def test_all(self):
for context in get_contexts():
found = False
expected_context_name = context.get_name()
for calculated_context in get_context(self.HTML, expected_context_name):
if calculated_context.get_name() == expected_context_name:
found = True
if not found:
msg = "The analysis for %s context failed, got %r instead."
msg = msg % (expected_context_name, get_context(self.HTML, expected_context_name))
self.assertTrue(False, msg)
def test_all(self):
for context in get_contexts():
found = False
expected_context_name = context.get_name()
for calculated_context in get_context(self.HTML, expected_context_name):
if calculated_context.get_name() == expected_context_name:
found = True
if not found:
msg = 'The analysis for %s context failed, got %r instead.'
msg = msg % (expected_context_name,
get_context(self.HTML, expected_context_name))
self.assertTrue(False, msg)
def test_payload_with_space_equal_src_executable(self):
"""
Related with:
https://github.com/andresriancho/w3af/issues/1557
https://github.com/andresriancho/w3af/issues/2919
"""
html = """
<html>
<frame src="5vrws =">
</html>
"""
self.assertEqual(get_context(html, '5vrws%20%3D'), [])
context = get_context(html, '5vrws =')[0]
self.assertTrue(context.is_executable())
def test_payload_with_space_equal_src_executable(self):
"""
Related with:
https://github.com/andresriancho/w3af/issues/1557
https://github.com/andresriancho/w3af/issues/2919
"""
html = """
<html>
<frame src="5vrws =">
</html>
"""
self.assertEqual(get_context(html, '5vrws%20%3D'), [])
context = get_context(html, '5vrws =')[0]
self.assertTrue(context.is_executable())
def test_script_text(self):
html = """
<script>foo(); bar(PAYLOAD);</script>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
self.assertIsInstance(contexts[0], ScriptText)
def test_broken_4(self):
html = """
<a PAYLOAD="/xyz"></
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
self.assertIsInstance(contexts[0], HtmlAttr)
def test_style_text(self):
html = """
<style>foo(); bar(PAYLOAD);</style>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
self.assertIsInstance(contexts[0], CSSText)
def test_payload_html_inside_comment(self):
html = """
<html>
<!-- <body>PAYLOAD</body> -->
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlComment)
def test_django_500_sample(self):
html = file(os.path.join(self.SAMPLES_DIR, 'django-500.html')).read()
contexts = get_context(html, "QUBD5 =")
self.assertEqual(len(contexts), 9)
for c in contexts:
self.assertIsInstance(c, HtmlText)
def test_django_500_sample(self):
html = file(os.path.join(self.SAMPLES_DIR, 'django-500.html')).read()
contexts = get_context(html, "QUBD5 =")
self.assertEqual(len(contexts), 9)
for c in contexts:
self.assertIsInstance(c, HtmlText)
def test_payload_js2doublequote(self):
html = """
<html>
<input type="button" value="ClickMe" onClick="PAYLOAD">
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[1], ScriptText)
def test_payload_html_inside_comment(self):
html = """
<html>
<!-- <body>PAYLOAD</body> -->
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlComment)
def test_payload_js2doublequote(self):
html = """
<html>
<input type="button" value="ClickMe" onClick="PAYLOAD">
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[1], ScriptText)
def test_payload_text_can_break(self):
html = """
<html>
<a>PAYLOAD<</a>
</html>
"""
context = get_context(html, 'PAYLOAD<')[0]
self.assertTrue(context.can_break('PAYLOAD<'))
def test_payload_handler(self):
html = """
<html>
<a onclick="PAYLOAD">foo</a>
</html>
"""
context = get_context(html, "PAYLOAD")[0]
self.assertTrue(context.is_executable())
def test_payload_src(self):
html = """
<html>
<img src="PAYLOAD" />
</html>
"""
context = get_context(html, 'PAYLOAD')[0]
self.assertTrue(context.is_executable())
def test_payload_href(self):
html = """
<html>
<a href="PAYLOAD">foo</a>
</html>
"""
context = get_context(html, 'PAYLOAD')[0]
self.assertTrue(context.is_executable())
def test_payload_href(self):
html = """
<html>
<a href="PAYLOAD">foo</a>
</html>
"""
context = get_context(html, 'PAYLOAD')[0]
self.assertTrue(context.is_executable())
def test_payload_text_can_break(self):
html = """
<html>
<a>PAYLOAD<</a>
</html>
"""
context = get_context(html, 'PAYLOAD<')[0]
self.assertTrue(context.can_break('PAYLOAD<'))
def test_payload_src(self):
html = """
<html>
<img src="PAYLOAD" />
</html>
"""
context = get_context(html, 'PAYLOAD')[0]
self.assertTrue(context.is_executable())
def test_payload_confuse_parser(self):
html = """
<html>
<a attr="</a>">PAYLOAD</a>
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], HtmlText)
def test_payload_script_single_quote2(self):
html = """
<html>
<script type="text/javascript">//<!--
init({login:'',foo:'PAYLOAD'})
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptSingleQuote)
def test_payload_script_single_quote(self):
html = """
<html>
<script foo='PAYLOAD'>
bar
