def test_mutant_creation(self): self.url = URL("http://moth/?a=1&b=2") freq = HTTPQSRequest(self.url) created_mutants = QSMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dc_lst = [ DataContainer([("a", ["abc"]), ("b", ["2"])]), DataContainer([("a", ["def"]), ("b", ["2"])]), DataContainer([("a", ["1"]), ("b", ["abc"])]), DataContainer([("a", ["1"]), ("b", ["def"])]), ] created_dc_lst = [i.get_dc() for i in created_mutants] self.assertEqual(created_dc_lst, expected_dc_lst) self.assertEqual(created_mutants[0].get_var(), "a") self.assertEqual(created_mutants[0].get_var_index(), 0) self.assertEqual(created_mutants[0].get_original_value(), "1") self.assertEqual(created_mutants[2].get_var(), "b") self.assertEqual(created_mutants[2].get_var_index(), 0) self.assertEqual(created_mutants[2].get_original_value(), "2") self.assertTrue(all(isinstance(m, QSMutant) for m in created_mutants))
def test_delay_controlled(self): for expected_result, delays in self.TEST_SUITE: mock_uri_opener = Mock() side_effect = generate_delays(delays) mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect) delay_obj = AproxDelay('%s9!', '1', 10) url = URL('http://moth/?id=1') req = FuzzableRequest(url) mutant = QSMutant(req) mutant.set_dc(url.querystring) mutant.set_var('id', 0) ed = AproxDelayController(mutant, delay_obj, mock_uri_opener) controlled, responses = ed.delay_is_controlled() self.assertEqual(expected_result, controlled, delays)
def test_delay_controlled_random(self): for expected_result, delays in self.TEST_SUITE: mock_uri_opener = Mock() side_effect = generate_delays(delays, rand_range=(0, 2)) mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect) delay_obj = ExactDelay('sleep(%s)') url = URL('http://moth/?id=1') req = FuzzableRequest(url) mutant = QSMutant(req) mutant.set_dc(url.querystring) mutant.set_var('id', 0) ed = ExactDelayController(mutant, delay_obj, mock_uri_opener) controlled, responses = ed.delay_is_controlled() # This is where we change from test_delay_controlled, the basic # idea is that we'll allow false negatives but no false positives if expected_result == True: expected_result = [True, False] else: expected_result = [ False, ] self.assertIn(controlled, expected_result, delays)
def _generate_qs(self, fuzzable_request): ''' Check the URL query string. :return: A list of mutants. ''' query_string = fuzzable_request.get_uri().querystring for parameter_name in query_string: # this for loop was added to address the repeated parameter name issue for element_index in xrange(len(query_string[parameter_name])): orig_content = query_string[parameter_name][element_index] wordnet_result = self._search_wn(orig_content) mutants = QSMutant.create_mutants(fuzzable_request, wordnet_result, [parameter_name,], False, {}) for mutant in mutants: yield mutant
def _generate_qs(self, fuzzable_request): ''' Check the URL query string. :return: A list of mutants. ''' query_string = fuzzable_request.get_uri().querystring for parameter_name in query_string: # this for loop was added to address the repeated parameter name issue for element_index in xrange(len(query_string[parameter_name])): orig_content = query_string[parameter_name][element_index] wordnet_result = self._search_wn(orig_content) mutants = QSMutant.create_mutants(fuzzable_request, wordnet_result, [ parameter_name, ], False, {}) for mutant in mutants: yield mutant
def test_delay_controlled(self): for expected_result, delays in self.TEST_SUITE: mock_uri_opener = Mock() side_effect = generate_delays(delays) mock_uri_opener.send_mutant = MagicMock(side_effect=side_effect) delay_obj = ExactDelay('sleep(%s)') url = URL('http://moth/?id=1') req = FuzzableRequest(url) mutant = QSMutant(req) mutant.set_dc(url.querystring) mutant.set_var('id', 0) ed = ExactDelayController(mutant, delay_obj, mock_uri_opener) controlled, responses = ed.delay_is_controlled() self.assertEqual(expected_result, controlled, delays)
def test_mutant_creation(self): self.url = URL('http://moth/?a=1&b=2') freq = HTTPQSRequest(self.url) created_mutants = QSMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dc_lst = [DataContainer([('a', ['abc']), ('b', ['2'])]), DataContainer([('a', ['def']), ('b', ['2'])]), DataContainer([('a', ['1']), ('b', ['abc'])]), DataContainer([('a', ['1']), ('b', ['def'])])] created_dc_lst = [i.get_dc() for i in created_mutants] self.assertEqual(created_dc_lst, expected_dc_lst) self.assertEqual(created_mutants[0].get_var(), 'a') self.assertEqual(created_mutants[0].get_var_index(), 0) self.assertEqual(created_mutants[0].get_original_value(), '1') self.assertEqual(created_mutants[2].get_var(), 'b') self.assertEqual(created_mutants[2].get_var_index(), 0) self.assertEqual(created_mutants[2].get_original_value(), '2') self.assertTrue(all(isinstance(m, QSMutant) for m in created_mutants))
def test_print_mod_value(self): freq = FuzzableRequest(URL('http://www.w3af.com/?id=3')) m = QSMutant(freq) expected = 'The sent URI was http://www.w3af.com/?id=3 .' self.assertEqual(m.print_mod_value(), expected)
def test_print_mod_value(self): freq = FuzzableRequest(URL("http://www.w3af.com/?id=3")) m = QSMutant(freq) expected = "The sent URI was http://www.w3af.com/?id=3 ." self.assertEqual(m.print_mod_value(), expected)