Guys, 2009/1/8 Taras P. Ivashchenko <[email protected]>: > Hello, Matt! > > Thanks for research and patch! > Now it is fixed in trunk: core/ui/consoleUi/rootMenu.py r2312. > > On Fri, 2009-01-02 at 22:49 -0600, Matt Tesauro wrote: >> Did some more digging and this bug was introduced in r2289. It seems >> that a new file: >> core/controllers/misc/get_w3af_version.py >> was added and the previous call to getVersion in: >> core/controllers/w3afCore.py >> was removed. It appears the GTKUI source was updated but not the >> console as: >> core/ui/gtkUi/main.py >> has several addition but I don't see the same for: >> core/ui/console/rootMenu.py >> >> Here's how I determined the above: >> -----[download a know working revision]-------- >> $ mkdir deleteme >> $ cd deleteme >> $ svn co https://w3af.svn.sourceforge.net/svnroot/w3af/tr...@1903 w3af-1903 >> $ cd w3af-1903/ >> $ svn info >> Path: . >> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk >> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af >> Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b >> Revision: 1903 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: andresriancho >> Last Changed Rev: 1902 >> Last Changed Date: 2008-10-26 11:11:29 -0500 (Sun, 26 Oct 2008) >> >> -----[test that revision]-------- >> $ ./w3af_console >> You won't be able to use the web20Spider without zc.testbrowser.real >> library installed. Exception: No module named >> testbrowser.src.zc.testbrowser.real >> global name 'Browser' is not defined. You can get MozRepl at >> http://hyperstruct.net/projects/mozlab . >> w3af>>> version >> w3af - Web Application Attack and Audit Framework >> Version: beta7 >> Revision: 1903 >> Author: Andres Riancho and the w3af team. >> w3af>>> exit >> w3af>>> >> Be a good boy and contribute with some lines of code. >> >> >> -----[find the revision that breaks]-------- >> $ svn update -r2000 >> [works] >> $ svn update -r2100 >> [works] >> $ svn update -r2200 >> [works] >> $ svn update -r2300 >> [bug present] >> $ svn update -r2250 >> [works] >> $ svn update -r2275 >> [works] >> $ svn update -r2287 >> [works] >> $ svn update -r2294 >> [bug present] >> $ svn update -r2289 >> [bug present] >> $ svn update -r2286 >> [works] >> $ svn update -r2287 >> [works] >> $ svn update -r2288 >> [works] >> >> -----[diff the last working against the next commit]-------- >> $ svn diff https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2288 >> https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2289 >> >> Index: core/controllers/misc/get_w3af_version.py >> =================================================================== >> --- core/controllers/misc/get_w3af_version.py (revision 0) >> +++ core/controllers/misc/get_w3af_version.py (revision 2289) >> @@ -0,0 +1,47 @@ >> +''' >> +get_w3af_version.py >> + >> +Copyright 2006 Andres Riancho >> + >> +This file is part of w3af, w3af.sourceforge.net . >> + >> +w3af is free software; you can redistribute it and/or modify >> +it under the terms of the GNU General Public License as published by >> +the Free Software Foundation version 2 of the License. >> + >> +w3af is distributed in the hope that it will be useful, >> +but WITHOUT ANY WARRANTY; without even the implied warranty of >> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> +GNU General Public License for more details. >> + >> +You should have received a copy of the GNU General Public License >> +along with w3af; if not, write to the Free Software >> +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA >> + >> +''' >> + >> +import os >> +import re >> + >> + >> +def get_w3af_version(): >> + ''' >> + @return: A string with the w3af version. >> + ''' >> + # Let's check if the user is using a version from SVN >> + revision = -1 >> + try: >> + for line in file('.svn' + os.path.sep +'entries').readlines()[:4]: >> + line = line.strip() >> + if re.match('^\d+$', line ): >> + if int(line) > int(revision): >> + revision = int(line) >> + except (IOError, ValueError): >> + revision = 0 >> + >> + res = 'w3af - Web Application Attack and Audit Framework' >> + res += '\nVersion: beta7' >> + if revision != -1: >> + res += '\nRevision: ' + str(revision) >> + res += '\nAuthor: Andres Riancho and the w3af team.' >> + return res >> Index: core/controllers/w3afCore.py >> =================================================================== >> --- core/controllers/w3afCore.py (revision 2288) >> +++ core/controllers/w3afCore.py (revision 2289) >> @@ -1169,25 +1169,6 @@ >> misc_settings.setOptions( profileInstance.getMiscSettings() ) >> self.uriOpener.settings.setOptions( >> profileInstance.getHttpSettings() ) >> >> - def getVersion( self ): >> - # Let's check if the user is using a version from SVN >> - revision = -1 >> - try: >> - for line in file('.svn' + os.path.sep >> +'entries').readlines()[:4]: >> - line = line.strip() >> - if re.match('^\d+$', line ): >> - if int(line) > int(revision): >> - revision = int(line) >> - except (IOError, ValueError): >> - revision = 0 >> - >> - res = 'w3af - Web Application Attack and Audit Framework' >> - res += '\nVersion: beta7' >> - if revision != -1: >> - res += '\nRevision: ' + str(revision) >> - res += '\nAuthor: Andres Riancho and the w3af team.' >> - return res >> - >> # """"Singleton"""" >> wCore = w3afCore() >> >> Index: core/ui/gtkUi/main.py >> =================================================================== >> --- core/ui/gtkUi/main.py (revision 2288) >> +++ core/ui/gtkUi/main.py (revision 2289) >> @@ -74,7 +74,10 @@ >> from . import scanrun, exploittab, helpers, profiles, craftedRequests, >> compare >> from . import