def test_from_postdata_no_post_data(self): headers = Headers([('content-type', URLEncodedForm.ENCODING)]) post_data = '' form = URLEncodedForm.from_postdata(headers, post_data) self.assertEqual(len(form), 0)
def test_php_serialized_objects_post_data(self): post_data = 'obj=%s' % base64.b64encode(SERIALIZED_PHP_OBJECTS[1]) headers = Headers([('Content-Type', 'application/x-www-form-urlencoded')]) form = URLEncodedForm.from_postdata(headers, post_data) request = FuzzableRequest(self.url, headers=headers, post_data=form) self.plugin.grep(request, self.response) self.assertEquals(len(kb.kb.get('serialized_object', 'serialized_object')), 1)
def test_form_copy(self): headers = Headers([('content-type', URLEncodedForm.ENCODING)]) post_data = 'a=2&c=3' form = URLEncodedForm.from_postdata(headers, post_data) form.set_token(('a', 0)) form_copy = copy.deepcopy(form) self.assertEqual(form, form_copy) self.assertEqual(form.get_token(), form_copy.get_token()) self.assertIsNot(None, form_copy.get_token())
def test_form_pickle(self): headers = Headers([('content-type', URLEncodedForm.ENCODING)]) post_data = 'a=2&c=3' form = URLEncodedForm.from_postdata(headers, post_data) form.set_token(('a', 0)) pickled_form = cPickle.dumps(form) unpickled_form = cPickle.loads(pickled_form) self.assertEqual(form, unpickled_form) self.assertEqual(form.get_token(), unpickled_form.get_token()) self.assertIsNotNone(unpickled_form.get_token()) self.assertEqual(unpickled_form.keys(), ['a', 'c'])
def test_form_pickle(self): headers = Headers([("content-type", URLEncodedForm.ENCODING)]) post_data = "a=2&c=3" form = URLEncodedForm.from_postdata(headers, post_data) form.set_token(("a", 0)) pickled_form = cPickle.dumps(form) unpickled_form = cPickle.loads(pickled_form) self.assertEqual(form, unpickled_form) self.assertEqual(form.get_token(), unpickled_form.get_token()) self.assertIsNotNone(unpickled_form.get_token()) self.assertEqual(unpickled_form.keys(), ["a", "c"])
def test_from_postdata_ok(self): headers = Headers([('content-type', URLEncodedForm.ENCODING)]) post_data = 'a=2&c=3' form = URLEncodedForm.from_postdata(headers, post_data) self.assertEqual(form['a'], ['2']) self.assertEqual(form['c'], ['3']) self.assertFalse(form.is_login_form()) self.assertFalse(form.is_password_change_form()) self.assertFalse(form.is_registration_form()) self.assertEqual(form.get_parameter_type('a'), INPUT_TYPE_TEXT) self.assertEqual(form.get_parameter_type('b'), INPUT_TYPE_TEXT)
def test_from_postdata_ok(self): headers = Headers([("content-type", URLEncodedForm.ENCODING)]) post_data = "a=2&c=3" form = URLEncodedForm.from_postdata(headers, post_data) self.assertEqual(form["a"], ["2"]) self.assertEqual(form["c"], ["3"]) self.assertFalse(form.is_login_form()) self.assertFalse(form.is_password_change_form()) self.assertFalse(form.is_registration_form()) self.assertEqual(form.get_parameter_type("a"), INPUT_TYPE_TEXT) self.assertEqual(form.get_parameter_type("b"), INPUT_TYPE_TEXT)
def test_mutated_request(self): # Note that I'm sending the serialized object in reverse string order post_data = 'test=1&obj=%s' % base64.b64encode( SERIALIZED_PHP_OBJECTS[1]) headers = Headers([('Content-Type', 'application/x-www-form-urlencoded')]) form = URLEncodedForm.from_postdata(headers, post_data) request = FuzzableRequest(self.url, headers=headers, post_data=form) mutants = create_mutants(request, ['x']) for mutant in mutants: self.plugin.grep(mutant, self.response) self.assertEquals( len(kb.kb.get('serialized_object', 'serialized_object')), 1)
def test_from_postdata_ok(self): headers = Headers([('content-type', URLEncodedForm.ENCODING)]) post_data = 'a=2&c=3' form = URLEncodedForm.from_postdata(headers, post_data) self.assertEqual(form['a'], ['2']) self.assertEqual(form['c'], ['3']) self.assertFalse(form.is_login_form()) self.assertFalse(form.is_password_change_form()) self.assertFalse(form.is_registration_form()) self.assertEqual(form.get_parameter_type('a'), FormParameters.INPUT_TYPE_TEXT) self.assertEqual(form.get_parameter_type('b'), FormParameters.INPUT_TYPE_TEXT)