def test_secure_get_site(self): client = tutil.TestClient({ '/': u'''<html><form action="/post"> <input name="foo" /></form></html>''', '/post': header_site(lambda req: get_param(req.url, 'foo'), False) }) client.run_attack(webvulnscan.attacks.crlf) client.log.assert_count(0)
def test_csrf_protected_form(): token = tutil.random_token(8) return { '/': FORM_HTML % token, '/s': csrf_page(lambda req: get_param(req.url, 'text')) }
def test_url_vulnerable_site(self): client = tutil.TestClient({ '/': shell_emulation(lambda req: get_param(req.url, 'test')), }) client.run_attack(webvulnscan.attacks.exotic_characters, u'?test=a') client.log.assert_count(len(SHELL_CHARACTERS))
def test_clrf_secure_get_site(): return { '/': u'''<html><form action="./post"> <input name="foo" /></form></html>''', '/post': header_site(lambda req: get_param(req.url, 'foo'), False) }
def test_clrf_secure_url_site(): return { '/': header_site(lambda req: get_param(req.url, 'foo'), False) }
def test_clrf_vulnerable_url_site(): return { '/': header_site(lambda req: get_param(req.url, 'foo'), True) }
def test_csrf_protected_form(self): token = tutil.random_token(8) client = tutil.TestClient({"/": FORM_HTML % token, "/s": csrf_page(lambda req: get_param(req.url, "text"))}) client.run_attack(webvulnscan.attacks.csrf) client.log.assert_count(0)
def test_secure_url_site(self): client = tutil.TestClient({ '/': header_site(lambda req: get_param(req.url, 'foo'), False) }) client.run_attack(webvulnscan.attacks.crlf, u'?foo=bar') client.log.assert_count(0)
def test_exotic_characters_url_vulnerable_site(): return { '/': shell_emulation(lambda req: get_param(req.url, 'test')), }
def test_clrf_secure_url_site(): return {'/': header_site(lambda req: get_param(req.url, 'foo'), False)}
def test_clrf_vulnerable_url_site(): return {'/': header_site(lambda req: get_param(req.url, 'foo'), True)}