def test_str(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
str_dc = str(dc)
self.assertEqual(str_dc, 'a=1&b=2&b=3')
self.assertIsInstance(str_dc, str)
dc = KeyValueContainer([(u'aaa', [''])])
self.assertEqual(str(dc), 'aaa=')
dc = KeyValueContainer([(u'aaa', ('', ''))])
self.assertEqual(str(dc), 'aaa=&aaa=')
def test_iter_bound_tokens(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
dcc_tokens = [(dcc, t) for dcc, t in dc.iter_bound_tokens()]
EXPECTED_TOKENS = [('a', '1'), ('b', '2'), ('b', '3')]
token_data = [(t.get_name(), t.get_value()) for dcc, t in dcc_tokens]
self.assertEqual(EXPECTED_TOKENS, token_data)
for dcc, _ in dcc_tokens:
self.assertIsInstance(dcc, KeyValueContainer)
self.assertEquals(dcc, dc)
self.assertEqual(str(dcc), 'a=1&b=2&b=3')
only_dcc = [dcc for dcc, t in dcc_tokens]
dcc = only_dcc[0]
token = dcc.get_token()
token.set_value('5')
self.assertEqual(str(dcc), 'a=5&b=2&b=3')
dcc = only_dcc[1]
token = dcc.get_token()
token.set_value('5')
self.assertEqual(str(dcc), 'a=1&b=5&b=3')
dcc = only_dcc[2]
token = dcc.get_token()
token.set_value('5')
self.assertEqual(str(dcc), 'a=1&b=2&b=5')
def test_iter_tokens(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
tokens = [t for t in dc.iter_tokens()]
EXPECTED_TOKENS = [('a', '1'), ('b', '2'), ('b', '3')]
token_data = [(t.get_name(), t.get_value()) for t in tokens]
self.assertEqual(EXPECTED_TOKENS, token_data)
def test_get_short_printable_repr_unicode_value_unicode(self):
dc = KeyValueContainer([(u'aéb', [u'céd']), (u'b', ['2', '3'])])
dc.MAX_PRINTABLE = 7
token = DataToken(u'aéb', u'céd', (u'aéb', 0))
dc.set_token(token)
self.assertEqual(dc.get_short_printable_repr(), '...a.b=c.d...')
def test_get_short_printable_repr_unicode_value(self):
dc = KeyValueContainer([(u'a', ['x']), (u'b', ['2', '3'])])
dc.MAX_PRINTABLE = 5
token = DataToken('a', 'é', ('a', 0))
dc.set_token(token)
self.assertEqual(dc.get_short_printable_repr(), '...a=....')
def __init__(self,
uri,
method='GET',
headers=None,
cookie=None,
post_data=None):
super(FuzzableRequest, self).__init__()
# Note: Do not check for the URI/Headers type here, since I'm doing it
# in set_uri() and set_headers() already.
if cookie is not None and not isinstance(cookie, Cookie):
raise TypeError(TYPE_ERROR % ('cookie', 'Cookie'))
if post_data is not None and not isinstance(post_data, DataContainer):
raise TypeError(TYPE_ERROR % ('post_data', 'DataContainer'))
# Internal variables
self._method = method
self._cookie = Cookie() if cookie is None else cookie
self._post_data = KeyValueContainer(
) if post_data is None else post_data
# Set the headers
self._headers = None
pheaders = Headers() if headers is None else headers
self.set_headers(pheaders)
# Set the URL
self._uri = None
self._url = None
self.set_uri(uri)
# Set the internal variables
self._sent_info_comp = None
def test_get_short_printable_repr_token_obj(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
token = DataToken('a', '1', ('a', 0))
dc.set_token(token)
self.assertIsNotNone(dc.get_token())
self.assertEqual(dc.get_short_printable_repr(), 'a=1&b=2&b=3')
def test_double_data_token_wrap(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['c', '3'])])
dc.set_token(('b', 1))
for dcc, token in dc.iter_bound_tokens():
self.assertIsInstance(token, DataToken)
self.assertIsInstance(token.get_value(), basestring)
def get_fuzzable_request(self):
headers = Headers([(u'Hello', u'World')])
post_data = KeyValueContainer(init_val=[('a', ['b'])])
url = URL('http://w3af.org')
return FuzzableRequest(url,
method='GET',
post_data=post_data,
headers=headers)
def test_get_short_printable_repr_token_obj_reduce_printable(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
dc.MAX_PRINTABLE = 5
token = DataToken('a', '1', ('a', 0))
dc.set_token(token)
self.assertIsNotNone(dc.get_token())
self.assertEqual(dc.get_short_printable_repr(), '...a=1...')
