def test_passes_other_arguments(self):
def request_handler(operation_id, *args, **kwargs):
assert kwargs['headers']['session'] == 'id_token'
fuzz_lightyear.make_request(request_handler)
get_abstraction().request_method(
'status',
headers={
'session': 'id_token',
},
)
def test_send_specified_auth(mock_client):
request = FuzzingRequest(
operation_id='get_no_inputs_required',
tag='basic',
)
assert request.send(auth=get_abstraction().get_attacker_session(),
).session == 'attacker_session'
def test_no_variables(function):
def session_headers():
return True
getattr(auth, function)(session_headers)
getattr(get_abstraction(),
f'get_{function.replace("account", "session")}')()
def test_inject_variables(function):
def session_headers(operation_id):
assert operation_id == 'test_operation'
getattr(auth, function)(session_headers)
getattr(
get_abstraction(),
f'get_{function.replace("account", "session")}',
)('test_operation')
def test_inject_variables(function):
def generator():
return 1
fuzz_lightyear.register_factory('user_id')(generator)
def wrapped(user_id):
assert user_id == 1
getattr(auth, function)(wrapped)
getattr(get_abstraction(),
f'get_{function.replace("account", "session")}')()
def test_send_endpoint_auth(mock_client):
request = FuzzingRequest(
operation_id='get_no_inputs_required',
tag='basic',
)
fuzz_lightyear.attacker_account(
lambda operation_id: {
'_request_options': {
'headers': {
'Cookie': 'session=' + operation_id,
},
},
}, )
assert request.send(auth=get_abstraction().get_attacker_session,
).session == 'get_no_inputs_required'
def mock_client(mock_schema):
fuzz_lightyear.victim_account(
lambda: {
'_request_options': {
'headers': {
'Cookie': 'session=victim_session',
},
},
}, )
fuzz_lightyear.attacker_account(
lambda: {
'_request_options': {
'headers': {
'Cookie': 'session=attacker_session',
},
},
}, )
setup_client(mock_server_module.URL, mock_schema)
yield get_abstraction().client
def mock_client(self):
client = mock.Mock()
get_abstraction().client = client
yield client
def test_file(self):
discovery.import_fixtures(
get_path('../../test_data/nested/directory/fixtures.py'), )
assert get_abstraction().get_victim_session
assert not get_abstraction().get_attacker_session
def test_directory(self, path):
discovery.import_fixtures(get_path(path))
assert get_abstraction().get_victim_session
assert not get_abstraction().get_attacker_session
def test_basic(self):
def request_handler(operation_id):
assert operation_id == 'status'
fuzz_lightyear.make_request(request_handler)
get_abstraction().request_method('status', )
def test_custom_swagger_client():
def declaration():
return 1
fuzz_lightyear.custom_swagger_client(declaration)
assert get_abstraction().client == 1
