def test_log(self):
random_str = tutil.random_string(12)
webvulnscan.log.log(0, random_str, random_str)
print_logs()
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
webvulnscan.log.log(0, random_str, random_str)
print_logs()
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_log(self):
random_str = tutil.random_string(12)
webvulnscan.log.log(0, random_str, random_str)
print_logs()
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
webvulnscan.log.log(0, random_str, random_str)
print_logs()
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_breach_vulnerable(self):
token = tutil.random_string(8)
form = '<form action="/?a=b"><input name="text" type="text" />' \
+ '<input name="token" type="hidden" value="' + token \
+ '" /></form>'
default_page = Page("/?a=b", "<html>" + form + "</html>",
{"Content-Encoding": "GZIP"}, 200)
class VulnerableSite(tutil.ClientSite):
def download_page(self, url, parameters=None,
remember_visited=None):
return Page(url, "<html>" + form + unquote(url) + "</html>",
{"Content-Encoding": "GZIP"}, 200)
webvulnscan.attacks.breach(default_page, VulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_csrf_protected_form(self):
token = tutil.random_string(8)
form = '<form action="/"><input name="text" type="text" />' \
+ '<input name="token" type="hidden" value="' + token \
+ '" /></form>'
default_page = Page("/", "<html>" + form + "</html>", {}, 200)
class ProtectedSite(tutil.ClientSite):
def download_page(self, url, parameters=None,
remember_visited=None):
if "token" in parameters:
if parameters["token"] == token:
return default_page
return Page("/", "<html></html>", {}, 400)
webvulnscan.attacks.csrf(default_page, ProtectedSite())
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "")
def test_breach_vulnerable(self):
token = tutil.random_string(8)
form = '<form action="/?a=b"><input name="text" type="text" />' \
+ '<input name="token" type="hidden" value="' + token \
+ '" /></form>'
default_page = Page("/?a=b", "<html>" + form + "</html>",
{"Content-Encoding": "GZIP"}, 200)
class VulnerableSite(tutil.ClientSite):
def download_page(self,
url,
parameters=None,
remember_visited=None):
return Page(url, "<html>" + form + unquote(url) + "</html>",
{"Content-Encoding": "GZIP"}, 200)
webvulnscan.attacks.breach(default_page, VulnerableSite())
output = sys.stdout.getvalue().strip()
self.assertNotEqual(output, "")
def test_info(self):
random_str = tutil.random_string(12)
webvulnscan.log.info("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Information: http://test " + random_str)
def test_vulnerability(self):
random_str = tutil.random_string(12)
webvulnscan.log.vulnerability("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Vulnerability: http://test " + random_str)
def test_warning(self):
random_str = tutil.random_string(12)
webvulnscan.log.warn("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Warning: http://test " + random_str)
def test_info(self):
random_str = tutil.random_string(12)
webvulnscan.log.info("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Information: http://test " + random_str)
def test_vulnerability(self):
random_str = tutil.random_string(12)
webvulnscan.log.vulnerability("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Vulnerability: http://test " + random_str)
def test_warning(self):
random_str = tutil.random_string(12)
webvulnscan.log.warn("http://test", random_str)
output = sys.stdout.getvalue().strip()
self.assertEqual(output, "Warning: http://test " + random_str)