Example #1
0
    def test_basic(self):
        token = DataToken(self.NAME, self.VALUE, self.PATH)

        self.assertEqual(token.get_name(), self.NAME)
        self.assertEqual(token.get_value(), self.VALUE)
        self.assertEqual(token.get_original_value(), self.VALUE)
        self.assertEqual(token.get_path(), self.PATH)
Example #2
0
    def test_copy_after_change(self):
        original = DataToken(self.NAME, self.VALUE, self.PATH)
        original.set_value(self.PAYLOAD)

        token = copy.deepcopy(original)

        self.assertEqual(token.get_name(), self.NAME)
        self.assertEqual(token.get_value(), self.PAYLOAD)
        self.assertEqual(token.get_original_value(), self.VALUE)
        self.assertEqual(token.get_path(), self.PATH)
Example #3
0
    def test_copy_after_change(self):
        original = DataToken(self.NAME, self.VALUE, self.PATH)
        original.set_value(self.PAYLOAD)

        token = copy.deepcopy(original)

        self.assertEqual(token.get_name(), self.NAME)
        self.assertEqual(token.get_value(), self.PAYLOAD)
        self.assertEqual(token.get_original_value(), self.VALUE)
        self.assertEqual(token.get_path(), self.PATH)
Example #4
0
    def test_get_short_printable_repr_unicode_value_unicode(self):
        dc = KeyValueContainer([(u'aéb', [u'céd']), (u'b', ['2', '3'])])
        dc.MAX_PRINTABLE = 7
        token = DataToken(u'aéb', u'céd', (u'aéb', 0))
        dc.set_token(token)

        self.assertEqual(dc.get_short_printable_repr(), '...a.b=c.d...')
Example #5
0
    def test_get_short_printable_repr_unicode_value(self):
        dc = KeyValueContainer([(u'a', ['x']), (u'b', ['2', '3'])])
        dc.MAX_PRINTABLE = 5
        token = DataToken('a', 'é', ('a', 0))
        dc.set_token(token)

        self.assertEqual(dc.get_short_printable_repr(), '...a=....')
Example #6
0
    def test_get_short_printable_repr_token_obj(self):
        dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
        token = DataToken('a', '1', ('a', 0))
        dc.set_token(token)

        self.assertIsNotNone(dc.get_token())
        self.assertEqual(dc.get_short_printable_repr(), 'a=1&b=2&b=3')
Example #7
0
    def test_invalid_utf8(self):
        invalid_utf8 = '\xf3'
        token = DataToken(self.NAME, invalid_utf8, self.PATH)

        self.assertRaises(UnicodeDecodeError, unicode, token)

        encoded_token = smart_unicode(token)
        self.assertEqual(encoded_token, u'\xf3')
Example #8
0
    def test_to_dict_msgpack_with_data_token(self):
        token = DataToken('Host', 'www.w3af.com', ('Host', ))
        headers = Headers([('Host', token)])
        freq = FuzzableRequest(URL("http://www.w3af.com/"), headers=headers)

        req = HTTPRequest.from_fuzzable_request(freq)

        msgpack.dumps(req.to_dict())
Example #9
0
    def test_get_short_printable_repr_token_obj_reduce_printable(self):
        dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
        dc.MAX_PRINTABLE = 5
        token = DataToken('a', '1', ('a', 0))
        dc.set_token(token)

        self.assertIsNotNone(dc.get_token())
        self.assertEqual(dc.get_short_printable_repr(), '...a=1...')
Example #10
0
    def test_copy(self):
        original = DataToken(self.NAME, self.VALUE, self.PATH)

        token = copy.deepcopy(original)

        self.assertEqual(token.get_name(), self.NAME)
        self.assertEqual(token.get_value(), self.VALUE)
        self.assertEqual(token.get_original_value(), self.VALUE)
        self.assertEqual(token.get_path(), self.PATH)
Example #11
0
    def test_tokens_to_value(self):
        token = DataToken('a', 'b', ('a', ))
        headers = Headers([('a', token)])

        headers.tokens_to_value()

        self.assertIn('a', headers)
        self.assertEqual(headers['a'], 'b')
        self.assertIsInstance(headers['a'], basestring)
Example #12
0
    def iter_tokens(self):
        """
        DataToken instances unbound to any data container are (mostly)
        useless. Most likely you should use iter_bound_tokens

        :yield: DataToken instances to help in the fuzzing process of this
                DataContainer.
        """
        for key, val, token_path, setter in self.iter_setters():
            if self.token_filter(token_path, val):
                yield DataToken(key, val, token_path)
Example #13
0
    def test_set_token_using_data_token(self):
        dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])

        token = DataToken('a', '1', ('a', 0))
        set_token = dc.set_token(token)

        self.assertEqual(dc.get_token().get_name(), 'a')
        self.assertEqual(dc.get_token().get_value(), '1')
        self.assertEqual(dc.get_token().get_path(), ('a', 0))
        self.assertIs(dc.get_token(), token)
        self.assertIs(set_token, token)
Example #14
0
    def test_basic(self):
        token = DataToken(self.NAME, self.VALUE, self.PATH)

        self.assertEqual(token.get_name(), self.NAME)
        self.assertEqual(token.get_value(), self.VALUE)
        self.assertEqual(token.get_original_value(), self.VALUE)
        self.assertEqual(token.get_path(), self.PATH)
Example #15
0
    def set_token(self, set_token_path):
        """
        Sets the token in the DataContainer to point to the variable specified
        in set_token_path. Usually set_token_path will be one of:
            * ('id',) - When the data container doesn't support repeated params
            * ('id', 3) - When it does
            * A DataToken instance which holds the path

