def _create_instance_from_form_params(data_container_cls, params): form_params = FormParameters() for param_name, param_value in params.iteritems(): form_params.add_field_by_attrs({'name': param_name, 'value': param_value}) return data_container_cls(form_params)
def test_keep_sync(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) self.assertNotIn('address', form_params) self.assertNotIn('address', form) # Add to the form_params form_params['address'] = [''] self.assertIn('address', form_params) self.assertIn('address', form) # Add to the Form object form['company'] = [''] self.assertIn('company', form_params) self.assertIn('company', form) # Del from the Form object del form['address'] self.assertNotIn('address', form) self.assertNotIn('address', form_params) # Del from the FormParams object del form_params['company'] self.assertNotIn('company', form) self.assertNotIn('company', form_params)
def test_login_form_utils(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) self.assertTrue(form.is_login_form()) self.assertFalse(form.is_registration_form()) self.assertFalse(form.is_password_change_form()) self.assertEqual(form.get_parameter_type_count(), (1, 1, 0)) user_token, pass_token = form.get_login_tokens() self.assertEqual(user_token.get_name(), 'username') self.assertEqual(pass_token.get_name(), 'pwd') self.assertEqual(user_token.get_value(), '') self.assertEqual(pass_token.get_value(), '') form.set_login_username('andres') self.assertEqual(form['username'][0], 'andres') self.assertEqual(form['pwd'][0], '') form.set_login_username('pablo') form.set_login_password('long-complex') self.assertEqual(form['username'][0], 'pablo') self.assertEqual(form['pwd'][0], 'long-complex') self.assertIs(form.get_form_params(), form_params)
def test_login_form_utils(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) self.assertTrue(form.is_login_form()) self.assertFalse(form.is_registration_form()) self.assertFalse(form.is_password_change_form()) self.assertEqual(form.get_parameter_type_count(), (1, 1, 0)) user_token, pass_token = form.get_login_tokens() self.assertEqual(user_token.get_name(), 'username') self.assertEqual(pass_token.get_name(), 'pwd') self.assertEqual(user_token.get_value(), '') self.assertEqual(pass_token.get_value(), '') form.set_login_username('andres') self.assertEqual(form['username'][0], 'andres') self.assertEqual(form['pwd'][0], '') form.set_login_username('pablo') form.set_login_password('long-complex') self.assertEqual(form['username'][0], 'pablo') self.assertEqual(form['pwd'][0], 'long-complex') self.assertIs(form.get_form_params(), form_params)
def test_keep_sync(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) self.assertNotIn('address', form_params) self.assertNotIn('address', form) # Add to the form_params form_params['address'] = [''] self.assertIn('address', form_params) self.assertIn('address', form) # Add to the Form object form['company'] = [''] self.assertIn('company', form_params) self.assertIn('company', form) # Del from the Form object del form['address'] self.assertNotIn('address', form) self.assertNotIn('address', form_params) # Del from the FormParams object del form_params['company'] self.assertNotIn('company', form) self.assertNotIn('company', form_params)
def test_login_form_utils(self): form = FormParameters() form.add_field_by_attrs({'name': 'username', 'type': 'text'}) form.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) self.assertTrue(form.is_login_form()) self.assertFalse(form.is_registration_form()) self.assertFalse(form.is_password_change_form()) self.assertEqual(form.get_parameter_type_count(), (1, 1, 0))
def test_login_form_utils(self): form = FormParameters() form.add_field_by_attrs({'name': 'username', 'type': 'text'}) form.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) self.assertTrue(form.is_login_form()) self.assertFalse(form.is_registration_form()) self.assertFalse(form.is_password_change_form()) self.assertEqual(form.get_parameter_type_count(), (1, 1, 0))
def test_cpickle_simple(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) pickled_form = cPickle.loads(cPickle.dumps(form)) self.assertEqual(pickled_form.items(), form.items())
def _create_instance_from_form_params(data_container_cls, params): form_params = FormParameters() for param_name, param_value in params.iteritems(): form_params.add_field_by_attrs({ 'name': param_name, 'value': param_value }) return data_container_cls(form_params)
def test_cpickle_simple(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) pickled_form = cPickle.loads(cPickle.dumps(form)) self.assertEqual(pickled_form.items(), form.items())
def test_form_copy(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) form.set_token(('username', 0)) form_copy = copy.deepcopy(form) self.assertEqual(form.get_token(), form_copy.get_token()) self.assertIsNot(None, form_copy.get_token())
def test_form_copy(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'type': 'text'}) form_params.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form = Form(form_params) form.set_token(('username', 0)) form_copy = copy.deepcopy(form) self.assertEqual(form.get_token(), form_copy.get_token()) self.assertIsNot(None, form_copy.get_token())
def test_mutant_iter_bound_tokens(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': '', 'type': 'password'}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form = Form(form_params) for form_copy, _ in form.iter_bound_tokens(): self.assertIsInstance(form_copy, Form) self.assertEquals(form_copy.items(), form.items()) self.assertEquals(form_copy.get_parameter_type('username'), INPUT_TYPE_PASSWD)
def test_mutant_iter_bound_tokens(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': '', 'type': 'password'}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form = Form(form_params) for form_copy, _ in form.iter_bound_tokens(): self.assertIsInstance(form_copy, Form) self.assertEquals(form_copy.items(), form.items()) self.assertEquals(form_copy.get_parameter_type('username'), INPUT_TYPE_PASSWD)
