def _gen_xxe_mutant(self): """ 生成一个payload为xxe类型的RequestData实例的列表和对应的checker Returns: dict, 格式为: { "request_data_list": [request_data_1 , ...] # item为RequestData实例, "checker": request_data_list对应的checker } 当无实例可以生成(payload用尽)时, 返回None """ if not self.gen_init: raise exceptions.MutantNotInitError if self.end: return None if len(self.payload_list) == self.payload_index: try: self.cur_param = self.test_params.pop() except IndexError: self.end = True return None else: self.payload_index = 0 self.payload_seq = common.random_str(32) param_name = self.cur_param[0] param_type = self.cur_param[1] payload = self.payload_list[self.payload_index] request_data_ins = request_data.RequestData(self.rasp_result_ins, self.payload_seq, payload[1]) self.payload_index += 1 request_data_ins.set_param(param_type, param_name, payload[0]) if param_type == "files": param_name[1] = "content_type" request_data_ins.set_param(param_type, param_name, "application/xml") request_data_list = [request_data_ins] check_config = { "type": "xxe", "check_type": self.mutant_config["check_type"] } result = { "request_data_list": request_data_list, "checker": self.checker_cls(request_data_list, check_config) } return result
def _init_xxe_mutant(self): """ 初始化xxe类型payload生成器, 当没有请求需要生成时返回False Reuters: boolean, 当没有请求需要生成时返回False """ # 初始化 self.end = False self.payload_index = 0 self.test_params = [] # 获取所有待测试参数 request_data_ins = request_data.RequestData(self.rasp_result_ins) all_param = request_data_ins.get_all_param( self.mutant_config["param_type_list"]) for param_type in all_param: if param_type == "json": json_params = self._get_json_test_params(all_param["json"]) for item in json_params: if item["value"] is None: continue if item["value"].find("<?xml", 0, 20) >= 0: self.test_params.append((item["json_path"], "json")) elif param_type == "files": for i in range(len(all_param["files"])): if all_param["files"][i]["content"].find(b"<?xml", 0, 20) >= 0: self.test_params.append([i, "content"], "files") else: for param_name in all_param[param_type]: if all_param[param_type][param_name].find("<?xml", 0, 20) >= 0: self.test_params.append((param_name, param_type)) # 初始化当前参数 try: self.cur_param = self.test_params.pop() self.payload_seq = common.random_str(32) except IndexError: self.end = True return False else: return True