本文整理汇总了Python中w3af.core.data.dc.factory.dc_from_form_params函数的典型用法代码示例。如果您正苦于以下问题:Python dc_from_form_params函数的具体用法?Python dc_from_form_params怎么用?Python dc_from_form_params使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了dc_from_form_params函数的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _extract_html_forms
def _extract_html_forms(self, resp, fuzzable_req):
"""
Parses the HTTP response body and extract HTML forms, resulting forms
are put() on the output queue.
"""
# Try to find forms in the document
try:
dp = parser_cache.dpc.get_document_parser_for(resp)
except BaseFrameworkException:
# Failed to find a suitable parser for the document
return
# Create one FuzzableRequest for each form variant
mode = cf.cf.get('form_fuzzing_mode')
for form_params in dp.get_forms():
# Form exclusion #15161
form_id_json = form_params.get_form_id().to_json()
om.out.debug('A new form was found! Form-id is: "%s"' % form_id_json)
if not self._should_analyze_url(form_params.get_action()):
continue
headers = fuzzable_req.get_headers()
for form_params_variant in form_params.get_variants(mode):
data_container = dc_from_form_params(form_params_variant)
# Now data_container is one of Multipart of URLEncoded form
# instances, which is a DataContainer. Much better than the
# FormParameters instance we had before in form_params_variant
r = FuzzableRequest.from_form(data_container, headers=headers)
self.output_queue.put(r)
示例2: _extract_html_forms
def _extract_html_forms(self, resp, fuzzable_req):
"""
Parses the HTTP response body and extract HTML forms, resulting forms
are put() on the output queue.
"""
# Try to find forms in the document
try:
dp = parser_cache.dpc.get_document_parser_for(resp)
except BaseFrameworkException:
# Failed to find a suitable parser for the document
return
same_domain = lambda f: f.get_action().get_domain() == \
resp.get_url().get_domain()
# Create one FuzzableRequest for each form variant
mode = cf.cf.get('form_fuzzing_mode')
for form_params in dp.get_forms():
if not same_domain(form_params):
continue
headers = fuzzable_req.get_headers()
for form_params_variant in form_params.get_variants(mode):
data_container = dc_from_form_params(form_params_variant)
# Now data_container is one of Multipart of URLEncoded form
# instances, which is a DataContainer. Much better than the
# FormParameters instance we had before in form_params_variant
r = FuzzableRequest.from_form(data_container, headers=headers)
self.output_queue.put(r)
示例3: test_sent_post_data
def test_sent_post_data(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", """d'z"0""")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form = dc_from_form_params(form_params)
f = FuzzableRequest(URL('http://example.com/'), post_data=form)
self.assertTrue(f.sent('d%5C%27z%5C%220'))
示例4: create_simple_fuzzable_request
def create_simple_fuzzable_request(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)
示例5: create_fuzzable_request
def create_fuzzable_request(_id):
url_fmt = 'http://example.com/product/%s'
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.set_action(URL(url_fmt % _id))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)
示例6: test_dc_from_form_params_without_files_nor_enctype
def test_dc_from_form_params_without_files_nor_enctype(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
urlencode_dc = dc_from_form_params(form_params)
self.assertIsInstance(urlencode_dc, URLEncodedForm)
self.assertEqual(urlencode_dc.get_file_vars(), [])
self.assertEqual(urlencode_dc['a'], ['bcd'])
示例7: test_clean_form_fuzzable_request_form
def test_clean_form_fuzzable_request_form(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected = u'(POST)-http://example.com/?id=number!username=string&address=string'
self.assertEqual(self.vdb._clean_fuzzable_request(fr), expected)
示例8: test_dc_from_form_params_without_files_with_multipart_enctype
def test_dc_from_form_params_without_files_with_multipart_enctype(self):
form_params = FormParameters()
form_params.set_form_encoding('multipart/form-data')
form_params.add_field_by_attr_items([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
mpdc = dc_from_form_params(form_params)
self.assertIsInstance(mpdc, MultipartContainer)
self.assertEqual(mpdc.get_file_vars(), [])
self.assertEqual(mpdc['a'], ['bcd'])
示例9: test_dc_from_form_params_with_files
def test_dc_from_form_params_with_files(self):
form_params = FormParameters()
form_params.set_file_name('b', 'hello.txt')
form_params.add_file_input([('name', 'b')])
form_params.add_input([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
mpdc = dc_from_form_params(form_params)
self.assertIsInstance(mpdc, MultipartContainer)
self.assertEqual(mpdc.get_file_vars(), ['b'])
self.assertEqual(mpdc['a'], ['bcd'])
示例10: test_from_form_POST
def test_from_form_POST(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
self.assertIs(fr.get_uri(), form.get_action())
self.assertIs(fr.get_raw_data(), form)
self.assertEqual(fr.get_method(), 'POST')
self.assertEqual(fr.get_uri().querystring, QueryString([('id', ['1'])]))
示例11: test_from_form_default
def test_from_form_default(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/'))
# Without a method
#form_params.set_method('GET')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected_url = 'http://example.com/?username=abc&address='
self.assertEqual(fr.get_uri().url_string, expected_url)
self.assertEqual(fr.get_uri().querystring, 'username=abc&address=')
self.assertIsInstance(fr.get_uri().querystring, URLEncodedForm)
self.assertEqual(fr.get_method(), 'GET')
self.assertIsNot(fr.get_raw_data(), form)
示例12: test_store_fuzzable_request
def test_store_fuzzable_request(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds = DiskSet()
ds.add(fr)
stored_fr = ds[0]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)
示例13: test_form_with_invalid_enctype
def test_form_with_invalid_enctype(self):
body = """
<html>
<form action="" method="get" enctype="ilove/bugs">
<input type="text" name="test" value="hello">
<input type="submit" name="submit">
</form>
</html>"""
r = build_http_response(self.url, body)
p = RaiseHTMLParser(r)
p.parse()
self.assertEqual(len(p.forms), 1)
form = p.forms[0]
self.assertEqual(form.get_method(), 'GET')
self.assertIsInstance(form, FormParameters)
self.assertEqual(form.get_form_encoding(), 'ilove/bugs')
# But it translates to url-encoded form afterwards
dc = dc_from_form_params(form)
self.assertIsInstance(dc, URLEncodedForm)
示例14: test_store_fuzzable_request_two
def test_store_fuzzable_request_two(self):
ds = DiskSet()
# Add a simple fr, without post-data
fr = FuzzableRequest(URL('http://example.com/?id=1'))
ds.add(fr)
# Add a fr with post-data
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds.add(fr)
# Compare
stored_fr = ds[1]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)