def test_multipart_post(self):
boundary, post_data = multipart_encode([
('a', 'bcd'),
], [])
multipart_boundary = 'multipart/form-data; boundary=%s'
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
fr = FuzzableRequest.from_parts(self.url,
headers=headers,
post_data=post_data,
method='POST')
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'a'), ('type', 'text'),
('value', 'bcd')])
expected_container = MultipartContainer(form_params)
expected_headers = Headers([('content-type',
multipart_boundary % boundary)])
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), expected_headers)
self.assertIn('multipart/form-data', fr.get_headers()['content-type'])
self.assertEqual(fr.get_method(), 'POST')
self.assertIsInstance(fr.get_raw_data(), MultipartContainer)
self.assertEqual(fr.get_raw_data(), expected_container)
def test_store_in_disk_set(self):
boundary, post_data = multipart_encode([
('a', 'bcd'),
], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
disk_set = DiskSet()
disk_set.add(dc)
dc_read = disk_set[0]
# These are different objects
self.assertIsNot(dc_read, dc)
# But they hold the same data
self.assertEqual(dc.get_token(), dc_read.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_read.get_token())
self.assertEqual(dc_read.get_token().get_name(), 'a')
def test_multipart_post(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = 'multipart/form-data; boundary=%s'
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
fr = FuzzableRequest.from_parts(self.url, headers=headers,
post_data=post_data, method='POST')
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
expected_container = MultipartContainer(form_params)
expected_headers = Headers([('content-type',
multipart_boundary % boundary)])
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), expected_headers)
self.assertIn('multipart/form-data', fr.get_headers()['content-type'])
self.assertEqual(fr.get_method(), 'POST')
self.assertIsInstance(fr.get_raw_data(), MultipartContainer)
self.assertEqual(fr.get_raw_data(), expected_container)
def test_encode_file_null(self):
_files = [('file', NamedStringIO('\0hello world', name='test.txt'))]
_, encoded = multipart_encode((), _files, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="file";'\
' filename="test.txt"\r\nContent-Type: text/plain\r\n\r\n\x00'\
'hello world\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_encode_file_null(self):
_files = [('file', NamedStringIO('\0hello world', name='test.txt'))]
_, encoded = multipart_encode((), _files, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="file";'\
' filename="test.txt"\r\nContent-Type: text/plain\r\n\r\n\x00'\
'hello world\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_encode_file_null(self):
_files = [("file", NamedStringIO("\0hello world", name="test.txt"))]
_, encoded = multipart_encode((), _files, boundary="fakeboundary")
EXPECTED = (
'--fakeboundary\r\nContent-Disposition: form-data; name="file";'
' filename="test.txt"\r\nContent-Type: text/plain\r\n\r\n\x00'
"hello world\r\n--fakeboundary--\r\n\r\n"
)
self.assertEqual(EXPECTED, encoded)
def test_encode_vars_files(self):
_vars = [('a', 'b')]
_files = [('file', NamedStringIO('file content', name='test.txt'))]
_, encoded = multipart_encode(_vars, _files, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\
'\r\n\r\nb\r\n--fakeboundary\r\nContent-Disposition: form-data;'\
' name="file"; filename="test.txt"\r\nContent-Type: text/plain'\
'\r\n\r\nfile content\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_encode_vars_files(self):
_vars = [('a', 'b')]
_files = [('file', NamedStringIO('file content', name='test.txt'))]
_, encoded = multipart_encode(_vars, _files, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\
'\r\n\r\nb\r\n--fakeboundary\r\nContent-Disposition: form-data;'\
' name="file"; filename="test.txt"\r\nContent-Type: text/plain'\
'\r\n\r\nfile content\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_encode_vars_files(self):
_vars = [("a", "b")]
_files = [("file", NamedStringIO("file content", name="test.txt"))]
_, encoded = multipart_encode(_vars, _files, boundary="fakeboundary")
