Refactor definitions

tests/attack/test_mod_buster.py

@@ -1,12 +1,11 @@
 from unittest import mock
-from unittest.mock import AsyncMock, patch
+from unittest.mock import AsyncMock
 from asyncio import Event, sleep
 
 import httpx
 import respx
 import pytest
 
-from wapitiCore.model import PayloadInfo
 from wapitiCore.net import Request
 from wapitiCore.net.crawler import AsyncCrawler
 from wapitiCore.net.classes import CrawlerConfiguration

tests/attack/test_mod_exec.py

@@ -8,7 +8,6 @@
 import pytest
 import respx
 import httpx
-import asyncio
 
 from wapitiCore.attack.attack import Parameter, ParameterSituation
 from wapitiCore.net.classes import CrawlerConfiguration

tests/attack/test_mod_file.py

@@ -6,7 +6,6 @@
 from unittest.mock import AsyncMock
 
 import httpx
-import respx
 import pytest
 
 from wapitiCore.net.classes import CrawlerConfiguration

tests/attack/test_mod_htp.py

@@ -9,6 +9,7 @@
 import respx
 
 from wapitiCore.attack.mod_htp import ModuleHtp, get_matching_versions
+from wapitiCore.definitions.fingerprint_webserver import WebServerVersionDisclosureFinding
 from wapitiCore.net.crawler import AsyncCrawler
 from wapitiCore.net.classes import CrawlerConfiguration
 from wapitiCore.net import Request
@@ -161,7 +162,7 @@ async def test_finish_no_technologies():
     request = Request("http://perdu.com/")
     request.path_id = 1
 
-    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_vuln_info", autospec=True) as mock_add_vuln_info, \
+    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_info", autospec=True) as mock_add_info, \
             patch.object(ModuleHtp, "_db", new_callable=PropertyMock) as mock_db:
         crawler_configuration = CrawlerConfiguration(Request("http://perdu.com/"))
         async with AsyncCrawler.with_configuration(crawler_configuration) as crawler:
@@ -171,7 +172,7 @@ async def test_finish_no_technologies():
             await module_htp.finish()
 
             mock_db.assert_called()
-            mock_add_vuln_info.assert_not_called()
+            mock_add_info.assert_not_called()
 
 
 @pytest.mark.asyncio
@@ -201,7 +202,7 @@ async def async_magic():
         pass
 
     MagicMock.__await__ = lambda x: async_magic().__await__()
-    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_vuln_info", autospec=True) as mock_add_vuln_info, \
+    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_info", autospec=True) as mock_add_info, \
             patch.object(ModuleHtp, "_db", new_callable=PropertyMock) as mock_db, \
             patch.object(ModuleHtp, "_get_versions", return_value=versions):
         crawler_configuration = CrawlerConfiguration(Request("http://perdu.com/"))
@@ -214,9 +215,9 @@ async def async_magic():
 
             await module_htp.finish()
 
-            mock_add_vuln_info.assert_called_once_with(
+            mock_add_info.assert_called_once_with(
                 module_htp,
-                category="Fingerprint web server",
+                finding_class=WebServerVersionDisclosureFinding,
                 request=Request("http://perdu.com/"),
                 info='{"name": "techno", "versions": ["1.2", "1.2.1", "1.3"]}'
             )
@@ -249,7 +250,7 @@ async def async_magic():
         pass
 
     MagicMock.__await__ = lambda x: async_magic().__await__()
-    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_vuln_info", autospec=True) as mock_add_vuln_info, \
+    with patch("wapitiCore.attack.mod_htp.ModuleHtp.add_info", autospec=True) as mock_add_info, \
             patch.object(ModuleHtp, "_db", new_callable=PropertyMock) as mock_db, \
             patch.object(ModuleHtp, "_get_versions", return_value=versions):
         crawler_configuration = CrawlerConfiguration(Request("http://perdu.com/"))
@@ -262,9 +263,9 @@ async def async_magic():
 
             await module_htp.finish()
 
-            mock_add_vuln_info.assert_called_once_with(
+            mock_add_info.assert_called_once_with(
                 module_htp,
-                category="Fingerprint web server",
+                finding_class=WebServerVersionDisclosureFinding,
                 request=Request("http://perdu.com/"),
                 info='{"name": "techno", "versions": ["1.0", "1.1", "1.2", "1.2.1", "1.3", "1.4", "1.5"]}'
             )

