def test_proxy(self): ## Runtime test self.assertRegexpMatches(self._warn(':set shell.php -proxy http://localhost:%i' % self.__class__.proxyport), 'proxy=\'http://localhost:%i\'' % self.__class__.proxyport) self.assertEqual(PythonProxy.proxy_counts,0) self.assertEqual(self._outp(':shell.php echo(1+1);'), '2') self.assertGreater(PythonProxy.proxy_counts,0) ## Rc load at start test PythonProxy.proxy_counts=0 self.__class__._write_rc(rc_content % self.__class__.proxyport) # Dump session file session_name = self.__class__.rcpath + '.session' session = default_session.copy() session['global']['url'] = self.term.modhandler.url session['global']['password'] = self.term.modhandler.password session['global']['rcfile'] = self.__class__.rcpath self.term.modhandler.sessions._dump_session(session, session_name) self.assertEqual(PythonProxy.proxy_counts,0) call = "'echo'" command = '%s session %s %s' % (conf['cmd'], session_name, call) status, output = getstatusoutput(command) self.assertRegexpMatches(output, '\nWEEVELY') self.assertGreater(PythonProxy.proxy_counts,0) # Verify that final socket is never contacted without proxy # Dump new session file with unexistant php proxy session = default_session.copy() session['global']['url'] = 'http://localhost:%i/unexistant.php' % self.__class__.dummyserverport session['global']['password'] = self.term.modhandler.password session['global']['rcfile'] = self.__class__.rcpath self.term.modhandler.sessions._dump_session(session, session_name) PythonProxy.proxy_counts=0 fake_url = 'http://localhost:%i/fakebd.php' % self.__class__.dummyserverport call = "'echo'" command = '%s session %s %s' % (conf['cmd'], session_name, call) self.assertEqual(PythonProxy.proxy_counts,0) self.assertEqual(PythonProxy.dummy_counts,0) status, output = getstatusoutput(command) self.assertGreater(PythonProxy.proxy_counts,0) self.assertGreater(PythonProxy.dummy_counts,0) # Count that Client never connect to final dummy endpoint without passing through proxy self.assertGreaterEqual(PythonProxy.proxy_counts, PythonProxy.dummy_counts) self.assertRegexpMatches(self._warn(':set shell.php -proxy wrong://localhost:%i' % self.__class__.proxyport), 'proxy=\'wrong://localhost:%i\'' % self.__class__.proxyport) self.assertRegexpMatches(self._warn(':shell.php echo(1+1);'), core.http.request.WARN_UNCORRECT_PROXY)
def test_load(self): self.__class__._write_rc(rc_content) self.assertEqual(self._outp(':load %s' % self.__class__.rcpath), 'WEEVELY') self.assertRegexpMatches(self._warn(':load %s_UNEXISTANT' % self.__class__.rcpath), 'Error opening') # Dump session file session_name = self.__class__.rcpath + '.session' session = default_session.copy() session['global']['url'] = self.term.modhandler.url session['global']['password'] = self.term.modhandler.password session['global']['rcfile'] = self.__class__.rcpath self.term.modhandler.sessions._dump_session(session, session_name) call = "'echo'" command = '%s session %s %s' % (conf['cmd'], session_name, call) status, output = getstatusoutput(command) # Remove session os.remove(session_name) self.assertRegexpMatches(output, '\nW[\s\S]+\nEE[\s\S]+\nVELY')
