class TestExtendedUrllibProxy(unittest.TestCase): MOTH_MESSAGE = 'Welcome to the moth homepage!' def setUp(self): self.uri_opener = ExtendedUrllib() # Start the proxy daemon self._proxy = Proxy('127.0.0.1', 0, ExtendedUrllib(), w3afProxyHandler) self._proxy.start() self._proxy.wait_for_start() port = self._proxy.get_port() # Configure the proxy settings = OpenerSettings() options = settings.get_options() proxy_address_opt = options['proxy_address'] proxy_port_opt = options['proxy_port'] proxy_address_opt.set_value('127.0.0.1') proxy_port_opt.set_value(port) settings.set_options(options) self.uri_opener.settings = settings def tearDown(self): self.uri_opener.end() def test_http_default_port_via_proxy(self): url = URL('http://moth/') http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_http_port_specification_via_proxy(self): url = URL('http://moth:80/') http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_https_via_proxy(self): TODO = 'Skip this test because of a strange bug with the extended'\ ' url library and w3af\'s local proxy daemon. More info here:'\ ' https://github.com/andresriancho/w3af/issues/183' raise SkipTest(TODO) url = URL('https://moth/') http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_offline_port_via_proxy(self): url = URL('http://127.0.0.1:8181/') http_response = self.uri_opener.GET(url, cache=False) self.assertEqual(http_response.get_code(), 400) def test_POST_via_proxy(self): url = URL('http://moth/w3af/core/echo/post.php') http_response = self.uri_opener.POST(url, data='abc=123', cache=False) self.assertIn('[abc] => 123', http_response.body)
class TestXUrllib(unittest.TestCase): MOTH_MESSAGE = 'Welcome to the moth homepage!' def setUp(self): self.uri_opener = ExtendedUrllib() def tearDown(self): self.uri_opener.end() def test_basic(self): url = URL('http://moth/') http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertGreaterEqual(http_response.id, 1) self.assertNotEqual(http_response.id, None) def test_cache(self): url = URL('http://moth/') http_response = self.uri_opener.GET(url) self.assertTrue(self.MOTH_MESSAGE in http_response.body) url = URL('http://moth/') http_response = self.uri_opener.GET(url) self.assertTrue(self.MOTH_MESSAGE in http_response.body) def test_qs_params(self): url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=section.txt') http_response = self.uri_opener.GET(url, cache=False) self.assertTrue('Showing the section content.' in http_response.body, http_response.body) url = URL('http://moth/w3af/audit/local_file_read/local_file_read.php?file=/etc/passwd') http_response = self.uri_opener.GET(url, cache=False) self.assertTrue( 'root:x:0:0:' in http_response.body, http_response.body) def test_POST(self): url = URL('http://moth/w3af/audit/xss/data_receptor2.php') data = DataContainer([('empresa', 'abc'), ('firstname', 'def')]) http_response = self.uri_opener.POST(url, data, cache=False) self.assertTrue('def' in http_response.body, http_response.body) def test_POST_special_chars(self): url = URL('http://moth/w3af/audit/xss/data_receptor2.php') test_data = u'abc<def>"-á-' data = DataContainer([('empresa', test_data), ('firstname', 'def')]) http_response = self.uri_opener.POST(url, data, cache=False) self.assertIn(test_data, http_response.body) def test_unknown_url(self): url = URL('http://longsitethatdoesnotexistfoo.com/') self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url) def test_stop(self): self.uri_opener.stop() url = URL('http://moth/') self.assertRaises(w3afMustStopByUserRequest, self.uri_opener.GET, url) def test_pause_stop(self): self.uri_opener.pause(True) self.uri_opener.stop() url = URL('http://moth/') self.assertRaises(w3afMustStopByUserRequest, self.uri_opener.GET, url) def test_pause(self): output = Queue.Queue() self.uri_opener.pause(True) def send(uri_opener, output): url = URL('http://moth/') http_response = uri_opener.GET(url) output.put(http_response) th = Process(target=send, args=(self.uri_opener, output)) th.daemon = True th.start() self.assertRaises(Queue.Empty, output.get, True, 2) def test_pause_unpause(self): output = Queue.Queue() self.uri_opener.pause(True) def send(uri_opener, output): url = URL('http://moth/') http_response = uri_opener.GET(url) output.put(http_response) th = Process(target=send, args=(self.uri_opener, output)) th.daemon = True th.start() self.assertRaises(Queue.Empty, output.get, True, 2) self.uri_opener.pause(False) http_response = output.get() th.join() self.assertEqual(http_response.get_code(), 200) self.assertIn(self.MOTH_MESSAGE, http_response.body) def