Re: [W3af-develop] w3af plugin for F5 ASM
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-develop] w3af plugin for F5 ASM
|
From: Andres R. <and...@gm...> - 2014-05-03 13:07:24
|
John,
Thanks for your interest in w3af and for contributing back by
writing this plugin :)
The plugin looks good, but the following is required for it to
make it into w3af:
* Code clean-up: NON_BIN is not used, str is duplicated from
a diffferent plugin, the output default doesn't work on windows
(/tmp/f5_asm_import.xml), error method lacks a "pass", strTargets is
not pep8.
* There are no unittests for the plugin, and this is a
requirement for any new plugin we add to the framework. At least three
tests are required:
- Check that the output matches an XSD
- Check that the plugin can handle known vulnerabilities
(as defined in _attack_type)
- Check that the plugin can hanle unknown vulnerabilities
It should be easy for you to write these plugins using these
two [1][2]. Tests are run using "nosetests path/to/test_foo.py"
* Once all those changes are done, follow [0] that will
explain to you how to create a pull request
Please CC the w3af-develop mailing list on all following answers,
I would love the community to review your code too
[0] https://github.com/andresriancho/w3af/wiki/Contributing-101
[1] https://github.com/andresriancho/w3af/blob/master/w3af/plugins/tests/output/test_xml_file.py
[2] https://github.com/andresriancho/w3af/blob/master/w3af/plugins/output/xml_file/report.xsd
Regards,
On Fri, May 2, 2014 at 11:04 PM, John Stauffacher
<joh...@gm...> wrote:
> Andres,
>
> I took some time to write a plugin for w3af that outputs an xml file
> needed to import into F5 ASM. The github repo is here:
>
> https://github.com/geekspeed/w3af_asm
>
> How would I go about getting it into the main branch?
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
