async def test_no_crash(): persister = FakePersister() request = Request("http://127.0.0.1:65085/empty.html") request.path_id = 1 persister.requests.append(request) request = Request( "http://127.0.0.1:65085/empty.html?foo=bar", post_params=[["x", "y"]], file_params=[["file", ("fname", "content", "text/plain")]]) request.path_id = 2 persister.requests.append(request) crawler = AsyncCrawler("http://127.0.0.1:65085/") options = {"timeout": 10, "level": 2} logger = Mock() module = mod_file(crawler, persister, logger, options, Event()) module.do_post = False for request in persister.requests: await module.attack(request) assert True await crawler.close()
async def test_warning_false_positive(): persister = FakePersister() request = Request("http://127.0.0.1:65085/inclusion.php?yolo=warn&f=toto") request.path_id = 42 crawler = AsyncCrawler("http://127.0.0.1:65085/") options = {"timeout": 10, "level": 2} logger = Mock() module = mod_file(crawler, persister, logger, options, Event()) module.do_post = False await module.attack(request) assert persister.vulnerabilities == [("f", "/etc/services")] await crawler.close()
def test_warning_false_positive(): persister = FakePersister() request = Request("http://127.0.0.1:65080/inclusion.php?yolo=warn&f=toto") request.path_id = 42 persister.requests.append(request) crawler = Crawler("http://127.0.0.1:65080/") options = {"timeout": 10, "level": 2} logger = Mock() module = mod_file(crawler, persister, logger, options) module.do_post = False for __ in module.attack(): pass assert persister.vulnerabilities == [("f", "/etc/services")]
async def test_warning_false_positive(): persister = AsyncMock() request = Request("http://127.0.0.1:65085/inclusion.php?yolo=warn&f=toto") request.path_id = 42 crawler = AsyncCrawler("http://127.0.0.1:65085/") options = {"timeout": 10, "level": 2} module = mod_file(crawler, persister, options, Event()) module.do_post = False await module.attack(request) assert persister.add_payload.call_count == 1 assert [ "f", "/etc/services" ] in persister.add_payload.call_args_list[0][1]["request"].get_params await crawler.close()
async def test_inclusion_detection(): # Will also test false positive detection persister = AsyncMock() request = Request("http://127.0.0.1:65085/inclusion.php?yolo=nawak&f=toto") request.path_id = 42 crawler = AsyncCrawler("http://127.0.0.1:65085/") options = {"timeout": 10, "level": 2} module = mod_file(crawler, persister, options, Event()) module.do_post = False await module.attack(request) assert persister.add_payload.call_count == 1 assert persister.add_payload.call_args_list[0][1]["module"] == "file" assert persister.add_payload.call_args_list[0][1]["category"] == _( "Path Traversal") assert [ "f", "/etc/services" ] in persister.add_payload.call_args_list[0][1]["request"].get_params await crawler.close()
def test_no_crash(): persister = FakePersister() request = Request("http://127.0.0.1:65080/empty.html") request.path_id = 1 persister.requests.append(request) request = Request("http://127.0.0.1:65080/empty.html?foo=bar", post_params=[["x", "y"]], file_params=[["file", ["fname", "content"]]]) request.path_id = 2 persister.requests.append(request) crawler = Crawler("http://127.0.0.1:65080/") options = {"timeout": 10, "level": 2} logger = Mock() module = mod_file(crawler, persister, logger, options) module.do_post = False for __ in module.attack(): pass assert True