def test_passes_other_arguments(self): def request_handler(operation_id, *args, **kwargs): assert kwargs['headers']['session'] == 'id_token' fuzz_lightyear.make_request(request_handler) get_abstraction().request_method( 'status', headers={ 'session': 'id_token', }, )
def test_send_specified_auth(mock_client): request = FuzzingRequest( operation_id='get_no_inputs_required', tag='basic', ) assert request.send(auth=get_abstraction().get_attacker_session(), ).session == 'attacker_session'
def test_no_variables(function): def session_headers(): return True getattr(auth, function)(session_headers) getattr(get_abstraction(), f'get_{function.replace("account", "session")}')()
def test_inject_variables(function): def session_headers(operation_id): assert operation_id == 'test_operation' getattr(auth, function)(session_headers) getattr( get_abstraction(), f'get_{function.replace("account", "session")}', )('test_operation')
def test_inject_variables(function): def generator(): return 1 fuzz_lightyear.register_factory('user_id')(generator) def wrapped(user_id): assert user_id == 1 getattr(auth, function)(wrapped) getattr(get_abstraction(), f'get_{function.replace("account", "session")}')()
def test_send_endpoint_auth(mock_client): request = FuzzingRequest( operation_id='get_no_inputs_required', tag='basic', ) fuzz_lightyear.attacker_account( lambda operation_id: { '_request_options': { 'headers': { 'Cookie': 'session=' + operation_id, }, }, }, ) assert request.send(auth=get_abstraction().get_attacker_session, ).session == 'get_no_inputs_required'
def mock_client(mock_schema): fuzz_lightyear.victim_account( lambda: { '_request_options': { 'headers': { 'Cookie': 'session=victim_session', }, }, }, ) fuzz_lightyear.attacker_account( lambda: { '_request_options': { 'headers': { 'Cookie': 'session=attacker_session', }, }, }, ) setup_client(mock_server_module.URL, mock_schema) yield get_abstraction().client
def mock_client(self): client = mock.Mock() get_abstraction().client = client yield client
def test_file(self): discovery.import_fixtures( get_path('../../test_data/nested/directory/fixtures.py'), ) assert get_abstraction().get_victim_session assert not get_abstraction().get_attacker_session
def test_directory(self, path): discovery.import_fixtures(get_path(path)) assert get_abstraction().get_victim_session assert not get_abstraction().get_attacker_session
def test_basic(self): def request_handler(operation_id): assert operation_id == 'status' fuzz_lightyear.make_request(request_handler) get_abstraction().request_method('status', )
def test_custom_swagger_client(): def declaration(): return 1 fuzz_lightyear.custom_swagger_client(declaration) assert get_abstraction().client == 1