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlAttrSingleQuote)
def test_payload_html_inside_script_with_comment(self):
html = """
<html>
<script>
<!-- <body>PAYLOAD</body> -->
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptText)
def test_tag_attr_single_double_quote(self):
html = """
<html>
<tag spam='eggs' attr="PAYLOAD" />
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], HtmlAttrDoubleQuote)
def test_payload(self):
html = """
<html>
<body>
&added=blah111%3C1%3E<br>::::: blahPAYLOAD<br>::::: :::::
</body>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlText)
def test_payload_tag_name_close(self):
html = """
<foo>
</PAYLOAD>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
self.assertIsInstance(contexts[0], HtmlTagClose)
def test_payload_a_single_quote(self):
html = """
<html>
<a foo='PAYLOAD'>
bar
</a>
</html>
"""
self.assertIsInstance(get_context(html, "PAYLOAD")[0], HtmlAttrSingleQuote)
def test_payload_double_script(self):
html = """
<html>
<script>foo</script>
PAYLOAD
<script>bar</script>
</html>
"""
self.assertIsInstance(get_context(html, "PAYLOAD")[0], HtmlText)
def test_payload_script_single_quote2(self):
html = """
<html>
<script type="text/javascript">//<!--
init({login:'',foo:'PAYLOAD'})
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptSingleQuote)
def test_payload_script_broken_double_open(self):
html = """
<html>
<script>foo
PAYLOAD
<script>bar</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptText)
def test_payload_script_attr_value(self):
html = """
<html>
<script foo=PAYLOAD foo2=aaa>
bar
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlAttr)
def test_payload_script_broken_double_close(self):
html = """
<html>
<script>foo</script>
PAYLOAD
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlText)
def test_payload_text_with_end_quote(self):
html = """
<html>
<a>Quoting the great Linus Torvalds: PAYLOAD<"</a>
</html>
"""
context = get_context(html, 'PAYLOAD<')[0]
self.assertIsInstance(context, HtmlText)
self.assertTrue(context.can_break('PAYLOAD<'))
def test_payload_script_attr_value(self):
html = """
<html>
<script foo=PAYLOAD foo2=aaa>
bar
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlAttr)
def test_payload_script_single_quote(self):
html = """
<html>
<script foo='PAYLOAD'>
bar
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlAttrSingleQuote)
def test_payload_script_broken_double_close(self):
html = """
<html>
<script>foo</script>
PAYLOAD
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlText)
def test_payload_text_with_end_quote(self):
html = """
<html>
<a>Quoting the great Linus Torvalds: PAYLOAD<"</a>
</html>
"""
context = get_context(html, 'PAYLOAD<')[0]
self.assertIsInstance(context, HtmlText)
self.assertTrue(context.can_break('PAYLOAD<'))
def test_payload_html_inside_script_with_comment(self):
html = """
<html>
<script>
<!-- <body>PAYLOAD</body> -->
</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptText)
def test_payload_script_broken_double_open(self):
html = """
<html>
<script>foo
PAYLOAD
<script>bar</script>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], ScriptText)
def test_payload(self):
html = """
<html>
<body>
&added=blah111%3C1%3E<br>::::: blahPAYLOAD<br>::::: :::::
</body>
</html>
"""
self.assertIsInstance(get_context(html, 'PAYLOAD')[0], HtmlText)
def test_payload_html_inside_comment(self):
html = """
<html>
<!-- <body>PAYLOAD</body> -->
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], HtmlComment)
def test_payload_tag_attr_key(self):
html = """
<a PAYLOAD="/xyz">foo</a>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
context = contexts[0]
self.assertIsInstance(context, HtmlAttr)
def test_payload_inside_noscript_2(self):
html = """
<html>
<noscript>
<a onmouseover="PAYLOAD">link</a>
</noscript>
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 0)
def test_payload_script_broken_double_close(self):
html = """
<html>
<script>foo</script>
PAYLOAD
</script>
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], ScriptText)
def test_payload_in_html_text(self):
html = """
<html>
<body>
PAYLOAD
</body>
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], HtmlText)
def test_payload_text_with_end_quote(self):
html = """
<html>
<a>Quoting the great Linus Torvalds: PAYLOAD<"</a>
</html>
"""
contexts = get_context(html, 'PAYLOAD<"')
self.assertEqual(len(contexts), 1)
context = contexts[0]
self.assertIsInstance(context, HtmlText)
def test_payload_broken_double_open(self):
html = """
<html>
<tag>foo
PAYLOAD
<tag>bar</tag>
</html>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1)
self.assertIsInstance(contexts[0], HtmlText)
def test_script_text_comment(self):
html = """
<script type="text/javascript">
<!--
foo(); bar(PAYLOAD);
//-->
</script>
"""
contexts = get_context(html, 'PAYLOAD')
self.assertEqual(len(contexts), 1, contexts)
self.assertIsInstance(contexts[0], ScriptText)
