async def test_no_crash():
persister = FakePersister()
request = Request("http://127.0.0.1:65085/empty.html")
request.path_id = 1
persister.requests.append(request)
request = Request(
"http://127.0.0.1:65085/empty.html?foo=bar",
post_params=[["x", "y"]],
file_params=[["file", ("fname", "content", "text/plain")]])
request.path_id = 2
persister.requests.append(request)
crawler = AsyncCrawler("http://127.0.0.1:65085/")
options = {"timeout": 10, "level": 2}
logger = Mock()
module = mod_file(crawler, persister, logger, options, Event())
module.do_post = False
for request in persister.requests:
await module.attack(request)
assert True
await crawler.close()
async def test_warning_false_positive():
persister = FakePersister()
request = Request("http://127.0.0.1:65085/inclusion.php?yolo=warn&f=toto")
request.path_id = 42
crawler = AsyncCrawler("http://127.0.0.1:65085/")
options = {"timeout": 10, "level": 2}
logger = Mock()
module = mod_file(crawler, persister, logger, options, Event())
module.do_post = False
await module.attack(request)
assert persister.vulnerabilities == [("f", "/etc/services")]
await crawler.close()
def test_warning_false_positive():
persister = FakePersister()
request = Request("http://127.0.0.1:65080/inclusion.php?yolo=warn&f=toto")
request.path_id = 42
persister.requests.append(request)
crawler = Crawler("http://127.0.0.1:65080/")
options = {"timeout": 10, "level": 2}
logger = Mock()
module = mod_file(crawler, persister, logger, options)
module.do_post = False
for __ in module.attack():
pass
assert persister.vulnerabilities == [("f", "/etc/services")]
async def test_warning_false_positive():
persister = AsyncMock()
request = Request("http://127.0.0.1:65085/inclusion.php?yolo=warn&f=toto")
request.path_id = 42
crawler = AsyncCrawler("http://127.0.0.1:65085/")
options = {"timeout": 10, "level": 2}
module = mod_file(crawler, persister, options, Event())
module.do_post = False
await module.attack(request)
assert persister.add_payload.call_count == 1
assert [
"f", "/etc/services"
] in persister.add_payload.call_args_list[0][1]["request"].get_params
await crawler.close()
async def test_inclusion_detection():
# Will also test false positive detection
persister = AsyncMock()
request = Request("http://127.0.0.1:65085/inclusion.php?yolo=nawak&f=toto")
request.path_id = 42
crawler = AsyncCrawler("http://127.0.0.1:65085/")
options = {"timeout": 10, "level": 2}
module = mod_file(crawler, persister, options, Event())
module.do_post = False
await module.attack(request)
assert persister.add_payload.call_count == 1
assert persister.add_payload.call_args_list[0][1]["module"] == "file"
assert persister.add_payload.call_args_list[0][1]["category"] == _(
"Path Traversal")
assert [
"f", "/etc/services"
] in persister.add_payload.call_args_list[0][1]["request"].get_params
await crawler.close()
def test_no_crash():
persister = FakePersister()
request = Request("http://127.0.0.1:65080/empty.html")
request.path_id = 1
persister.requests.append(request)
request = Request("http://127.0.0.1:65080/empty.html?foo=bar",
post_params=[["x", "y"]],
file_params=[["file", ["fname", "content"]]])
request.path_id = 2
persister.requests.append(request)
crawler = Crawler("http://127.0.0.1:65080/")
options = {"timeout": 10, "level": 2}
logger = Mock()
module = mod_file(crawler, persister, logger, options)
module.do_post = False
for __ in module.attack():
pass
assert True
