi
5327756377 Addons and addon testing
- Fix some loading sequence bugs affecting command-line script invocation
- Allow addons to over-ride existing options (with a warning). We need this for
reloading.
- Convert har_dump to new-style arguments, fix and re-instate its test suite.
- Covnert miscelaneous other exmples to new-style args.
2017-04-26 19:56:33 +12:00
Aldo Cortesi
7aa2081894 Remove watchdog, solidify script testing
- Remove the watchdog dependency. We now just stat the script file every 2
seconds to check for an updated mtime.
- Further solidify our script testing, and in particular make the example tests
nicer. These should exemplify how we want users to test their own addon
scripts. More work on addon testing to follow.
2017-04-26 09:01:40 +12:00
Aldo Cortesi
e6eeab6094 Revamp how addons work
- Addons now nest, which means that addons can manage addons. This has a number
of salutary effects - the scripts addon no longer has to poke into the global
addons list, we no longer have to replace/remove/boot-outof parent addons when
we load scripts, and this paves the way for making our top-level tools into
addons themselves.
- All addon calls are now wrapped in a safe execution environment where
exceptions are caught, and output to stdout/stderr are intercepted and turned
into logs.
- We no longer support script arguments in sys.argv - creating an option
properly is the only way to pass arguments. This means that all scripts are
always directly controllable from interctive tooling, and that arguments are
type-checked.

For now, I've disabled testing of the har dump example - it needs to be moved
to the new argument handling, and become a class addon. I'll address that in a
separate patch.
2017-04-25 22:13:44 +12:00
Thomas Kriechbaumer
907825714b move examples tests (#2199) 2017-03-22 12:02:18 +01:00