def test_sent_url(self): f = FuzzableRequest(URL('''http://example.com/a?p=d'z"0&paged=2''')) self.assertTrue(f.sent('d%5C%27z%5C%220')) f = FuzzableRequest(URL('http://example.com/a?p=<SCrIPT>alert("bsMs")' '</SCrIPT>')) self.assertTrue(f.sent('<SCrIPT>alert(\"bsMs\")</SCrIPT>')) f = FuzzableRequest(URL('http://example.com/?p=<ScRIPT>a=/PlaO/%0A' 'fake_alert(a.source)</SCRiPT>')) self.assertTrue(f.sent('<ScRIPT>a=/PlaO/fake_alert(a.source)</SCRiPT>'))
def test_sent_post_data(self): form_params = FormParameters() form_params.add_input([("name", "username"), ("value", """d'z"0""")]) form_params.add_input([("name", "address"), ("value", "")]) form = dc_from_form_params(form_params) f = FuzzableRequest(URL('http://example.com/'), post_data=form) self.assertTrue(f.sent('d%5C%27z%5C%220'))
def test_sent_post_data(self): form_params = FormParameters() form_params.add_field_by_attr_items([("name", "username"), ("value", """d'z"0""")]) form_params.add_field_by_attr_items([("name", "address"), ("value", "")]) form = dc_from_form_params(form_params) f = FuzzableRequest(URL('http://example.com/'), post_data=form) self.assertTrue(f.sent('d%5C%27z%5C%220'))
def test_sent_headers_false(self): f = FuzzableRequest(URL('''http://example.com/'''), headers=Headers([('User-Agent', 'payload')])) self.assertFalse(f.sent(u'payload-not-sent'))
def test_sent_url_unicode_decode_3(self): f = FuzzableRequest(URL('http://example.com/aÃb')) self.assertTrue(f.sent(u'aÃb'))