Re: security/wapiti: update to 3.2.2; take maintainership

Thu, 05 Dec 2024 15:31:30 -0800 


Le 05/12/2024 à 16:52, Kirill A. Korinsky a écrit :

On Thu, 05 Dec 2024 11:49:39 +0100,
Benoit Lecocq <b...@arcane-labs.net> wrote:


Le 05/12/2024 à 11:39, Kirill A. Korinsky a écrit :

ports@,

Here a trivial update of security/wapiti to 3.2.2. Realli trivial:
https://github.com/wapiti-scanner/wapiti/compare/3.2.1...3.2.2

I also would like to take formal maintainership on that port.

Ok?

ok benoit@



Seems that updae isn't so trivial. They had switched to use of their own
arsenic which hasn't got any changes, only renaming:
https://github.com/fabaff/arsenic/compare/main...wapiti-scanner:arsenic:main

Here a diff which includes patches which put back using system arseinc.

Ok?



Works fine with the patches.




Index: Makefile
===================================================================
RCS file: /home/cvs/ports/security/wapiti/Makefile,v
diff -u -p -r1.18 Makefile
--- Makefile    12 Nov 2024 19:05:44 -0000      1.18
+++ Makefile    5 Dec 2024 10:37:31 -0000
@@ -1,12 +1,14 @@
  COMMENT =     web-application vulnerability scanner

  
-MODPY_EGG_VERSION =	3.2.1

+MODPY_EGG_VERSION =    3.2.2
  DISTNAME =    wapiti3-${MODPY_EGG_VERSION}
  PKGNAME =     wapiti-${MODPY_EGG_VERSION}

  
  CATEGORIES =	security www
  
  HOMEPAGE =	https://wapiti-scanner.github.io/

+
+MAINTAINER =   Kirill A. Korinsky <kir...@korins.ky>

  
  # GPLv2

  PERMIT_PACKAGE =      Yes
Index: distinfo
===================================================================
RCS file: /home/cvs/ports/security/wapiti/distinfo,v
diff -u -p -r1.4 distinfo
--- distinfo    12 Nov 2024 19:05:44 -0000      1.4
+++ distinfo    5 Dec 2024 10:30:25 -0000
@@ -1,2 +1,2 @@
-SHA256 (wapiti3-3.2.1.tar.gz) = CyYIrRjGdeZoEjjv7MnV6jtUjZ+l0//9byH+8kw6x54=
-SIZE (wapiti3-3.2.1.tar.gz) = 693748
+SHA256 (wapiti3-3.2.2.tar.gz) = IWpvvnBQWIGS4BRx29Xqv5quVkXbqVZ6zFJTdEYkkxI=
+SIZE (wapiti3-3.2.2.tar.gz) = 693929
Index: patches/patch-wapitiCore_attack_mod_wapp_py
===================================================================
RCS file: patches/patch-wapitiCore_attack_mod_wapp_py
diff -N patches/patch-wapitiCore_attack_mod_wapp_py
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-wapitiCore_attack_mod_wapp_py 5 Dec 2024 15:46:15 -0000
@@ -0,0 +1,16 @@
+Revert https://github.com/wapiti-scanner/wapiti/pull/633
+
+Index: wapitiCore/attack/mod_wapp.py
+--- wapitiCore/attack/mod_wapp.py.orig
++++ wapitiCore/attack/mod_wapp.py
+@@ -28,8 +28,8 @@ from urllib.parse import urlparse, quote_plus
+ from aiocache import cached
+ from httpx import RequestError
+
+-from wapiti_arsenic import get_session, browsers, services
+-from wapiti_arsenic.errors import JavascriptError, UnknownError, ArsenicError
++from arsenic import get_session, browsers, services
++from arsenic.errors import JavascriptError, UnknownError, ArsenicError
+
+ from wapitiCore.attack.cve.checker import (
+     CVEChecker, cvss_score_to_wapiti_level, CVE_DIRECTORY, 
SUPPORTED_SOFTWARES, is_cve_supported_software
Index: patches/patch-wapitiCore_net_auth_py
===================================================================
RCS file: patches/patch-wapitiCore_net_auth_py
diff -N patches/patch-wapitiCore_net_auth_py
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-wapitiCore_net_auth_py        5 Dec 2024 15:46:23 -0000
@@ -0,0 +1,14 @@
+Revert https://github.com/wapiti-scanner/wapiti/pull/633
+
+Index: wapitiCore/net/auth.py
+--- wapitiCore/net/auth.py.orig
++++ wapitiCore/net/auth.py
+@@ -25,7 +25,7 @@ from urllib.parse import urlparse
+ import importlib.util
+
+ from httpx import RequestError
+-from wapiti_arsenic import get_session, browsers, services, errors, constants
++from arsenic import get_session, browsers, services, errors, constants
+
+ from wapitiCore.net import Request, Response
+ from wapitiCore.parsers.html_parser import Html
Index: patches/patch-wapitiCore_net_intercepting_explorer_py
===================================================================
RCS file: patches/patch-wapitiCore_net_intercepting_explorer_py
diff -N patches/patch-wapitiCore_net_intercepting_explorer_py
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-wapitiCore_net_intercepting_explorer_py       5 Dec 2024 
15:46:18 -0000
@@ -0,0 +1,27 @@
+Revert https://github.com/wapiti-scanner/wapiti/pull/633
+
+Index: wapitiCore/net/intercepting_explorer.py
+--- wapitiCore/net/intercepting_explorer.py.orig
++++ wapitiCore/net/intercepting_explorer.py
+@@ -34,9 +34,9 @@ from mitmproxy.master import Master
+ from mitmproxy.options import Options
+ from mitmproxy.http import Request as MitmRequest
+ import httpx
+-from wapiti_arsenic import get_session, browsers, services
+-from wapiti_arsenic.constants import SelectorType
+-from wapiti_arsenic.errors import ArsenicError, ElementNotInteractable, 
UnknownArsenicError, NoSuchElement
++from arsenic import get_session, browsers, services
++from arsenic.constants import SelectorType
++from arsenic.errors import ArsenicError, ElementNotInteractable, 
UnknownArsenicError, NoSuchElement
+ import structlog
+
+ from wapitiCore.net import Request
+@@ -68,7 +68,7 @@ def is_interpreted_type(mime_type: str) -> bool:
+
+ def set_arsenic_log_level(level: int = WARNING):
+     # Create logger
+-    logger = getLogger('wapiti_arsenic')
++    logger = getLogger('arsenic')
+
+     # We need factory, to return application-wide logger
+     def logger_factory():


























					Reply via email to