def test_invalid_characters(self):
client = tutil.TestClient({
u'/': (
200,
b'<html><body>\xfc</body></html>',
{'Content-Type': 'text/html; charset=utf-8'}),
})
crawler = webvulnscan.crawler.Crawler(
client.ROOT_URL, tutil.ContainsEverything(), client=client)
list(crawler) # Crawl all pages - this should not throw an exception
client.log.assert_found('0xfc')
client.log.assert_count(1)
def test_breach_vulnerable_urltoken():
token = tutil.random_token(16)
html = u'''
<html>
<body>
<form action="./post?token=%s" method="post">
<input name="text" type="text" />
</form>
</body>
</html>
''' % token
client = tutil.TestClient({
'/': _gzip_test_controller(html),
'/post': tutil.TokenController(token, method='get')
})
client.log.assert_count(1)
def test_imglink(self):
client = tutil.TestClient({
u'/': (
200,
b'<html><body><a href="/b">another page</a></body></html>',
{'Content-Type': 'text/html; charset=utf-8'}),
u'/b': (
200,
b'<html><body><a href="/img">image</a></body></html>',
{'Content-Type': 'text/html; charset=utf-8'}),
u'/img': (
200,
b'[image]<a href="/donot">resolve this</a>',
{'Content-Type': 'image/png'}),
})
crawler = webvulnscan.crawler.Crawler(
client.ROOT_URL, tutil.ContainsEverything(), client=client)
self._assert_crawled(crawler, client, [u'/', u'/b'])