For those who've checked out the latest source or those with svn commit
access, I've created a patch for the bug introduced in r2289:
------------------[patch starts below]--------------------
*** w3af-2310/core/ui/consoleUi/rootMenu.py 2009-01-02
23:37:28.000000000 -0600
--- w3af-patch/core/ui/consoleUi/rootMenu.py 2009-01-02
23:47:05.000000000 -0600
***************
*** 30,35 ****
--- 30,36 ----
from core.ui.consoleUi.util import *
from core.controllers.w3afException import *
+ from core.controllers.misc.get_w3af_version import get_w3af_version
# Provide a progress bar for all plugins.
from core.ui.consoleUi.progress_bar import progress_bar
***************
*** 118,121 ****
'''
Show the w3af version and exit
'''
! om.out.console( self._w3af.getVersion() )
--- 119,122 ----
'''
Show the w3af version and exit
'''
! om.out.console( get_w3af_version() )
------------------[patch ends above]--------------------
------------------[making the patch]--------------------
$ mkdir deleteme
$ cd deleteme
$ svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af-patch
$ cp -a w3af-patch w3af-2310
$ cd w3af-patch/
$ vi w3af-patch/core/ui/consoleUi/rootMenu.py
[add line to import get_w3af_version and update line 122]
$ diff -c w3af-2310/core/ui/consoleUi/rootMenu.py
w3af-patch/core/ui/consoleUi/rootMenu.py > patch-2310-bugfix
------------------[applying the patch]--------------------
copy the patchfile into w3af svn source root directory for r2310
$ patch -p1 -i patch-2310-bugfix
$ ./w3af_console
You won't be able to use the web20Spider without zc.testbrowser.real
library installed. Exception: No module named
testbrowser.src.zc.testbrowser.real
global name 'Browser' is not defined. You can get MozRepl at
http://hyperstruct.net/projects/mozlab .
w3af>>> version
w3af - Web Application Attack and Audit Framework
Version: beta7
Revision: 2310
Author: Andres Riancho and the w3af team.
w3af>>> exit
w3af>>>
May the brute force be with you.
Cheers!
w3af-develop list: History behind this is below.
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
http://mtesauro.com/livecd/ - Documentation Wiki
Matt Tesauro wrote:
> Did some more digging and this bug was introduced in r2289. It seems
> that a new file:
> core/controllers/misc/get_w3af_version.py
> was added and the previous call to getVersion in:
> core/controllers/w3afCore.py
> was removed. It appears the GTKUI source was updated but not the
> console as:
> core/ui/gtkUi/main.py
> has several addition but I don't see the same for:
> core/ui/console/rootMenu.py
>
> Here's how I determined the above:
> -----[download a know working revision]--------
> $ mkdir deleteme
> $ cd deleteme
> $ svn co https://w3af.svn.sourceforge.net/svnroot/w3af/tr...@1903 w3af-1903
> $ cd w3af-1903/
> $ svn info
> Path: .
> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af
> Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b
> Revision: 1903
> Node Kind: directory
> Schedule: normal
> Last Changed Author: andresriancho
> Last Changed Rev: 1902
> Last Changed Date: 2008-10-26 11:11:29 -0500 (Sun, 26 Oct 2008)
>
> -----[test that revision]--------
> $ ./w3af_console
> You won't be able to use the web20Spider without zc.testbrowser.real
> library installed. Exception: No module named
> testbrowser.src.zc.testbrowser.real
> global name 'Browser' is not defined. You can get MozRepl at
> http://hyperstruct.net/projects/mozlab .
> w3af>>> version
> w3af - Web Application Attack and Audit Framework
> Version: beta7
> Revision: 1903
> Author: Andres Riancho and the w3af team.
> w3af>>> exit
> w3af>>>
> Be a good boy and contribute with some lines of code.
