def LoadPayloads(self):
"""
Crawl the module path and load up everything found into self.payloads.
"""
# crawl up to 5 levels down the module path
for x in xrange(1,5):
# make the folder structure the key for the module
d = dict( (path[path.find("payloads")+9:-3], imp.load_source( "/".join(path.split("/")[3:])[:-3],path ) ) for path in glob.glob(join(settings.BYWAF_PATH+"/modules/payloads/" + "*/" * x,'[!_]*.py')) )
# instantiate the payload stager
for name in d.keys():
module = d[name].Payload()
self.payloads.append( (name, module) )
# sort payloads by their key/path name
self.payloads = sorted(self.payloads, key=lambda x: (x[0]))
python类py()的实例源码
def get_app(config=None, init_elastic=False):
"""App factory.
:param config: configuration that can override config from `settings.py`
:return: a new SuperdeskEve app instance
"""
config = config or {'APP_ABSPATH': os.path.abspath(os.path.dirname(__file__))}
for key in dir(settings):
if key.isupper():
config.setdefault(key, getattr(settings, key))
return superdesk_app(config)
def __start_server(self):
manage = os.path.join(self.harvester_path, "manage.py")
call("%s %s migrate > /dev/null" % (sys.executable, manage), shell=True)
self.p_runserver = Popen("%s %s runserver 0.0.0.0:80" % (sys.executable, manage), shell=True)
self.tree_info.append("server started successfully. "
"see creds at %s" % self.harvester_log)
def test_good_cert(self):
"""Check that I'm allowed in with a valid certificate"""
client_cn = "myserver"
# FIXME: move these filenames out into settings.py (duplicated here from Crypto())
authority_key = "authority.pem"
authority_cert = "authority.crt"
cert, key = self._client_credentials(client_cn, authority_key, authority_cert)
rc, stdout, stderr = self._openssl(['x509', '-in', cert, '-serial', '-noout'])
client_cert_serial = stdout.strip().split("=")[1]
url = "https://localhost:%s/agent/message/" % settings.HTTPS_FRONTEND_PORT
with HttpListener(settings.HTTP_AGENT_PORT) as listener:
response = requests.post(url, data=' ' * 16 * 1024, verify=False, cert=(cert, key))
self.assertEqual(response.status_code, 200)
response = requests.post(url, data=' ' * 16 * 1024 ** 2, verify=False, cert=(cert, key))
self.assertEqual(response.status_code, 413)
response = requests.get(url, verify=False, cert=(cert, key))
# My request succeeded
self.assertEqual(response.status_code, 200)
# A request was forwarded
self.assertEqual(len(listener.requests), 2)
self.assertEqual(listener.last_request.path, "/agent/message/")
# The client name header was set
self.assertEqual(listener.last_request.headers.getheader('X-SSL-Client-On'), "SUCCESS")
self.assertEqual(listener.last_request.headers.getheader('X-SSL-Client-Name'), client_cn)
self.assertEqual(listener.last_request.headers.getheader('X-SSL-Client-Serial'), client_cert_serial)
url = "https://localhost:%s/agent/reregister/" % settings.HTTPS_FRONTEND_PORT
response = requests.post(url, verify=False, cert=(cert, key))
self.assertEqual(response.status_code, 200)
def site_dir():
def _search_path(path):
if os.path.exists(os.path.join(path, "settings.py")):
return path
else:
if path == "/":
raise RuntimeError("Can't find settings.py")
else:
return _search_path(os.path.dirname(path))
return _search_path(os.path.dirname(__file__))
def chroma_settings():
"""
Walk back up parent directories until settings.py is found.
Insert that directory as the first entry in sys.path.
Import the settings module, then return it to the caller.
"""
sys.path.insert(0, site_dir())
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "settings")
import settings
return settings
def test_enforce_file_not_found(self):
"""Check if settings.py writes settings.ini file if it does not exist"""
# Backup settings and remove file
os.rename('src/settings.ini', 'src/settings_backup.ini')
# Let settings find no file
settings.get_parameters()
# Check if file has been written
ret = os.path.exists('src/settings.ini')
# Remove file created by settings.py()
os.remove('src/settings.ini')
# Restore backup file
os.rename('src/settings_backup.ini', 'src/settings.ini')
assert_true(ret)
def get_settings():
"""
Returns a settings object or module that supplies runtime configuration
via the typical "settings.UPPER_CASE_PARAM" style. The default is to
simply return the settings.py module, but allowing injection may allow
greater integration flexibility in some environments.
:return: a settings object or module
"""
with _settings_lock:
global _settings
if not _settings:
import settings
_settings = settings
return _settings
def __init__(self, langs = None, oneRun=True):
self.payloads = list()
# a specific payload, so we can set it manually
self.payload = None
self.payloadname = None
# restrict loaded modules to specific languages
self.langs = langs
# oneRune signifies whether to only generate one payload, as we would
# if being invoked from external code.
# defaults to True, so bywaf.py needs to manually specific "False" to
# ensure an infinite loop
self.oneRun = oneRun
self.outputFileName = ""
self.commands = [ ("use","Use a specific payload"),
("info","Information on a specific payload"),
("list","List available payloads"),
("update","Update ByWaf to the latest version"),
("exit","Exit ByWaf")]
self.payloadCommands = [ ("set","Set a specific option value"),
("info","Show information about the payload"),
("options","Show payload's options"),
("run","Run payload"),
("back","Go to the main menu"),
("exit","exit ByWaf")]
self.LoadPayloads()
def load_payloads(self, cli_args):
for x in range(1, 5):
for name in glob.glob(join("Tools/Evasion/payloads/" + "*/" * x,'[!_]*.py')):
if name.endswith(".py") and ("__init__" not in name):
loaded_payloads = imp.load_source(
name.replace("/", ".").rstrip('.py'), name)
self.active_payloads[name.replace('Tools/Evasion/payloads/', '')] = loaded_payloads.PayloadModule(cli_args)
return
