def test_reader(self):
handler = XmlRpcReadHandler()
xml.sax.parseString(XML_WITH_FUZZABLE, handler)
EXPECTED = [(u'string', [u'Foo bar']), (u'base64', [u'Spam eggs'])]
self.assertEqual(handler.get_data_container().items(), EXPECTED)
def test_writer(self):
handler = XmlRpcReadHandler()
xml.sax.parseString(XML_WITH_FUZZABLE, handler)
data_container = handler.get_data_container()
payload = '<script>alert(1)</script>'
data_container['string'][0] = payload
handler = XmlRpcWriteHandler(data_container)
fuzzed = XML_WITH_FUZZABLE.replace('Foo bar', cgi.escape(payload))
xml.sax.parseString(XML_WITH_FUZZABLE, handler)
self.assertEqual(handler.fuzzed_xml_string, fuzzed)