        :raises: An exception when the DataContainer does NOT contain the
                 specified path in *args to find the variable
        :return: The token if we were able to set it in the DataContainer
        """
        override_token = False
        try:
            # Try to get the path from the parameter, if it is a DataToken
            # instance this will succeed.
            token_path = set_token_path.get_path()
            override_token = True
        except AttributeError:
            token_path = set_token_path

        for key, val, i_token_path, setter in self.iter_setters():
            if i_token_path == token_path:

                if override_token:
                    # Use token provided in parameter
                    token = set_token_path

                elif isinstance(val, DataToken):
                    # We've already done a set_token(...) for this token path
                    # in the past, and now we're doing it again. Don't double
                    # wrap the pre-existing token!
                    token = val
                else:
                    token = DataToken(key, val, i_token_path)

                setter(token)
                self.token = token

                return token

        path_str = lambda path: '(%s)' % ', '.join(
            [smart_str_ignore(i) for i in path])
        ppath = path_str(token_path)
        vpath = ' - '.join([path_str(p) for _, _, p, _ in self.iter_setters()])

        if vpath:
            msg = 'Invalid token path "%s". Valid paths are: %s'
            raise RuntimeError(msg % (ppath, vpath))
        else:
            msg = 'Invalid token path "%s". No valid paths for "%s"'
            raise RuntimeError(msg % (ppath, self.get_type()))
Example #16
0
    def test_mutant_smart_fill_simple(self):
        form_params = FormParameters()
        form_params.add_input([("name", "username"), ("value", "")])
        form_params.add_input([("name", "address"), ("value", "")])
        form_params['username'][0] = DataToken('username', '', ('username', 0))

        form = Form(form_params)

        form.smart_fill()

        self.assertEqual(form['username'], ['', ])
        self.assertEqual(form['address'], ['Bonsai Street 123', ])
        self.assertIsInstance(form['username'][0], DataToken)
        self.assertIs(form.get_form_params(), form_params)
Example #17
0
    def test_mutant_smart_fill_simple(self):
        form_params = FormParameters()
        form_params.add_field_by_attrs({'name': 'username', 'value': ''})
        form_params.add_field_by_attrs({'name': 'address', 'value': ''})
        form_params['username'][0] = DataToken('username', '', ('username', 0))

        form = Form(form_params)

        form.smart_fill()

        self.assertEqual(form['username'], ['', ])
        self.assertEqual(form['address'], ['Bonsai Street 123', ])
        self.assertIsInstance(form['username'][0], DataToken)
        self.assertIs(form.get_form_params(), form_params)
Example #18
0
    def set_token(self, token_path):
        """
        Modified to pass the filename to the FileDataToken
        """
        for key, val, ipath, setter in self.iter_setters():

            if ipath == token_path:
                if isinstance(val, (DataToken, FileDataToken)):
                    # Avoid double-wrapping
                    token = val
                else:
                    if key in self.get_file_vars():
                        fname = val.filename if hasattr(val,
                                                        'filename') else None
                        #token = FileDataToken(key, val, fname, ipath)
                        token = DataToken(key, val, ipath)
                    else:
                        token = DataToken(key, val, ipath)

                setter(token)
                self.token = token

                return token
Example #19
0
    def test_mutant_smart_fill_with_file(self):
        form_params = FormParameters()
        form_params.add_field_by_attrs({'name': 'username', 'value': ''})
        form_params.add_field_by_attrs({'name': 'address', 'value': ''})
        form_params.add_field_by_attrs({'name': 'file', 'type': 'file'})

        form = Form(form_params)
        form['username'][0] = DataToken('username', '', ('username', 0))
        form.smart_fill()

        self.assertEqual(form['username'], ['', ])
        self.assertEqual(form['address'], ['Bonsai Street 123', ])
        self.assertIsInstance(form['username'][0], DataToken)

        str_file = form['file'][0]
        self.assertEqual(str_file.name[-4:], '.gif')
        self.assertIn('GIF', str_file)

        self.assertIs(form.get_form_params(), form_params)
Example #20
0
    def test_mutant_smart_fill_with_file(self):
        form_params = FormParameters()
        form_params.add_input([("name", "username"), ("value", "")])
        form_params.add_input([("name", "address"), ("value", "")])
        form_params.add_file_input([("name", "file"), ("type", "file")])

        form = Form(form_params)
        form['username'][0] = DataToken('username', '', ('username', 0))
        form.smart_fill()

        self.assertEqual(form['username'], ['', ])
        self.assertEqual(form['address'], ['Bonsai Street 123', ])
        self.assertIsInstance(form['username'][0], DataToken)

        str_file = form['file'][0]
        self.assertEqual(str_file.name[-4:], '.gif')
        self.assertIn('GIF', str_file)

        self.assertIs(form.get_form_params(), form_params)
Example #21
0
    def test_unicodeencodeerror(self):
        _unicode = u'í'
        token = DataToken(self.NAME, _unicode, self.PATH)

        self.assertEqual(str(token), 'í')