def test_parse_json_positive():
# object
test = utility.parse_json('{"test": "token"}')
assert isinstance(test, JsonObject)
# list
test = utility.parse_json('["test", "token"]')
assert isinstance(test, JsonObject)
# literal
test = utility.parse_json('"test token"')
assert isinstance(test, JsonObject)
def _generate_variations(self, check, vector, target):
"""
Generates variations for differential checks. Variations are created by parsing the JSON and replacing literals
one-by-one with true and false payloads.
:param check: check object
:param vector: vector dictionary
:param target: target key
:return: list of variations
"""
original = vector['data']
# parse original
parsed = utility.parse_json(original)
literals = parsed.literals()
# each payload for check
for true_payload, false_payload in check.payloads(vector['url'], target, literals[target]):
# set true vector
true_variation = copy(vector)
true_variation['data'] = parsed.replace(target, true_payload)
# set false vector
false_variation = copy(vector)
false_variation['data'] = parsed.replace(target, false_payload)
# set auditable
auditable = {
'vectors': {'true': true_variation, 'false': false_variation},
'payloads': {'true': true_payload, 'false': false_payload},
'values': {'true': true_payload, 'false': false_payload}
}
yield auditable
def _generate_variations(self, check, vector, target):
"""
Generates variations for value checks. Variations are created by parsing the JSON and replacing literal at the
target key with payloads.
:param check: check object
:param vector: vector dictionary
:param target: target key
:return: list of variations
"""
original = vector['data']
# parse original
parsed = utility.parse_json(original)
literals = parsed.literals()
# each payload for check
for payload in check.payloads(vector['url'], target, literals[target]):
# set vector
variation = copy(vector)
variation['data'] = parsed.replace(target, payload)
# set auditable
auditable = {
'vector': variation,
'payload': payload,
'value': payload
}
yield auditable
def _generate_variations(self, check, vector, target):
"""
Generates variations for timing checks. Variations are created by parsing the JSON and replacing literals
one-by-one with timing payloads.
:param check: check object
:param vector: vector dictionary
:param target: target key
:return: list of variations
"""
original = vector['data']
# parse original
parsed = utility.parse_json(original)
literals = parsed.literals()
# each payload for check
for payload, delay in check.payloads(vector['url'], target, literals[target]):
# set original vector
original_variation = copy(vector)
# set timing vector
timing_variation = copy(vector)
timing_variation['data'] = parsed.replace(target, payload)
# set auditable
auditable = {
'vectors': {'original': original_variation, 'timing': timing_variation},
'payload': payload,
'value': payload,
'delay': delay
}
yield auditable
def _get_targets(self, vector):
"""
Returns JSON for the vector. Content-Type must be application/json.
:param vector: vector dictionary
:return: JSON as list
"""
headers = vector['headers']
targets = []
# check data
if not vector['data']:
return []
# check content-type
content_type = headers.get('Content-Type')
if content_type and content_type.startswith(HTTP.CONTENT_TYPE.JSON):
parsed = utility.parse_json(vector['data'])
targets = list(parsed.literals())
return targets
def test_parse_json_negative():
# invalid json
with pytest.raises(InvalidFormatException):
utility.parse_json('{"test": "token"')