def test_multipart_post(self): boundary, post_data = multipart_encode([ ('a', 'bcd'), ], []) multipart_boundary = 'multipart/form-data; boundary=%s' headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method='POST') form_params = FormParameters() form_params.add_field_by_attr_items([('name', 'a'), ('type', 'text'), ('value', 'bcd')]) expected_container = MultipartContainer(form_params) expected_headers = Headers([('content-type', multipart_boundary % boundary)]) self.assertEqual(fr.get_url(), self.url) self.assertEqual(fr.get_headers(), expected_headers) self.assertIn('multipart/form-data', fr.get_headers()['content-type']) self.assertEqual(fr.get_method(), 'POST') self.assertIsInstance(fr.get_raw_data(), MultipartContainer) self.assertEqual(fr.get_raw_data(), expected_container)
def test_store_in_disk_set(self): boundary, post_data = multipart_encode([ ('a', 'bcd'), ], []) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) dc = MultipartContainer.from_postdata(headers, post_data) dc.set_token(('a', 0)) disk_set = DiskSet() disk_set.add(dc) dc_read = disk_set[0] # These are different objects self.assertIsNot(dc_read, dc) # But they hold the same data self.assertEqual(dc.get_token(), dc_read.get_token()) self.assertIsNotNone(dc.get_token()) self.assertIsNotNone(dc_read.get_token()) self.assertEqual(dc_read.get_token().get_name(), 'a')
def test_multipart_post(self): boundary, post_data = multipart_encode([('a', 'bcd'), ], []) multipart_boundary = 'multipart/form-data; boundary=%s' headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method='POST') form_params = FormParameters() form_params.add_field_by_attr_items([('name', 'a'), ('type', 'text'), ('value', 'bcd')]) expected_container = MultipartContainer(form_params) expected_headers = Headers([('content-type', multipart_boundary % boundary)]) self.assertEqual(fr.get_url(), self.url) self.assertEqual(fr.get_headers(), expected_headers) self.assertIn('multipart/form-data', fr.get_headers()['content-type']) self.assertEqual(fr.get_method(), 'POST') self.assertIsInstance(fr.get_raw_data(), MultipartContainer) self.assertEqual(fr.get_raw_data(), expected_container)
def test_encode_file_null(self): _files = [('file', NamedStringIO('\0hello world', name='test.txt'))] _, encoded = multipart_encode((), _files, boundary='fakeboundary') EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="file";'\ ' filename="test.txt"\r\nContent-Type: text/plain\r\n\r\n\x00'\ 'hello world\r\n--fakeboundary--\r\n\r\n' self.assertEqual(EXPECTED, encoded)
def test_encode_file_null(self): _files = [("file", NamedStringIO("\0hello world", name="test.txt"))] _, encoded = multipart_encode((), _files, boundary="fakeboundary") EXPECTED = ( '--fakeboundary\r\nContent-Disposition: form-data; name="file";' ' filename="test.txt"\r\nContent-Type: text/plain\r\n\r\n\x00' "hello world\r\n--fakeboundary--\r\n\r\n" ) self.assertEqual(EXPECTED, encoded)
def test_encode_vars_files(self): _vars = [('a', 'b')] _files = [('file', NamedStringIO('file content', name='test.txt'))] _, encoded = multipart_encode(_vars, _files, boundary='fakeboundary') EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\ '\r\n\r\nb\r\n--fakeboundary\r\nContent-Disposition: form-data;'\ ' name="file"; filename="test.txt"\r\nContent-Type: text/plain'\ '\r\n\r\nfile content\r\n--fakeboundary--\r\n\r\n' self.assertEqual(EXPECTED, encoded)
