async def test_whole_stuff():
# Test attacking all kind of parameter without crashing
respx.options("http://perdu.com/").mock(return_value=httpx.Response(
200, text="Default page", headers={"Allow": "GET,POST,HEAD"}))
respx.options("http://perdu.com/dav/").mock(return_value=httpx.Response(
200, text="Private section", headers={"Allow": "GET,POST,HEAD,PUT"}))
persister = AsyncMock()
all_requests = []
request = Request("http://perdu.com/")
request.path_id = 1
request.status = 200
request.set_headers({"content-type": "text/html"})
all_requests.append(request)
request = Request("http://perdu.com/dav/")
request.path_id = 2
request.status = 200
request.set_headers({"content-type": "text/html"})
all_requests.append(request)
crawler = AsyncCrawler("http://perdu.com/", timeout=1)
options = {"timeout": 10, "level": 2}
module = ModuleMethods(crawler, persister, options, Event())
module.do_get = True
for request in all_requests:
await module.attack(request)
assert persister.add_payload.call_count == 1
assert "http://perdu.com/dav/" in persister.add_payload.call_args_list[0][
1]["info"]
await crawler.close()
async def test_http_methods(client):
async with respx.mock:
url = "https://foo.bar"
route = respx.get(url, path="/") % 404
respx.post(url, path="/").respond(200)
respx.post(url, path="/").respond(201)
respx.put(url, path="/").respond(202)
respx.patch(url, path="/").respond(500)
respx.delete(url, path="/").respond(204)
respx.head(url, path="/").respond(405)
respx.options(url, path="/").respond(status_code=501)
respx.request("GET", url, path="/baz/").respond(status_code=204)
url += "/"
response = httpx.get(url)
assert response.status_code == 404
response = await client.get(url)
assert response.status_code == 404
response = httpx.get(url + "baz/")
assert response.status_code == 204
response = await client.get(url + "baz/")
assert response.status_code == 204
response = httpx.post(url)
assert response.status_code == 201
response = await client.post(url)
assert response.status_code == 201
response = httpx.put(url)
assert response.status_code == 202
response = await client.put(url)
assert response.status_code == 202
response = httpx.patch(url)
assert response.status_code == 500
response = await client.patch(url)
assert response.status_code == 500
response = httpx.delete(url)
assert response.status_code == 204
response = await client.delete(url)
assert response.status_code == 204
response = httpx.head(url)
assert response.status_code == 405
response = await client.head(url)
assert response.status_code == 405
response = httpx.options(url)
assert response.status_code == 501
response = await client.options(url)
assert response.status_code == 501
assert route.called is True
assert respx.calls.call_count == 8 * 2
async def test_http_methods(client):
async with respx.mock:
url = "https://foo.bar/"
m = respx.get(url, status_code=404)
respx.post(url, status_code=201)
respx.put(url, status_code=202)
respx.patch(url, status_code=500)
respx.delete(url, status_code=204)
respx.head(url, status_code=405)
respx.options(url, status_code=501)
response = httpx.get(url)
assert response.status_code == 404
response = await client.get(url)
assert response.status_code == 404
response = httpx.post(url)
assert response.status_code == 201
response = await client.post(url)
assert response.status_code == 201
response = httpx.put(url)
assert response.status_code == 202
response = await client.put(url)
assert response.status_code == 202
response = httpx.patch(url)
assert response.status_code == 500
response = await client.patch(url)
assert response.status_code == 500
response = httpx.delete(url)
assert response.status_code == 204
response = await client.delete(url)
assert response.status_code == 204
response = httpx.head(url)
assert response.status_code == 405
response = await client.head(url)
assert response.status_code == 405
response = httpx.options(url)
assert response.status_code == 501
response = await client.options(url)
assert response.status_code == 501
assert m.called is True
assert respx.stats.call_count == 7 * 2
async def test_whole_stuff():
# Test attacking all kind of parameter without crashing
respx.options("http://perdu.com/").mock(
return_value=httpx.Response(200, text="Default page", headers={"Allow": "GET,POST,HEAD"})
)
respx.options("http://perdu.com/dav/").mock(
return_value=httpx.Response(200, text="Private section", headers={"Allow": "GET,POST,HEAD,PUT"})
)
persister = FakePersister()
request = Request("http://perdu.com/")
request.path_id = 1
request.status = 200
request.set_headers({"content-type": "text/html"})
persister.requests.append(request)
request = Request("http://perdu.com/dav/")
request.path_id = 2
request.status = 200
request.set_headers({"content-type": "text/html"})
persister.requests.append(request)
crawler = AsyncCrawler("http://perdu.com/", timeout=1)
options = {"timeout": 10, "level": 2}
logger = FakeLogger()
module = mod_methods(crawler, persister, logger, options, Event())
module.verbose = 2
module.do_get = True
for request in persister.requests:
await module.attack(request)
assert "http://perdu.com/dav/" in logger.message
await crawler.close()