def test_mutant_creation(self):
self.url = URL("http://moth/?a=1&b=2")
freq = HTTPQSRequest(self.url)
created_mutants = QSMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config)
expected_dc_lst = [
DataContainer([("a", ["abc"]), ("b", ["2"])]),
DataContainer([("a", ["def"]), ("b", ["2"])]),
DataContainer([("a", ["1"]), ("b", ["abc"])]),
DataContainer([("a", ["1"]), ("b", ["def"])]),
]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), "a")
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), "1")
self.assertEqual(created_mutants[2].get_var(), "b")
self.assertEqual(created_mutants[2].get_var_index(), 0)
self.assertEqual(created_mutants[2].get_original_value(), "2")
self.assertTrue(all(isinstance(m, QSMutant) for m in created_mutants))
def test_delay_controlled(self):
for expected_result, delays in self.TEST_SUITE:
mock_uri_opener = Mock()
side_effect = generate_delays(delays)
mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect)
delay_obj = AproxDelay('%s9!', '1', 10)
url = URL('http://moth/?id=1')
req = FuzzableRequest(url)
mutant = QSMutant(req)
mutant.set_dc(url.querystring)
mutant.set_var('id', 0)
ed = AproxDelayController(mutant, delay_obj, mock_uri_opener)
controlled, responses = ed.delay_is_controlled()
self.assertEqual(expected_result, controlled, delays)
def test_delay_controlled_random(self):
for expected_result, delays in self.TEST_SUITE:
mock_uri_opener = Mock()
side_effect = generate_delays(delays, rand_range=(0, 2))
mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect)
delay_obj = ExactDelay('sleep(%s)')
url = URL('http://moth/?id=1')
req = FuzzableRequest(url)
mutant = QSMutant(req)
mutant.set_dc(url.querystring)
mutant.set_var('id', 0)
ed = ExactDelayController(mutant, delay_obj, mock_uri_opener)
controlled, responses = ed.delay_is_controlled()
# This is where we change from test_delay_controlled, the basic
# idea is that we'll allow false negatives but no false positives
if expected_result == True:
expected_result = [True, False]
else:
expected_result = [
False,
]
self.assertIn(controlled, expected_result, delays)
def _generate_qs(self, fuzzable_request):
'''
Check the URL query string.
:return: A list of mutants.
'''
query_string = fuzzable_request.get_uri().querystring
for parameter_name in query_string:
# this for loop was added to address the repeated parameter name issue
for element_index in xrange(len(query_string[parameter_name])):
orig_content = query_string[parameter_name][element_index]
wordnet_result = self._search_wn(orig_content)
mutants = QSMutant.create_mutants(fuzzable_request, wordnet_result,
[parameter_name,], False, {})
for mutant in mutants:
yield mutant
def _generate_qs(self, fuzzable_request):
'''
Check the URL query string.
:return: A list of mutants.
'''
query_string = fuzzable_request.get_uri().querystring
for parameter_name in query_string:
# this for loop was added to address the repeated parameter name issue
for element_index in xrange(len(query_string[parameter_name])):
orig_content = query_string[parameter_name][element_index]
wordnet_result = self._search_wn(orig_content)
mutants = QSMutant.create_mutants(fuzzable_request,
wordnet_result, [
parameter_name,
], False, {})
for mutant in mutants:
yield mutant
def test_delay_controlled(self):
for expected_result, delays in self.TEST_SUITE:
mock_uri_opener = Mock()
side_effect = generate_delays(delays)
mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect)
delay_obj = ExactDelay('sleep(%s)')
url = URL('http://moth/?id=1')
req = FuzzableRequest(url)
mutant = QSMutant(req)
mutant.set_dc(url.querystring)
mutant.set_var('id', 0)
ed = ExactDelayController(mutant, delay_obj, mock_uri_opener)
controlled, responses = ed.delay_is_controlled()
self.assertEqual(expected_result, controlled, delays)
def test_mutant_creation(self):
self.url = URL('http://moth/?a=1&b=2')
freq = HTTPQSRequest(self.url)
created_mutants = QSMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dc_lst = [DataContainer([('a', ['abc']), ('b', ['2'])]),
DataContainer([('a', ['def']), ('b', ['2'])]),
DataContainer([('a', ['1']), ('b', ['abc'])]),
DataContainer([('a', ['1']), ('b', ['def'])])]
created_dc_lst = [i.get_dc() for i in created_mutants]
self.assertEqual(created_dc_lst, expected_dc_lst)
self.assertEqual(created_mutants[0].get_var(), 'a')
self.assertEqual(created_mutants[0].get_var_index(), 0)
self.assertEqual(created_mutants[0].get_original_value(), '1')
self.assertEqual(created_mutants[2].get_var(), 'b')
self.assertEqual(created_mutants[2].get_var_index(), 0)
self.assertEqual(created_mutants[2].get_original_value(), '2')
self.assertTrue(all(isinstance(m, QSMutant) for m in created_mutants))
def test_print_mod_value(self):
freq = FuzzableRequest(URL('http://www.w3af.com/?id=3'))
m = QSMutant(freq)
expected = 'The sent URI was http://www.w3af.com/?id=3 .'
self.assertEqual(m.print_mod_value(), expected)
def test_print_mod_value(self):
freq = FuzzableRequest(URL("http://www.w3af.com/?id=3"))
m = QSMutant(freq)
expected = "The sent URI was http://www.w3af.com/?id=3 ."
self.assertEqual(m.print_mod_value(), expected)
