本文整理汇总了Python中w3af.core.data.parsers.utils.form_params.FormParameters.set_action方法的典型用法代码示例。如果您正苦于以下问题:Python FormParameters.set_action方法的具体用法?Python FormParameters.set_action怎么用?Python FormParameters.set_action使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.parsers.utils.form_params.FormParameters
的用法示例。
在下文中一共展示了FormParameters.set_action方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _handle_go_tag_start
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def _handle_go_tag_start(self, tag, tag_name, attrs):
self._inside_form = True
method = attrs.get('method', 'GET').upper()
action = attrs.get('href', None)
if action is None:
action = self._source_url
else:
action = self._decode_url(action)
try:
action = self._base_url.url_join(action, encoding=self._encoding)
except ValueError:
# The URL in the action is invalid, the best thing we can do
# is to guess, and our best guess is that the URL will be the
# current one.
action = self._source_url
# Create the form
f = FormParameters(encoding=self._encoding,
attributes=attrs,
hosted_at_url=self._source_url)
f.set_method(method)
f.set_action(action)
self._forms.append(f)
示例2: create_simple_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def create_simple_fuzzable_request(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)
示例3: create_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def create_fuzzable_request(_id):
url_fmt = 'http://example.com/product/%s'
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.set_action(URL(url_fmt % _id))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)
示例4: test_clean_form_fuzzable_request_form
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_clean_form_fuzzable_request_form(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected = u'(POST)-http://example.com/?id=number!username=string&address=string'
self.assertEqual(self.vdb._clean_fuzzable_request(fr), expected)
示例5: _handle_form_tag_start
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def _handle_form_tag_start(self, tag, attrs):
"""
Handle the form tags.
This method also looks if there are "pending inputs" in the
self._saved_inputs list and parses them.
"""
SGMLParser._handle_form_tag_start(self, tag, attrs)
# Get the 'method'
method = attrs.get('method', 'GET').upper()
# Get the action
action = attrs.get('action', None)
missing_action = action is None
# Get the encoding
form_encoding = attrs.get('enctype', DEFAULT_FORM_ENCODING)
if missing_action:
action = self._source_url
else:
action = self._decode_url(action)
try:
action = self._base_url.url_join(action, encoding=self._encoding)
except ValueError:
# The URL in the action is invalid, the best thing we can do
# is to guess, and our best guess is that the URL will be the
# current one.
action = self._source_url
# Create the form object and store everything for later use
form_params = FormParameters(encoding=self._encoding)
form_params.set_method(method)
form_params.set_action(action)
form_params.set_form_encoding(form_encoding)
self._forms.append(form_params)
# Now I verify if there are any input tags that were found
# outside the scope of a form tag
for inputattrs in self._saved_inputs:
# Parse them just like if they were found AFTER the
# form tag opening
if isinstance(inputattrs, dict):
self._handle_input_tag_inside_form('input', inputattrs)
# All parsed, remove them.
self._saved_inputs = []
示例6: test_from_form_POST
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_from_form_POST(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
self.assertIs(fr.get_uri(), form.get_action())
self.assertIs(fr.get_raw_data(), form)
self.assertEqual(fr.get_method(), 'POST')
self.assertEqual(fr.get_uri().querystring, QueryString([('id', ['1'])]))
示例7: create_simple_filecontent_mutant
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def create_simple_filecontent_mutant(self, container_klass):
form_params = FormParameters()
form_params.set_method('POST')
form_params.set_action(self.url)
form_params.add_input([("name", "username"), ("value", "")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.add_file_input([("name", "file"), ("type", "file")])
form = container_klass(form_params)
freq = FuzzableRequest.from_form(form)
m = FileContentMutant(freq)
m.get_dc().set_token(('file', 0))
m.set_token_value('abc')
return m
示例8: test_from_form_default
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_from_form_default(self):
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/'))
# Without a method
#form_params.set_method('GET')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
expected_url = 'http://example.com/?username=abc&address='
self.assertEqual(fr.get_uri().url_string, expected_url)
self.assertEqual(fr.get_uri().querystring, 'username=abc&address=')
self.assertIsInstance(fr.get_uri().querystring, URLEncodedForm)
self.assertEqual(fr.get_method(), 'GET')
self.assertIsNot(fr.get_raw_data(), form)
示例9: test_store_fuzzable_request
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_store_fuzzable_request(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds = DiskSet()
ds.add(fr)
stored_fr = ds[0]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)
示例10: _handle_go_tag_start
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def _handle_go_tag_start(self, tag, attrs):
# Find method
method = attrs.get('method', 'GET').upper()
# Find action
action = attrs.get('href', '')
if action:
self._inside_form = True
action = unicode(self._base_url.url_join(action))
action = URL(self._decode_url(action),
encoding=self._encoding)
# Create the form
f = FormParameters(encoding=self._encoding)
f.set_method(method)
f.set_action(action)
self._forms.append(f)
else:
om.out.debug('WMLParser found a form without an action. '
'Javascript is being used.')