EXPECTED = (
'--fakeboundary\r\nContent-Disposition: form-data; name="a"'
"\r\n\r\nb\r\n--fakeboundary\r\nContent-Disposition: form-data;"
' name="file"; filename="test.txt"\r\nContent-Type: text/plain'
"\r\n\r\nfile content\r\n--fakeboundary--\r\n\r\n"
)
self.assertEqual(EXPECTED, encoded)
def test_multipart(self):
boundary, post_data = multipart_encode([('ax', 'bcd'), ], [])
multipart_boundary = 'multipart/form-data; boundary=%s'
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = dc_from_hdrs_post(headers, post_data)
EXPECTED_PARAMS = [u'ax']
self.assertIsInstance(dc, MultipartContainer)
self.assertEqual(dc.get_param_names(), EXPECTED_PARAMS)
def test_multipart(self):
boundary, post_data = multipart_encode([('ax', 'bcd'), ], [])
multipart_boundary = 'multipart/form-data; boundary=%s'
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = dc_from_hdrs_post(headers, post_data)
EXPECTED_PARAMS = [u'ax']
self.assertIsInstance(dc, MultipartContainer)
self.assertEqual(dc.get_param_names(), EXPECTED_PARAMS)
def test_encode_two_files(self):
_files = [('file1', NamedStringIO('hello world', name='test1.txt')),
('file2', NamedStringIO('bye bye', name='test2.txt'))]
_, encoded = multipart_encode((), _files, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data;' \
' name="file1"; filename="test1.txt"\r\n' \
'Content-Type: text/plain\r\n\r\nhello world\r\n' \
'--fakeboundary\r\nContent-Disposition: form-data;' \
' name="file2"; filename="test2.txt"\r\n' \
'Content-Type: text/plain\r\n\r\nbye bye\r\n' \
'--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_multipart_post_empty_value(self):
boundary, post_data = multipart_encode([('a', ''), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], [''])
self.assertEqual(mpc.get_file_vars(), [])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
def test_multipart_post_empty_value(self):
boundary, post_data = multipart_encode([('a', ''), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], [''])
self.assertEqual(mpc.get_file_vars(), [])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
def test_copy_with_token(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc.get_token(), dc_copy.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_copy.get_token())
self.assertEqual(dc_copy.get_token().get_name(), 'a')
def test_copy_with_token(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc.get_token(), dc_copy.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_copy.get_token())
self.assertEqual(dc_copy.get_token().get_name(), 'a')
def test_invalid_multipart_post(self):
_, post_data = multipart_encode([("a", "bcd")], [])
# It is invalid because there is a missing boundary parameter in the
# content-type header
headers = Headers([("content-length", str(len(post_data))), ("content-type", "multipart/form-data")])
fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method="POST")
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), headers)
self.assertEqual(fr.get_method(), "POST")
# Here the "default" post-data is set, which will be empty because we
# failed to parse the post-data
self.assertIsInstance(fr.get_raw_data(), PlainContainer)
self.assertEqual(fr.get_raw_data().get_param_names(), [])
def test_encode_two_files(self):
_files = [
("file1", NamedStringIO("hello world", name="test1.txt")),
("file2", NamedStringIO("bye bye", name="test2.txt")),
]
_, encoded = multipart_encode((), _files, boundary="fakeboundary")
EXPECTED = (
"--fakeboundary\r\nContent-Disposition: form-data;"
' name="file1"; filename="test1.txt"\r\n'
"Content-Type: text/plain\r\n\r\nhello world\r\n"
"--fakeboundary\r\nContent-Disposition: form-data;"
' name="file2"; filename="test2.txt"\r\n'
"Content-Type: text/plain\r\n\r\nbye bye\r\n"
"--fakeboundary--\r\n\r\n"
)
self.assertEqual(EXPECTED, encoded)
def test_invalid_multipart_post(self):
_, post_data = multipart_encode([('a', 'bcd'), ], [])
# It is invalid because there is a missing boundary parameter in the
# content-type header
headers = Headers([('content-length', str(len(post_data))),
('content-type', 'multipart/form-data')])
