def _need_more_variants_for_uri(self, fuzzable_request):
#
# Do we need more variants for the fuzzable request? (similar match)
# PARAMS_MAX_VARIANTS and PATH_MAX_VARIANTS
#
clean_dict_key = clean_fuzzable_request(fuzzable_request)
count = self._variants.get(clean_dict_key, None)
if count is None:
self._variants[clean_dict_key] = 1
return True
# We've seen at least one fuzzable request with this pattern...
url = fuzzable_request.get_uri()
has_params = url.has_query_string() or fuzzable_request.get_raw_data()
# Choose which max_variants to use
if has_params:
max_variants = self.params_max_variants
max_variants_type = 'params'
else:
max_variants = self.path_max_variants
max_variants_type = 'path'
if count >= max_variants:
_type = 'need_more_variants_for_uri(%s)' % max_variants_type
self._log_return_false(fuzzable_request, _type)
return False
self._variants[clean_dict_key] = count + 1
return True
def _need_more_variants_for_uri(self, fuzzable_request):
#
# Do we need more variants for the fuzzable request? (similar match)
# PARAMS_MAX_VARIANTS and PATH_MAX_VARIANTS
#
clean_dict_key = clean_fuzzable_request(fuzzable_request)
count = self._variants.get(clean_dict_key, None)
if count is None:
self._variants[clean_dict_key] = 1
return True
# We've seen at least one fuzzable request with this pattern...
url = fuzzable_request.get_uri()
has_params = url.has_query_string() or fuzzable_request.get_raw_data()
# Choose which max_variants to use
if has_params:
max_variants = self.params_max_variants
max_variants_type = 'params'
else:
max_variants = self.path_max_variants
max_variants_type = 'path'
if count >= max_variants:
_type = 'need_more_variants_for_uri(%s)' % max_variants_type
self._log_return_false(fuzzable_request, _type)
return False
self._variants[clean_dict_key] = count + 1
return True
def test_clean_fuzzable_request_json_null_field(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='POST',
post_data=JSONContainer('{"key": null}'))
expected = u'(POST)-http://www.w3af.com/!object-key-null=none'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='POST',
post_data=KeyValueContainer(init_val=[('data', ['23'])]))
expected = u'(POST)-http://www.w3af.com/!data=number'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_fuzzable_request_json(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='PUT',
post_data=JSONContainer('{"key": "value", "second_key": ["abc", 3, 2.1]}'))
expected = u'(PUT)-http://www.w3af.com/!object-second_key-list-0-string=string&object-key-string=string'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='POST',
post_data=KeyValueContainer(init_val=[('data', ['23'])]))
expected = u'(POST)-http://www.w3af.com/!data=number'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_fuzzable_request_json_array_null(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='POST',
post_data=JSONContainer('["abc", null, null]'))
expected = u'(POST)-http://www.w3af.com/!list-0-string=string&list-1-null=none&list-2-null=none'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request_form(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected = u'(POST)-http://example.com/' \
u'?id=number!username=string&address=string'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request_form(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected = u'(POST)-http://example.com/' \
u'?id=number!username=string&address=string'
self.assertEqual(clean_fuzzable_request(fr), expected)
def append(self, fuzzable_request):
"""
:return: True if we added a new fuzzable request variant to the DB,
False if no more variants are required for this fuzzable
request.
"""
with self._db_lock:
#
# Is the fuzzable request already known to us? (exactly the same)
#
request_hash = fuzzable_request.get_request_hash(
self.HASH_IGNORE_HEADERS)
already_seen = self._variants_eq.get(request_hash, False)
if already_seen:
return False
# Store it to avoid duplicated fuzzable requests in our framework
self._variants_eq[request_hash] = True
#
# Do we need more variants for the fuzzable request? (similar match)
#
clean_dict_key = clean_fuzzable_request(fuzzable_request)
count = self._variants.get(clean_dict_key, None)
if count is None:
self._variants[clean_dict_key] = 1
return True
# We've seen at least one fuzzable request with this pattern...
url = fuzzable_request.get_uri()
has_params = url.has_query_string(
) or fuzzable_request.get_raw_data()
# Choose which max_variants to use
if has_params:
max_variants = self.params_max_variants
else:
max_variants = self.path_max_variants
if count >= max_variants:
return False
else:
self._variants[clean_dict_key] = count + 1
return True
def append(self, fuzzable_request):
"""
:return: True if we added a new fuzzable request variant to the DB,
False if no more variants are required for this fuzzable
request.