示例11: test_store_fuzzable_request_two
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_store_fuzzable_request_two(self):
ds = DiskSet()
# Add a simple fr, without post-data
fr = FuzzableRequest(URL('http://example.com/?id=1'))
ds.add(fr)
# Add a fr with post-data
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds.add(fr)
# Compare
stored_fr = ds[1]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)
示例12: test_generate_all
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_generate_all(self):
fuzzer_config = {'fuzz_form_files': True,
'fuzzed_files_extension': 'gif'}
form_params = FormParameters()
form_params.set_method('POST')
form_params.set_action(self.url)
form_params.add_input([("name", "username"), ("value", "")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.add_file_input([("name", "image"), ("type", "file")])
form = MultipartContainer(form_params)
freq = FuzzableRequest.from_form(form)
ph = 'w3af.core.data.constants.file_templates.file_templates.rand_alpha'
with patch(ph) as mock_rand_alpha:
mock_rand_alpha.return_value = 'upload'
generated_mutants = FileContentMutant.create_mutants(freq,
self.payloads,
[], False,
fuzzer_config)
self.assertEqual(len(generated_mutants), 2, generated_mutants)
_, file_payload_abc, _ = get_template_with_payload('gif', 'abc')
_, file_payload_def, _ = get_template_with_payload('gif', 'def')
file_abc = NamedStringIO(file_payload_abc, 'upload.gif')
file_def = NamedStringIO(file_payload_def, 'upload.gif')
form_1 = MultipartContainer(copy.deepcopy(form_params))
form_2 = MultipartContainer(copy.deepcopy(form_params))
form_1['image'] = [file_abc]
form_1['username'] = ['John8212']
form_1['address'] = ['Bonsai Street 123']
form_2['image'] = [file_def]
form_2['username'] = ['John8212']
form_2['address'] = ['Bonsai Street 123']
expected_forms = [form_1, form_2]
boundary = get_boundary()
noop = '1' * len(boundary)
expected_data = [encode_as_multipart(f, boundary) for f in expected_forms]
expected_data = set([s.replace(boundary, noop) for s in expected_data])
generated_forms = [m.get_dc() for m in generated_mutants]
generated_data = [str(f).replace(f.boundary, noop) for f in generated_forms]
self.assertEqual(expected_data, set(generated_data))
str_file = generated_forms[0]['image'][0].get_value()
self.assertIsInstance(str_file, NamedStringIO)
self.assertEqual(str_file.name[-4:], '.gif')
self.assertEqual(file_payload_abc, str_file)
str_file = generated_forms[1]['image'][0].get_value()
self.assertIsInstance(str_file, NamedStringIO)
self.assertEqual(str_file.name[-4:], '.gif')
self.assertEqual(file_payload_def, str_file)
self.assertIn('name="image"; filename="upload.gif"', generated_data[0])
示例13: test_set_action_url
# 需要导入模块: from w3af.core.data.parsers.utils.form_params import FormParameters [as 别名]
# 或者: from w3af.core.data.parsers.utils.form_params.FormParameters import set_action [as 别名]
def test_set_action_url(self):
f = FormParameters()
action = URL('http://www.google.com/')
f.set_action(action)
self.assertIs(f.get_action(), action)