Burp plugin not working on Python >= 3.12 due to import from deprecated distutils #35
Description
The Burp plugin cannot be used because it attempts to import distutils.util, but distutils is deprecated since Python 3.12:
$ faraday-cli tool report report.xml -w CENSORED --create-workspace --plugin-id burp
Cant load plugin module: burp [No module named 'distutils']
Invalid Plugin: burp
The code block in question in plugin.py only attempts to parse a bool from str in decode_binary_node:
def decode_binary_node(self, node):
"""
Finds a subnode matching `path` and returns its inner text if
it has no base64 attribute or its base64 decoded inner text if
it has it.
"""
if node is not None:
encoded = distutils.util.strtobool(node.get('base64', 'false'))
if encoded:
res = base64.b64decode(node.text).decode('utf-8', errors="backslashreplace")
else:
res = node.text
return "".join([ch for ch in res if ord(ch) <= 128])
return ""
Instead of using distutils.util.strtobool, I suggest a "stupid" bool parser that would not have any dependencies:
def strtobool(self, some_str: str) -> bool:
if some_str.lower() in ["true", "yes", "wahr", "1"]:
return True
elif some_str.lower() in ["false", "no", "falsch", "0"]:
return False
else:
raise ValueError(f"Cannot parse str to bool: {some_str}")
This can then be called by decode_binary_node:
def decode_binary_node(self, node):
"""
Finds a subnode matching `path` and returns its inner text if
it has no base64 attribute or its base64 decoded inner text if
it has it.
"""
if node is not None:
encoded = self.strtobool(node.get('base64', 'false'))
if encoded:
res = base64.b64decode(node.text).decode('utf-8', errors="backslashreplace")
else:
res = node.text
return "".join([ch for ch in res if ord(ch) <= 128])
return ""