From: "Jonathan Armani" Subject: Re: security/wapiti: update to 3.2.2; take maintainership To: "Kirill A. Korinsky" , "Benoit Lecocq" Cc: "OpenBSD ports" , "Klemens Nanni" Date: Thu, 05 Dec 2024 18:41:11 +0100 Also did a quick test on amd64, and didn’t notice any regressions On Thu, Dec 5, 2024, at 16:52, Kirill A. Korinsky wrote: > On Thu, 05 Dec 2024 11:49:39 +0100, > Benoit Lecocq wrote: >> >> >> Le 05/12/2024 à 11:39, Kirill A. Korinsky a écrit : >> > ports@, >> > >> > Here a trivial update of security/wapiti to 3.2.2. Realli trivial: >> > https://github.com/wapiti-scanner/wapiti/compare/3.2.1...3.2.2 >> > >> > I also would like to take formal maintainership on that port. >> > >> > Ok? >> >> ok benoit@ >> >> > > Seems that updae isn't so trivial. They had switched to use of their own > arsenic which hasn't got any changes, only renaming: > https://github.com/fabaff/arsenic/compare/main...wapiti-scanner:arsenic:main > > Here a diff which includes patches which put back using system arseinc. > > Ok? > > Index: Makefile > =================================================================== > RCS file: /home/cvs/ports/security/wapiti/Makefile,v > diff -u -p -r1.18 Makefile > --- Makefile 12 Nov 2024 19:05:44 -0000 1.18 > +++ Makefile 5 Dec 2024 10:37:31 -0000 > @@ -1,12 +1,14 @@ > COMMENT = web-application vulnerability scanner > > -MODPY_EGG_VERSION = 3.2.1 > +MODPY_EGG_VERSION = 3.2.2 > DISTNAME = wapiti3-${MODPY_EGG_VERSION} > PKGNAME = wapiti-${MODPY_EGG_VERSION} > > CATEGORIES = security www > > HOMEPAGE = https://wapiti-scanner.github.io/ > + > +MAINTAINER = Kirill A. Korinsky > > # GPLv2 > PERMIT_PACKAGE = Yes > Index: distinfo > =================================================================== > RCS file: /home/cvs/ports/security/wapiti/distinfo,v > diff -u -p -r1.4 distinfo > --- distinfo 12 Nov 2024 19:05:44 -0000 1.4 > +++ distinfo 5 Dec 2024 10:30:25 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (wapiti3-3.2.1.tar.gz) = > CyYIrRjGdeZoEjjv7MnV6jtUjZ+l0//9byH+8kw6x54= > -SIZE (wapiti3-3.2.1.tar.gz) = 693748 > +SHA256 (wapiti3-3.2.2.tar.gz) = > IWpvvnBQWIGS4BRx29Xqv5quVkXbqVZ6zFJTdEYkkxI= > +SIZE (wapiti3-3.2.2.tar.gz) = 693929 > Index: patches/patch-wapitiCore_attack_mod_wapp_py > =================================================================== > RCS file: patches/patch-wapitiCore_attack_mod_wapp_py > diff -N patches/patch-wapitiCore_attack_mod_wapp_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-wapitiCore_attack_mod_wapp_py 5 Dec 2024 15:46:15 > -0000 > @@ -0,0 +1,16 @@ > +Revert https://github.com/wapiti-scanner/wapiti/pull/633 > + > +Index: wapitiCore/attack/mod_wapp.py > +--- wapitiCore/attack/mod_wapp.py.orig > ++++ wapitiCore/attack/mod_wapp.py > +@@ -28,8 +28,8 @@ from urllib.parse import urlparse, quote_plus > + from aiocache import cached > + from httpx import RequestError > + > +-from wapiti_arsenic import get_session, browsers, services > +-from wapiti_arsenic.errors import JavascriptError, UnknownError, > ArsenicError > ++from arsenic import get_session, browsers, services > ++from arsenic.errors import JavascriptError, UnknownError, ArsenicError > + > + from wapitiCore.attack.cve.checker import ( > + CVEChecker, cvss_score_to_wapiti_level, CVE_DIRECTORY, > SUPPORTED_SOFTWARES, is_cve_supported_software > Index: patches/patch-wapitiCore_net_auth_py > =================================================================== > RCS file: patches/patch-wapitiCore_net_auth_py > diff -N patches/patch-wapitiCore_net_auth_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-wapitiCore_net_auth_py 5 Dec 2024 15:46:23 -0000 > @@ -0,0 +1,14 @@ > +Revert https://github.com/wapiti-scanner/wapiti/pull/633 > + > +Index: wapitiCore/net/auth.py > +--- wapitiCore/net/auth.py.orig > ++++ wapitiCore/net/auth.py > +@@ -25,7 +25,7 @@ from urllib.parse import urlparse > + import importlib.util > + > + from httpx import RequestError > +-from wapiti_arsenic import get_session, browsers, services, errors, > constants > ++from arsenic import get_session, browsers, services, errors, constants > + > + from wapitiCore.net import Request, Response > + from wapitiCore.parsers.html_parser import Html > Index: patches/patch-wapitiCore_net_intercepting_explorer_py > =================================================================== > RCS file: patches/patch-wapitiCore_net_intercepting_explorer_py > diff -N patches/patch-wapitiCore_net_intercepting_explorer_py > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-wapitiCore_net_intercepting_explorer_py 5 Dec 2024 > 15:46:18 -0000 > @@ -0,0 +1,27 @@ > +Revert https://github.com/wapiti-scanner/wapiti/pull/633 > + > +Index: wapitiCore/net/intercepting_explorer.py > +--- wapitiCore/net/intercepting_explorer.py.orig > ++++ wapitiCore/net/intercepting_explorer.py > +@@ -34,9 +34,9 @@ from mitmproxy.master import Master > + from mitmproxy.options import Options > + from mitmproxy.http import Request as MitmRequest > + import httpx > +-from wapiti_arsenic import get_session, browsers, services > +-from wapiti_arsenic.constants import SelectorType > +-from wapiti_arsenic.errors import ArsenicError, > ElementNotInteractable, UnknownArsenicError, NoSuchElement > ++from arsenic import get_session, browsers, services > ++from arsenic.constants import SelectorType > ++from arsenic.errors import ArsenicError, ElementNotInteractable, > UnknownArsenicError, NoSuchElement > + import structlog > + > + from wapitiCore.net import Request > +@@ -68,7 +68,7 @@ def is_interpreted_type(mime_type: str) -> bool: > + > + def set_arsenic_log_level(level: int = WARNING): > + # Create logger > +- logger = getLogger('wapiti_arsenic') > ++ logger = getLogger('arsenic') > + > + # We need factory, to return application-wide logger > + def logger_factory(): > > > -- > wbr, Kirill