def test_sessions(self): phpbd_pwd = randstr(4) temp_file1 = NamedTemporaryFile(); temp_file1.close(); temp_file2 = NamedTemporaryFile(); temp_file2.close(); temp_file3 = NamedTemporaryFile(); temp_file2.close(); self.assertEqual(self._res(':generate.php %s %s' % (phpbd_pwd, temp_file1.name)),temp_file1.name) self.assertEqual(self._res(':generate.php %s %s' % (phpbd_pwd, temp_file2.name)),temp_file2.name) self.assertEqual(self._res(':generate.php %s %s' % (phpbd_pwd, temp_file3.name)),temp_file3.name) url1 = self._install_new_bd(temp_file1.name, '%s.php' % randstr(5)) url2 = self._install_new_bd(temp_file2.name, '%s.php' % randstr(5)) url3 = self._install_new_bd(temp_file3.name, '%s.php' % randstr(5)) # Check current session curr1 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual(outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr1, os.linesep, curr1, os.linesep, curr1, os.linesep, os.linesep)) # Load bd1 by url outp = self._warn(':session %s %s' % (url1, phpbd_pwd)) curr2 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual(outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr2, os.linesep, "', '".join(sorted([curr2, curr1])), os.linesep, curr1, os.linesep,os.linesep)) # Load bd2 by session file outp = self._warn(':session %s %s' % (url1, phpbd_pwd)) curr2 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual(outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr2, os.linesep, "', '".join(sorted([curr2, curr1])), os.linesep, curr1, os.linesep,os.linesep)) # Create bd3 session file, not in session curr3 = '/tmp/%s.session' % randstr(5) session = default_session.copy() session['global']['url'] = url3 session['global']['password'] = phpbd_pwd self.term.modhandler.sessions._dump_session(session, curr3) # Load bd3 by session file outp = self._warn(':session %s' % (curr3)) outp = self._warn(':session') self.assertEqual(outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr3, os.linesep, "', '".join(sorted([curr2, curr3, curr1])), os.linesep, curr1, os.linesep,os.linesep)) # Unexistant session file self.assertRegexpMatches(self._warn(':session /tmp/asd'), WARN_NOT_FOUND) # Unexpected session file self.assertRegexpMatches(self._warn(':session /etc/motd'), WARN_BROKEN_SESS) # Create session file without fields curr4 = '/tmp/%s.session' % randstr(5) open(curr4,'w').write("""[global] url = asd username = hostname = rcfile =""") # Broken session file self.assertRegexpMatches(self._warn(':session %s' % curr4), WARN_BROKEN_SESS) # Load broken session file at start call = "'echo'" command = '%s session %s %s' % (conf['cmd'], curr4, call) status, output = getstatusoutput(command) self.assertRegexpMatches(output, WARN_BROKEN_SESS)
def test_sessions(self): phpbd_pwd = randstr(4) temp_file1 = NamedTemporaryFile() temp_file1.close() temp_file2 = NamedTemporaryFile() temp_file2.close() temp_file3 = NamedTemporaryFile() temp_file2.close() self.assertEqual( self._res(':generate.php %s %s' % (phpbd_pwd, temp_file1.name)), temp_file1.name) self.assertEqual( self._res(':generate.php %s %s' % (phpbd_pwd, temp_file2.name)), temp_file2.name) self.assertEqual( self._res(':generate.php %s %s' % (phpbd_pwd, temp_file3.name)), temp_file3.name) url1 = self._install_new_bd(temp_file1.name, '%s.php' % randstr(5)) url2 = self._install_new_bd(temp_file2.name, '%s.php' % randstr(5)) url3 = self._install_new_bd(temp_file3.name, '%s.php' % randstr(5)) # Check current session curr1 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual( outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr1, os.linesep, curr1, os.linesep, curr1, os.linesep, os.linesep)) # Load bd1 by url outp = self._warn(':session %s %s' % (url1, phpbd_pwd)) curr2 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual( outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr2, os.linesep, "', '".join(sorted( [curr2, curr1])), os.linesep, curr1, os.linesep, os.linesep)) # Load bd2 by session file outp = self._warn(':session %s %s' % (url1, phpbd_pwd)) curr2 = self.term.modhandler.sessions.current_session_name outp = self._warn(':session') self.assertEqual( outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr2, os.linesep, "', '".join(sorted( [curr2, curr1])), os.linesep, curr1, os.linesep, os.linesep)) # Create