def test_multipart_3570(self):
headers = Headers([(u'Content-length', u'557'),
(u'Accept-encoding', u'gzip, deflate'),
(u'Accept', u'*/*'),
(u'User-agent', u'Mozilla/4.0'),
(u'Host', u'www.webscantest.com'),
(u'Cookie', u'SESSIONID_VULN_SITE=k4no98smgdkun2eqme5k2btgb5'),
(u'Referer', u'http://www.webscantest.com/'),
(u'Content-type', u'multipart/form-data; boundary=db36a3a8bb45ec40c22301ffcaa98e05')])
test_dir = os.path.dirname(os.path.realpath(__file__))
post_data_file = os.path.join(test_dir, 'samples', 'post-data-3570')
multipart_post_data = file(post_data_file).read()
self.assertIn('db36a3a8bb45ec40c22301ffcaa98e05', multipart_post_data)
self.assertEqual(len(multipart_post_data), 557)
mpc = MultipartContainer.from_postdata(headers, multipart_post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('MAX_FILE_SIZE', mpc)
self.assertIn('userfile', mpc)
self.assertEqual(mpc['MAX_FILE_SIZE'], ['2097152'])
# We don't store the file content
self.assertEqual(mpc['userfile'], [''])
self.assertEqual(mpc.get_file_vars(), ['userfile'])
self.assertEqual(mpc.get_parameter_type('MAX_FILE_SIZE'), 'text')
self.assertEqual(mpc.get_parameter_type('userfile'), 'file')
self.assertEqual(mpc.get_file_name('userfile'), 'aTFiAgn.gif')
def test_multipart_post_empty_value(self):
boundary, post_data = multipart_encode([('a', ''), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], [''])
self.assertEqual(mpc.get_file_vars(), [])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
def test_multipart_post(self):
boundary, post_data = multipart_encode([
('a', 'bcd'),
], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], ['bcd'])
self.assertEqual(mpc.get_file_vars(), [])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
def test_copy_with_token(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc.get_token(), dc_copy.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_copy.get_token())
self.assertEqual(dc_copy.get_token().get_name(), 'a')
def test_copy_with_token(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc.get_token(), dc_copy.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_copy.get_token())
self.assertEqual(dc_copy.get_token().get_name(), 'a')
def test_multipart_post_with_filename(self):
fake_file = NamedStringIO('def', name='hello.txt')
vars = [('a', 'bcd'), ]
files = [('b', fake_file)]
boundary, post_data = multipart_encode(vars, files)
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], ['bcd'])
self.assertEqual(mpc.get_file_vars(), ['b'])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
self.assertEqual(mpc.get_parameter_type('b'), 'file')
self.assertEqual(mpc.get_file_name('b'), 'hello.txt')
def test_multipart_post_with_filename(self):
fake_file = NamedStringIO('def', name='hello.txt')
vars = [('a', 'bcd'), ]
files = [('b', fake_file)]
boundary, post_data = multipart_encode(vars, files)
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, post_data)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('a', mpc)
self.assertEqual(mpc['a'], ['bcd'])
self.assertEqual(mpc.get_file_vars(), ['b'])
self.assertEqual(mpc.get_parameter_type('a'), 'text')
self.assertEqual(mpc.get_parameter_type('b'), 'file')
self.assertEqual(mpc.get_file_name('b'), 'hello.txt')
def test_multipart_test_from_string(self):
multipart_boundary = MultipartContainer.MULTIPART_HEADER
boundary = '4266ff2e00ac63588a571483e5727142'
headers = Headers([('content-length', str(len(MULTIPART_TEST))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, MULTIPART_TEST)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('MAX_FILE_SIZE', mpc)
self.assertIn('file', mpc)
self.assertEqual(mpc['MAX_FILE_SIZE'], ['2097152'])
self.assertTrue(mpc['file'][0].startswith('GIF89'))
self.assertEqual(mpc.get_file_vars(), ['file'])
self.assertEqual(mpc.get_parameter_type('MAX_FILE_SIZE'), 'text')
self.assertEqual(mpc.get_parameter_type('file'), 'file')
self.assertEqual(mpc.get_file_name('file'), 'rsXiwMY.gif')
def test_multipart_test_from_string(self):
multipart_boundary = MultipartContainer.MULTIPART_HEADER
boundary = '4266ff2e00ac63588a571483e5727142'
headers = Headers([('content-length', str(len(MULTIPART_TEST))),
('content-type', multipart_boundary % boundary)])
mpc = MultipartContainer.from_postdata(headers, MULTIPART_TEST)
self.assertIsInstance(mpc, MultipartContainer)
self.assertIn('MAX_FILE_SIZE', mpc)
self.assertIn('file', mpc)
self.assertEqual(mpc['MAX_FILE_SIZE'], ['2097152'])
self.assertTrue(mpc['file'][0].startswith('GIF89'))
self.assertEqual(mpc.get_file_vars(), ['file'])
self.assertEqual(mpc.get_parameter_type('MAX_FILE_SIZE'), 'text')
self.assertEqual(mpc.get_parameter_type('file'), 'file')
self.assertEqual(mpc.get_file_name('file'), 'rsXiwMY.gif')
def test_multipart_fuzzable_request_store(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
post_data = str(dc)
fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'),
method='POST', post_data=post_data,
headers=headers)
disk_set = DiskSet()
disk_set.add(fr)
fr_read = disk_set[0]
self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer)
self.assertIn('a', fr_read.get_raw_data())
def test_multipart_fuzzable_request_store(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
post_data = str(dc)
fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'),
method='POST', post_data=post_data,
headers=headers)
disk_set = DiskSet()
disk_set.add(fr)
fr_read = disk_set[0]
self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer)
self.assertIn('a', fr_read.get_raw_data())
def test_store_in_disk_set(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
disk_set = DiskSet()
disk_set.add(dc)
dc_read = disk_set[0]
# These are different objects
self.assertIsNot(dc_read, dc)
# But they hold the same data
self.assertEqual(dc.get_token(), dc_read.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_read.get_token())
self.assertEqual(dc_read.get_token().get_name(), 'a')
def test_store_in_disk_set(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
disk_set = DiskSet()
disk_set.add(dc)
dc_read = disk_set[0]
# These are different objects
self.assertIsNot(dc_read, dc)
# But they hold the same data
self.assertEqual(dc.get_token(), dc_read.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_read.get_token())
self.assertEqual(dc_read.get_token().get_name(), 'a')
