def do_req(self, rtype, url, data=None, headers=None):
config = self.config
url, schema, dheaders = self._url_schema_headers(url)
headers = dheaders if not headers else headers
if isinstance(data, dict):
if schema:
data.setdefault('$schema', schema)
if rtype=='post' or rtype=='put':
loc = "parameters" if url.count('/metadata') else "properties"
self._add_gemini_auth(data, loc)
if config.get("use_ssl", None):
try:
r = http.make_request(rtype, url, headers, json.dumps(data),
config.get('ssl_cert', None), config.get('ssl_key', None),
config['ssl_cafile'])
except:
logger.info("do_req", msg="Could not reach %s" % url)
return None
else:
try:
r = http.make_request(rtype, url, headers, json.dumps(data))
except:
logger.info("do_req", msg="Could not reach %s" % url)
return None
try:
return json.loads(r)
except ValueError:
return r
except TypeError:
return r
def test_duration_timeout(self):
session, handshake_response = protocol.handshake()
response = http.make_request(config.base_url + "/comet?du=1&s=" + session.key, timeout=1.2)
packets = json.loads(response.body[1:-1])
if packets != []:
raise CSPException("Invalid comet response: expected empty batch", response)
print response.formatted_transcript()
def padding_oracle_decrypt(cypher_text, url, key, block_size = 16):
cypher_text = common.hex_to_ascii(cypher_text)
length = len(cypher_text)
count = length // block_size
D = [0] * length
def clear(block):
return D[:block * block_size] + [0] * (length - (block * block_size))
def padding(index, pad):
return [0] * index + [pad] * pad + [0] * block_size
for block in xrange(count - 1, 0, -1):
for byte in xrange(block_size - 1, -1, -1):
index = ((block - 1) * block_size) + byte
for current in xrange(256):
D[index] = current
cleared = clear(block)
padded = padding(index, block_size - byte)
result = common.three_xor(cypher_text, cleared, padded)
if http.make_request(url, key, common.ascii_to_string(result)):
break
if current == 255:
D[index] = block_size - byte
return common.ascii_to_string(D)
def handshake():
response = http.make_request(config.base_url + '/handshake?d={}')
try:
session_data = json.loads(response.body[1:-1])
session = Session(session_data['session'])
return session, response
except:
raise error.CSPException("Invalid handshake response", response)
def test_handshake_get_valid_rsrp(self):
response = http.make_request(self.base_url + "/handshake?d={}&rp=testing&rs=;")
if response.code != 200:
raise CSPException("Valid Handshake should return status code 200", response)
if not response.body.startswith("testing"):
raise CSPException("Handshake returns invalid REQUEST_PREFIX", response)
if not response.body.endswith(";"):
raise CSPException("Handshake returns invalid REQUEST_SUFFIX", response)
reply = response.body[len("testing") : -len(";")]
self._verify_handshake_response(reply, response)
def send(self, data):
packet = json.dumps([[self.sentEventId,0, data]])
self.sentEventId += 1
response = http.make_request(config.base_url + '/send?s=' + self.key + '&d=' + packet)
try:
# XXX: check spec and fully parse response
assert 'OK' in response.body
except:
raise error.CSPException("Invalid send response", response)
return response
def comet(self):
response = http.make_request(config.base_url + '/comet?s=' + self.key)
output = ""
try:
packets = json.loads(response.body[1:-1])
for packet in packets:
# XXX: use the proper decode function (urldecode, maybe)
output += packet[2]
except:
raise error.CSPException("Invalid comet response", response)
return output, response
def test_reflect_get(self):
session, handshake_response = protocol.handshake()
payload = "<script>alert('woot')</script>"
url = self.base_url + "/reflect?s=" + session.key + "&d=" + payload
response = http.make_request(url, reset_transcript=False, socket=handshake_response.socket)
# response.prepend_transcript(handshake_response.socket.transcript)
if response.code != 200:
raise CSPException("Reflect (GET) should return status code 200",
response)
if payload != response.body:
raise CSPException("Reflect (GET) returned invalid response body.",
response)
print response.formatted_transcript()
def test_reflect_post(self):
session, handshake_response = protocol.handshake()
payload = "<script>alert('woot')</script>"
url = self.base_url + "/reflect?s=" + session.key
body = payload
response = http.make_request(url, method='POST', body=body,
reset_transcript=False, socket=handshake_response.socket)
if response.code != 200:
raise CSPException("Reflect (POST) should return status code 200",
response)
if payload != response.body:
raise CSPException("Reflect (POST) returned invalid response body.",
response)
def test_handshake_get_valid_w_data(self):
response = http.make_request(self.base_url + '/handshake?d={"spam":"eggs"}')
if response.code != 200:
raise CSPException("Valid Handshake should return status code 200", response)
self._verify_handshake_response(response.body, response)
def _expect_failure_for_url(self, url, exception_message=None):
response = http.make_request(self.base_url + url)
if response.code == 200:
self._raise_exception(exception_message, response)
