Re: security/wapiti: update to 3.2.2; take maintainership

Jonathan Armani Thu, 05 Dec 2024 08:43:50 -0800

On Thu, Dec 5, 2024, at 16:52, Kirill A. Korinsky wrote:
> On Thu, 05 Dec 2024 11:49:39 +0100,
> Benoit Lecocq <b...@arcane-labs.net> wrote:
>> 
>> 
>> Le 05/12/2024 à 11:39, Kirill A. Korinsky a écrit :
>> > ports@,
>> > 
>> > Here a trivial update of security/wapiti to 3.2.2. Realli trivial:
>> > https://github.com/wapiti-scanner/wapiti/compare/3.2.1...3.2.2
>> > 
>> > I also would like to take formal maintainership on that port.
>> > 
>> > Ok?
>> 
>> ok benoit@
>> 
>>
>
> Seems that updae isn't so trivial. They had switched to use of their own
> arsenic which hasn't got any changes, only renaming:
> https://github.com/fabaff/arsenic/compare/main...wapiti-scanner:arsenic:main

You compare between a fork and wapiti.

What about these changes between the fork and HENNGE/arsenic ?
https://github.com/HENNGE/arsenic/compare/main...fabaff:arsenic:main

>
> Here a diff which includes patches which put back using system arseinc.
>
> Ok?
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/security/wapiti/Makefile,v
> diff -u -p -r1.18 Makefile
> --- Makefile  12 Nov 2024 19:05:44 -0000      1.18
> +++ Makefile  5 Dec 2024 10:37:31 -0000
> @@ -1,12 +1,14 @@
>  COMMENT =    web-application vulnerability scanner
> 
> -MODPY_EGG_VERSION =  3.2.1
> +MODPY_EGG_VERSION =  3.2.2
>  DISTNAME =   wapiti3-${MODPY_EGG_VERSION}
>  PKGNAME =    wapiti-${MODPY_EGG_VERSION}
> 
>  CATEGORIES = security www
> 
>  HOMEPAGE =   https://wapiti-scanner.github.io/
> +
> +MAINTAINER = Kirill A. Korinsky <kir...@korins.ky>
> 
>  # GPLv2
>  PERMIT_PACKAGE =     Yes
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/security/wapiti/distinfo,v
> diff -u -p -r1.4 distinfo
> --- distinfo  12 Nov 2024 19:05:44 -0000      1.4
> +++ distinfo  5 Dec 2024 10:30:25 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (wapiti3-3.2.1.tar.gz) = 
> CyYIrRjGdeZoEjjv7MnV6jtUjZ+l0//9byH+8kw6x54=
> -SIZE (wapiti3-3.2.1.tar.gz) = 693748
> +SHA256 (wapiti3-3.2.2.tar.gz) = 
> IWpvvnBQWIGS4BRx29Xqv5quVkXbqVZ6zFJTdEYkkxI=
> +SIZE (wapiti3-3.2.2.tar.gz) = 693929
> Index: patches/patch-wapitiCore_attack_mod_wapp_py
> ===================================================================
> RCS file: patches/patch-wapitiCore_attack_mod_wapp_py
> diff -N patches/patch-wapitiCore_attack_mod_wapp_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-wapitiCore_attack_mod_wapp_py       5 Dec 2024 15:46:15 
> -0000
> @@ -0,0 +1,16 @@
> +Revert https://github.com/wapiti-scanner/wapiti/pull/633
> +
> +Index: wapitiCore/attack/mod_wapp.py
> +--- wapitiCore/attack/mod_wapp.py.orig
> ++++ wapitiCore/attack/mod_wapp.py
> +@@ -28,8 +28,8 @@ from urllib.parse import urlparse, quote_plus
> + from aiocache import cached
> + from httpx import RequestError
> + 
> +-from wapiti_arsenic import get_session, browsers, services
> +-from wapiti_arsenic.errors import JavascriptError, UnknownError, 
> ArsenicError
> ++from arsenic import get_session, browsers, services
> ++from arsenic.errors import JavascriptError, UnknownError, ArsenicError
> + 
> + from wapitiCore.attack.cve.checker import (
> +     CVEChecker, cvss_score_to_wapiti_level, CVE_DIRECTORY, 
> SUPPORTED_SOFTWARES, is_cve_supported_software
> Index: patches/patch-wapitiCore_net_auth_py
> ===================================================================
> RCS file: patches/patch-wapitiCore_net_auth_py
> diff -N patches/patch-wapitiCore_net_auth_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-wapitiCore_net_auth_py      5 Dec 2024 15:46:23 -0000
> @@ -0,0 +1,14 @@
> +Revert https://github.com/wapiti-scanner/wapiti/pull/633
> +
> +Index: wapitiCore/net/auth.py
> +--- wapitiCore/net/auth.py.orig
> ++++ wapitiCore/net/auth.py
> +@@ -25,7 +25,7 @@ from urllib.parse import urlparse
> + import importlib.util
> + 
> + from httpx import RequestError
> +-from wapiti_arsenic import get_session, browsers, services, errors, 
> constants
> ++from arsenic import get_session, browsers, services, errors, constants
> + 
> + from wapitiCore.net import Request, Response
> + from wapitiCore.parsers.html_parser import Html
> Index: patches/patch-wapitiCore_net_intercepting_explorer_py
> ===================================================================
> RCS file: patches/patch-wapitiCore_net_intercepting_explorer_py
> diff -N patches/patch-wapitiCore_net_intercepting_explorer_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-wapitiCore_net_intercepting_explorer_py     5 Dec 2024 
> 15:46:18 -0000
> @@ -0,0 +1,27 @@
> +Revert https://github.com/wapiti-scanner/wapiti/pull/633
> +
> +Index: wapitiCore/net/intercepting_explorer.py
> +--- wapitiCore/net/intercepting_explorer.py.orig
> ++++ wapitiCore/net/intercepting_explorer.py
> +@@ -34,9 +34,9 @@ from mitmproxy.master import Master
> + from mitmproxy.options import Options
> + from mitmproxy.http import Request as MitmRequest
> + import httpx
> +-from wapiti_arsenic import get_session, browsers, services
> +-from wapiti_arsenic.constants import SelectorType
> +-from wapiti_arsenic.errors import ArsenicError, 
> ElementNotInteractable, UnknownArsenicError, NoSuchElement
> ++from arsenic import get_session, browsers, services
> ++from arsenic.constants import SelectorType
> ++from arsenic.errors import ArsenicError, ElementNotInteractable, 
> UnknownArsenicError, NoSuchElement
> + import structlog
> + 
> + from wapitiCore.net import Request
> +@@ -68,7 +68,7 @@ def is_interpreted_type(mime_type: str) -> bool:
> + 
> + def set_arsenic_log_level(level: int = WARNING):
> +     # Create logger
> +-    logger = getLogger('wapiti_arsenic')
> ++    logger = getLogger('arsenic')
> + 
> +     # We need factory, to return application-wide logger
> +     def logger_factory():
>
>
> -- 
> wbr, Kirill
Re: security/wapiti: update to 3.2.2; take maintainership

Reply via email to