def test_mutant_smart_fill_simple(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params['username'][0] = DataToken('username', '', ('username', 0)) form = Form(form_params) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) self.assertIs(form.get_form_params(), form_params)
def create_form_params_helper(form_data): """ Creates a dc.Form object from a dict container :param form_data: A list containing dicts representing a form's internal structure :return: A dc.Form object from `form_data` """ new_form_params = FormParameters() for elem_data in form_data: new_form_params.add_field_by_attrs(elem_data) return new_form_params
def test_mutant_smart_fill_simple(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params['username'][0] = DataToken('username', '', ('username', 0)) form = Form(form_params) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) self.assertIs(form.get_form_params(), form_params)
def create_form_params_helper(form_data): """ Creates a dc.Form object from a dict container :param form_data: A list containing dicts representing a form's internal structure :return: A dc.Form object from `form_data` """ new_form_params = FormParameters() for elem_data in form_data: new_form_params.add_field_by_attrs(elem_data) return new_form_params
def test_get_form_id(self): action = URL('http://www.w3af.com/action') hosted_at_url = URL('http://www.w3af.com/') attributes = {'class': 'form-main'} form = FormParameters(method='GET', action=action, attributes=attributes, hosted_at_url=hosted_at_url) form.add_field_by_attrs({'name': 'username', 'type': 'text'}) form.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form_id = form.get_form_id() self.assertEqual(form_id.action, action) self.assertEqual(form_id.attributes, attributes) self.assertEqual(form_id.method, 'GET') self.assertEqual(form_id.hosted_at_url, hosted_at_url) self.assertEqual(form_id.inputs, ['username', 'pwd'])
def test_get_form_id(self): action = URL('http://www.w3af.com/action') hosted_at_url = URL('http://www.w3af.com/') attributes = {'class': 'form-main'} form = FormParameters(method='GET', action=action, attributes=attributes, hosted_at_url=hosted_at_url) form.add_field_by_attrs({'name': 'username', 'type': 'text'}) form.add_field_by_attrs({'name': 'pwd', 'type': 'password'}) form_id = form.get_form_id() self.assertEqual(form_id.action, action) self.assertEqual(form_id.attributes, attributes) self.assertEqual(form_id.method, 'GET') self.assertEqual(form_id.hosted_at_url, hosted_at_url) self.assertEqual(form_id.inputs, ['username', 'pwd'])
def from_postdata(cls, headers, post_data): if not MultipartContainer.is_multipart(headers): raise ValueError('No multipart content-type header.') environ = {'REQUEST_METHOD': 'POST'} try: fs = cgi.FieldStorage(fp=StringIO.StringIO(post_data), headers=headers.to_dict(), environ=environ) except ValueError: raise ValueError('Failed to create MultipartContainer.') else: # Please note that the FormParameters is just a container for # the information. # # When the FuzzableRequest is sent the framework calls get_data() # which returns a string version of this object, properly encoded # using multipart/form-data # # To make sure the web application properly decodes the request, we # also include the headers in get_headers() which include the # boundary form_params = FormParameters() for key in fs.list: if key.filename is None: attrs = { 'type': INPUT_TYPE_TEXT, 'name': key.name, 'value': key.file.read() } form_params.add_field_by_attrs(attrs) else: attrs = { 'type': INPUT_TYPE_FILE, 'name': key.name, 'value': key.file.read(), 'filename': key.filename } form_params.add_field_by_attrs(attrs) form_params.set_file_name(key.name, key.filename) return cls(form_params)
def test_mutant_smart_fill_with_file(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params.add_field_by_attrs({'name': 'file', 'type': 'file'}) form = Form(form_params) form['username'][0] = DataToken('username', '', ('username', 0)) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) str_file = form['file'][0] self.assertEqual(str_file.name[-4:], '.gif') self.assertIn('GIF', str_file) self.assertIs(form.get_form_params(), form_params)
def test_mutant_smart_fill_with_file(self): form_params = FormParameters() form_params.add_field_by_attrs({'name': 'username', 'value': ''}) form_params.add_field_by_attrs({'name': 'address', 'value': ''}) form_params.add_field_by_attrs({'name': 'file', 'type': 'file'}) form = Form(form_params) form['username'][0] = DataToken('username', '', ('username', 0)) form.smart_fill() self.assertEqual(form['username'], ['', ]) self.assertEqual(form['address'], ['Bonsai Street 123', ]) self.assertIsInstance(form['username'][0], DataToken) str_file = form['file'][0] self.assertEqual(str_file.name[-4:], '.gif') self.assertIn('GIF', str_file) self.assertIs(form.get_form_params(), form_params)
def from_postdata(cls, headers, post_data): if not MultipartContainer.content_type_matches(headers): raise ValueError('No multipart content-type header.') environ = {'REQUEST_METHOD': 'POST'} try: fs = cgi.FieldStorage(fp=StringIO.StringIO(post_data), headers=headers.to_dict(), environ=environ) except ValueError: raise ValueError('Failed to create MultipartContainer.') else: # Please note that the FormParameters is just a container for # the information. # # When the FuzzableRequest is sent the framework calls get_data() # which returns a string version of this object, properly encoded # using multipart/form-data # # To make sure the web application properly decodes the request, we # also include the headers in get_headers() which include the # boundary form_params = FormParameters() for key in fs.list: if key.filename is None: attrs = {'type': INPUT_TYPE_TEXT, 'name': key.name, 'value': key.file.read()} form_params.add_field_by_attrs(attrs) else: attrs = {'type': INPUT_TYPE_FILE, 'name': key.name, 'value': key.file.read(), 'filename': key.filename} form_params.add_field_by_attrs(attrs) form_params.set_file_name(key.name, key.filename) return cls(form_params)