def _need_more_variants_for_uri(self, fuzzable_request): # # Do we need more variants for the fuzzable request? (similar match) # PARAMS_MAX_VARIANTS and PATH_MAX_VARIANTS # clean_dict_key = clean_fuzzable_request(fuzzable_request) count = self._variants.get(clean_dict_key, None) if count is None: self._variants[clean_dict_key] = 1 return True # We've seen at least one fuzzable request with this pattern... url = fuzzable_request.get_uri() has_params = url.has_query_string() or fuzzable_request.get_raw_data() # Choose which max_variants to use if has_params: max_variants = self.params_max_variants max_variants_type = 'params' else: max_variants = self.path_max_variants max_variants_type = 'path' if count >= max_variants: _type = 'need_more_variants_for_uri(%s)' % max_variants_type self._log_return_false(fuzzable_request, _type) return False self._variants[clean_dict_key] = count + 1 return True
def test_clean_fuzzable_request_json_null_field(self): fr = FuzzableRequest(URL("http://www.w3af.com/"), headers=Headers([('Host', 'www.w3af.com')]), method='POST', post_data=JSONContainer('{"key": null}')) expected = u'(POST)-http://www.w3af.com/!object-key-null=none' self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request(self): fr = FuzzableRequest(URL("http://www.w3af.com/"), headers=Headers([('Host', 'www.w3af.com')]), method='POST', post_data=KeyValueContainer(init_val=[('data', ['23'])])) expected = u'(POST)-http://www.w3af.com/!data=number' self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_fuzzable_request_json(self): fr = FuzzableRequest(URL("http://www.w3af.com/"), headers=Headers([('Host', 'www.w3af.com')]), method='PUT', post_data=JSONContainer('{"key": "value", "second_key": ["abc", 3, 2.1]}')) expected = u'(PUT)-http://www.w3af.com/!object-second_key-list-0-string=string&object-key-string=string' self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_fuzzable_request_json_array_null(self): fr = FuzzableRequest(URL("http://www.w3af.com/"), headers=Headers([('Host', 'www.w3af.com')]), method='POST', post_data=JSONContainer('["abc", null, null]')) expected = u'(POST)-http://www.w3af.com/!list-0-string=string&list-1-null=none&list-2-null=none' self.assertEqual(clean_fuzzable_request(fr), expected)
def test_clean_form_fuzzable_request_form(self): form_params = FormParameters() form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")]) form_params.add_field_by_attr_items([("name", "address"), ("value", "")]) form_params.set_action(URL('http://example.com/?id=1')) form_params.set_method('post') form = dc_from_form_params(form_params) fr = FuzzableRequest.from_form(form) expected = u'(POST)-http://example.com/' \ u'?id=number!username=string&address=string' self.assertEqual(clean_fuzzable_request(fr), expected)
def append(self, fuzzable_request): """ :return: True if we added a new fuzzable request variant to the DB, False if no more variants are required for this fuzzable request. """ with self._db_lock: # # Is the fuzzable request already known to us? (exactly the same) # request_hash = fuzzable_request.get_request_hash( self.HASH_IGNORE_HEADERS) already_seen = self._variants_eq.get(request_hash, False) if already_seen: return False # Store it to avoid duplicated fuzzable requests in our framework self._variants_eq[request_hash] = True # # Do we need more variants for the fuzzable request? (similar match) # clean_dict_key = clean_fuzzable_request(fuzzable_request) count = self._variants.get(clean_dict_key, None) if count is None: self._variants[clean_dict_key] = 1 return True # We've seen at least one fuzzable request with this pattern... url = fuzzable_request.get_uri() has_params = url.has_query_string( ) or fuzzable_request.get_raw_data() # Choose which max_variants to use if has_params: max_variants = self.params_max_variants else: max_variants = self.path_max_variants if count >= max_variants: return False else: self._variants[clean_dict_key] = count + 1 return True
def append(self, fuzzable_request): """ :return: True if we added a new fuzzable request variant to the DB, False if no more variants are required for this fuzzable request. """ with self._db_lock: # # Is the fuzzable request already known to us? (exactly the same) # request_hash = fuzzable_request.get_request_hash(self.HASH_IGNORE_HEADERS) already_seen = self._variants_eq.get(request_hash, False) if already_seen: return False # Store it to avoid duplicated fuzzable requests in our framework self._variants_eq[request_hash] = True # # Do we need more variants for the fuzzable request? (similar match) # clean_dict_key = clean_fuzzable_request(fuzzable_request) count = self._variants.get(clean_dict_key, None) if count is None: self._variants[clean_dict_key] = 1 return True # We've seen at least one fuzzable request with this pattern... url = fuzzable_request.get_uri() has_params = url.has_query_string() or fuzzable_request.get_raw_data() # Choose which max_variants to use if has_params: max_variants = self.params_max_variants else: max_variants = self.path_max_variants if count >= max_variants: return False else: self._variants[clean_dict_key] = count + 1 return True
def test_clean_fuzzable_request_int(self): u = 'http://w3af.org/index.php?id=2' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/index.php?id=number' self.assertEqual(s, e)
def test_encoding_issues_se_path(self): u = u'http://w3af.org/vård/xyz.html' s = clean_fuzzable_request(fr(URL(u))) e = '(GET)-http://w3af.org/vård/file-5692fef3f5dcd97.html' self.assertEqual(s, e)
def test_encoding_issues_se_filename(self): u = u'http://w3af.org/x.vård' s = clean_fuzzable_request(fr(URL(u))) e = '(GET)-http://w3af.org/file-5692fef3f5dcd97.vård' self.assertEqual(s, e)
def test_encoding_issues_se_with_qs(self): u = u'http://w3af.org/vård.png?id=1' s = clean_fuzzable_request(fr(URL(u))) e = '(GET)-http://w3af.org/vård.png?id=number' self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_file_no_params(self): u = 'http://w3af.org/foo/index.php' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/foo/%s.php' % FILENAME_TOKEN self.assertEqual(s, e)
def test_clean_fuzzable_request_simple(self): u = 'http://w3af.org/' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/' self.assertEqual(s, e)
def test_clean_fuzzable_request_file(self): u = 'http://w3af.org/index.php' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/%s.php' % FILENAME_TOKEN self.assertEqual(s, e)
def test_clean_fuzzable_request_int_str_empty(self): u = 'http://w3af.org/index.php?id=2&foo=bar&spam=' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/index.php?id=number&foo=string&spam=string' self.assertEqual(s, e)
def test_clean_fuzzable_request_directory_parent_path(self): u = 'http://w3af.org/spam/foo/' s = clean_fuzzable_request(fr(URL(u))) e = u'(GET)-http://w3af.org/spam/%s/' % PATH_TOKEN self.assertEqual(s, e)