tests/attack/test_mod_log4shell.py

@@ -13,7 +13,7 @@
 from tests import get_mock_open
 from wapitiCore.attack.attack import VULN
 from wapitiCore.attack.mod_log4shell import ModuleLog4Shell
-from wapitiCore.definitions.log4shell import NAME
+from wapitiCore.definitions.log4shell import Log4ShellFinding
 from wapitiCore.language.vulnerability import CRITICAL_LEVEL
 from wapitiCore.net.crawler import AsyncCrawler
 from wapitiCore.net.classes import CrawlerConfiguration
@@ -156,12 +156,12 @@ async def mock_verify_dns(_header_uuid: str):
                 request_id=-1,
                 payload_type=VULN,
                 module="log4shell",
-                category=NAME,
+                category=Log4ShellFinding.name(),
                 level=CRITICAL_LEVEL,
                 request=request,
                 parameter="Header: payload",
                 info=f"URL {modified_request.url} seems vulnerable to Log4Shell attack by using the header Header",
-                wstg=["WSTG-INPV-11"],
+                wstg=Log4ShellFinding.wstg_code(),
                 response=page,
             )
 

tests/attack/test_mod_network_device.py

@@ -15,7 +15,6 @@
 from wapitiCore.attack.network_devices.mod_harbor import ModuleHarbor
 
 
-
 @pytest.mark.asyncio
 @respx.mock
 async def test_no_net_device():
@@ -46,6 +45,7 @@ async def test_no_net_device():
 
         assert not persister.add_payload.call_count
 
+
 @pytest.mark.asyncio
 @respx.mock
 async def test_ubika_without_version():
@@ -473,7 +473,8 @@ async def test_raise_on_request_error():
         )
     )
 
-    respx.get(url__regex=r"http://perdu.com/.*").mock(side_effect=RequestError("RequestError occurred: [Errno -2] Name or service not known"))
+    respx.get(url__regex=r"http://perdu.com/.*").mock(
+        side_effect=RequestError("RequestError occurred: [Errno -2] Name or service not known"))
 
     persister = AsyncMock()
 
@@ -540,6 +541,7 @@ async def test_detect_harbor_with_version():
         )
         assert persister.add_payload.call_args_list[0][1]["module"] == "network_device"
 
+
 @pytest.mark.asyncio
 @respx.mock
 async def test_detect_harbor_without_version():
@@ -591,7 +593,6 @@ async def test_detect_harbor_without_version():
 @pytest.mark.asyncio
 @respx.mock
 async def test_detect_harbor_with_json_error():
-
     respx.get("http://perdu.com/").mock(
         return_value=httpx.Response(
             200,

tests/attack/test_mod_nikto.py

@@ -1,5 +1,5 @@
 import os
-from asyncio import Event, sleep
+from asyncio import Event
 from itertools import chain
 from unittest.mock import AsyncMock
 

tests/attack/test_mod_spring4shell.py

@@ -1,7 +1,7 @@
 import asyncio
 import os
 from asyncio import Event
-from unittest.mock import patch, AsyncMock
+from unittest.mock import AsyncMock
 from httpx import Response as HttpxResponse
 
 import pytest

tests/attack/test_mod_sql.py

@@ -1,13 +1,14 @@
 from urllib.parse import urlparse, parse_qs
 from tempfile import NamedTemporaryFile
 import sqlite3
-from asyncio import Event, sleep
+from asyncio import Event
 from unittest.mock import AsyncMock
 
 import httpx
 import respx
 import pytest
 
+from wapitiCore.definitions.sql import SqlInjectionFinding
 from wapitiCore.net.classes import CrawlerConfiguration
 from wapitiCore.net import Request
 from wapitiCore.net.crawler import AsyncCrawler
@@ -103,7 +104,7 @@ async def test_true_positive():
 
         assert persister.add_payload.call_count
         assert persister.add_payload.call_args_list[0][1]["module"] == "sql"
-        assert persister.add_payload.call_args_list[0][1]["category"] == "SQL Injection (DBMS: MySQL)"
+        assert persister.add_payload.call_args_list[0][1]["category"] == "SQL Injection"
 
 
 @pytest.mark.asyncio

tests/attack/test_mod_ssl.py

@@ -20,8 +20,10 @@
 from wapitiCore.net import Request
 from wapitiCore.language.vulnerability import CRITICAL_LEVEL, HIGH_LEVEL, INFO_LEVEL, MEDIUM_LEVEL
 from wapitiCore.net.crawler import AsyncCrawler
-from wapitiCore.attack.mod_ssl import ModuleSsl, NAME, extract_altnames, match_address, check_ocsp_must_staple, \
-    check_ev_certificate, process_vulnerabilities, process_bad_protocols
+from wapitiCore.attack.mod_ssl import (
+    ModuleSsl, SslInformationFinding, SslVulnerabilityFinding, extract_altnames,
+    match_address, check_ocsp_must_staple, check_ev_certificate, process_vulnerabilities, process_bad_protocols
+)
 
 
 def https_server(cert_directory: str):
@@ -62,18 +64,15 @@ async def test_ssl_scanner():
         module = ModuleSsl(crawler, persister, options, Event(), crawler_configuration)
         await module.attack(request)
 
