def test_match_action_regex(self):
user_configured_json = {'action': '/products/comm.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_not_match_hosted_at_regex(self):
user_configured_json = {'hosted_at_url': '/products/.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(hosted_at_url=URL('http://w3af.org/another/product-132'),
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_match_hosted_at_regex(self):
user_configured_json = {'hosted_at_url': '/products/.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(hosted_at_url=self.HOSTED_AT_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_match_empty_user_configured_json(self):
user_configured_json = {}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_match_hosted_at_regex(self):
user_configured_json = {'hosted_at_url': '/products/.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(hosted_at_url=self.HOSTED_AT_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_match_empty_user_configured_json(self):
user_configured_json = {}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_match_action_regex(self):
user_configured_json = {'action': '/products/comm.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_not_match_hosted_at_regex(self):
user_configured_json = {'hosted_at_url': '/products/.*'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(
hosted_at_url=URL('http://w3af.org/another/product-132'),
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_match_method(self):
user_configured_json = {'method': 'get'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
method='get')
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_no_match_when_action_regex_match_and_input_not(self):
user_configured_json = {'action': '/products/comm.*',
'inputs': ['foo']}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_match_method(self):
user_configured_json = {'method': 'get'}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
method='get')
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_not_match_attrs(self):
user_configured_json = {'attributes': {'class': 'impact-css'}}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_not_match_attrs(self):
user_configured_json = {'attributes': {'class': 'impact-css'}}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_matches_one_of_false_1(self):
user_value = '[{"action": "/foo"}, {"action": "/bar", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertFalse(match)
def test_matches_one_of_false_1(self):
user_value = '[{"action": "/foo"}, {"action": "/bar", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertFalse(match)
def test_no_match_when_action_regex_match_and_input_not(self):
user_configured_json = {
'action': '/products/comm.*',
'inputs': ['foo']
}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'])
match = found_form_id.matches(form_matcher)
self.assertFalse(match)
def test_matches_one_of_true(self):
user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(action=URL('http://w3af.org/products/product-132'),
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
method='get',
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertTrue(match)
def test_match_all(self):
user_configured_json = {'hosted_at_url': '/products/.*',
'inputs': ['comment'],
'action': '/products/comments',
'attributes': {'class': 'comment-css'}}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def test_matches_one_of_true(self):
user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]'
form_list = FormIDMatcherList(user_value)
found_form_id = FormID(
action=URL('http://w3af.org/products/product-132'),
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
method='get',
attributes={'class': 'comment-css'})
match = found_form_id.matches_one_of(form_list)
self.assertTrue(match)
def test_form_id_to_json(self):
form_id = FormID(hosted_at_url=self.HOSTED_AT_URL,
inputs=['comment'],
action=self.ACTION_URL,
attributes={'class': 'comment-css'},
method='post')
form_id_json = form_id.to_json()
loaded_form_id = json.loads(form_id_json)
self.assertEqual(loaded_form_id['action'], form_id.action.get_path())
self.assertEqual(loaded_form_id['hosted_at_url'], form_id.hosted_at_url.get_path())
self.assertEqual(loaded_form_id['inputs'], form_id.inputs)
self.assertEqual(loaded_form_id['attributes'], form_id.attributes)
self.assertEqual(loaded_form_id['method'], form_id.method)
def test_form_id_to_json(self):
form_id = FormID(hosted_at_url=self.HOSTED_AT_URL,
inputs=['comment'],
action=self.ACTION_URL,
attributes={'class': 'comment-css'},
method='post')
form_id_json = form_id.to_json()
loaded_form_id = json.loads(form_id_json)
self.assertEqual(loaded_form_id['action'], form_id.action.get_path())
self.assertEqual(loaded_form_id['hosted_at_url'],
form_id.hosted_at_url.get_path())
self.assertEqual(loaded_form_id['inputs'], form_id.inputs)
self.assertEqual(loaded_form_id['attributes'], form_id.attributes)
self.assertEqual(loaded_form_id['method'], form_id.method)
def test_match_all(self):
user_configured_json = {
'hosted_at_url': '/products/.*',
'inputs': ['comment'],
'action': '/products/comments',
'attributes': {
'class': 'comment-css'
}
}
form_matcher = self.create_form_matcher(user_configured_json)
found_form_id = FormID(action=self.ACTION_URL,
inputs=['comment', 'submit'],
hosted_at_url=self.HOSTED_AT_URL,
attributes={'class': 'comment-css'})
match = found_form_id.matches(form_matcher)
self.assertTrue(match)
def get_form_id(self):
"""
:return: A FormID which can be used to compare two forms
:see: https://github.com/andresriancho/w3af/issues/15161
"""
return FormID(action=self._action,
inputs=self.meta.keys(),
attributes=self._attributes,
hosted_at_url=self._hosted_at_url,
method=self._method)
def test_form_id_trivial(self):
form_id = FormID(hosted_at_url=self.HOSTED_AT_URL,
inputs=['comment'],
action=self.ACTION_URL,
attributes={'class': 'comment-css'},
method='get')
self.assertEqual(form_id.hosted_at_url, self.HOSTED_AT_URL)
self.assertEqual(form_id.inputs, ['comment'])
self.assertEqual(form_id.action, self.ACTION_URL)
self.assertEqual(form_id.attributes, {'class': 'comment-css'})
self.assertEqual(form_id.method, 'get')