"""
with self._db_lock:
#
# Is the fuzzable request already known to us? (exactly the same)
#
request_hash = fuzzable_request.get_request_hash(self.HASH_IGNORE_HEADERS)
already_seen = self._variants_eq.get(request_hash, False)
if already_seen:
return False
# Store it to avoid duplicated fuzzable requests in our framework
self._variants_eq[request_hash] = True
#
# Do we need more variants for the fuzzable request? (similar match)
#
clean_dict_key = clean_fuzzable_request(fuzzable_request)
count = self._variants.get(clean_dict_key, None)
if count is None:
self._variants[clean_dict_key] = 1
return True
# We've seen at least one fuzzable request with this pattern...
url = fuzzable_request.get_uri()
has_params = url.has_query_string() or fuzzable_request.get_raw_data()
# Choose which max_variants to use
if has_params:
max_variants = self.params_max_variants
else:
max_variants = self.path_max_variants
if count >= max_variants:
return False
else:
self._variants[clean_dict_key] = count + 1
return True
def test_clean_fuzzable_request_int(self):
u = 'http://w3af.org/index.php?id=2'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/index.php?id=number'
self.assertEqual(s, e)
def test_encoding_issues_se_path(self):
u = u'http://w3af.org/vård/xyz.html'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/vård/file-5692fef3f5dcd97.html'
self.assertEqual(s, e)
def test_encoding_issues_se_filename(self):
u = u'http://w3af.org/x.vård'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/file-5692fef3f5dcd97.vård'
self.assertEqual(s, e)
def test_encoding_issues_se_with_qs(self):
u = u'http://w3af.org/vård.png?id=1'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/vård.png?id=number'
self.assertEqual(s, e)
def test_encoding_issues_se_filename(self):
u = u'http://w3af.org/x.vård'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/file-5692fef3f5dcd97.vård'
self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_file_no_params(self):
u = 'http://w3af.org/foo/index.php'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/foo/%s.php' % FILENAME_TOKEN
self.assertEqual(s, e)
def test_encoding_issues_se_with_qs(self):
u = u'http://w3af.org/vård.png?id=1'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/vård.png?id=number'
self.assertEqual(s, e)
def test_clean_fuzzable_request_int(self):
u = 'http://w3af.org/index.php?id=2'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/index.php?id=number'
self.assertEqual(s, e)
def test_clean_fuzzable_request_simple(self):
u = 'http://w3af.org/'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/'
self.assertEqual(s, e)
def test_clean_fuzzable_request_file(self):
u = 'http://w3af.org/index.php'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/%s.php' % FILENAME_TOKEN
self.assertEqual(s, e)
def test_clean_fuzzable_request_simple(self):
u = 'http://w3af.org/'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/'
self.assertEqual(s, e)
def test_encoding_issues_se_path(self):
u = u'http://w3af.org/vård/xyz.html'
s = clean_fuzzable_request(fr(URL(u)))
e = '(GET)-http://w3af.org/vård/file-5692fef3f5dcd97.html'
self.assertEqual(s, e)
def test_clean_fuzzable_request_file(self):
u = 'http://w3af.org/index.php'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/%s.php' % FILENAME_TOKEN
self.assertEqual(s, e)
def test_clean_fuzzable_request_int_str_empty(self):
u = 'http://w3af.org/index.php?id=2&foo=bar&spam='
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/index.php?id=number&foo=string&spam=string'
self.assertEqual(s, e)
def test_clean_fuzzable_request_int_str_empty(self):
u = 'http://w3af.org/index.php?id=2&foo=bar&spam='
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/index.php?id=number&foo=string&spam=string'
self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_file_no_params(self):
u = 'http://w3af.org/foo/index.php'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/foo/%s.php' % FILENAME_TOKEN
self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_parent_path(self):
u = 'http://w3af.org/spam/foo/'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/spam/%s/' % PATH_TOKEN
self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_parent_path(self):
u = 'http://w3af.org/spam/foo/'
s = clean_fuzzable_request(fr(URL(u)))
e = u'(GET)-http://w3af.org/spam/%s/' % PATH_TOKEN
self.assertEqual(s, e)