>
>
> -----[find the revision that breaks]--------
> $ svn update -r2000
> [works]
> $ svn update -r2100
> [works]
> $ svn update -r2200
> [works]
> $ svn update -r2300
> [bug present]
> $ svn update -r2250
> [works]
> $ svn update -r2275
> [works]
> $ svn update -r2287
> [works]
> $ svn update -r2294
> [bug present]
> $ svn update -r2289
> [bug present]
> $ svn update -r2286
> [works]
> $ svn update -r2287
> [works]
> $ svn update -r2288
> [works]
>
> -----[diff the last working against the next commit]--------
> $ svn diff https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2288
> https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/@2289
>
> Index: core/controllers/misc/get_w3af_version.py
> ===================================================================
> --- core/controllers/misc/get_w3af_version.py (revision 0)
> +++ core/controllers/misc/get_w3af_version.py (revision 2289)
> @@ -0,0 +1,47 @@
> +'''
> +get_w3af_version.py
> +
> +Copyright 2006 Andres Riancho
> +
> +This file is part of w3af, w3af.sourceforge.net .
> +
> +w3af is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation version 2 of the License.
> +
> +w3af is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> +GNU General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with w3af; if not, write to the Free Software
> +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
> +
> +'''
> +
> +import os
> +import re
> +
> +
> +def get_w3af_version():
> + '''
> + @return: A string with the w3af version.
> + '''
> + # Let's check if the user is using a version from SVN
> + revision = -1
> + try:
> + for line in file('.svn' + os.path.sep +'entries').readlines()[:4]:
> + line = line.strip()
> + if re.match('^\d+$', line ):
> + if int(line) > int(revision):
> + revision = int(line)
> + except (IOError, ValueError):
> + revision = 0
> +
> + res = 'w3af - Web Application Attack and Audit Framework'
> + res += '\nVersion: beta7'
> + if revision != -1:
> + res += '\nRevision: ' + str(revision)
> + res += '\nAuthor: Andres Riancho and the w3af team.'
> + return res
> Index: core/controllers/w3afCore.py
> ===================================================================
> --- core/controllers/w3afCore.py (revision 2288)
> +++ core/controllers/w3afCore.py (revision 2289)
> @@ -1169,25 +1169,6 @@
> misc_settings.setOptions( profileInstance.getMiscSettings() )
> self.uriOpener.settings.setOptions(
> profileInstance.getHttpSettings() )
>
> - def getVersion( self ):
> - # Let's check if the user is using a version from SVN
> - revision = -1
> - try:
> - for line in file('.svn' + os.path.sep
> +'entries').readlines()[:4]:
> - line = line.strip()
> - if re.match('^\d+$', line ):
> - if int(line) > int(revision):
> - revision = int(line)
> - except (IOError, ValueError):
> - revision = 0
> -
> - res = 'w3af - Web Application Attack and Audit Framework'
> - res += '\nVersion: beta7'
> - if revision != -1:
> - res += '\nRevision: ' + str(revision)
> - res += '\nAuthor: Andres Riancho and the w3af team.'
> - return res
> -
> # """"Singleton""""
> wCore = w3afCore()
>
> Index: core/ui/gtkUi/main.py
> ===================================================================
> --- core/ui/gtkUi/main.py (revision 2288)
> +++ core/ui/gtkUi/main.py (revision 2289)
> @@ -74,7 +74,10 @@
> from . import scanrun, exploittab, helpers, profiles, craftedRequests,
> compare
> from . import entries, encdec, messages, logtab, pluginconfig, confpanel
> from . import wizard, guardian, proxywin
> +
> from core.controllers.misc.homeDir import get_home_dir
> +from core.controllers.misc.get_w3af_version import get_w3af_version
> +
> import webbrowser, time
>
> MAINTITLE = "w3af - Web Application Attack and Audit Framework"
> @@ -155,7 +158,7 @@
> # content
> img = gtk.image_new_from_file('core/ui/gtkUi/data/splash.png')
> self.vbox.pack_start(img)
> - version = w3af.getVersion()
> + version = get_w3af_version()
> self.label = gtk.Label(version)
> self.label.set_justify(gtk.JUSTIFY_CENTER)
> self.vbox.pack_start(self.label)
> @@ -267,7 +270,7 @@
>
> # Using print so the user can read this in the console,
> together with
> # the GTK, python and pygtk versions.
> - print '\n '.join(self.w3af.getVersion().split('\n'))
> + print '\n '.join(get_w3af_version().split('\n'))
>
> self.w3af.mainwin = self
> self.isRunning = False
>
> -----[cheat to see what changed]--------
> $ svn update -r2288
> $ svn info
> Path: .
