External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 21:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/fuzz/component/body_test.go
Tarun Koyalwar e88889b263
add -dast flag and multiple bug fixes for dast templates (#4941) 
* add default get method

* remove residual payload logic from old implementation

* fuzz: clone current state of component

* fuzz: bug fix stacking of payloads in multiple mode

* improve stdout template loading stats

* stdout: force display warnings if no templates are loaded

* update flags in README.md

* quote non-ascii chars in extractor output

* aws request signature can only be used in signed & verified tmpls

* deprecate request signature

* remove logic related to deprecated fuzzing input

* update test to use ordered params

* fix interactsh-url lazy eval: #4946

* output: skip unnecessary updates when unescaping

* updates as per requested changes
2024-03-29 13:31:30 +05:30

176 lines
4.5 KiB
Go
Raw Permalink Blame History

package component
import (
"bytes"
"io"
"mime/multipart"
"strings"
"testing"
"github.com/projectdiscovery/retryablehttp-go"
urlutil "github.com/projectdiscovery/utils/url"
"github.com/stretchr/testify/require"
)
func TestBodyComponent(t *testing.T) {
req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(`{"foo":"bar"}`))
if err != nil {
t.Fatal(err)
}
req.Header.Set("Content-Type", "application/json")
body := New(RequestBodyComponent)
_, err = body.Parse(req)
if err != nil {
t.Fatal(err)
}
var keys []string
var values []string
_ = body.Iterate(func(key string, value interface{}) error {
keys = append(keys, key)
values = append(values, value.(string))
return nil
})
require.Equal(t, []string{"foo"}, keys, "unexpected keys")
require.Equal(t, []string{"bar"}, values, "unexpected values")
_ = body.SetValue("foo", "baz")
rebuilt, err := body.Rebuild()
if err != nil {
t.Fatal(err)
}
newBody, err := io.ReadAll(rebuilt.Body)
if err != nil {
t.Fatal(err)
}
require.Equal(t, `{"foo":"baz"}`, string(newBody), "unexpected body")
}
func TestBodyXMLComponent(t *testing.T) {
var body = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><stockCheck><productId>1</productId><storeId>1</storeId></stockCheck>"
req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(body))
if err != nil {
t.Fatal(err)
}
req.Header.Set("Content-Type", "application/xml")
bodyComponent := New(RequestBodyComponent)
parsed, err := bodyComponent.Parse(req)
if err != nil {
t.Fatal(err)
}
require.True(t, parsed, "could not parse body")
_ = bodyComponent.SetValue("stockCheck~productId", "2'6842")
rebuilt, err := bodyComponent.Rebuild()
if err != nil {
t.Fatal(err)
}
newBody, err := io.ReadAll(rebuilt.Body)
if err != nil {
t.Fatal(err)
}
require.Equal(t, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><stockCheck><productId>2'6842</productId><storeId>1</storeId></stockCheck>", string(newBody), "unexpected body")
}
func TestBodyFormComponent(t *testing.T) {
formData := urlutil.NewOrderedParams()
formData.Set("key1", "value1")
formData.Set("key2", "value2")
req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(formData.Encode()))
if err != nil {
t.Fatal(err)
}
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
body := New(RequestBodyComponent)
_, err = body.Parse(req)
if err != nil {
t.Fatal(err)
}
var keys []string
var values []string
_ = body.Iterate(func(key string, value interface{}) error {
keys = append(keys, key)
values = append(values, value.(string))
return nil
})
require.ElementsMatch(t, []string{"key1", "key2"}, keys, "unexpected keys")
require.ElementsMatch(t, []string{"value1", "value2"}, values, "unexpected values")
_ = body.SetValue("key1", "updatedValue1")
rebuilt, err := body.Rebuild()
if err != nil {
t.Fatal(err)
}
newBody, err := io.ReadAll(rebuilt.Body)
if err != nil {
t.Fatal(err)
}
require.Equal(t, "key1=updatedValue1&key2=value2", string(newBody), "unexpected body")
}
func TestMultiPartFormComponent(t *testing.T) {
formData := &bytes.Buffer{}
writer := multipart.NewWriter(formData)
// Hypothetical form fields
_ = writer.WriteField("username", "testuser")
_ = writer.WriteField("password", "testpass")
contentType := writer.FormDataContentType()
_ = writer.Close()
req, err := retryablehttp.NewRequest("POST", "https://example.com", formData)
if err != nil {
t.Fatal(err)
}
req.Header.Set("Content-Type", contentType)
body := New(RequestBodyComponent)
_, err = body.Parse(req)
if err != nil {
t.Fatal(err)
}
var keys []string
var values []string
_ = body.Iterate(func(key string, value interface{}) error {
keys = append(keys, key)
values = append(values, value.(string))
return nil
})
require.ElementsMatch(t, []string{"username", "password"}, keys, "unexpected keys")
require.ElementsMatch(t, []string{"testuser", "testpass"}, values, "unexpected values")
// Update a value in the form
_ = body.SetValue("password", "updatedTestPass")
rebuilt, err := body.Rebuild()
if err != nil {
t.Fatal(err)
}
newBody, err := io.ReadAll(rebuilt.Body)
if err != nil {
t.Fatal(err)
}
// Check if the body contains the updated multipart form data
require.Contains(t, string(newBody), "updatedTestPass", "unexpected body content")
require.Contains(t, string(newBody), "username", "unexpected body content")
require.Contains(t, string(newBody), "testuser", "unexpected body content")
}
Reference in New Issue View Git Blame Copy Permalink