def test_non_executable_context(): html = """<html> <frameset> <frame src="top.html" /> <frame src="bottom.html" /> </frameset> injection </html>""" assert get_context_list(html, "injection") == [] html = """<html> <frameset> <frame src="top.html" /> <frame src="injection" /> </frameset> </html>""" assert get_context_list(html, "injection") == [ { "type": "attrval", "name": "src", "tag": "frame", "events": set(), "separator": '"', "non_exec_parent": "frameset", "special_attributes": {"src"} } ]
def test_payload_requirements(): code = '<input type="hidden" value="injected"/>' context_list = get_context_list(code, "injected") assert context_list[0]["special_attributes"] == {"type=hidden"} with pytest.raises(RuntimeError): # Requirement not met due to type being "hidden" meet_requirements(["!style", "type!=hidden"], context_list[0]["special_attributes"]) code = '<input type="text" value="injected" style="imgroot" />' context_list = get_context_list(code, "injected") assert context_list[0]["special_attributes"] == {"style", "type=text"} with pytest.raises(RuntimeError): # Requirement not met due to style being present meet_requirements(["!style", "type!=hidden"], context_list[0]["special_attributes"]) code = '<input type="text" value="injected"/>' context_list = get_context_list(code, "injected") assert context_list[0]["special_attributes"] == {"type=text"} # Requirement met as input type is not "hidden" and style is missing assert meet_requirements(["!style", "type!=hidden"], context_list[0]["special_attributes"]) is "" code = '<input value="injected"/>' context_list = get_context_list(code, "injected") # Requirement met as there is no special attributes to make our life harder assert "special_attributes" not in context_list[0] assert meet_requirements(["!style", "type!=hidden"], []) is ""
def test_multiple_contexts(): html = """<html> <head><title>Hello injection</title> <body> <a href="injection">General Kenobi</a> <!-- injection --> <input type=checkbox injection /> <noscript><b>injection</b></noscript> </body> </html>""" assert get_context_list(html, "injection") == [ {'non_exec_parent': 'title', 'parent': 'title', 'type': 'text'}, { 'events': set(), 'name': 'href', 'non_exec_parent': '', 'separator': '"', 'tag': 'a', 'type': 'attrval', "special_attributes": {"href"} }, {'non_exec_parent': '', 'parent': 'body', 'type': 'comment'}, { 'events': set(), 'name': 'injection', 'non_exec_parent': '', 'tag': 'input', 'type': 'attrname', "special_attributes": {"type=checkbox"} }, {'non_exec_parent': 'noscript', 'parent': 'b', 'type': 'text'} ]
def test_different_separator_contexts(): html = """<html> <body> <a href="injection">Hello there</a> <a href='injection2'>General Kenobi</a> </body> </html>""" assert get_context_list(html, "injection") == [ { "type": "attrval", "name": "href", "tag": "a", "events": set(), "separator": "\"", "non_exec_parent": "", "special_attributes": {"href"} }, { "type": "attrval", "name": "href", "tag": "a", "events": set(), "separator": "'", "non_exec_parent": "", "special_attributes": {"href"} } ]
def test_title_context(): html = """<html> <head><title><strong>injection</strong></title> <body> </body> </html>""" assert get_context_list(html, "injection") == [ {"non_exec_parent": "title", "parent": "strong", "type": "text"} ]
def test_partial_tagname_context(): html = """<html> <head> <body> <noinjection>Hello there<noinjection> </body> </html>""" assert get_context_list(html, "injection") == [ {"non_exec_parent": "", "type": "tag", "value": "noinjection", "events": set()} ]
def test_tagname_context(): html = """<html> <head><title>Hello there</title> <body> <injection type=text name=username /> </body> </html>""" assert get_context_list(html, "injection") == [ {"non_exec_parent": "", "type": "tag", "value": "injection", "events": set()} ]
def test_comment_in_noscript_context(): html = """<html> <head><title>Hello there</title> <body> <noscript> <textarea> <!-- <a href="injection">General Kenobi</a> --> <textarea> </noscript> </body> </html>""" assert get_context_list(html, "injection") == [ {"non_exec_parent": "noscript", "parent": "textarea", "type": "comment"} ]
def test_attr_value_single_quote_and_event_context(): html = """<html> <head><title>Hello there</title> <body> <a href='injection' onclick='location.href="index.html"';>General Kenobi</a> </body> </html>""" assert get_context_list(html, "injection") == [{ "non_exec_parent": "", "tag": "a", "name": "href", "type": "attrval", "separator": "'", "events": {"onclick"}, "special_attributes": {"href"} }]