def test_encode_vars_files(self): _vars = [("a", "b")] _files = [("file", NamedStringIO("file content", name="test.txt"))] _, encoded = multipart_encode(_vars, _files, boundary="fakeboundary") EXPECTED = ( '--fakeboundary\r\nContent-Disposition: form-data; name="a"' "\r\n\r\nb\r\n--fakeboundary\r\nContent-Disposition: form-data;" ' name="file"; filename="test.txt"\r\nContent-Type: text/plain' "\r\n\r\nfile content\r\n--fakeboundary--\r\n\r\n" ) self.assertEqual(EXPECTED, encoded)
def test_multipart(self): boundary, post_data = multipart_encode([('ax', 'bcd'), ], []) multipart_boundary = 'multipart/form-data; boundary=%s' headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) dc = dc_from_hdrs_post(headers, post_data) EXPECTED_PARAMS = [u'ax'] self.assertIsInstance(dc, MultipartContainer) self.assertEqual(dc.get_param_names(), EXPECTED_PARAMS)
def test_encode_two_files(self): _files = [('file1', NamedStringIO('hello world', name='test1.txt')), ('file2', NamedStringIO('bye bye', name='test2.txt'))] _, encoded = multipart_encode((), _files, boundary='fakeboundary') EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data;' \ ' name="file1"; filename="test1.txt"\r\n' \ 'Content-Type: text/plain\r\n\r\nhello world\r\n' \ '--fakeboundary\r\nContent-Disposition: form-data;' \ ' name="file2"; filename="test2.txt"\r\n' \ 'Content-Type: text/plain\r\n\r\nbye bye\r\n' \ '--fakeboundary--\r\n\r\n' self.assertEqual(EXPECTED, encoded)
def test_multipart_post_empty_value(self): boundary, post_data = multipart_encode([('a', ''), ], []) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) mpc = MultipartContainer.from_postdata(headers, post_data) self.assertIsInstance(mpc, MultipartContainer) self.assertIn('a', mpc) self.assertEqual(mpc['a'], ['']) self.assertEqual(mpc.get_file_vars(), []) self.assertEqual(mpc.get_parameter_type('a'), 'text')
def test_copy_with_token(self): boundary, post_data = multipart_encode([('a', 'bcd'), ], []) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) dc = MultipartContainer.from_postdata(headers, post_data) dc.set_token(('a', 0)) dc_copy = copy.deepcopy(dc) self.assertEqual(dc.get_token(), dc_copy.get_token()) self.assertIsNotNone(dc.get_token()) self.assertIsNotNone(dc_copy.get_token()) self.assertEqual(dc_copy.get_token().get_name(), 'a')
def test_invalid_multipart_post(self): _, post_data = multipart_encode([("a", "bcd")], []) # It is invalid because there is a missing boundary parameter in the # content-type header headers = Headers([("content-length", str(len(post_data))), ("content-type", "multipart/form-data")]) fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method="POST") self.assertEqual(fr.get_url(), self.url) self.assertEqual(fr.get_headers(), headers) self.assertEqual(fr.get_method(), "POST") # Here the "default" post-data is set, which will be empty because we # failed to parse the post-data self.assertIsInstance(fr.get_raw_data(), PlainContainer) self.assertEqual(fr.get_raw_data().get_param_names(), [])
def test_encode_two_files(self): _files = [ ("file1", NamedStringIO("hello world", name="test1.txt")), ("file2", NamedStringIO("bye bye", name="test2.txt")), ] _, encoded = multipart_encode((), _files, boundary="fakeboundary") EXPECTED = ( "--fakeboundary\r\nContent-Disposition: form-data;" ' name="file1"; filename="test1.txt"\r\n' "Content-Type: text/plain\r\n\r\nhello world\r\n" "--fakeboundary\r\nContent-Disposition: form-data;" ' name="file2"; filename="test2.txt"\r\n' "Content-Type: text/plain\r\n\r\nbye bye\r\n" "--fakeboundary--\r\n\r\n" ) self.assertEqual(EXPECTED, encoded)