def test_clean_form_fuzzable_request(self):
fr = FuzzableRequest(URL("http://www.w3af.com/"),
headers=Headers([('Host', 'www.w3af.com')]),
method='POST',
post_data=KeyValueContainer(init_val=[('data', ['23'])]))
expected = u'(POST)-http://www.w3af.com/!data=number'
self.assertEqual(clean_fuzzable_request(fr), expected)
def test_basic(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
self.assertIn('a', dc)
self.assertIn('b', dc)
self.assertEqual(dc['a'], ['1'])
self.assertEqual(dc['b'], ['2', '3'])
def test_export_import_with_post_data(self):
dc = KeyValueContainer(init_val=[('a', ['1'])])
fr = FuzzableRequest(URL("http://www.w3af.com/"), post_data=dc)
self.assertEqual(fr.to_csv(), '"GET","http://www.w3af.com/","a=1"')
raise SkipTest('Failing because we do NOT export headers')
imported_fr = fr.from_csv(fr.to_csv())
self.assertEqual(imported_fr, fr)
def test_copy_with_token(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
dc.set_token(('a', 0))
dc_copy = copy.deepcopy(dc)
self.assertEqual(dc.get_token(), dc_copy.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_copy.get_token())
def create_simple_fuzzable_request(unique_id):
unique_id = str(unique_id)
url = URL('http://w3af.com/')
headers = Headers([(u'Hello', u'World')])
post_data = KeyValueContainer(init_val=[('a', [unique_id])])
return FuzzableRequest(url,
method='GET',
post_data=post_data,
headers=headers)
def test_set_token_using_data_token(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
token = DataToken('a', '1', ('a', 0))
set_token = dc.set_token(token)
self.assertEqual(dc.get_token().get_name(), 'a')
self.assertEqual(dc.get_token().get_value(), '1')
self.assertEqual(dc.get_token().get_path(), ('a', 0))
self.assertIs(dc.get_token(), token)
self.assertIs(set_token, token)
def test_dump_case02(self):
expected = u'\r\n'.join([u'GET http://w3af.com/a/b/c.php HTTP/1.1',
u'Hola: Múndo',
u'',
u'a=b'])
headers = Headers([(u'Hola', u'Múndo')])
post_data = KeyValueContainer(init_val=[('a', ['b'])])
fr = FuzzableRequest(self.url, method='GET', post_data=post_data,
headers=headers)
self.assertEqual(fr.dump(), expected.encode('utf-8'))
def test_dump_case03(self):
header_value = ''.join(chr(i) for i in xrange(256))
expected = u'\r\n'.join([u'GET http://w3af.com/a/b/c.php HTTP/1.1',
u'Hola: %s' % smart_unicode(header_value),
u'',
u'a=b'])
headers = Headers([(u'Hola', header_value)])
post_data = KeyValueContainer(init_val=[('a', ['b'])])
fr = FuzzableRequest(self.url, method='GET', post_data=post_data,
headers=headers)
self.assertEqual(fr.dump(), expected)
def test_dump_mangle(self):
fr = FuzzableRequest(URL('http://www.w3af.com/'),
headers=Headers([('Host', 'www.w3af.com')]))
expected = u'\r\n'.join([
u'GET http://www.w3af.com/ HTTP/1.1', u'Host: www.w3af.com', u'',
u''
])
self.assertEqual(fr.dump(), expected)
fr.set_method('POST')
fr.set_data(KeyValueContainer(init_val=[('data', ['23'])]))
expected = u'\r\n'.join([
u'POST http://www.w3af.com/ HTTP/1.1', u'Host: www.w3af.com', u'',
u'data=23'
])
self.assertEqual(fr.dump(), expected)
def test_iter_setters(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
kv_setter = [(k, v, p, s) for (k, v, p, s) in dc.iter_setters()]
EXPECTED_KEY_VALUES = [('a', '1', ('a', 0)), ('b', '2', ('b', 0)),
('b', '3', ('b', 1))]
kvp = [(key, value, path) for (key, value, path, _) in kv_setter]
self.assertEqual(EXPECTED_KEY_VALUES, kvp)
for idx, (key, value, path, setter) in enumerate(kv_setter):
if idx == 2:
setter('w')
self.assertEqual(str(dc), 'a=1&b=2&b=w')
SET_VALUES = ['x', 'y', 'z']
for idx, (key, value, path, setter) in enumerate(kv_setter):
setter(SET_VALUES[idx])
self.assertEqual(str(dc), 'a=x&b=y&b=z')
def test_unicode(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', u'3'])])
udc = unicode(dc)
self.assertEqual(udc, u'a=1&b=2&b=3')
self.assertIsInstance(udc, unicode)
def test_get_short_printable_repr_no_token(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
self.assertEqual(dc.get_short_printable_repr(), 'a=1&b=2&b=3')
def test_export_import_with_post_data(self):
dc = KeyValueContainer(init_val=[('a', ['1'])])
fr = FuzzableRequest(URL('http://www.w3af.com/'), post_data=dc)
imported_fr = FuzzableRequest.from_base64(fr.to_base64())
self.assertEqual(imported_fr, fr)
def test_is_variant_of_eq_keys_neq_value_types(self):
dc1 = KeyValueContainer([(u'a', ['1']), (u'b', ['c', '3'])])
dc2 = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
self.assertFalse(dc1.is_variant_of(dc2))
def test_set_token(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['2', '3'])])
token = dc.set_token(('a', 0))
self.assertEqual(token.get_name(), 'a')
self.assertEqual(token, dc['a'][0])
def test_str_special_chars(self):
dc = KeyValueContainer([(u'a', ['1']), (u'u', [u'Ú-ú-Ü-ü'])], 'latin1')
decoded_str = urllib.unquote(str(dc)).decode('latin-1')
self.assertEquals(u'a=1&u=Ú-ú-Ü-ü', decoded_str)
def test_double_data_token_wrap_set_set(self):
dc = KeyValueContainer([(u'a', ['1']), (u'b', ['c', '3'])])
token_1 = dc.set_token(('b', 1))
token_2 = dc.set_token(('b', 1))
self.assertIs(token_1, token_2)