def test_attrname_context(): html = """<html> <head><title>Hello there</title> <body> <noembed> <input type=checkbox injection/> </noembed> </body> </html>""" assert get_context_list(html, "injection") == [{ "non_exec_parent": "noembed", "tag": "input", "type": "attrname", "name": "injection", "events": set(), "special_attributes": {"type=checkbox"} }]
def test_noscript_context(): html = """<html> <head><title>Hello there</title> <body> <noscript> <textarea> <a href="injection">General Kenobi</a> <textarea> </noscript> </body> </html>""" assert get_context_list(html, "injection") == [{ "non_exec_parent": "noscript", "tag": "a", "name": "href", "type": "attrval", "separator": "\"", "events": set(), "special_attributes": {"href"} }]
def test_get_context_bug_2(): html = """<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="lt" lang="lt"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Yolo.lt</title> <meta name="viewport" content="width=device-width, minimum-scale=1"> <meta name="keywords" content="" /> <meta name="description" content="Yolo.lt" /> <meta name="SKYPE_TOOLBAR" content="SKYPE_TOOLBAR_PARSER_COMPATIBLE" /> <meta property="og:title" content="Yolo.lt" /> <meta property="og:site_name" content="Yolo.lt" /> <meta property="og:description" content="Yolo.lt" /> <meta property="og:type" content="article" /> <meta property="og:locale" content="lt_LT" /> <meta property="og:url" content="https://yolo/?q=zozo&dispatch=products.search%2F" /> <link rel="shortcut icon" type="image/x-icon" href="https://yolo/styles/plop/images/favicon.ico" /> <base href="https://yolo/" /> <!--[if lt IE 9]> <script type="text/javascript" src="https://yolo/js/pie-1.0b4/pie.js" defer="defer"></script> <![endif]--> <!--[if lt IE 7]> <link rel="stylesheet" href="https://yolo/styles/common/iefix_lt7.css" type="text/css" media="all" /> <link rel="stylesheet" href="https://yolo/styles/plop/css/iefix_lt7.css" type="text/css" media="all" /> <![endif]--> <!--[if gte IE 7]> <link rel="stylesheet" href="https://yolo/styles/common/iefix_gte7.css" type="text/css" media="all" /> <link rel="stylesheet" href="https://yolo/styles/plop/css/iefix_gte7.css" type="text/css" media="all" /> <![endif]--> <script src="https://yolo/js/min/js_default_03648614_2359bbe0_b08282d9.php" type="text/javascript"></script> <link rel="alternate" hreflang="en" href="https://yolo/en/?q=zozo&dispatch=products.search%2F" /> <link rel="alternate" hreflang="ru" href="https://yolo/ru/?q=zozo&dispatch=products.search%2F" /> <link rel="alternate" hreflang="lv" href="https://yolo/lv/?q=zozo&dispatch=products.search%2F" /> <link rel="alternate" hreflang="ee" href="https://yolo/ee/?q=zozo&dispatch=products.search%2F" /> </head> <body id="template_body_col_1" class="body_col_1 body_col_1_lt b0 page-index main index" data-base-currency='EUR'> <div id="awholder"> <div id="content-wrap"> <div id="header-wrap" class="content-wrap"> <div id="header" class="container_60"> <a id="logo" class="a0" href="https://yolo/" title="Elektroninė parduotuvė"> <picture> <source type="image/webp" srcset="https://yolo/styles/plop/images/logo.png.webp"> <source type="image/png" srcset="https://yolo/styles/plop/images/logo.png"> <img src="https://yolo/styles/plop/images/logo.png" alt="Yolo.lt" /> </picture> </a> <div id="shop-slogan" class="hidden-xs hidden-sm"> </div> <div id="main-search" class="hidden-xs"> <form action="https://yolo/paieska" method="get" id="main_search_form"> <input id="main" class="fl input" type="text" name="q" value="zozo" placeholder="zozo" /> <div id="search-suggestion" class="search-suggestion dnn bg0 p5"></div> <a id="main-search-submit" href="javascript:;"><span>Truc</span></a> </form> </div> </div> </div> </div> </div> </body> </html>""" assert get_context_list(html, "zozo") == [ { 'events': set(), 'name': 'content', 'non_exec_parent': '', 'separator': '"', 'tag': 'meta', 'type': 'attrval' }, { 'events': set(), 'name': 'href', 'non_exec_parent': '', 'separator': '"', 'special_attributes': {'href', 'rel=alternate'}, 'tag': 'link', 'type': 'attrval' }, { 'events': set(), 'name': 'value', 'non_exec_parent': '', 'separator': '"', 'special_attributes': {'type=text'}, 'tag': 'input', 'type': 'attrval' }, { 'events': set(), 'name': 'placeholder', 'non_exec_parent': '', 'separator': '"', 'special_attributes': {'type=text'}, 'tag': 'input', 'type': 'attrval' } ]
