Hello, Matt! Thanks for research and patch! Now it is fixed in trunk: core/ui/consoleUi/rootMenu.py r2312.
On Fri, 2009-01-02 at 22:49 -0600, Matt Tesauro wrote: > Did some more digging and this bug was introduced in r2289. It seems > that a new file: > core/controllers/misc/get_w3af_version.py > was added and the previous call to getVersion in: > core/controllers/w3afCore.py > was removed. It appears the GTKUI source was updated but not the > console as: > core/ui/gtkUi/main.py > has several addition but I don't see the same for: > core/ui/console/rootMenu.py > > Here's how I determined the above: > -----[download a know working revision]-------- > $ mkdir deleteme > $ cd deleteme > $ svn co https://w3af.svn.sourceforge.net/svnroot/w3af/tr...@1903 w3af-1903 > $ cd w3af-1903/ > $ svn info > Path: . > URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk > Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af > Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b > Revision: 1903 > Node Kind: directory > Schedule: normal > Last Changed Author: andresriancho > Last Changed Rev: 1902 > Last Changed Date: 2008-10-26 11:11:29 -0500 (Sun, 26 Oct 2008) > > -----[test that revision]-------- > $ ./w3af_console > You won't be able to use the web20Spider without zc.testbrowser.real > library installed. Exception: No module named > testbrowser.src.zc.testbrowser.real > global name 'Browser' is not defined. You can get MozRepl at > http://hyperstruct.net/projects/mozlab . > w3af>>> version > w3af - Web Application Attack and Audit Framework > Version: beta7 > Revision: 1903 > Author: Andres Riancho and the w3af team. > w3af>>> exit > w3af>>> > Be a good boy and contribute with some lines of code. > > > -----[find the revision that breaks]-------- > $ svn update -r2000 > [works] > $ svn update -r2100 > [works] > $ svn update -r2200 > [works] > $ svn update -r2300 > [bug present] > $ svn update -r2250 > [works] > $ svn update -r2275 > [works] > $ svn update -r2287 > [works] > $ svn update -r2294 > [bug present] > $ svn update -r2289 > [bug present] > $ svn update -r2286 > [works] > $ svn update -r2287 > [works] > $ svn update -r2288 > [works] > > -----[diff the last working against the next commit]-------- > $ svn diff https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2288 > https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2289 > > Index: core/controllers/misc/get_w3af_version.py > =================================================================== > --- core/controllers/misc/get_w3af_version.py (revision 0) > +++ core/controllers/misc/get_w3af_version.py (revision 2289) > @@ -0,0 +1,47 @@ > +''' > +get_w3af_version.py > + > +Copyright 2006 Andres Riancho > + > +This file is part of w3af, w3af.sourceforge.net . > + > +w3af is free software; you can redistribute it and/or modify > +it under the terms of the GNU General Public License as published by > +the Free Software Foundation version 2 of the License. > + > +w3af is distributed in the hope that it will be useful, > +but WITHOUT ANY WARRANTY; without even the implied warranty of > +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +GNU General Public License for more details. > + > +You should have received a copy of the GNU General Public License > +along with w3af; if not, write to the Free Software > +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > + > +''' > + > +import os > +import re > + > + > +def get_w3af_version(): > + ''' > + @return: A string with the w3af version. > + ''' > + # Let's check if the user is using a version from SVN > + revision = -1 > + try: > + for line in file('.svn' + os.path.sep +'entries').readlines()[:4]: > + line = line.strip() > + if re.match('^\d+$', line ): > + if int(line) > int(revision): > + revision = int(line) > + except (IOError, ValueError): > + revision = 0 > + > + res = 'w3af - Web Application Attack and Audit Framework' > + res += '\nVersion: beta7' > + if revision != -1: > + res += '\nRevision: ' + str(revision) > + res += '\nAuthor: Andres Riancho and the w3af team.' > + return res > Index: core/controllers/w3afCore.py > =================================================================== > --- core/controllers/w3afCore.py (revision 2288) > +++ core/controllers/w3afCore.py (revision 2289) > @@ -1169,25 +1169,6 @@ > misc_settings.setOptions( profileInstance.getMiscSettings() ) > self.uriOpener.settings.setOptions( > profileInstance.getHttpSettings() ) > > - def getVersion( self ): > - # Let's check if the user is using a version from SVN > - revision = -1 > - try: > - for line in file('.svn' + os.path.sep > +'entries').readlines()[:4]: > - line = line.strip() > - if re.match('^\d+$', line ): > - if int(line) > int(revision): > - revision = int(line) > - except (IOError, ValueError): > - revision = 0 > - > - res = 'w3af - Web Application Attack and Audit Framework' > - res += '\nVersion: beta7' > - if revision != -1: > - res += '\nRevision: ' + str(revision) > - res += '\nAuthor: Andres Riancho and the w3af team.' > - return res > - > # """"Singleton"""" > wCore = w3afCore() > > Index: core/ui/gtkUi/main.py > =================================================================== > --- core/ui/gtkUi/main.py (revision 2288) > +++ core/ui/gtkUi/main.py (revision 