示例#1
0
    def test_reader(self):
        handler = XmlRpcReadHandler()
        xml.sax.parseString(XML_WITH_FUZZABLE, handler)

        EXPECTED = [(u'string', [u'Foo bar']), (u'base64', [u'Spam eggs'])]

        self.assertEqual(handler.get_data_container().items(), EXPECTED)
示例#2
0
    def test_writer(self):
        handler = XmlRpcReadHandler()
        xml.sax.parseString(XML_WITH_FUZZABLE, handler)

        data_container = handler.get_data_container()
        payload = '<script>alert(1)</script>'
        data_container['string'][0] = payload

        handler = XmlRpcWriteHandler(data_container)

        fuzzed = XML_WITH_FUZZABLE.replace('Foo bar', cgi.escape(payload))

        xml.sax.parseString(XML_WITH_FUZZABLE, handler)
        self.assertEqual(handler.fuzzed_xml_string, fuzzed)