def test_from_postdata_no_post_data(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = ''
form = URLEncodedForm.from_postdata(headers, post_data)
self.assertEqual(len(form), 0)
def test_from_postdata_no_post_data(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = ''
form = URLEncodedForm.from_postdata(headers, post_data)
self.assertEqual(len(form), 0)
def test_php_serialized_objects_post_data(self):
post_data = 'obj=%s' % base64.b64encode(SERIALIZED_PHP_OBJECTS[1])
headers = Headers([('Content-Type', 'application/x-www-form-urlencoded')])
form = URLEncodedForm.from_postdata(headers, post_data)
request = FuzzableRequest(self.url, headers=headers, post_data=form)
self.plugin.grep(request, self.response)
self.assertEquals(len(kb.kb.get('serialized_object',
'serialized_object')), 1)
def test_form_copy(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = 'a=2&c=3'
form = URLEncodedForm.from_postdata(headers, post_data)
form.set_token(('a', 0))
form_copy = copy.deepcopy(form)
self.assertEqual(form, form_copy)
self.assertEqual(form.get_token(), form_copy.get_token())
self.assertIsNot(None, form_copy.get_token())
def test_form_copy(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = 'a=2&c=3'
form = URLEncodedForm.from_postdata(headers, post_data)
form.set_token(('a', 0))
form_copy = copy.deepcopy(form)
self.assertEqual(form, form_copy)
self.assertEqual(form.get_token(), form_copy.get_token())
self.assertIsNot(None, form_copy.get_token())
def test_form_pickle(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = 'a=2&c=3'
form = URLEncodedForm.from_postdata(headers, post_data)
form.set_token(('a', 0))
pickled_form = cPickle.dumps(form)
unpickled_form = cPickle.loads(pickled_form)
self.assertEqual(form, unpickled_form)
self.assertEqual(form.get_token(), unpickled_form.get_token())
self.assertIsNotNone(unpickled_form.get_token())
self.assertEqual(unpickled_form.keys(), ['a', 'c'])
def test_form_pickle(self):
headers = Headers([("content-type", URLEncodedForm.ENCODING)])
post_data = "a=2&c=3"
form = URLEncodedForm.from_postdata(headers, post_data)
form.set_token(("a", 0))
pickled_form = cPickle.dumps(form)
unpickled_form = cPickle.loads(pickled_form)
self.assertEqual(form, unpickled_form)
self.assertEqual(form.get_token(), unpickled_form.get_token())
self.assertIsNotNone(unpickled_form.get_token())
self.assertEqual(unpickled_form.keys(), ["a", "c"])
def test_from_postdata_ok(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = 'a=2&c=3'
form = URLEncodedForm.from_postdata(headers, post_data)
self.assertEqual(form['a'], ['2'])
self.assertEqual(form['c'], ['3'])
self.assertFalse(form.is_login_form())
self.assertFalse(form.is_password_change_form())
self.assertFalse(form.is_registration_form())
self.assertEqual(form.get_parameter_type('a'), INPUT_TYPE_TEXT)
self.assertEqual(form.get_parameter_type('b'), INPUT_TYPE_TEXT)
def test_from_postdata_ok(self):
headers = Headers([("content-type", URLEncodedForm.ENCODING)])
post_data = "a=2&c=3"
form = URLEncodedForm.from_postdata(headers, post_data)
self.assertEqual(form["a"], ["2"])
self.assertEqual(form["c"], ["3"])
self.assertFalse(form.is_login_form())
self.assertFalse(form.is_password_change_form())
self.assertFalse(form.is_registration_form())
self.assertEqual(form.get_parameter_type("a"), INPUT_TYPE_TEXT)
self.assertEqual(form.get_parameter_type("b"), INPUT_TYPE_TEXT)
def test_mutated_request(self):
# Note that I'm sending the serialized object in reverse string order
post_data = 'test=1&obj=%s' % base64.b64encode(
SERIALIZED_PHP_OBJECTS[1])
headers = Headers([('Content-Type',
'application/x-www-form-urlencoded')])
form = URLEncodedForm.from_postdata(headers, post_data)
request = FuzzableRequest(self.url, headers=headers, post_data=form)
mutants = create_mutants(request, ['x'])
for mutant in mutants:
self.plugin.grep(mutant, self.response)
self.assertEquals(
len(kb.kb.get('serialized_object', 'serialized_object')), 1)
def test_from_postdata_ok(self):
headers = Headers([('content-type', URLEncodedForm.ENCODING)])
post_data = 'a=2&c=3'
form = URLEncodedForm.from_postdata(headers, post_data)
self.assertEqual(form['a'], ['2'])
self.assertEqual(form['c'], ['3'])
self.assertFalse(form.is_login_form())
self.assertFalse(form.is_password_change_form())
self.assertFalse(form.is_registration_form())
self.assertEqual(form.get_parameter_type('a'),
FormParameters.INPUT_TYPE_TEXT)
self.assertEqual(form.get_parameter_type('b'),
FormParameters.INPUT_TYPE_TEXT)