2289) > @@ -74,7 +74,10 @@ > from . import scanrun, exploittab, helpers, profiles, craftedRequests, > compare > from . import entries, encdec, messages, logtab, pluginconfig, confpanel > from . import wizard, guardian, proxywin > + > from core.controllers.misc.homeDir import get_home_dir > +from core.controllers.misc.get_w3af_version import get_w3af_version > + > import webbrowser, time > > MAINTITLE = "w3af - Web Application Attack and Audit Framework" > @@ -155,7 +158,7 @@ > # content > img = gtk.image_new_from_file('core/ui/gtkUi/data/splash.png') > self.vbox.pack_start(img) > - version = w3af.getVersion() > + version = get_w3af_version() > self.label = gtk.Label(version) > self.label.set_justify(gtk.JUSTIFY_CENTER) > self.vbox.pack_start(self.label) > @@ -267,7 +270,7 @@ > > # Using print so the user can read this in the console, > together with > # the GTK, python and pygtk versions. > - print '\n '.join(self.w3af.getVersion().split('\n')) > + print '\n '.join(get_w3af_version().split('\n')) > > self.w3af.mainwin = self > self.isRunning = False > > -----[cheat to see what changed]-------- > $ svn update -r2288 > $ svn info > Path: . > URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk > Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af > Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b > Revision: 2288 > Node Kind: directory > Schedule: normal > Last Changed Author: andresriancho > Last Changed Rev: 2288 > Last Changed Date: 2008-12-29 19:04:53 -0600 (Mon, 29 Dec 2008) > > $ svn update -r2289 > A core/controllers/misc/get_w3af_version.py > U core/controllers/w3afCore.py > U core/ui/gtkUi/main.py > Updated to revision 2289. > > Between the diff and the update message, isolating the problem is not > that bad. > > -- Matt Tesauro > OWASP Live CD Project Lead > http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project > http://mtesauro.com/livecd/ - Documentation Wiki > > > Matt Tesauro wrote: > > While creating a package of the latest SVN release, I noticed some > > incorrect behavior of w3af_console. If you enter the console and run > > the "version" command, you get a stack trace: > > > > $ svn update > > At revision 2310. > > $ ./w3af_console > > You won't be able to use the web20Spider without zc.testbrowser.real > > library installed. Exception: No module named > > testbrowser.src.zc.testbrowser.real > > global name 'Browser' is not defined. You can get MozRepl at > > http://hyperstruct.net/projects/mozlab . > > w3af>>> version > > Traceback (most recent call last): > > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 171, > > in _handleKey > > self._handlers[key]() > > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 265, > > in _onEnter > > self._execute() > > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 233, > > in _execute > > menu = self._context.execute(params) > > File "/home/mtesauro/w3af/core/ui/consoleUi/menu.py", line 169, in > > execute > > return handler( params ) > > File "/home/mtesauro/w3af/core/ui/consoleUi/rootMenu.py", line 121, in > > _cmd_version > > om.out.console( self._w3af.getVersion() ) > > AttributeError: w3afCore instance has no attribute 'getVersion' > > > > > > In looking at the problem, it would appear that getVersion is called but > > never defined. > > > > $ grep -R -n "getVersion" ./* > > Binary file ./core/ui/consoleUi/rootMenu.pyc matches > > ./core/ui/consoleUi/rootMenu.py:121: > > om.out.console( self._w3af.getVersion() ) > > ./core/ui/consoleUi/.svn/text-base/rootMenu.py.svn-base:121: > > om.out.console( self._w3af.getVersion() ) > > $ wc -l core/ui/consoleUi/rootMenu.py > > 121 core/ui/consoleUi/rootMenu.py > > $ tail -n 6 core/ui/consoleUi/rootMenu.py > > > > def _cmd_version(self, params): > > ''' > > Show the w3af version and exit > > ''' > > om.out.console( self._w3af.getVersion() ) > > > > > > I've used the w3af_console version command to check installs previously > > with success: > > # ./w3af_console > > You won't be able to use the web20Spider without zc.testbrowser.real > > library installed. Exception: No module named > > testbrowser.src.zc.testbrowser.real > > global name 'Browser' is not defined. You can get MozRepl at > > http://hyperstruct.net/projects/mozlab . > > w3af>>> version > > w3af - Web Application Attack and Audit Framework > > Version: beta7 > > Revision: 1903 > > Author: Andres Riancho and the w3af team. > > w3af>>> exit > > > > Note: The above was copy and pasted from here: > > http://mtesauro.com/livecd/index.php?title=Making_the_w3af_module > > (search for "beta7" to find the spot on that very long page) > > > > You can see the diff between the current release (2310) and the one > > above which worked previously (1903) with the following command: > > $ svn diff > > https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@2310 > > > > https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@1903 > > > > > > > > but I didn't find anything blatant in that diff. > > > > Just to make sure, I pulled a fresh svn checkout of trunk (r2310) into a > > newly created directory and the stack trace remains. > > > > Don't tell Andres and ruin his vacation ; ) > > > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
_______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