fr = FuzzableRequest.from_parts(self.url, headers=headers,
post_data=post_data, method='POST')
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), headers)
self.assertEqual(fr.get_method(), 'POST')
# Here the "default" post-data is set, which will be empty because we
# failed to parse the post-data
self.assertIsInstance(fr.get_raw_data(), PlainContainer)
self.assertEqual(fr.get_raw_data().get_param_names(), [])
def test_multipart_post_with_filename(self):
fake_file = NamedStringIO('def', name='hello.txt')
vars = [('a', 'bcd'), ]
files = [('b', fake_file)]
boundary, post_data = multipart_encode(vars, files)
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], ['bcd'])
self.assertEqual(mpc.get_file_vars(), ['b'])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
self.assertEqual(mpc.get_parameter_type('b'), 'file')
self.assertEqual(mpc.get_file_name('b'), 'hello.txt')
def test_multipart_post_with_filename(self):
fake_file = NamedStringIO('def', name='hello.txt')
vars = [('a', 'bcd'), ]
files = [('b', fake_file)]
boundary, post_data = multipart_encode(vars, files)
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], ['bcd'])
self.assertEqual(mpc.get_file_vars(), ['b'])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
self.assertEqual(mpc.get_parameter_type('b'), 'file')
self.assertEqual(mpc.get_file_name('b'), 'hello.txt')
def test_multipart_post(self):
boundary, post_data = multipart_encode([("a", "bcd")], [])
multipart_boundary = "multipart/form-data; boundary=%s"
headers = Headers([("content-length", str(len(post_data))), ("content-type", multipart_boundary % boundary)])
fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method="POST")
form_params = FormParameters()
form_params.add_input([("name", "a"), ("type", "text"), ("value", "bcd")])
expected_container = MultipartContainer(form_params)
expected_headers = Headers([("content-type", multipart_boundary % boundary)])
self.assertEqual(fr.get_url(), self.url)
self.assertEqual(fr.get_headers(), expected_headers)
self.assertIn("multipart/form-data", fr.get_headers()["content-type"])
self.assertEqual(fr.get_method(), "POST")
self.assertIsInstance(fr.get_raw_data(), MultipartContainer)
self.assertEqual(fr.get_raw_data(), expected_container)
def test_multipart_fuzzable_request_store(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
post_data = str(dc)
fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'),
method='POST', post_data=post_data,
headers=headers)
disk_set = DiskSet()
disk_set.add(fr)
fr_read = disk_set[0]
self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer)
self.assertIn('a', fr_read.get_raw_data())
def test_multipart_fuzzable_request_store(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
post_data = str(dc)
fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'),
method='POST', post_data=post_data,
headers=headers)
disk_set = DiskSet()
disk_set.add(fr)
fr_read = disk_set[0]
self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer)
self.assertIn('a', fr_read.get_raw_data())
def test_store_in_disk_set(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
disk_set = DiskSet()
disk_set.add(dc)
dc_read = disk_set[0]
# These are different objects
self.assertIsNot(dc_read, dc)
# But they hold the same data
self.assertEqual(dc.get_token(), dc_read.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_read.get_token())
self.assertEqual(dc_read.get_token().get_name(), 'a')
def test_encode_vars(self):
_, encoded = multipart_encode([("a", "b")], {}, boundary="fakeboundary")
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"' "\r\n\r\nb\r\n--fakeboundary--\r\n\r\n"
self.assertEqual(EXPECTED, encoded)
def test_encode_vars(self):
_, encoded = multipart_encode([('a', 'b')], {},
boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\
'\r\n\r\nb\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
def test_encode_vars(self):
_, encoded = multipart_encode([('a', 'b')], {}, boundary='fakeboundary')
EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\
'\r\n\r\nb\r\n--fakeboundary--\r\n\r\n'
self.assertEqual(EXPECTED, encoded)