bd3 session file, not in session curr3 = '/tmp/%s.session' % randstr(5) session = default_session.copy() session['global']['url'] = url3 session['global']['password'] = phpbd_pwd self.term.modhandler.sessions._dump_session(session, curr3) # Load bd3 by session file outp = self._warn(':session %s' % (curr3)) outp = self._warn(':session') self.assertEqual( outp, "Current session: '%s'%sLoaded: '%s'%sAvailable: '%s'%s%s" % (curr3, os.linesep, "', '".join(sorted([curr2, curr3, curr1])), os.linesep, curr1, os.linesep, os.linesep)) # Unexistant session file self.assertRegexpMatches(self._warn(':session /tmp/asd'), WARN_NOT_FOUND) # Unexpected session file self.assertRegexpMatches(self._warn(':session /etc/motd'), WARN_BROKEN_SESS) # Create session file without fields curr4 = '/tmp/%s.session' % randstr(5) open(curr4, 'w').write("""[global] url = asd username = hostname = rcfile =""") # Broken session file self.assertRegexpMatches(self._warn(':session %s' % curr4), WARN_BROKEN_SESS) # Load broken session file at start call = "'echo'" command = '%s session %s %s' % (conf['cmd'], curr4, call) status, output = getstatusoutput(command) self.assertRegexpMatches(output, WARN_BROKEN_SESS)
def test_proxy(self): ## Runtime test self.assertRegexpMatches( self._warn(':set shell.php -proxy http://localhost:%i' % self.__class__.proxyport), 'proxy=\'http://localhost:%i\'' % self.__class__.proxyport) self.assertEqual(PythonProxy.proxy_counts, 0) self.assertEqual(self._outp(':shell.php echo(1+1);'), '2') self.assertGreater(PythonProxy.proxy_counts, 0) ## Rc load at start test PythonProxy.proxy_counts = 0 self.__class__._write_rc(rc_content % self.__class__.proxyport) # Dump session file session_name = self.__class__.rcpath + '.session' session = default_session.copy() session['global']['url'] = self.term.modhandler.url session['global']['password'] = self.term.modhandler.password session['global']['rcfile'] = self.__class__.rcpath self.term.modhandler.sessions._dump_session(session, session_name) self.assertEqual(PythonProxy.proxy_counts, 0) call = "'echo'" command = '%s session %s %s' % (conf['cmd'], session_name, call) status, output = getstatusoutput(command) self.assertRegexpMatches(output, '\nWEEVELY') self.assertGreater(PythonProxy.proxy_counts, 0) # Verify that final socket is never contacted without proxy # Dump new session file with unexistant php proxy session = default_session.copy() session['global'][ 'url'] = 'http://localhost:%i/unexistant.php' % self.__class__.dummyserverport session['global']['password'] = self.term.modhandler.password session['global']['rcfile'] = self.__class__.rcpath self.term.modhandler.sessions._dump_session(session, session_name) PythonProxy.proxy_counts = 0 fake_url = 'http://localhost:%i/fakebd.php' % self.__class__.dummyserverport call = "'echo'" command = '%s session %s %s' % (conf['cmd'], session_name, call) self.assertEqual(PythonProxy.proxy_counts, 0) self.assertEqual(PythonProxy.dummy_counts, 0) status, output = getstatusoutput(command) self.assertGreater(PythonProxy.proxy_counts, 0) self.assertGreater(PythonProxy.dummy_counts, 0) # Count that Client never connect to final dummy endpoint without passing through proxy self.assertGreaterEqual(PythonProxy.proxy_counts, PythonProxy.dummy_counts) self.assertRegexpMatches( self._warn(':set shell.php -proxy wrong://localhost:%i' % self.__class__.proxyport), 'proxy=\'wrong://localhost:%i\'' % self.__class__.proxyport) self.assertRegexpMatches(self._warn(':shell.php echo(1+1);'), core.http.request.WARN_UNCORRECT_PROXY)