def test_get_context_bug(): # From a webpage that caused bugs html = """<!DOCTYPE html> <html> <head> <meta charset='utf-8'> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="publisher" content=" "> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> <meta name="msvalidate.01" content="" /> <title>yolo GmbH</title> <link rel="canonical" href="https://shop.yolo.com"> <link rel="alternate" href="https://shop.yolo.com" hreflang="de" /> <base href="https://shop.yolo.com/"> <link href="https://shop.yolo.com/favicon.ico" rel="shortcut icon"> </head> <body> <div id="header"> <div id="header_container"> <div class="top_header"> <a href='shop.php?SessID=id' id='logo' title='Startseite'> <img src='benutzerdaten/400529/shop/layout/headline.png?1609952588' class='mobile_show'></a> <ul class='top_navi mobile_hide' style='width:100%'> <li><a class='popup_toggle ' href="index.php?page=AGB&SessID=id">AGB</a></li> <li><a class='popup_toggle ' href="index.php?page=Shop&SessID=id">Shop</a></li> </ul> <div class='top_navi_lang mobile_hide' style='display:none;'> <div id='sprachauswahl'><span class='bold'>Sprache: </span> <div class='placeholder'> <a href="javascript:void(0);" class="click_toggle">deutsch</a> <div class="click_div slide_down popup"> <a class="active" href='/ad.php?SessID=id&redirect_searchstring=zozo&do=changelanguage'> <img src='images/flaggen/de.png' target='_top' /><span>deutsch</span></a> <a href='/ad.php?SessID=id&redirect_searchstring=zozo&do=changelanguage'>i <img src='images/flaggen/en.png' target='_top' /><span>englisch</span></a> <a href='/administration.php?SessID=id&redirect_searchstring=zozo&do=changelanguage'> <img src='images/flaggen/pl.png' target='_top' /><span>polnisch</span></a> </div> </div> </div> </div> <div class="clear"></div> </div> </div> </div> <div id='wrapper'> <div id="column_center" class="column_center content_container hide_both"> <div class='loginTypes row flex-stretch'> <div class='col-12 col-lg-6'> <form action=administration.php method=post class='styledForm'> <input type=hidden name=SessID value=id> <input type=hidden name=action value=login> <input type=hidden name=redirect value=search3> <input type=hidden name=redirect_searchstring value="zozo"> </form> </div> <div class='col-12 col-lg-6 flex-space-between'> <div class='contentBlock'> <div class='row header'>Neuer Kunde <div class='headerIcon'><i id='openTextNewCustomer' class="fa fa-info-circle"></i></div> </div> <div class='row'> <div class='col-full'> <input onClick="javascript:location.href = 'n.php?SessID=id&redirect_searchstring=zozo';" class='large' type=button value='Plop'></div> </div> </div> </div> </div> </div> </div> </div> <div class='template_footer' style='max-width:none;'> <div class='footer-content'> <div class='template_footer_row'> <ul class='template_footer_container'> <span class='template_footer_head'><div class='user_content'>Rechtliches</div></span> <div id='sprachauswahl'><span class='bold'>Sprache: </span> <div class='placeholder'> <a href="javascript:void(0);" class="click_toggle">deutsch</a> <div class="click_div slide_down popup"> <a class="active" href='/ad.php?SessID=id&redirect_searchstring=zozo&do=changelanguage'> <img src='images/flaggen/de.png' target='_top' /><span>deutsch</span></a> <a href='/administration.php?SessID=id&redirect_searchstring=zozo&do=changelanguage'> <img src='images/flaggen/en.png' target='_top' /><span>englisch</span></a> <a href='/administration.php?SessID=id&&redirect_searchstring=zozo&do=changelanguage'> <img src='images/flaggen/pl.png' target='_top' /><span>polnisch</span></a> </div> </div> </div> </div> </ul> </div> </div> </div> </body> </html>""" assert get_context_list(html, "zozo") == [ { 'events': set(), 'name': 'href', 'non_exec_parent': '', 'separator': "'", 'special_attributes': {'href'}, 'tag': 'a', 'type': 'attrval' }, { 'events': set(), 'name': 'value', 'non_exec_parent': '', 'separator': '"', 'special_attributes': {'type=hidden'}, 'tag': 'input', 'type': 'attrval' }, { 'events': {'onclick'}, 'name': 'onclick', 'non_exec_parent': '', 'separator': '"', 'special_attributes': {'type=button'}, 'tag': 'input', 'type': 'attrval' } ]