def _breach_vulnerable(): token = tutil.random_token(16) return { '/': _gzip_test_controller(u''' <html> <body> <form action="./post" method="post"> <input name="text" type="text" /> <input name="token" type="hidden" value="%s" /> </form> </body> </html> ''' % token), '/post': tutil.TokenController(token) }
def test_breach_vulnerable_with_deflate(): token = tutil.random_token(16) html = ( u""" <html> <body> <form action="./post" method="post"> <input name="text" type="text" /> <input name="token" type="hidden" value="%s" /> </form> </body> </html> """ % token ) return {"/": _deflate_test_controller(html), "/post": tutil.TokenController(token)}
def test_breach_vulnerable_urltoken(): token = tutil.random_token(16) html = u''' <html> <body> <form action="./post?token=%s" method="post"> <input name="text" type="text" /> </form> </body> </html> ''' % token client = tutil.TestClient({ '/': _gzip_test_controller(html), '/post': tutil.TokenController(token, method='get') }) client.log.assert_count(1)
def test_breach_vulnerable_urltoken(self): token = tutil.random_token(16) html = u''' <html> <body> <form action="/post?token=%s" method="post"> <input name="text" type="text" /> </form> </body> </html> ''' % token client = tutil.TestClient({ '/': _gzip_test_controller(html), '/post': tutil.TokenController(token, method='get') }) client.run_attack(webvulnscan.attacks.breach) client.log.assert_count(1)
def test_breach_vulnerable_urltoken(): token = tutil.random_token(16) html = ( u""" <html> <body> <form action="./post?token=%s" method="post"> <input name="text" type="text" /> </form> </body> </html> """ % token ) client = tutil.TestClient( {"/": _gzip_test_controller(html), "/post": tutil.TokenController(token, method="get")} ) client.log.assert_count(1)
def test_breach_vulnerable_with_deflate(self): token = tutil.random_token(16) html = u''' <html> <body> <form action="/post" method="post"> <input name="text" type="text" /> <input name="token" type="hidden" value="%s" /> </form> </body> </html> ''' % token client = tutil.TestClient({ '/': _deflate_test_controller(html), '/post': tutil.TokenController(token), }) client.run_attack(webvulnscan.attacks.breach) client.log.assert_count(1)
def test_csrf_vulnerable_form(): token = tutil.random_token(8) return { '/': FORM_HTML % token, '/s': csrf_page(lambda req: True) }
def test_csrf_protected_form(): token = tutil.random_token(8) return { '/': FORM_HTML % token, '/s': csrf_page(lambda req: get_param(req.url, 'text')) }
def test_csrf_vulnerable_post_form(self): token = tutil.random_token(8) client = tutil.TestClient({"/": FORM_HTML % token, "/s": csrf_page(lambda req: True)}) client.run_attack(webvulnscan.attacks.csrf) client.log.assert_count(1)
def test_csrf_protected_form(self): token = tutil.random_token(8) client = tutil.TestClient({"/": FORM_HTML % token, "/s": csrf_page(lambda req: get_param(req.url, "text"))}) client.run_attack(webvulnscan.attacks.csrf) client.log.assert_count(0)