entries, encdec, messages, logtab, pluginconfig, confpanel >> from . import wizard, guardian, proxywin >> + >> from core.controllers.misc.homeDir import get_home_dir >> +from core.controllers.misc.get_w3af_version import get_w3af_version >> + >> import webbrowser, time >> >> MAINTITLE = "w3af - Web Application Attack and Audit Framework" >> @@ -155,7 +158,7 @@ >> # content >> img = gtk.image_new_from_file('core/ui/gtkUi/data/splash.png') >> self.vbox.pack_start(img) >> - version = w3af.getVersion() >> + version = get_w3af_version() >> self.label = gtk.Label(version) >> self.label.set_justify(gtk.JUSTIFY_CENTER) >> self.vbox.pack_start(self.label) >> @@ -267,7 +270,7 @@ >> >> # Using print so the user can read this in the console, >> together with >> # the GTK, python and pygtk versions. >> - print '\n '.join(self.w3af.getVersion().split('\n')) >> + print '\n '.join(get_w3af_version().split('\n')) >> >> self.w3af.mainwin = self >> self.isRunning = False >> >> -----[cheat to see what changed]-------- >> $ svn update -r2288 >> $ svn info >> Path: . >> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk >> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af >> Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b >> Revision: 2288 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: andresriancho >> Last Changed Rev: 2288 >> Last Changed Date: 2008-12-29 19:04:53 -0600 (Mon, 29 Dec 2008) >> >> $ svn update -r2289 >> A core/controllers/misc/get_w3af_version.py >> U core/controllers/w3afCore.py >> U core/ui/gtkUi/main.py >> Updated to revision 2289. >> >> Between the diff and the update message, isolating the problem is not >> that bad. >> >> -- Matt Tesauro >> OWASP Live CD Project Lead >> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project >> http://mtesauro.com/livecd/ - Documentation Wiki >> >> >> Matt Tesauro wrote: >> > While creating a package of the latest SVN release, I noticed some >> > incorrect behavior of w3af_console. If you enter the console and run >> > the "version" command, you get a stack trace: >> > >> > $ svn update >> > At revision 2310. >> > $ ./w3af_console >> > You won't be able to use the web20Spider without zc.testbrowser.real >> > library installed. Exception: No module named >> > testbrowser.src.zc.testbrowser.real >> > global name 'Browser' is not defined. You can get MozRepl at >> > http://hyperstruct.net/projects/mozlab . >> > w3af>>> version >> > Traceback (most recent call last): >> > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 171, >> > in _handleKey >> > self._handlers[key]() >> > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 265, >> > in _onEnter >> > self._execute() >> > File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 233, >> > in _execute >> > menu = self._context.execute(params) >> > File "/home/mtesauro/w3af/core/ui/consoleUi/menu.py", line 169, in >> > execute >> > return handler( params ) >> > File "/home/mtesauro/w3af/core/ui/consoleUi/rootMenu.py", line 121, in >> > _cmd_version >> > om.out.console( self._w3af.getVersion() ) >> > AttributeError: w3afCore instance has no attribute 'getVersion' >> > >> > >> > In looking at the problem, it would appear that getVersion is called but >> > never defined. >> > >> > $ grep -R -n "getVersion" ./* >> > Binary file ./core/ui/consoleUi/rootMenu.pyc matches >> > ./core/ui/consoleUi/rootMenu.py:121: >> > om.out.console( self._w3af.getVersion() ) >> > ./core/ui/consoleUi/.svn/text-base/rootMenu.py.svn-base:121: >> > om.out.console( self._w3af.getVersion() ) >> > $ wc -l core/ui/consoleUi/rootMenu.py >> > 121 core/ui/consoleUi/rootMenu.py >> > $ tail -n 6 core/ui/consoleUi/rootMenu.py >> > >> > def _cmd_version(self, params): >> > ''' >> > Show the w3af version and exit >> > ''' >> > om.out.console( self._w3af.getVersion() ) >> > >> > >> > I've used the w3af_console version command to check installs previously >> > with success: >> > # ./w3af_console >> > You won't be able to use the web20Spider without zc.testbrowser.real >> > library installed. Exception: No module named >> > testbrowser.src.zc.testbrowser.real >> > global name 'Browser' is not defined. You can get MozRepl at >> > http://hyperstruct.net/projects/mozlab . >> > w3af>>> version >> > w3af - Web Application Attack and Audit Framework >> > Version: beta7 >> > Revision: 1903 >> > Author: Andres Riancho and the w3af team. >> > w3af>>> exit >> > >> > Note: The above was copy and pasted from here: >> > http://mtesauro.com/livecd/index.php?title=Making_the_w3af_module >> > (search for "beta7" to find the spot on that very long page) >> > >> > You can see the diff between the current release (2310) and the one >> > above which worked previously (1903) with the following command: >> > $ svn diff >> > https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@2310 >> > https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@1903 >> > >> > >> > but I didn't find anything blatant in that diff. >> > >> > Just to make sure, I pulled a fresh svn checkout of trunk (r2310) into a >> > newly created directory and the stack trace remains. >> > >> > Don't tell Andres and ruin his vacation ; ) >> > >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users > -- > Тарас Иващенко (Taras Ivashchenko), OSCP > www.securityaudit.ru > ---- > "Software is like sex: it's better when it's free." - Linus Torvalds > > ------------------------------------------------------------------------------ > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > >
Excellent! I'm *really* glad that this was fixed during my vacation time. I completely trusted you guys! Cheers, -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
