def test_static_site(self):
        default_page = Page("/", "<html></html>", {}, 200)

        class StaticSite(tutil.ClientSite):
            def download_page(self, url, parameters=None, remember_visited=None):
                return default_page

        broken_chars(default_page, StaticSite())

        output = sys.stdout.getvalue().strip()
        self.assertEqual(output, "")
    def test_url_vulnerable_site(self):
        default_page = Page("/?test=random", "<html></html>", {}, 200)

        class UrlVulnerableSite(tutil.ClientSite):
            def download_page(self, url, parameters=None, remember_visited=None):
                url = unquote(str(url.encode("ascii", "replace")))
                return Page("/", "<html>" + url.replace(">", "") + "</html>", {}, 200)

        broken_chars(default_page, UrlVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")
    def test_static_site(self):
        default_page = Page("/", "<html></html>", {}, 200)

        class StaticSite(tutil.ClientSite):
            def download_page(self,
                              url,
                              parameters=None,
                              remember_visited=None):
                return default_page

        broken_chars(default_page, StaticSite())

        output = sys.stdout.getvalue().strip()
        self.assertEqual(output, "")
    def test_url_vulnerable_site(self):
        default_page = Page("/?test=random", "<html></html>", {}, 200)

        class UrlVulnerableSite(tutil.ClientSite):
            def download_page(self,
                              url,
                              parameters=None,
                              remember_visited=None):
                url = unquote(str(url.encode('ascii', 'replace')))
                return Page("/", "<html>" + url.replace('>', '') + "</html>",
                            {}, 200)

        broken_chars(default_page, UrlVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")
    def test_post_vulnerable_site(self):
        default_page = Page(
            "/?test", '<html><form action="/test">' '<input type="text" name="random" />' "</form></html>", {}, 200
        )

        class FormVulnerableSite(tutil.ClientSite):
            def download_page(self, url, parameters=None, remember_visited=None):
                if parameters["random"]:
                    item = parameters["random"].encode("ascii", "replace")
                else:
                    item = "none"
                return Page("/", "<html>" + str(item) + "</html>", {}, 200)

        broken_chars(default_page, FormVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")
    def test_combo_vulnerable_site(self):
        default_page = Page(
            "/?test=random",
            '<html><form action="/test">' '<input type="text" name="random" />' "</form></html>",
            {},
            200,
        )

        class ComboVulnerableSite(tutil.ClientSite):
            def download_page(self, url, parameters={"random": "none"}, remember_visited=None):
                if parameters["random"]:
                    item = parameters["random"].encode("ascii", "ignore")
                else:
                    item = "none"
                return Page("/", "<html>" + item.decode() + unquote(str(url)) + "</html>", {}, 500)

        broken_chars(default_page, ComboVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")
    def test_post_vulnerable_site(self):
        default_page = Page(
            "/?test", '<html><form action="/test">'
            '<input type="text" name="random" />'
            '</form></html>', {}, 200)

        class FormVulnerableSite(tutil.ClientSite):
            def download_page(self,
                              url,
                              parameters=None,
                              remember_visited=None):
                if parameters["random"]:
                    item = parameters["random"].encode('ascii', 'replace')
                else:
                    item = "none"
                return Page("/", "<html>" + str(item) + "</html>", {}, 200)

        broken_chars(default_page, FormVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")
    def test_combo_vulnerable_site(self):
        default_page = Page(
            "/?test=random", '<html><form action="/test">'
            '<input type="text" name="random" />'
            '</form></html>', {}, 200)

        class ComboVulnerableSite(tutil.ClientSite):
            def download_page(self,
                              url,
                              parameters={"random": "none"},
                              remember_visited=None):
                if parameters["random"]:
                    item = parameters["random"].encode('ascii', 'ignore')
                else:
                    item = "none"
                return Page(
                    "/",
                    "<html>" + item.decode() + unquote(str(url)) + "</html>",
                    {}, 500)

        broken_chars(default_page, ComboVulnerableSite())

        output = sys.stdout.getvalue().strip()
        self.assertNotEqual(output, "")