def test(request, vector_id, context_id, encoding_id, verdict):
b = Browser.objects.get(id=request.session["browser"])
v = Vector.objects.get(id=vector_id)
wc = WebContext.objects.get(id=context_id)
enc = Encoding.objects.get(id=encoding_id)
if verdict == "pass":
# todo: refactoring test object update
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS")
t.save()
return HttpResponseRedirect("/test/next")
elif verdict == "xhrpass":
# todo: refactoring test object update
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS")
t.save()
return HttpResponse("test n°" + str(vector_id) + " passed via xhttprequest")
elif verdict == "imgpass":
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b, vector=v, context=wc, encoding=enc, result="PASS")
t.save()
# TODO: Fix this f*****g path deployment issue !!!
image_data = open("static/img/pass.png", "rb").read()
return HttpResponse(image_data, mimetype="image/png")
else:
# todo: refactoring test object update
baseurl = request.build_absolute_uri("/")
domain = Site.objects.get_current()
xss_instance = build_vector(
v,
test_payload(vector_id, context_id, encoding_id, baseurl, domain),
"test",
context_id,
encoding_id,
baseurl,
)
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "SENT"
else:
t = Test(browser=b, vector=v, context=wc, encoding=enc, result="SENT")
t.save()
# source=str(wc.source).replace("%(xss)s",xss_instance)
source = wc.source % {"xss": xss_instance}
resp = HttpResponse(source.decode("string_escape"), content_type=wc.mimetype + "; " + enc.web_encoding)
return resp
def test(request, vector_id, context_id, encoding_id, verdict):
b = Browser.objects.get(id=request.session['browser'])
v = Vector.objects.get(id=vector_id)
wc = WebContext.objects.get(id=context_id)
enc = Encoding.objects.get(id=encoding_id)
if verdict == "pass":
#todo: refactoring test object update
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b,
vector=v,
context=wc,
encoding=enc,
result="PASS")
t.save()
return HttpResponseRedirect("/test/next")
elif verdict == "xhrpass":
#todo: refactoring test object update
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b,
vector=v,
context=wc,
encoding=enc,
result="PASS")
t.save()
return HttpResponse("test n°" + str(vector_id) +
" passed via xhttprequest")
elif verdict == "imgpass":
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "PASS"
else:
t = Test(browser=b,
vector=v,
context=wc,
encoding=enc,
result="PASS")
t.save()
#TODO: Fix this f*****g path deployment issue !!!
image_data = open("static/img/pass.png", "rb").read()
return HttpResponse(image_data, mimetype="image/png")
else:
#todo: refactoring test object update
baseurl = request.build_absolute_uri("/")
domain = Site.objects.get_current()
xss_instance = build_vector(
v, test_payload(vector_id, context_id, encoding_id, baseurl,
domain), "test", context_id, encoding_id, baseurl)
t = Test.objects.filter(browser=b, vector=v, context=wc, encoding=enc)
if t:
t = t[0]
t.result = "SENT"
else:
t = Test(browser=b,
vector=v,
context=wc,
encoding=enc,
result="SENT")
t.save()
#source=str(wc.source).replace("%(xss)s",xss_instance)
source = wc.source % {"xss": xss_instance}
resp = HttpResponse(source.decode('string_escape'),
content_type=wc.mimetype + "; " + enc.web_encoding)
return resp
def xss(request, vector_id):
v = Vector.objects.get(id=vector_id)
xss_instance = build_vector(v, xss_payload(), "xss")
return HttpResponse(xss_instance.decode('string_escape'))
def xss(request, vector_id):
v = Vector.objects.get(id=vector_id)
xss_instance = build_vector(v, xss_payload(), "xss")
return HttpResponse(xss_instance.decode("string_escape"))
