本文整理汇总了Python中w3af.core.data.parsers.utils.form_params.FormParameters.add_input方法的典型用法代码示例。如果您正苦于以下问题:Python FormParameters.add_input方法的具体用法?Python FormParameters.add_input怎么用?Python FormParameters.add_input使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.parsers.utils.form_params.FormParameters的用法示例。
在下文中一共展示了FormParameters.add_input方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_keep_sync
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_keep_sync(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("type", "text")])
form_params.add_input([("name", "pwd"), ("type", "password")])
form = Form(form_params)
self.assertNotIn('address', form_params)
self.assertNotIn('address', form)
# Add to the form_params
form_params['address'] = ['']
self.assertIn('address', form_params)
self.assertIn('address', form)
# Add to the Form object
form['company'] = ['']
self.assertIn('company', form_params)
self.assertIn('company', form)
# Del from the Form object
del form['address']
self.assertNotIn('address', form)
self.assertNotIn('address', form_params)
# Del from the FormParams object
del form_params['company']
self.assertNotIn('company', form)
self.assertNotIn('company', form_params)示例2: test_mutant_creation_repeated_parameter_name
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_mutant_creation_repeated_parameter_name(self):
form_params = FormParameters()
form_params.add_input([("name", "id"), ("value", "")])
form_params.add_input([("name", "id"), ("value", "")])
form = URLEncodedForm(form_params)
freq = FuzzableRequest(URL('http://w3af.com/?foo=3'), post_data=form,
method='GET')
created_mutants = PostDataMutant.create_mutants(freq, self.payloads, [],
False,
self.fuzzer_config)
expected_dcs = ['id=def&id=3419',
'id=3419&id=def',
'id=3419&id=abc',
'id=abc&id=3419']
created_dcs = [str(i.get_dc()) for i in created_mutants]
self.assertEqual(set(created_dcs), set(expected_dcs))
token = created_mutants[0].get_token()
self.assertEqual(token.get_name(), 'id')
self.assertEqual(token.get_original_value(), '')
token = created_mutants[2].get_token()
self.assertEqual(token.get_name(), 'id')
self.assertEqual(token.get_original_value(), '')
for m in created_mutants:
self.assertIsInstance(m, PostDataMutant)
for m in created_mutants:
self.assertEqual(m.get_method(), 'GET')示例3: from_postdata
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def from_postdata(cls, headers, post_data):
if not MultipartContainer.is_multipart(headers):
raise ValueError('No multipart content-type header.')
environ = {'REQUEST_METHOD': 'POST'}
try:
fs = cgi.FieldStorage(fp=StringIO.StringIO(post_data),
headers=headers.to_dict(), environ=environ)
except ValueError:
raise ValueError('Failed to create MultipartContainer.')
else:
# Please note that the FormParameters is just a container for
# the information.
#
# When the FuzzableRequest is sent the framework calls get_data()
# which returns a string version of this object, properly encoded
# using multipart/form-data
#
# To make sure the web application properly decodes the request, we
# also include the headers in get_headers() which include the
# boundary
form_params = FormParameters()
for key in fs.list:
if key.filename is None:
form_params.add_input([('name', key.name),
('type', 'text'),
('value', key.file.read())])
else:
form_params.set_file_name(key.name, key.filename)
form_params.add_file_input([('name', key.name)])
return cls(form_params)示例4: create_form_params_helper
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def create_form_params_helper(form_data):
"""
Creates a dc.Form object from a dict container
:param form_data: A list containing dicts representing a form's
internal structure
:return: A dc.Form object from `form_data`
"""
new_form_params = FormParameters()
for elem_data in form_data:
elem_type = elem_data['tagname']
attrs = elem_data.items()
if elem_type == 'input':
_type = elem_data['type']
if _type == 'radio':
new_form_params.add_radio(attrs)
elif _type == 'checkbox':
new_form_params.add_check_box(attrs)
elif _type in ('text', 'hidden'):
new_form_params.add_input(attrs)
elif elem_type == 'select':
new_form_params.add_select(elem_data['name'], elem_data['options'])
return new_form_params示例5: create_vuln
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def create_vuln(self):
v = super(FileUploadTemplate, self).create_vuln()
form_params = FormParameters()
for file_var in self.file_vars:
form_params.add_file_input([("name", file_var), ("type", "file")])
for token in self.data.iter_tokens():
if token.get_name() in self.file_vars:
continue
form_params.add_input([("name", token.get_value()),
("type", "text")])
mpc = MultipartContainer(form_params)
freq = FuzzableRequest(self.url, method=self.method, post_data=mpc)
mutant = PostDataMutant(freq)
mutant.set_dc(mpc)
mutant.set_token((self.vulnerable_parameter, 0))
# User configured settings
v['file_vars'] = self.file_vars
v['file_dest'] = self.file_dest
v.set_mutant(mutant)
return v示例6: test_login_form_utils
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_login_form_utils(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("type", "text")])
form_params.add_input([("name", "pwd"), ("type", "password")])
form = Form(form_params)
self.assertTrue(form.is_login_form())
self.assertFalse(form.is_registration_form())
self.assertFalse(form.is_password_change_form())
