File: test_filter.py

package info (click to toggle)
wfuzz 3.1.0-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,648 kB
  • sloc: python: 13,161; makefile: 59; sh: 4
file content (71 lines) | stat: -rw-r--r-- 2,559 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
import pytest


@pytest.mark.parametrize(
    "filter_string, expected_result",
    [
        ("h=28 or w=6 or l=2", True),
        ("r.params.get.param2='2'", True),
        ("r.headers.response.Location", "https://wfuzz.readthedocs.io/en/latest/"),
        ("r.headers.response.notthere", {}),
        ("r.params.get.notthere", {}),
        ("r.cookies.response.notthere", {}),
        ("r.cookies.response.notthere='something'", False),
        ("r.cookies.response.notthere~'something'", False),
        ("r.headers.request.Host", "www.wfuzz.org"),
        ("r.headers.request.host", "www.wfuzz.org"),
        ("r.headers.response.SeRVEr", "nginx/1.14.0 (Ubuntu)"),
        ("r.headers.response.server", "nginx/1.14.0 (Ubuntu)"),
        ("r.cookies.request.cookie1", "1"),
        ("r.cookies.request.cOOkiE1", "1"),
        ("r.cookies.response.name", "Nicholas"),
        ("r.cookies.response.nAMe", "Nicholas"),
        ("r.params.get.param1", "1"),
        ("r.params.get.pAraM1", "1"),
    ],
)
def test_filter_ret_values(
    filter_obj, example_full_fuzzres, filter_string, expected_result
):
    assert filter_obj.is_visible(example_full_fuzzres, filter_string) == expected_result


@pytest.mark.parametrize(
    "filter_string, expected_result",
    [
        ("r.headers.response.notthere", {}),
        ("r.params.get.notthere", {}),
        ("r.cookies.response.notthere", {}),
        ("r.cookies.response.notthere='something'", False),
    ],
)
def test_filter_ret_values_no_response(
    filter_obj, example_full_fuzzres_no_response, filter_string, expected_result
):
    assert (
        filter_obj.is_visible(example_full_fuzzres_no_response, filter_string)
        == expected_result
    )


@pytest.mark.parametrize(
    "filter_string, expected_result",
    [
        (
            "r.cookies.response.name|diff('test')",
            "--- prev\n\n+++ current\n\n@@ -1 +1 @@\n\n-test\n+Nicholas",
        ),
        ("r.cookies.response.nAMe|upper()", "NICHOLAS"),
        ("r.cookies.response.name|upper()", "NICHOLAS"),
        ("r.cookies.response.name|lower()", "nicholas"),
        ("r.cookies.response.name|startswith('N')", True),
        ("r.cookies.response.name|replace('N','n')", "nicholas"),
        ("'%2e%2e'|unquote()", ".."),
        ("'%2e%2f'|decode('urlencode')", "./"),
        ("'%%'|encode('urlencode')", "%25%25"),
    ],
)
def test_filter_operators(
    filter_obj, example_full_fuzzres, filter_string, expected_result
):
    assert filter_obj.is_visible(example_full_fuzzres, filter_string) == expected_result