def test_basic(self): token = DataToken(self.NAME, self.VALUE, self.PATH) self.assertEqual(token.get_name(), self.NAME) self.assertEqual(token.get_value(), self.VALUE) self.assertEqual(token.get_original_value(), self.VALUE) self.assertEqual(token.get_path(), self.PATH)
def test_copy_after_change(self): original = DataToken(self.NAME, self.VALUE, self.PATH) original.set_value(self.PAYLOAD) token = copy.deepcopy(original) self.assertEqual(token.get_name(), self.NAME) self.assertEqual(token.get_value(), self.PAYLOAD) self.assertEqual(token.get_original_value(), self.VALUE) self.assertEqual(token.get_path(), self.PATH)
def test_get_short_printable_repr_unicode_value_unicode(self): dc = KeyValueContainer([(u'aéb', [u'céd']), (u'b', ['2', '3'])]) dc.MAX_PRINTABLE = 7 token = DataToken(u'aéb', u'céd', (u'aéb', 0)) dc.set_token(token) self.assertEqual(dc.get_short_printable_repr(), '...a.b=c.d...')
def test_get_short_printable_repr_unicode_value(self): dc = KeyValueContainer([(u'a', ['x']), (u'b', ['2', '3'])]) dc.MAX_PRINTABLE = 5 token = DataToken('a', 'é', ('a', 0)) dc.set_token(token) self.assertEqual(dc.get_short_printable_repr(), '...a=....')
def test_get_short_printable_repr_token_obj(self): dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])]) token = DataToken('a', '1', ('a', 0)) dc.set_token(token) self.assertIsNotNone(dc.get_token()) self.assertEqual(dc.get_short_printable_repr(), 'a=1&b=2&b=3')
def test_invalid_utf8(self): invalid_utf8 = '\xf3' token = DataToken(self.NAME, invalid_utf8, self.PATH) self.assertRaises(UnicodeDecodeError, unicode, token) encoded_token = smart_unicode(token) self.assertEqual(encoded_token, u'\xf3')
def test_to_dict_msgpack_with_data_token(self): token = DataToken('Host', 'www.w3af.com', ('Host', )) headers = Headers([('Host', token)]) freq = FuzzableRequest(URL("http://www.w3af.com/"), headers=headers) req = HTTPRequest.from_fuzzable_request(freq) msgpack.dumps(req.to_dict())
def test_get_short_printable_repr_token_obj_reduce_printable(self): dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])]) dc.MAX_PRINTABLE = 5 token = DataToken('a', '1', ('a', 0)) dc.set_token(token) self.assertIsNotNone(dc.get_token()) self.assertEqual(dc.get_short_printable_repr(), '...a=1...')
def test_copy(self): original = DataToken(self.NAME, self.VALUE, self.PATH) token = copy.deepcopy(original) self.assertEqual(token.get_name(), self.NAME) self.assertEqual(token.get_value(), self.VALUE) self.assertEqual(token.get_original_value(), self.VALUE) self.assertEqual(token.get_path(), self.PATH)
def test_tokens_to_value(self): token = DataToken('a', 'b', ('a', )) headers = Headers([('a', token)]) headers.tokens_to_value() self.assertIn('a', headers) self.assertEqual(headers['a'], 'b') self.assertIsInstance(headers['a'], basestring)
def iter_tokens(self): """ DataToken instances unbound to any data container are (mostly) useless. Most likely you should use iter_bound_tokens :yield: DataToken instances to help in the fuzzing process of this DataContainer. """ for key, val, token_path, setter in self.iter_setters(): if self.token_filter(token_path, val): yield DataToken(key, val, token_path)
def test_set_token_using_data_token(self): dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])]) token = DataToken('a', '1', ('a', 0)) set_token = dc.set_token(token) self.assertEqual(dc.get_token().get_name(), 'a') self.assertEqual(dc.get_token().get_value(), '1') self.assertEqual(dc.get_token().get_path(), ('a', 0)) self.assertIs(dc.get_token(), token) self.assertIs(set_token, token)
def set_token(self, set_token_path): """ Sets the token in the DataContainer to point to the variable specified in set_token_path. Usually set_token_path will be one of: * ('id',) - When the data container doesn't support repeated params * ('id', 3) - When it does * A DataToken instance which holds the path :raises: An exception when the DataContainer does NOT contain the specified path in *args to find the variable :return: The token if we were able to set it in the DataContainer """ override_token = False try: # Try to get the path from the parameter, if it is a DataToken # instance this will succeed. token_path = set_token_path.get_path() override_token = True except AttributeError: token_path = set_token_path for key, val, i_token_path, setter in self.iter_setters(): if i_token_path == token_path: if override_token: # Use token provided in parameter token = set_token_path elif isinstance(val, DataToken): # We've already done a set_token(...) for this token path # in the past, and now we're doing it again. Don't double # wrap the pre-existing token! token = val else: token = DataToken(key, val, i_token_path) setter(token) self.token = token return token path_str = lambda path: '(%s)' % ', '.join( [smart_str_ignore(i) for i in path]) ppath = path_str(token_path) vpath = ' - '.join([path_str(p) for _, _, p, _ in self.iter_setters()]) if vpath: msg = 'Invalid token path "%s". Valid paths are: %s' raise RuntimeError(msg % (ppath, vpath)) else: msg = 'Invalid token path "%s". No valid paths for "%s"' raise RuntimeError(msg % (ppath, self.get_type()))
def test_mutant_smart_fill_simple(self): form_params = FormParameters() form_params.add_input([("name", "username"), ("value", "")]) form_params.add_input([("name", "address"), ("value", "")]) form_params['username'][0] = DataToken('username', '', ('username', 0)) form = Form(form_params) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) self.assertIs(form.get_form_params(), form_params)
def test_mutant_smart_fill_simple(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params['username'][0] = DataToken('username', '', ('username', 0)) form = Form(form_params) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) self.assertIs(form.get_form_params(), form_params)
def set_token(self, token_path): """ Modified to pass the filename to the FileDataToken """ for key, val, ipath, setter in self.iter_setters(): if ipath == token_path: if isinstance(val, (DataToken, FileDataToken)): # Avoid double-wrapping token = val else: if key in self.get_file_vars(): fname = val.filename if hasattr(val, 'filename') else None #token = FileDataToken(key, val, fname, ipath) token = DataToken(key, val, ipath) else: token = DataToken(key, val, ipath) setter(token) self.token = token return token
def test_mutant_smart_fill_with_file(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params.add_field_by_attrs({'name': 'file', 'type': 'file'}) form = Form(form_params) form['username'][0] = DataToken('username', '', ('username', 0)) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) str_file = form['file'][0] self.assertEqual(str_file.name[-4:], '.gif') self.assertIn('GIF', str_file) self.assertIs(form.get_form_params(), form_params)
def test_mutant_smart_fill_with_file(self): form_params = FormParameters() form_params.add_input([("name", "username"), ("value", "")]) form_params.add_input([("name", "address"), ("value", "")]) form_params.add_file_input([("name", "file"), ("type", "file")]) form = Form(form_params) form['username'][0] = DataToken('username', '', ('username', 0)) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) str_file = form['file'][0] self.assertEqual(str_file.name[-4:], '.gif') self.assertIn('GIF', str_file) self.assertIs(form.get_form_params(), form_params)
def test_unicodeencodeerror(self): _unicode = u'í' token = DataToken(self.NAME, _unicode, self.PATH) self.assertEqual(str(token), 'í')