def test_form_with_plus_value(self): """ This test verifies that a fix for the bug identified while scanning demo.testfire.net is still working as expected. The issue was that the site had a form that looked like: <form action="/xyz"> <intput name="foo" value="bar+spam" type="hidden"> <intput name="eggs" type="text"> ... </form> And when trying to send a request to that form the "+" in the value was sent as %20. The input was an .NET's EVENTVALIDATION thus it was impossible to find any bugs in the "eggs" parameter. Please note that this is just a partial test, since there is much more going on in w3af than just creating a form and encoding it. A functional test for this issue can be found at test_special_chars.py """ form_with_plus = [{ 'tagname': 'input', 'name': 'foo', 'type': 'hidden', 'value': 'bar+spam' }, { 'tagname': 'input', 'name': 'eggs', 'type': 'text' }] form = URLEncodedForm(create_form_params_helper(form_with_plus)) self.assertEqual(str(form), 'eggs=&foo=bar%2Bspam')
def test_form_with_plus_value(self): """ This test verifies that a fix for the bug identified while scanning demo.testfire.net is still working as expected. The issue was that the site had a form that looked like: <form action="/xyz"> <intput name="foo" value="bar+spam" type="hidden"> <intput name="eggs" type="text"> ... </form> And when trying to send a request to that form the "+" in the value was sent as %20. The input was an .NET's EVENTVALIDATION thus it was impossible to find any bugs in the "eggs" parameter. Please note that this is just a partial test, since there is much more going on in w3af than just creating a form and encoding it. A functional test for this issue can be found at test_special_chars.py """ form_with_plus = [{'tagname': 'input', 'name': 'foo', 'type': 'hidden', 'value': 'bar+spam'}, {'tagname': 'input', 'name': 'eggs', 'type': 'text'}] form = URLEncodedForm(create_form_params_helper(form_with_plus)) self.assertEqual(str(form), 'eggs=&foo=bar%2Bspam')
def test_form_str_simple(self): form_data = [{'tagname': 'input', 'type': 'text', 'name': 'abc', 'value': '123'}] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), 'abc=123')
def test_form_str_special_chars_1(self): form_data = [{'tagname': 'input', 'type': 'text', 'name': 'abc', 'value': '1"2'}] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), 'abc=1%222')
def test_form_str_simple_2(self): form_data = [ {"tagname": "input", "type": "text", "name": "abc", "value": "123"}, {"tagname": "input", "type": "hidden", "name": "def", "value": "000"}, ] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), "abc=123&def=000")
def test_form_str_special_chars_1(self): form_data = [{ 'tagname': 'input', 'type': 'text', 'name': 'abc', 'value': '1"2' }] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), 'abc=1%222')
def test_form_str_simple(self): form_data = [{ 'tagname': 'input', 'type': 'text', 'name': 'abc', 'value': '123' }] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), 'abc=123')
def test_form_str_special_chars_2(self): form_data = [ {"tagname": "input", "type": "text", "name": "v", "value": "áéíóú"}, {"tagname": "input", "type": "hidden", "name": "c", "value": "ñçÑÇ"}, ] form_params = create_form_params_helper(form_data) form_params.add_field_by_attrs({"name": "address", "value": "bsas"}) form = URLEncodedForm(form_params) self.assertEqual(urllib.unquote(str(form)).decode("utf-8"), u"c=ñçÑÇ&address=bsas&v=áéíóú")
def test_form_str_special_chars_2(self): form_data = [{'tagname': 'input', 'type': 'text', 'name': 'v', 'value': 'áéíóú'}, {'tagname': 'input', 'type': 'hidden', 'name': 'c', 'value': 'ñçÑÇ'}] form_params = create_form_params_helper(form_data) form_params.add_submit('address', 'bsas') form = URLEncodedForm(form_params) self.assertEqual(urllib.unquote(str(form)).decode('utf-8'), u'c=ñçÑÇ&address=bsas&v=áéíóú')
def test_form_str_special_chars_2(self): form_data = [{ 'tagname': 'input', 'type': 'text', 'name': 'v', 'value': 'áéíóú' }, { 'tagname': 'input', 'type': 'hidden', 'name': 'c', 'value': 'ñçÑÇ' }] form_params = create_form_params_helper(form_data) form_params.add_field_by_attrs({'name': 'address', 'value': 'bsas'}) form = URLEncodedForm(form_params) self.assertEqual( urllib.unquote(str(form)).decode('utf-8'), u'c=ñçÑÇ&address=bsas&v=áéíóú')
def test_form_str_radio_select(self): form_dict = form_with_radio + form_with_checkbox + form_select_cars form = URLEncodedForm(create_form_params_helper(form_dict)) self.assertEqual(str(form), 'cars=volvo&vehicle=Bike&sex=male')
def test_form_str_radio_select(self): form_dict = form_with_radio + form_with_checkbox + form_select_cars form = URLEncodedForm(create_form_params_helper(form_dict)) self.assertEqual(str(form), 'cars=fiat&vehicle=Bike&sex=male')
def test_form_str_simple(self): form_data = [{"tagname": "input", "type": "text", "name": "abc", "value": "123"}] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), "abc=123")
def test_form_str_special_chars_1(self): form_data = [{"tagname": "input", "type": "text", "name": "abc", "value": '1"2'}] form = URLEncodedForm(create_form_params_helper(form_data)) self.assertEqual(str(form), "abc=1%222")