self.assertEqual(form.get_parameter_type_count(), (1, 1, 0))
user_token, pass_token = form.get_login_tokens()
self.assertEqual(user_token.get_name(), 'username')
self.assertEqual(pass_token.get_name(), 'pwd')
self.assertEqual(user_token.get_value(), '')
self.assertEqual(pass_token.get_value(), '')
form.set_login_username('andres')
self.assertEqual(form['username'][0], 'andres')
self.assertEqual(form['pwd'][0], '')
form.set_login_username('pablo')
form.set_login_password('long-complex')
self.assertEqual(form['username'][0], 'pablo')
self.assertEqual(form['pwd'][0], 'long-complex')
self.assertIs(form.get_form_params(), form_params)示例7: test_login_form_utils
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_login_form_utils(self):
form = FormParameters()
form.add_input([("name", "username"), ("type", "text")])
form.add_input([("name", "pwd"), ("type", "password")])
self.assertTrue(form.is_login_form())
self.assertFalse(form.is_registration_form())
self.assertFalse(form.is_password_change_form())
self.assertEqual(form.get_parameter_type_count(), (1, 1, 0))示例8: test_sent_post_data
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_sent_post_data(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", """d'z"0""")])
form_params.add_input([("name", "address"), ("value", "")])
form = dc_from_form_params(form_params)
f = FuzzableRequest(URL('http://example.com/'), post_data=form)
self.assertTrue(f.sent('d%5C%27z%5C%220'))示例9: create_simple_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def create_simple_fuzzable_request(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)示例10: test_cpickle_simple
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_cpickle_simple(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("type", "text")])
form_params.add_input([("name", "pwd"), ("type", "password")])
form = Form(form_params)
pickled_form = cPickle.loads(cPickle.dumps(form))
self.assertEqual(pickled_form.items(), form.items())示例11: upload_file
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def upload_file(self, _file):
form_params = FormParameters()
form_params.add_file_input([("name", "uploadedfile")])
form_params.add_input([("name", "MAX_FILE_SIZE"), ("type", "hidden"), ("value", "10000")])
mpc = MultipartContainer(form_params)
mpc["uploadedfile"][0] = _file
resp = self.opener.POST(self.MOTH_FILE_UP_URL, data=str(mpc), headers=Headers(mpc.get_headers()))
self.assertIn("was successfully uploaded", resp.get_body())示例12: test_form_copy
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_form_copy(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("type", "text")])
form_params.add_input([("name", "pwd"), ("type", "password")])
form = Form(form_params)
form.set_token(('username', 0))
form_copy = copy.deepcopy(form)
self.assertEqual(form.get_token(), form_copy.get_token())
self.assertIsNot(None, form_copy.get_token())示例13: test_dc_from_form_params_without_files_nor_enctype
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_dc_from_form_params_without_files_nor_enctype(self):
form_params = FormParameters()
form_params.add_input([('name', 'a'),
('type', 'text'),
('value', 'bcd')])
urlencode_dc = dc_from_form_params(form_params)
self.assertIsInstance(urlencode_dc, URLEncodedForm)
self.assertEqual(urlencode_dc.get_file_vars(), [])
self.assertEqual(urlencode_dc['a'], ['bcd'])示例14: test_is_suitable
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_is_suitable(self):
# False because no cookie is set and no QS nor post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False because no cookie is set
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
url_sends_cookie = URL(
'http://moth/w3af/core/cookie_handler/set-cookie.php')
self.uri_opener.GET(url_sends_cookie)
# Still false because it doesn't have any QS or POST data
url = URL('http://moth/')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
self.csrf_plugin._strict_mode = True
# Still false because of the strict mode
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# False, no items in post-data
url = URL('http://moth/')
req = FuzzableRequest(url, method='POST', post_data=URLEncodedForm())
suitable = self.csrf_plugin._is_suitable(req)
self.assertFalse(suitable)
# True, items in DC, POST (passes strict mode) and cookies
url = URL('http://moth/')
form_params = FormParameters()
form_params.add_input([('name', 'test'), ('type', 'text')])
form = URLEncodedForm(form_params)
req = FuzzableRequest(url, method='POST', post_data=form)
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)
self.csrf_plugin._strict_mode = False
# True now that we have strict mode off, cookies and QS
url = URL('http://moth/?id=3')
req = FuzzableRequest(url, method='GET')
suitable = self.csrf_plugin._is_suitable(req)
self.assertTrue(suitable)示例15: test_upload_file_using_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import add_input [as 别名]
def test_upload_file_using_fuzzable_request(self):
form_params = FormParameters()
form_params.add_file_input([("name", "uploadedfile")])
form_params["uploadedfile"][0] = NamedStringIO("file content", name="test.txt")
form_params.add_input([("name", "MAX_FILE_SIZE"), ("type", "hidden"), ("value", "10000")])
mpc = MultipartContainer(form_params)
freq = FuzzableRequest(self.MOTH_FILE_UP_URL, post_data=mpc, method="POST")
resp = self.opener.send_mutant(freq)
self.assertIn("was successfully uploaded", resp.get_body())