> URL: https://w3af.svn.sourceforge.net/svnroot/w3af/trunk
> Repository Root: https://w3af.svn.sourceforge.net/svnroot/w3af
> Repository UUID: 16c29cf1-982c-0410-8ff8-8bb040e68b5b
> Revision: 2288
> Node Kind: directory
> Schedule: normal
> Last Changed Author: andresriancho
> Last Changed Rev: 2288
> Last Changed Date: 2008-12-29 19:04:53 -0600 (Mon, 29 Dec 2008)
>
> $ svn update -r2289
> A core/controllers/misc/get_w3af_version.py
> U core/controllers/w3afCore.py
> U core/ui/gtkUi/main.py
> Updated to revision 2289.
>
> Between the diff and the update message, isolating the problem is not
> that bad.
>
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project
> http://mtesauro.com/livecd/ - Documentation Wiki
>
>
> Matt Tesauro wrote:
>> While creating a package of the latest SVN release, I noticed some
>> incorrect behavior of w3af_console. If you enter the console and run
>> the "version" command, you get a stack trace:
>>
>> $ svn update
>> At revision 2310.
>> $ ./w3af_console
>> You won't be able to use the web20Spider without zc.testbrowser.real
>> library installed. Exception: No module named
>> testbrowser.src.zc.testbrowser.real
>> global name 'Browser' is not defined. You can get MozRepl at
>> http://hyperstruct.net/projects/mozlab .
>> w3af>>> version
>> Traceback (most recent call last):
>> File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 171,
>> in _handleKey
>> self._handlers[key]()
>> File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 265,
>> in _onEnter
>> self._execute()
>> File "/home/mtesauro/w3af/core/ui/consoleUi/consoleUi.py", line 233,
>> in _execute
>> menu = self._context.execute(params)
>> File "/home/mtesauro/w3af/core/ui/consoleUi/menu.py", line 169, in
>> execute
>> return handler( params )
>> File "/home/mtesauro/w3af/core/ui/consoleUi/rootMenu.py", line 121,
>> in _cmd_version
>> om.out.console( self._w3af.getVersion() )
>> AttributeError: w3afCore instance has no attribute 'getVersion'
>>
>>
>> In looking at the problem, it would appear that getVersion is called
>> but never defined.
>>
>> $ grep -R -n "getVersion" ./*
>> Binary file ./core/ui/consoleUi/rootMenu.pyc matches
>> ./core/ui/consoleUi/rootMenu.py:121:
>> om.out.console( self._w3af.getVersion() )
>> ./core/ui/consoleUi/.svn/text-base/rootMenu.py.svn-base:121:
>> om.out.console( self._w3af.getVersion() )
>> $ wc -l core/ui/consoleUi/rootMenu.py
>> 121 core/ui/consoleUi/rootMenu.py
>> $ tail -n 6 core/ui/consoleUi/rootMenu.py
>>
>> def _cmd_version(self, params):
>> '''
>> Show the w3af version and exit
>> '''
>> om.out.console( self._w3af.getVersion() )
>>
>>
>> I've used the w3af_console version command to check installs
>> previously with success:
>> # ./w3af_console
>> You won't be able to use the web20Spider without zc.testbrowser.real
>> library installed. Exception: No module named
>> testbrowser.src.zc.testbrowser.real
>> global name 'Browser' is not defined. You can get MozRepl at
>> http://hyperstruct.net/projects/mozlab .
>> w3af>>> version
>> w3af - Web Application Attack and Audit Framework
>> Version: beta7
>> Revision: 1903
>> Author: Andres Riancho and the w3af team.
>> w3af>>> exit
>>
>> Note: The above was copy and pasted from here:
>> http://mtesauro.com/livecd/index.php?title=Making_the_w3af_module
>> (search for "beta7" to find the spot on that very long page)
>>
>> You can see the diff between the current release (2310) and the one
>> above which worked previously (1903) with the following command:
>> $ svn diff
>> https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@2310
>>
>> https://w3af.svn.sourceforge.net/svnroot/w3af/trunk/core/ui/consoleUi/rootmenu...@1903
>>
>>
>>
>> but I didn't find anything blatant in that diff.
>>
>> Just to make sure, I pulled a fresh svn checkout of trunk (r2310) into
>> a newly created directory and the stack trace remains.
>>
>> Don't tell Andres and ruin his vacation ; )
>>
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
