File: test_prefilter_mangle.py

package info (click to toggle)
wfuzz 3.1.0-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,648 kB
  • sloc: python: 13,161; makefile: 59; sh: 4
file content (81 lines) | stat: -rw-r--r-- 2,702 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
import pytest


@pytest.mark.parametrize(
    "fuzzres_from_url, filter_string, expected_result",
    [
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.url=+'test'",
            "http://www.wfuzz.org/path?param=1&param2=2test",
        ),
        ("http://www.wfuzz.org/path?param=1&param2=2", "r.url:='test'", "http://test/"),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.url=-'test'",
            "testhttp://www.wfuzz.org/path?param=1&param2=2",
        ),
    ],
    indirect=["fuzzres_from_url"],
)
def test_url_set(filter_obj, fuzzres_from_url, filter_string, expected_result):
    filter_obj.is_visible(fuzzres_from_url, filter_string)
    assert fuzzres_from_url.history.url == expected_result


@pytest.mark.parametrize(
    "fuzzres_from_url, filter_string, expected_result",
    [("http://www.wfuzz.org/path?param", "r.params.all=+'test'", {"param": None})],
    indirect=["fuzzres_from_url"],
)
def test_params_set_no_value(
    filter_obj, fuzzres_from_url, filter_string, expected_result
):
    filter_obj.is_visible(fuzzres_from_url, filter_string)
    assert fuzzres_from_url.history.params.get == expected_result


@pytest.mark.parametrize(
    "fuzzres_from_url, filter_string, expected_result",
    [
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.get.param=+'test'",
            {"param": "1test", "param2": "2"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.get.param=-'test'",
            {"param": "test1", "param2": "2"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.all=+'2'",
            {"param": "12", "param2": "22"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.all:='2'",
            {"param": "2", "param2": "2"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.get.notthere=-'2'",
            {"param": "1", "param2": "2"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.get.notthere=+'2'",
            {"param": "1", "param2": "2"},
        ),
        (
            "http://www.wfuzz.org/path?param=1&param2=2",
            "r.params.get.notthere:='2'",
            {"notthere": "2", "param": "1", "param2": "2"},
        ),
    ],
    indirect=["fuzzres_from_url"],
)
def test_params_set(filter_obj, fuzzres_from_url, filter_string, expected_result):
    filter_obj.is_visible(fuzzres_from_url, filter_string)
    assert fuzzres_from_url.history.params.all == expected_result