def test_invalid_multipart_post(self): _, post_data = multipart_encode([('a', 'bcd'), ], []) # It is invalid because there is a missing boundary parameter in the # content-type header headers = Headers([('content-length', str(len(post_data))), ('content-type', 'multipart/form-data')]) fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method='POST') self.assertEqual(fr.get_url(), self.url) self.assertEqual(fr.get_headers(), headers) self.assertEqual(fr.get_method(), 'POST') # Here the "default" post-data is set, which will be empty because we # failed to parse the post-data self.assertIsInstance(fr.get_raw_data(), PlainContainer) self.assertEqual(fr.get_raw_data().get_param_names(), [])
def test_multipart_post_with_filename(self): fake_file = NamedStringIO('def', name='hello.txt') vars = [('a', 'bcd'), ] files = [('b', fake_file)] boundary, post_data = multipart_encode(vars, files) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) mpc = MultipartContainer.from_postdata(headers, post_data) self.assertIsInstance(mpc, MultipartContainer) self.assertIn('a', mpc) self.assertEqual(mpc['a'], ['bcd']) self.assertEqual(mpc.get_file_vars(), ['b']) self.assertEqual(mpc.get_parameter_type('a'), 'text') self.assertEqual(mpc.get_parameter_type('b'), 'file') self.assertEqual(mpc.get_file_name('b'), 'hello.txt')
def test_multipart_post(self): boundary, post_data = multipart_encode([("a", "bcd")], []) multipart_boundary = "multipart/form-data; boundary=%s" headers = Headers([("content-length", str(len(post_data))), ("content-type", multipart_boundary % boundary)]) fr = FuzzableRequest.from_parts(self.url, headers=headers, post_data=post_data, method="POST") form_params = FormParameters() form_params.add_input([("name", "a"), ("type", "text"), ("value", "bcd")]) expected_container = MultipartContainer(form_params) expected_headers = Headers([("content-type", multipart_boundary % boundary)]) self.assertEqual(fr.get_url(), self.url) self.assertEqual(fr.get_headers(), expected_headers) self.assertIn("multipart/form-data", fr.get_headers()["content-type"]) self.assertEqual(fr.get_method(), "POST") self.assertIsInstance(fr.get_raw_data(), MultipartContainer) self.assertEqual(fr.get_raw_data(), expected_container)
def test_multipart_fuzzable_request_store(self): boundary, post_data = multipart_encode([('a', 'bcd'), ], []) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) dc = MultipartContainer.from_postdata(headers, post_data) post_data = str(dc) fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'), method='POST', post_data=post_data, headers=headers) disk_set = DiskSet() disk_set.add(fr) fr_read = disk_set[0] self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer) self.assertIn('a', fr_read.get_raw_data())
def test_store_in_disk_set(self): boundary, post_data = multipart_encode([('a', 'bcd'), ], []) multipart_boundary = MultipartContainer.MULTIPART_HEADER headers = Headers([('content-length', str(len(post_data))), ('content-type', multipart_boundary % boundary)]) dc = MultipartContainer.from_postdata(headers, post_data) dc.set_token(('a', 0)) disk_set = DiskSet() disk_set.add(dc) dc_read = disk_set[0] # These are different objects self.assertIsNot(dc_read, dc) # But they hold the same data self.assertEqual(dc.get_token(), dc_read.get_token()) self.assertIsNotNone(dc.get_token()) self.assertIsNotNone(dc_read.get_token()) self.assertEqual(dc_read.get_token().get_name(), 'a')
def test_encode_vars(self): _, encoded = multipart_encode([("a", "b")], {}, boundary="fakeboundary") EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"' "\r\n\r\nb\r\n--fakeboundary--\r\n\r\n" self.assertEqual(EXPECTED, encoded)
def test_encode_vars(self): _, encoded = multipart_encode([('a', 'b')], {}, boundary='fakeboundary') EXPECTED = '--fakeboundary\r\nContent-Disposition: form-data; name="a"'\ '\r\n\r\nb\r\n--fakeboundary--\r\n\r\n' self.assertEqual(EXPECTED, encoded)