def test_mutant_creation(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dcs = ['a=abc&b=2', 'a=1&b=abc', 'a=def&b=2', 'a=1&b=def'] created_dcs = [str(i.get_dc()) for i in created_mutants] self.assertEquals(expected_dcs, created_dcs) token_0 = created_mutants[0].get_token() self.assertIsInstance(token_0, DataToken) self.assertEqual(token_0.get_name(), 'a') self.assertEqual(token_0.get_original_value(), '1') self.assertEqual(token_0.get_value(), 'abc') token_2 = created_mutants[1].get_token() self.assertIsInstance(token_0, DataToken) self.assertEqual(token_2.get_name(), 'b') self.assertEqual(token_2.get_original_value(), '2') self.assertEqual(token_2.get_value(), 'abc') self.assertTrue(all(isinstance(m, Mutant) for m in created_mutants)) self.assertTrue(all(m.get_mutant_class() == 'FakeMutant' for m in created_mutants))
def test_mutant_creation_repeated_params(self): qs = QueryString([('a', ['1', '2']), ('b', ['3'])]) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dcs = ['a=abc&a=2&b=3', 'a=1&a=abc&b=3', 'a=1&a=2&b=abc', 'a=def&a=2&b=3', 'a=1&a=def&b=3', 'a=1&a=2&b=def'] created_dcs = [str(i.get_dc()) for i in created_mutants] self.assertEquals(expected_dcs, created_dcs) token_0 = created_mutants[0].get_token() self.assertIsInstance(token_0, DataToken) self.assertEqual(token_0.get_name(), 'a') self.assertEqual(token_0.get_original_value(), '1') self.assertEqual(token_0.get_value(), 'abc') token_1 = created_mutants[1].get_token() self.assertIsInstance(token_1, DataToken) self.assertEqual(token_1.get_name(), 'a') self.assertEqual(token_1.get_original_value(), '2') self.assertEqual(token_1.get_value(), 'abc')
def test_find_csrf_token_true_simple(self): url = URL('http://moth/w3af/audit/csrf/') query_string = parse_qs('secret=f842eb01b87a8ee18868d3bf80a558f3') freq = FuzzableRequest(url, method='GET') freq.set_querystring(query_string) token = self.csrf_plugin._find_csrf_token(freq) self.assertIn('secret', token)
def test_find_csrf_token_false(self): url = URL('http://moth/w3af/audit/csrf/') query_string = parse_qs('secret=not a token') freq = FuzzableRequest(url, method='GET') freq.set_querystring(query_string) token = self.csrf_plugin._find_csrf_token(freq) self.assertIn('secret', token)
def test_find_csrf_token_false(self): url = URL('http://moth/w3af/audit/csrf/') query_string = parse_qs('secret=not a token') freq = FuzzableRequest(url, method='GET') freq.set_querystring(query_string) token = self.csrf_plugin._find_csrf_token(freq) self.assertNotIn('secret', token)
def test_mutant_creation_empty_dc(self): qs = QueryString() freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) expected_dc_lst = [] created_dc_lst = [i.get_dc() for i in created_mutants] self.assertEqual(created_dc_lst, expected_dc_lst)
def test_mutant_creation_ignore_params(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, ['a'], False, self.fuzzer_config) expected_dcs = ['a=abc&b=2', 'a=def&b=2'] created_dcs = [str(i.get_dc()) for i in created_mutants] self.assertEqual(expected_dcs, created_dcs)
def test_mutant_copy(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) mutant = FakeMutant(freq) mutant.set_token(('a', 0)) mutant_copy = mutant.copy() self.assertEqual(mutant, mutant_copy) self.assertEqual(mutant.get_token(), mutant_copy.get_token()) self.assertIsNot(None, mutant_copy.get_token())
def test_mutant_creation_append(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], True, self.fuzzer_config) expected_dcs = ['a=1abc&b=2', 'a=1&b=2abc', 'a=1def&b=2', 'a=1&b=2def', ] created_dcs = [str(i.get_dc()) for i in created_mutants] self.assertEquals(expected_dcs, created_dcs)
def test_mutant_creation_append(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], True, self.fuzzer_config) expected_dcs = ['a=1abc&b=2', 'a=1&b=2abc', 'a=1def&b=2', 'a=1&b=2def',] created_dcs = [str(i.get_dc()) for i in created_mutants] self.assertEquals(expected_dcs, created_dcs)
def test_mutant_generic_methods(self): qs = QueryString(self.SIMPLE_KV) freq = FuzzableRequest(self.url) freq.set_querystring(qs) created_mutants = FakeMutant.create_mutants(freq, self.payloads, [], False, self.fuzzer_config) mutant = created_mutants[0] self.assertEqual(repr(mutant), '<mutant-generic | GET | http://moth/?a=abc&b=2 >') self.assertNotEqual(id(mutant.copy()), id(mutant)) self.assertRaises(ValueError, mutant.get_original_response_body) body = 'abcdef123' mutant.set_original_response_body(body) self.assertEqual(mutant.get_original_response_body(), body)