def expand_path_variables(self, url, path_parameters):
if not isinstance(path_parameters, dict):
self.logger.warning(
'Path_parameters {} does not in the desired format,received: {}'
.format(path_parameters, type(path_parameters)))
return url
formatted_url = url
for path_key, path_value in path_parameters.items():
self.logger.debug(
'Processing: path_key: {} , path_variable: {}'.format(
path_key, path_value))
path_parameter = container_name_to_param(path_key)
url_path_parameter = '{%PATH_PARAM%}'.replace(
'%PATH_PARAM%', path_parameter)
tmp_url = formatted_url.replace(url_path_parameter, path_value)
if tmp_url == formatted_url:
self.logger.warning(
'{} was not in the url: {}, adding it'.format(
url_path_parameter, url))
tmp_url += '&{}={}'.format(path_parameter, path_value)
formatted_url = tmp_url
self.logger.info('Compiled url in {}, out: {}'.format(
url, formatted_url))
return formatted_url.replace("{", "").replace("}",
"").replace("+", "/")
def format_pycurl_query_param(self, url, query_params):
"""
Prepares fuzz query string by removing parts if necessary
:param url: url used only to provide realistic url for pycurl
:type url: str
:param query_params: query strings in dict format
:type query_params: dict
:rtype: str
"""
_dummy_curl = pycurl.Curl()
_tmp_query_params = dict()
for k, v in query_params.items():
original_value = v
iteration = 0
self.chop_left = True
self.chop_right = True
while True:
iteration = iteration + 1
_test_query_params = _tmp_query_params.copy()
_query_param_name = container_name_to_param(k)
_test_query_params[_query_param_name] = v
try:
_dummy_curl.setopt(
pycurl.URL, '{}{}'.format(
url,
self.dict_to_query_string(_test_query_params)))
_tmp_query_params[_query_param_name] = v
break
except (UnicodeEncodeError, ValueError) as e:
self.logger.debug(
'{} Problem adding ({}) as query param. Issue was:{}'.
format(iteration, k, e))
if len(v):
v = self.chop_fuzz_value(
original_fuzz_value=original_value, fuzz_value=v)
else:
self.logger.info(
'The whole query param was removed, using empty string instead'
)
_tmp_query_params[_query_param_name] = ""
break
except Exception as e: # pylint: disable=broad-exception
self.logger.error(
'Unexpected exception ({}) while processing: {}'.
format(e, k))
self.logger.warning('Returning: {}'.format(_tmp_query_params))
return self.dict_to_query_string(_tmp_query_params)
def compile_headers(self, fuzz_header=None):
"""
Using the fuzzer headers plus the header(s) defined at cli parameter this puts together a dict which will be
used at the reques
:type fuzz_header: list, dict, None
"""
_header = requests.utils.default_headers()
_header.update({
'User-Agent': get_version(),
})
if isinstance(fuzz_header, dict):
for k, v in fuzz_header.items():
fuzz_header_name = container_name_to_param(k)
self.logger.debug('Adding fuzz header: {}->{}'.format(
fuzz_header_name, v))
_header[fuzz_header_name] = v
if isinstance(self.auth_headers, list):
for auth_header_part in self.auth_headers:
_header.update(auth_header_part)
else:
_header.update(self.auth_headers)
return _header
def fix_data(data):
new_data = {}
for data_key, data_value in data.items():
new_data[container_name_to_param(data_key)] = data_value
return new_data