New test: regular expressions are not applied to HTML responses to ex…

…tract URLs
andresriancho · Nov 27, 2019 · 9e994a9 · 9e994a9
1 parent 1597775
commit 9e994a9
Showing 1 changed file with 36 additions and 2 deletions.
diff --git a/w3af/plugins/tests/audit/test_file_upload.py b/w3af/plugins/tests/audit/test_file_upload.py
@@ -107,7 +107,7 @@ class TestParseOutputFromUpload(PluginTest):
           </form>
           """
 
-    RESULT = """Thanks for uploading your file to <a href='/uploads/foo.png'>x</a>"""
+    RESULT = """Thanks for uploading your file to <a href='/uploads1/foo.png'>x</a>"""
 
     image_content = 'PNG' + 'B' * 239
 
@@ -122,7 +122,7 @@ class TestParseOutputFromUpload(PluginTest):
                            content_type='text/html',
                            method='POST', status=200),
 
-              MockResponse(url=target_url + 'uploads/foo.png',
+              MockResponse(url=target_url + 'uploads1/foo.png',
                            body=image_content,
                            content_type='image/png',
                            method='GET', status=200),
@@ -162,3 +162,37 @@ def test_parse_response(self):
         v = fu_vulns[0]
         self.assertEquals(v.get_name(), 'Insecure file upload')
         self.assertEquals(str(v.get_url().get_domain_path()), self.target_url)
+
+
+class TestRegexOutputFromUpload(TestParseOutputFromUpload):
+
+    target_url = u'http://w3af.org/'
+
+    FORM = """\
+          <form enctype="multipart/form-data" action="upload" method="POST">
+              <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
+              Choose a file to upload: <input name="uploadedfile" type="file" /><br />
+              <input type="submit" value="Upload File" />
+          </form>
+          """
+
+    RESULT = "Thanks for uploading your file to <pre>../../hackable/uploads/foo.png</pre>"
+
+    image_content = 'PNG' + 'B' * 239
+
+    MOCK_RESPONSES = [
+              MockResponse(url=target_url,
+                           body=FORM,
+                           content_type='text/html',
+                           method='GET', status=200),
+
+              MockResponse(url=target_url + 'upload',
+                           body=RESULT,
+                           content_type='text/html',
+                           method='POST', status=200),
+
+              MockResponse(url=target_url + 'hackable/uploads/foo.png',
+                           body=image_content,
+                           content_type='image/png',
+                           method='GET', status=200),
+    ]