def test_found_at(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='PUT')
m = JSONMutant(freq)
m.get_dc().set_token(('object-second_key-list-0-string',))
expected = '"http://www.w3af.com/", using HTTP method PUT.'\
' The sent JSON-data was: "...object-second_key-list-'\
'0-string=abc..."'
self.assertEqual(m.found_at(), expected)
headers = m.get_headers()
self.assertIn('Content-Type', headers)
self.assertEqual(headers['Content-Type'], 'application/json')
def test_create_mutants_array(self):
dc = JSONContainer(ARRAY)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['["xyz", 3, 2.1]', '["www", 3, 2.1]']
created_dcs = [str(i.get_dc()) for i in created_mutants]
created_post_datas = [i.get_data() for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
self.assertEqual(set(created_dcs), set(created_post_datas))
token = created_mutants[0].get_token()
self.assertEqual(token.get_name(), 'list-0-string')
self.assertEqual(token.get_original_value(), 'abc')
token = created_mutants[1].get_token()
self.assertEqual(token.get_name(), 'list-0-string')
self.assertEqual(token.get_original_value(), 'abc')
for m in created_mutants:
self.assertIsInstance(m, JSONMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'POST')
def test_create_mutants_array(self):
dc = JSONContainer(ARRAY)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['["xyz", 3, 2.1]',
'["www", 3, 2.1]']
created_dcs = [str(i.get_dc()) for i in created_mutants]
created_post_datas = [i.get_data() for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
self.assertEqual(set(created_dcs), set(created_post_datas))
token = created_mutants[0].get_token()
self.assertEqual(token.get_name(), 'list-0-string')
self.assertEqual(token.get_original_value(), 'abc')
token = created_mutants[1].get_token()
self.assertEqual(token.get_name(), 'list-0-string')
self.assertEqual(token.get_original_value(), 'abc')
for m in created_mutants:
self.assertIsInstance(m, JSONMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'POST')
def test_create_mutants_9116(self):
payment_data = {'transaction_amount': 100,
'reason': 'Title of what you are paying for',
'installments': 1,
'payment_method_id': 'visa',
'token': '16faba8617708',
'external_reference': '1234',
'random_anti_anti_double_click': 11577513359,
'extra_charge': None}
payment_data = json.dumps(payment_data)
dc = JSONContainer(payment_data)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "www", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "xyz", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "www", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "xyz", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "xyz", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "xyz", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "www", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "www", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}']
created_dcs = [str(i.get_dc()) for i in created_mutants]
created_post_datas = [i.get_data() for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
self.assertEqual(set(created_dcs), set(created_post_datas))
for m in created_mutants:
m.set_token_value('abc')
def test_create_mutants_9116(self):
payment_data = {'transaction_amount': 100,
'reason': 'Title of what you are paying for',
'installments': 1,
'payment_method_id': 'visa',
'token': '16faba8617708',
'external_reference': '1234',
'random_anti_anti_double_click': 11577513359,
'extra_charge': None}
payment_data = json.dumps(payment_data)
dc = JSONContainer(payment_data)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
expected_dcs = ['{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "www", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "xyz", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "www", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "xyz", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "xyz", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "xyz", "installments": 1, "payment_method_id": "visa", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "1234", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "www", "extra_charge": null}',
'{"transaction_amount": 100, "external_reference": "www", "random_anti_anti_double_click": 11577513359, "token": "16faba8617708", "reason": "Title of what you are paying for", "installments": 1, "payment_method_id": "visa", "extra_charge": null}']
created_dcs = [str(i.get_dc()) for i in created_mutants]
created_post_datas = [i.get_data() for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
self.assertEqual(set(created_dcs), set(created_post_datas))
for m in created_mutants:
m.set_token_value('abc')
def test_json_mutant_create_mutants_not(self):
freq = JSONPostDataRequest(URL('http://www.w3af.com/?id=3'))
freq.set_dc('a=1&b=foo')
generated_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_create_mutants_empty_payload(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, [''], [], False,
self.fuzzer_config)
for m in created_mutants:
m.set_token_value('abc')
def test_create_mutants_empty_payload(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, [''], [],
False, self.fuzzer_config)
for m in created_mutants:
m.set_token_value('abc')
def test_json_mutant_create_mutants_not(self):
freq = JSONPostDataRequest(URL('http://www.w3af.com/?id=3'))
freq.set_dc('a=1&b=foo')
generated_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
self.assertEqual(len(generated_mutants), 0, generated_mutants)
def test_json_mutant_create_mutants(self):
freq = JSONPostDataRequest(URL('http://www.w3af.com/?id=3'))
freq.set_dc({"a": "b", "c": "d"})
generated_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
self.assertEqual(len(generated_mutants), 4, generated_mutants)
m0 = generated_mutants[0]
self.assertEqual(m0.get_data(), '{"a": "abc", "c": "d"}')
m1 = generated_mutants[1]
self.assertEqual(m1.get_data(), '{"a": "53", "c": "d"}')
m2 = generated_mutants[2]
self.assertEqual(m2.get_data(), '{"a": "b", "c": "abc"}')
m3 = generated_mutants[3]
self.assertEqual(m3.get_data(), '{"a": "b", "c": "53"}')
def test_found_at(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='PUT')
m = JSONMutant(freq)
m.get_dc().set_token(('object-second_key-list-0-string', ))
expected = '"http://www.w3af.com/", using HTTP method PUT.' \
' The sent JSON-data was: "...object-second_key-list-' \
'0-string=abc..."'
self.assertEqual(m.found_at(), expected)
headers = m.get_headers()
self.assertIn('Content-Type', headers)
self.assertEqual(headers['Content-Type'], 'application/json')
def test_json_mutant_create_mutants(self):
freq = JSONPostDataRequest(URL('http://www.w3af.com/?id=3'))
freq.set_dc({"a": "b", "c": "d"})
generated_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
self.assertEqual(len(generated_mutants), 4, generated_mutants)
m0 = generated_mutants[0]
self.assertEqual(m0.get_data(), '{"a": "abc", "c": "d"}')
m1 = generated_mutants[1]
self.assertEqual(m1.get_data(), '{"a": "53", "c": "d"}')
m2 = generated_mutants[2]
self.assertEqual(m2.get_data(), '{"a": "b", "c": "abc"}')
m3 = generated_mutants[3]
self.assertEqual(m3.get_data(), '{"a": "b", "c": "53"}')
def test_mutant_copy_9116(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
payload = 'def'
m = created_mutants[0]
dc = m.get_dc()
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc_copy.get_token(), dc.get_token())
mcopy = m.copy()
token = mcopy.get_token()
mcopy.set_token_value(payload)
self.assertIsNotNone(m.get_token())
self.assertIsNotNone(token)
self.assertEqual(mcopy.get_token_value(), payload)
def test_mutant_copy_9116(self):
dc = JSONContainer(COMPLEX_OBJECT)
freq = FuzzableRequest(self.url, post_data=dc, method='POST')
created_mutants = JSONMutant.create_mutants(freq, self.payloads, [],
False, self.fuzzer_config)
payload = 'def'
m = created_mutants[0]
dc = m.get_dc()
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc_copy.get_token(), dc.get_token())
mcopy = m.copy()
token = mcopy.get_token()
mcopy.set_token_value(payload)
self.assertIsNotNone(m.get_token())
self.assertIsNotNone(token)
self.assertEqual(mcopy.get_token_value(), payload)
