def get_test_cases(cls, filename, file_content): request_obj = parser.create_request( file_content, os.environ.get("SYNTRIBOS_ENDPOINT")) request_obj.headers['Origin'] = 'http://example.com' cls.resp = cls.client.send_request(request_obj) yield cls
def get_test_cases(cls, filename, file_content): """Makes sure API call supports XML Overrides parent fuzz test generation, if API method does not support XML, do not generate tests. """ # Send request for different content-types request_obj = parser.create_request(file_content, CONF.syntribos.endpoint) prepared_copy = request_obj.get_prepared_copy() prepared_copy.headers["content-type"] = "application/json" prepared_copy_xml = prepared_copy.get_prepared_copy() prepared_copy_xml.headers["content-type"] = "application/xml" init_response, init_signals = cls.client.send_request(prepared_copy) _, xml_signals = cls.client.send_request(prepared_copy_xml) cls.init_resp = init_response cls.init_signals = init_signals if "HTTP_CONTENT_TYPE_XML" not in init_signals and "HTTP_CONTENT_TYPE_XML" not in xml_signals: return # iterate through permutations of doctype declarations and fuzz fields dtds = cls._get_strings(cls.dtds_data_key) for d_num, dtd in enumerate(dtds): prefix_name = "{filename}_{test_name}_{fuzz_file}{d_index}_" prefix_name = prefix_name.format( filename=filename, test_name=cls.test_name, fuzz_file=cls.dtds_data_key, d_index=d_num ) fr = syntribos.tests.fuzz.datagen.fuzz_request(request_obj, ["&xxe;"], cls.test_type, prefix_name) for fuzz_name, request, fuzz_string, param_path in fr: request.data = "{0}\n{1}".format(dtd, request.data) yield cls.extend_class(fuzz_name, fuzz_string, param_path, {"request": request})
def get_test_cases(cls, filename, file_content): request_obj = parser.create_request(file_content, CONF.syntribos.endpoint) prepared_copy = request_obj.get_prepared_copy() cls.test_resp, cls.test_signals = cls.client.send_request( prepared_copy) yield cls
def get_test_cases(cls, filename, file_content, meta_vars): request_obj = parser.create_request( file_content, CONF.syntribos.endpoint, meta_vars ) prepared_copy = request_obj.get_prepared_copy() cls.test_resp, cls.test_signals = cls.client.send_request( prepared_copy) cls.test_req = request_obj.get_prepared_copy() yield cls
def get_test_cases(cls, filename, file_content): xst_header = {"TRACE_THIS": "XST_Vuln"} request_obj = parser.create_request( file_content, CONF.syntribos.endpoint, meta_vars=None) prepared_copy = request_obj.get_prepared_copy() prepared_copy.method = "TRACE" prepared_copy.headers.update(xst_header) cls.test_resp, cls.test_signals = cls.client.send_request( prepared_copy) yield cls
def get_test_cases(cls, filename, file_content, meta_vars): xst_header = {"TRACE_THIS": "XST_Vuln"} request_obj = parser.create_request( file_content, CONF.syntribos.endpoint, meta_vars) prepared_copy = request_obj.get_prepared_copy() prepared_copy.method = "TRACE" prepared_copy.headers.update(xst_header) cls.test_resp, cls.test_signals = cls.client.send_request( prepared_copy) yield cls
def create_init_request(cls, filename, file_content): """Parses template and creates init request object This method does not send the initial request, instead, it only creates the object for use in the debug test :param str filename: name of template file :param str file_content: content of template file as string """ request_obj = parser.create_request(file_content, CONF.syntribos.endpoint) cls.init_req = request_obj cls.init_resp = None cls.init_signals = None
def create_init_request(cls, filename, file_content, meta_vars): """Parses template and creates init request object This method does not send the initial request, instead, it only creates the object for use in the debug test :param str filename: name of template file :param str file_content: content of template file as string """ request_obj = parser.create_request( file_content, CONF.syntribos.endpoint, meta_vars) cls.init_req = request_obj cls.init_resp = None cls.init_signals = None
def get_test_cases(cls, filename, file_content): """Makes sure API call supports XML Overrides parent fuzz test generation, if API method does not support XML, do not generate tests. """ # Send request for different content-types request_obj = parser.create_request(file_content, CONF.syntribos.endpoint) prepared_copy = request_obj.get_prepared_copy() prepared_copy.headers['content-type'] = "application/json" prepared_copy_xml = prepared_copy.get_prepared_copy() prepared_copy_xml.headers['content-type'] = "application/xml" init_response, init_signals = cls.client.send_request(prepared_copy) init_response_xml, xml_signals = cls.client.send_request( prepared_copy_xml) cls.init_resp = init_response cls.init_signals = init_signals if ("HTTP_CONTENT_TYPE_XML" not in init_signals and "HTTP_CONTENT_TYPE_XML" not in xml_signals): return # iterate through permutations of doctype declarations and fuzz fields dtds = cls._get_strings(cls.dtds_data_key) for d_num, dtd in enumerate(dtds): prefix_name = "{filename}_{test_name}_{fuzz_file}{d_index}_" prefix_name = prefix_name.format(filename=filename, test_name=cls.test_name, fuzz_file=cls.dtds_data_key, d_index=d_num) fr = syntribos.tests.fuzz.datagen.fuzz_request( request_obj, ["&xxe;"], cls.test_type, prefix_name) for fuzz_name, request, fuzz_string, param_path in fr: request.data = "{0}\n{1}".format(dtd, request.data) yield cls.extend_class(fuzz_name, fuzz_string, param_path, {"request": request})
def send_init_request(cls, filename, file_content): """Parses template, creates init request object, and sends init request This method sends the initial request, which is the request created after parsing the template file. This request will not be modified any further by the test cases themselves. :param str filename: name of template file :param str file_content: content of template file as string """ cls.init_req = parser.create_request(file_content, CONF.syntribos.endpoint) prepared_copy = cls.init_req.get_prepared_copy() cls.init_resp, cls.init_signals = cls.client.send_request( prepared_copy) if cls.init_resp is not None: # Get the computed body and add it to our RequestObject # TODO(cneill): Figure out a better way to handle this discrepancy cls.init_req.body = cls.init_resp.request.body else: cls.dead = True
def send_init_request(cls, filename, file_content, meta_vars): """Parses template, creates init request object, and sends init request This method sends the initial request, which is the request created after parsing the template file. This request will not be modified any further by the test cases themselves. :param str filename: name of template file :param str file_content: content of template file as string """ cls.init_req = parser.create_request( file_content, CONF.syntribos.endpoint, meta_vars) prepared_copy = cls.init_req.get_prepared_copy() cls.init_resp, cls.init_signals = cls.client.send_request( prepared_copy) if cls.init_resp is not None: # Get the computed body and add it to our RequestObject # TODO(cneill): Figure out a better way to handle this discrepancy cls.init_req.body = cls.init_resp.request.body else: cls.dead = True