test_removes_cache(self): url = URL('http://moth/') self.uri_opener.GET(url, cache=False) # Please note that this line, together with the tearDown() act as # a test for a "double call to end()". self.uri_opener.end() db_fmt = 'db_unittest-%s' trace_fmt = 'db_unittest-%s_traces/' temp_dir = get_temp_dir() for i in xrange(100): test_db_path = os.path.join(temp_dir, db_fmt % i) test_trace_path = os.path.join(temp_dir, trace_fmt % i) self.assertFalse(os.path.exists(test_db_path), test_db_path) self.assertFalse(os.path.exists(test_trace_path), test_trace_path) def test_special_char_header(self): url = URL('http://moth/w3af/core/header_fuzzing/cookie_echo.php') header_content = u'á' headers = Headers([('foo', header_content)]) http_response = self.uri_opener.GET(url, cache=False, headers=headers) self.assertEqual(header_content, http_response.body)
class TestXUrllib(unittest.TestCase): MOTH_MESSAGE = 'Welcome to the moth homepage!' def setUp(self): self.uri_opener = ExtendedUrllib() def tearDown(self): self.uri_opener.end() def test_basic(self): url = URL('http://moth/') http_response = self.uri_opener.GET(url, cache=False) self.assertIn(self.MOTH_MESSAGE, http_response.body) self.assertGreaterEqual(http_response.id, 1) self.assertNotEqual(http_response.id, None) def test_cache(self): url = URL('http://moth/') http_response = self.uri_opener.GET(url) self.assertTrue(self.MOTH_MESSAGE in http_response.body) url = URL('http://moth/') http_response = self.uri_opener.GET(url) self.assertTrue(self.MOTH_MESSAGE in http_response.body) def test_qs_params(self): url = URL( 'http://moth/w3af/audit/local_file_read/local_file_read.php?file=section.txt' ) http_response = self.uri_opener.GET(url, cache=False) self.assertTrue('Showing the section content.' in http_response.body, http_response.body) url = URL( 'http://moth/w3af/audit/local_file_read/local_file_read.php?file=/etc/passwd' ) http_response = self.uri_opener.GET(url, cache=False) self.assertTrue('root:x:0:0:' in http_response.body, http_response.body) def test_POST(self): url = URL('http://moth/w3af/audit/xss/data_receptor2.php') data = DataContainer([('empresa', 'abc'), ('firstname', 'def')]) http_response = self.uri_opener.POST(url, data, cache=False) self.assertTrue('def' in http_response.body, http_response.body) def test_POST_special_chars(self): url = URL('http://moth/w3af/audit/xss/data_receptor2.php') test_data = u'abc<def>"-á-' data = DataContainer([('empresa', test_data), ('firstname', 'def')]) http_response = self.uri_opener.POST(url, data, cache=False) self.assertIn(test_data, http_response.body) def test_unknown_url(self): url = URL('http://longsitethatdoesnotexistfoo.com/') self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url) def test_url_port_closed(self): # TODO: Change 2312 by an always closed/non-http port url = URL('http://127.0.0.1:2312/') self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url) def test_url_port_not_http(self): upper_daemon = UpperDaemon(EmptyTCPHandler) upper_daemon.start() upper_daemon.wait_for_start() port = upper_daemon.get_port() url = URL('http://127.0.0.1:%s/' % port) self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url) def test_url_port_not_http_many(self): upper_daemon = UpperDaemon(EmptyTCPHandler) upper_daemon.start() upper_daemon.wait_for_start() port = upper_daemon.get_port() url = URL('http://127.0.0.1:%s/' % port) for _ in xrange(MAX_ERROR_COUNT): try: self.uri_opener.GET(url) except w3afMustStopByUnknownReasonExc: self.assertTrue(False, 'Not expecting this exception type.') except w3afMustStopOnUrlError: self.assertTrue(True) except w3afMustStopException: self.assertTrue(True) break else: self.assertTrue(False) def test_timeout(self): upper_daemon = UpperDaemon(TimeoutTCPHandler) upper_daemon.start() upper_daemon.wait_for_start() port = upper_daemon.get_port() url = URL('http://127.0.0.1:%s/' % port) self.uri_opener.settings.set_timeout(1) self.assertRaises(w3afMustStopOnUrlError, self.uri_opener.GET, url) self.uri_opener.settings.set_default_values() def test_timeout_many(self): upper_daemon = UpperDaemon(TimeoutTCPHandler) upper_daemon.start() upper_daemon.wait_for_start() port = upper_daemon.get_port() self.uri_opener.settings.set_timeout(1) url = URL('http://127.0.0.1:%s/' % port) for _ in xrange(MAX_ERROR_COUNT): try: self.uri_opener.GET(url) except w3afMustStopByUnknownReasonExc: self.assertTrue(False, 'Not expecting this exception type.') except w3afMustStopOnUrlError: self.assertTrue(True) except w3afMustStopException, e: self.assertTrue(True) break else: