Taras,
On Fri, Jun 22, 2012 at 5:40 AM, Taras <[email protected]> wrote:
> Andres,
>
> I have one very interesting question. Why we don't use
> profiles in this case?
Not sure, Javier did this and never asked me about the design.
> Is
> ---------------------------------------------------
> _run_configs = {
> 'cfg': {
> 'target': None,
> 'plugins': {
> 'audit': (
> PluginConfig(
> 'xss',
> ('checkStored', True, PluginConfig.BOOL),
> ('numberOfChecks', 3, PluginConfig.INT)),
> ),
> 'discovery': (
> PluginConfig(
> 'webSpider',
> ('onlyForward', True, PluginConfig.BOOL)),
> )
> },
> },
> ---------------------------------------------------
> better then
> ---------------------------------------------------
> [target]
> target = %s
>
> [audit.xss]
> checkStored = True
> numberOfChecks = 3
>
> [iscovery.webSpider]
> onlyForward = True
> ---------------------------------------------------
> ?! We can create /tmp/temp_profile.pw3af every time for test!
The problem that profiles might bring in this case is that you
need to define "the whole profile" for each scan. You should have a
default profile that you modify in order to enable/disable stuff. A
small detail is that I would put random file names to the profile so
multiple tests can be run at the same time. Also, temp profiles should
be removed after they are used.
While the interface for the unittest writer remains simple, I
don't have any special concerns about using profiles for the
implementation. Also, I understand that the profiles will give
misc-settings and http-settings access.
Regards,
>
>
> On 06/22/2012 11:05 AM, Taras wrote:
>>
>> Andres,
>>
>>>> How can I set up misc-settings in test? I haven't found it in
>>>> plugins/tests
>>>> :(
>>>
>>>
>>> That's a good question... I never needed to do something like that. I
>>> think that the test helper doesn't support that. You can either:
>>> * (recommended) Extend the test helper (plugins/tests/helper.py ,
>>> plugins/tests/basic.py) to support this feature
>>
>> All right, I will implement it.
>
>
>
>
> --
> Taras
> http://oxdef.info
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
