def test_match_action_regex(self): user_configured_json = {'action': '/products/comm.*'} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertTrue(match)
def test_not_match_hosted_at_regex(self): user_configured_json = {'hosted_at_url': '/products/.*'} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(hosted_at_url=URL('http://w3af.org/another/product-132'), inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertFalse(match)
def test_match_hosted_at_regex(self): user_configured_json = {'hosted_at_url': '/products/.*'} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(hosted_at_url=self.HOSTED_AT_URL, inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertTrue(match)
def test_match_empty_user_configured_json(self): user_configured_json = {} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertTrue(match)
def test_not_match_hosted_at_regex(self): user_configured_json = {'hosted_at_url': '/products/.*'} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID( hosted_at_url=URL('http://w3af.org/another/product-132'), inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertFalse(match)
def test_match_method(self): user_configured_json = {'method': 'get'} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], method='get') match = found_form_id.matches(form_matcher) self.assertTrue(match)
def test_no_match_when_action_regex_match_and_input_not(self): user_configured_json = {'action': '/products/comm.*', 'inputs': ['foo']} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertFalse(match)
def test_not_match_attrs(self): user_configured_json = {'attributes': {'class': 'impact-css'}} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, attributes={'class': 'comment-css'}) match = found_form_id.matches(form_matcher) self.assertFalse(match)
def test_matches_one_of_false_1(self): user_value = '[{"action": "/foo"}, {"action": "/bar", "method": "get"}]' form_list = FormIDMatcherList(user_value) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, attributes={'class': 'comment-css'}) match = found_form_id.matches_one_of(form_list) self.assertFalse(match)
def test_no_match_when_action_regex_match_and_input_not(self): user_configured_json = { 'action': '/products/comm.*', 'inputs': ['foo'] } form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit']) match = found_form_id.matches(form_matcher) self.assertFalse(match)
def test_matches_one_of_true(self): user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]' form_list = FormIDMatcherList(user_value) found_form_id = FormID(action=URL('http://w3af.org/products/product-132'), inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, method='get', attributes={'class': 'comment-css'}) match = found_form_id.matches_one_of(form_list) self.assertTrue(match)
def test_match_all(self): user_configured_json = {'hosted_at_url': '/products/.*', 'inputs': ['comment'], 'action': '/products/comments', 'attributes': {'class': 'comment-css'}} form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, attributes={'class': 'comment-css'}) match = found_form_id.matches(form_matcher) self.assertTrue(match)
def test_matches_one_of_true(self): user_value = '[{"action": "/foo", "method": "post"}, {"action": "/products/product-.*", "method": "get"}]' form_list = FormIDMatcherList(user_value) found_form_id = FormID( action=URL('http://w3af.org/products/product-132'), inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, method='get', attributes={'class': 'comment-css'}) match = found_form_id.matches_one_of(form_list) self.assertTrue(match)
def test_form_id_to_json(self): form_id = FormID(hosted_at_url=self.HOSTED_AT_URL, inputs=['comment'], action=self.ACTION_URL, attributes={'class': 'comment-css'}, method='post') form_id_json = form_id.to_json() loaded_form_id = json.loads(form_id_json) self.assertEqual(loaded_form_id['action'], form_id.action.get_path()) self.assertEqual(loaded_form_id['hosted_at_url'], form_id.hosted_at_url.get_path()) self.assertEqual(loaded_form_id['inputs'], form_id.inputs) self.assertEqual(loaded_form_id['attributes'], form_id.attributes) self.assertEqual(loaded_form_id['method'], form_id.method)
def test_match_all(self): user_configured_json = { 'hosted_at_url': '/products/.*', 'inputs': ['comment'], 'action': '/products/comments', 'attributes': { 'class': 'comment-css' } } form_matcher = self.create_form_matcher(user_configured_json) found_form_id = FormID(action=self.ACTION_URL, inputs=['comment', 'submit'], hosted_at_url=self.HOSTED_AT_URL, attributes={'class': 'comment-css'}) match = found_form_id.matches(form_matcher) self.assertTrue(match)
def get_form_id(self): """ :return: A FormID which can be used to compare two forms :see: https://github.com/andresriancho/w3af/issues/15161 """ return FormID(action=self._action, inputs=self.meta.keys(), attributes=self._attributes, hosted_at_url=self._hosted_at_url, method=self._method)
def test_form_id_trivial(self): form_id = FormID(hosted_at_url=self.HOSTED_AT_URL, inputs=['comment'], action=self.ACTION_URL, attributes={'class': 'comment-css'}, method='get') self.assertEqual(form_id.hosted_at_url, self.HOSTED_AT_URL) self.assertEqual(form_id.inputs, ['comment']) self.assertEqual(form_id.action, self.ACTION_URL) self.assertEqual(form_id.attributes, {'class': 'comment-css'}) self.assertEqual(form_id.method, 'get')