'''
preg_replace.py

Copyright 2006 Andres Riancho

This file is part of w3af, w3af.sourceforge.net .

w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.

w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

'''

from core.data.fuzzer.fuzzer import *
import core.controllers.outputManager as om
from core.controllers.basePlugin.baseAuditPlugin import baseAuditPlugin
import core.data.kb.knowledgeBase as kb
from core.controllers.w3afException import w3afException
import core.data.kb.vuln as vuln

class preg_replace(baseAuditPlugin):
	'''
	This plugin tests for unsafe usage of PHP's preg_replace.
	@author: Andres Riancho ( andres.riancho@gmail.com )
	'''

	def __init__(self):
		baseAuditPlugin.__init__(self)
		
	def _fuzzRequests(self, freq ):
		'''
		Tests an URL for unsafe usage of PHP's preg_replace.
		
		@param freq: A fuzzableRequest
		'''
		om.out.debug( 'preg_replace plugin is testing: ' + freq.getURL() )
		
		# First I check If I get the error message from php
		mutants = createMutants( freq , ['a' + ')/' * 100 ,] )
		self._errorGeneration = True
		
		for mutant in mutants:
			if self._hasNoBug( 'preg_replace' , 'preg_replace' , mutant.getURL() , mutant.getVar() ):
				# Only spawn a thread if the mutant has a modified variable
				# that has no reported bugs in the kb
				targs = (mutant,)
				self._tm.startFunction( target=self._sendMutant, args=targs, ownerObj=self )
		
	def _analyzeResult( self, mutant, response ):
		'''
		Analyze results of the _sendMutant method.
		'''
		if self._findpregError( response.getBody() ):
			v = vuln.vuln( mutant )
			v.setId( response.id )
			v.setDesc( 'Unsafe usage of preg_replace was found at: ' + response.getURL() + ' . Using method: ' + v.getMethod() + '. The data sent was: ' + str(mutant.getDc()) )
			kb.kb.append( self, 'preg_replace', v )
		
	
	def end(self):
		'''
		This method is called when the plugin wont be used anymore.
		'''
		self._tm.join( self )
		self.printUniq( kb.kb.getData( 'preg_replace', 'preg_replace' ), 'VAR' )
	
	def _findpregError( self, htmlString ):
		'''
		This method searches for preg_replace errors in html's.
		
		@parameter htmlString: The html string where the method searches for preg_replace errors
		@return: True if a preg_replace was found on the site, False otherwise.
		'''
		pregErrorList = self._getPregError()

		for pregError in pregErrorList:
			position = htmlString.find( pregError )
			if  position != -1:
				if position > 20:
					om.out.vulnerability('Found unsafe usage of preg_replace(). The error showed by the Web App is (fragment): "' + htmlString[ position - 20 : position + 20 + len(pregError) ]  + '".')
				else:
					om.out.vulnerability('Found unsafe usage of preg_replace(). The error showed by the Web App is (fragment): "' + htmlString[ position : position + 20 + len(pregError) ]  + '".')
				return True

	def _getPregError(self):
		errors = []
		errors.append( 'Compilation failed: unmatched parentheses at offset' )
		errors.append( '<b>Warning</b>:  preg_replace() [<a' )
		return errors
		
	def getOptionsXML(self):
		'''
		This method returns a XML containing the Options that the plugin has.
		Using this XML the framework will build a window, a menu, or some other input method to retrieve
		the info from the user. The XML has to validate against the xml schema file located at :
		w3af/core/ui/userInterface.dtd
		
		@return: XML with the plugin options.
		'''	
		return	'<?xml version="1.0" encoding="ISO-8859-1"?>\
		<OptionList>\
		</OptionList>\
		'

	def setOptions( self, OptionList ):
		'''
		This method sets all the options that are configured using the user interface 
		generated by the framework using the result of getOptionsXML().
		
		@parameter OptionList: A dictionary with the options for the plugin.
		@return: No value is returned.
		'''	
		pass

	def getPluginDeps( self ):
		'''
		@return: A list with the names of the plugins that should be runned before the
		current one.
		'''
		return []

	def getLongDesc( self ):
		'''
		@return: A DETAILED description of the plugin functions and features.
		'''
		return '''
		This plugin will find preg_replace vulnerabilities. This PHP function is vulnerable when the user
		can control the regular expression or the content of the string being analyzed and the regular expression
		has the 'e' modifier.
		
		Right now this plugin will only find preg_replace vulnerabilities when PHP is configured to show errors,
		but a new version will find "blind" preg_replace errors .
		'''