-        # Depending on installed python/openssl version different vulnerabilities may be present but the following
-        # vulnerabilities and information should be there everytime
-
         persister.add_payload.assert_any_call(
             request_id=-1,
             payload_type="additional",
             module="ssl",
-            category=NAME,
+            category=SslInformationFinding.name(),
             level=INFO_LEVEL,
             request=request,
             parameter='',
-            wstg=["WSTG-CRYP-01"],
+            wstg=SslInformationFinding.wstg_code(),
             info="Certificate subject: yolo.com",
             response=None
         )
@@ -82,11 +81,11 @@ async def test_ssl_scanner():
             request_id=-1,
             payload_type="vulnerability",
             module="ssl",
-            category=NAME,
+            category=SslInformationFinding.name(),
             level=CRITICAL_LEVEL,
             request=request,
             parameter='',
-            wstg=["WSTG-CRYP-01"],
+            wstg=SslInformationFinding.wstg_code(),
             info="Requested hostname doesn't match those in the certificate",
             response=None
         )
@@ -95,11 +94,11 @@ async def test_ssl_scanner():
             request_id=-1,
             payload_type="vulnerability",
             module="ssl",
-            category=NAME,
+            category=SslInformationFinding.name(),
             level=HIGH_LEVEL,
             request=request,
             parameter='',
-            wstg=["WSTG-CRYP-01"],
+            wstg=SslInformationFinding.wstg_code(),
             info="Strict Transport Security (HSTS) is not set",
             response=None
         )
@@ -108,11 +107,11 @@ async def test_ssl_scanner():
             request_id=-1,
             payload_type="vulnerability",
             module="ssl",
-            category=NAME,
+            category=SslInformationFinding.name(),
             level=MEDIUM_LEVEL,
             request=request,
             parameter='',
-            wstg=["WSTG-CRYP-01"],
+            wstg=SslInformationFinding.wstg_code(),
             info="Self-signed certificate detected: The certificate is not signed by a trusted Certificate Authority",
             response=None
         )

tests/attack/test_mod_xss_advanced.py

@@ -8,6 +8,8 @@
 
 import pytest
 
+from wapitiCore.definitions.html_injection import HtmlInjectionFinding
+from wapitiCore.definitions.reflected_xss import XssFinding
 from wapitiCore.net.classes import CrawlerConfiguration
 from wapitiCore.net import Request
 from wapitiCore.net.crawler import AsyncCrawler
@@ -27,7 +29,7 @@ def run_around_tests():
 
 @pytest.mark.asyncio
 async def test_title_false_positive():
-    # We should fail at escaping the title tag and we should be aware of it
+    # We should fail at escaping the title tag, and we should be aware of it
     persister = AsyncMock()
     request = Request("http://127.0.0.1:65081/title_false_positive.php?title=yolo&fixed=yes")
     request.path_id = 42

tests/integration/test_mod_http_headers/assertions/http_headers_invalid_sec_http_header.php.json

@@ -1,38 +1,42 @@
 {
     "vulnerabilities": {
-        "HTTP Secure Headers": [
+        "Clickjacking Protection": [
             {
                 "method": "GET",
                 "path": "/invalid_sec_http_header.php",
-                "info": "Strict-Transport-Security has an invalid value",
+                "info": "X-Frame-Options has an invalid value",
                 "parameter": "",
                 "module": "http_headers",
                 "http_request": "GET /invalid_sec_http_header.php HTTP/1.1\nhost: http_headers\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
                 "wstg": [
-                    "OSHP-HTTP-Strict-Transport-Security",
-                    "WSTG-CONF-07"
+                    "OSHP-X-Frame-Options"
                 ]
-            },
+            }
+        ],
+        "HTTP Strict Transport Security (HSTS)": [
             {
                 "method": "GET",
                 "path": "/invalid_sec_http_header.php",
-                "info": "X-Content-Type-Options has an invalid value",
+                "info": "Strict-Transport-Security has an invalid value",
                 "parameter": "",
                 "module": "http_headers",
                 "http_request": "GET /invalid_sec_http_header.php HTTP/1.1\nhost: http_headers\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
                 "wstg": [
-                    "OSHP-X-Content-Type-Options"
+                    "OSHP-HTTP-Strict-Transport-Security",
+                    "WSTG-CONF-07"
                 ]
-            },
+            }
+        ],
+        "MIME Type Confusion": [
             {
                 "method": "GET",
                 "path": "/invalid_sec_http_header.php",
-                "info": "X-Frame-Options has an invalid value",
+                "info": "X-Content-Type-Options has an invalid value",
                 "parameter": "",
                 "module": "http_headers",
                 "http_request": "GET /invalid_sec_http_header.php HTTP/1.1\nhost: http_headers\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
                 "wstg": [
-                    "OSHP-X-Frame-Options"
+                    "OSHP-X-Content-Type-Options"
                 ]
             }
         ]