Permalink
Browse files

Tests for crlf and code injection (#195)

  • Loading branch information...
rnehra01 authored and afeena committed Aug 22, 2017
1 parent d2bea46 commit 3f1473126de5310234db751ced99749e4efd72a0
Showing with 46 additions and 0 deletions.
  1. +21 −0 tanner/tests/test_crlf.py
  2. +25 −0 tanner/tests/test_php_code_injetion.py
View
@@ -0,0 +1,21 @@
import asyncio
import unittest
from tanner.emulators import crlf
class TestCRLF(unittest.TestCase):
def setUp(self):
self.loop = asyncio.new_event_loop()
self.handler = crlf.CRLFEmulator()
def test_scan(self):
attack = 'foo \r\n Set-Cookie : id=0'
assert_result = dict(name='crlf', order=2)
result = self.handler.scan(attack)
self.assertEqual(result, assert_result)
def test_handle(self):
attack_params = [dict(id='foo', value='bar \r\n Set-Cookie : id=0')]
assert_result = {'foo' : 'bar \r\n Set-Cookie : id=0'}
result = self.loop.run_until_complete(self.handler.handle(attack_params, None))
self.assertEqual(result['headers'], assert_result)
@@ -0,0 +1,25 @@
import asyncio
import unittest
from tanner.emulators import php_code_injection
class TestPHPCodeInjection(unittest.TestCase):
def setUp(self):
self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(None)
self.handler = php_code_injection.PHPCodeInjection(loop=self.loop)
def test_scan(self):
attack = '; phpinfo();'
assert_result = dict(name='php_code_injection', order=3)
result = self.handler.scan(attack)
self.assertEqual(result, assert_result)
def test_handle_status_code(self):
async def mock_get_injection_results(code):
return None
self.handler.get_injection_result = mock_get_injection_results
attack_params = [dict(id='foo', value=';sleep(50);')]
assert_result = dict(status_code = 504)
result = self.loop.run_until_complete(self.handler.handle(attack_params))
self.assertEqual(result, assert_result)

0 comments on commit 3f14731

Please sign in to comment.