Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

contribution at 14-07-2020 #18645

Open
wants to merge 46 commits into
base: develop
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
bf12c08
ignore __pychace__/ and another script file pattern (for tests)
Q-back May 4, 2020
fa7f743
automatically marked slow and deprecated tests, added pytest.ini
Q-back May 8, 2020
3c26cf1
added pytest to tests requirements
Q-back May 8, 2020
50cb5a5
brought back FormInputSubmitStrategy, better alghoritm of discovering…
Q-back May 12, 2020
13a5d0d
fix _handle_authentication_success breaking parent's functionality in…
Q-back May 12, 2020
e04104f
revert enabling FormInputSubmitStrategy from pre-previous commit
Q-back May 12, 2020
389646d
new options in autocomplete_js to manually provide username/submit bu…
Q-back May 13, 2020
52b8f39
don't create new chrome instance when running autocomplete_js.has_act…
Q-back May 13, 2020
2192ca5
fix after rebase
Q-back May 13, 2020
1723b6b
reloading chrome when checking active session may break the session
Q-back May 21, 2020
b81b71d
implemented _login_using_existing_form
Q-back May 21, 2020
d4b6531
fix iterate error in frame manager, don't kill chrome in autocomplete…
Q-back Jun 1, 2020
25a1125
better description for new params in autocomplete_js
Q-back Jun 3, 2020
888eea6
sometimes login button doesn't contain 'log' characters in it's text,…
Q-back Jun 3, 2020
27ede04
add option to click on element before autocompleting form
Q-back Jun 4, 2020
b76cf07
deleted conftest.py from root directory
Q-back Jun 5, 2020
c68a45a
remove unused pytest imports
Q-back Jun 8, 2020
f92a9ae
marked other failing tests
Q-back Jun 8, 2020
04ec9bc
added tests to docs
Q-back Jun 8, 2020
5854763
fix error when user provides CSS selectors with quotes. Slightly bett…
Q-back Jun 9, 2020
0b8b3f0
fix UnicodeDecodeError when parsing openapi spec
Q-back Jun 10, 2020
2e88cc2
fix request error when not required array param in open_api spec
Q-back Jun 10, 2020
8d520bc
fix error when empty list was returned by querySelectorAll to Instrum…
Q-back Jun 10, 2020
8cbbfa9
Merge branch 'fix/tests' into holm-master
Q-back Jun 15, 2020
ad54e10
Merge branch 'upstream-develop' into holm-master
Q-back Jun 18, 2020
fddafa2
Merge remote-tracking branch 'upstream/feature/improve-autocomplete_j…
Q-back Jun 23, 2020
ea9e923
fix typo in pytestmark
Q-back Jun 19, 2020
5e49d49
function-based plugin runner
Q-back Jun 19, 2020
9eb78c7
test runner class-based, prepared css selector test
Q-back Jun 22, 2020
d5a54f7
mocking network in plugin_runner, autocomplete_js reports CSS selecto…
Q-back Jun 24, 2020
82710b5
cleanup plugin testing code
Q-back Jun 24, 2020
470ba5e
Few comments about the code
Q-back Jun 25, 2020
766a16b
create new kb instance every time kb fixture is used
Q-back Jun 25, 2020
b517f04
Merge branch 'feature/improve-report-autocomplete_js' into 'holm-master'
Jun 25, 2020
69ab174
SOAP plugin
Jul 14, 2020
6de1323
Merge branch 'feature/soap-plugin' into 'holm-master'
Jul 14, 2020
3dc8fc3
added Zeep to requirements
Q-back Jul 20, 2020
7f9f578
refactored soap plugin to wsdl_parser
Q-back Aug 14, 2020
6a6e5be
fixed DocumentParser process hanging for too long, fixed potential pi…
Q-back Aug 26, 2020
e9b5713
improve NetworkPatcher() context manager, added @patch_network decorator
Q-back Sep 17, 2020
fafed41
skip tests using internet
Q-back Sep 21, 2020
a81845f
refactored wsdl to force zeep using w3af http_client, extended_urllib…
Q-back Sep 30, 2020
2d12caa
fixed test_cache
Q-back Oct 1, 2020
c3e0eec
submit strategy error will be saved to debug logs instead of error lo…
Q-back Oct 5, 2020
1a063e2
ZeepTransport will save requests it performs, added get_fuzzable_requ…
Q-back Oct 5, 2020
48b1545
report possible fuzzable requests from document parsers
Q-back Oct 6, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix request error when not required array param in open_api spec
Q-back committed Jun 10, 2020
commit 2e88cc21c6aa483ccae772061376b6a26848af33
2 changes: 2 additions & 0 deletions w3af/core/data/parsers/doc/open_api/requests.py
Original file line number Diff line number Diff line change
@@ -184,6 +184,8 @@ def get_uri(self):
continue

if param_def.param_spec['type'] == 'array':
if not parameters[param_name] and not param_def.required:
continue
parameters[param_name] = parameters[param_name][0]

if parameters:
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Swagger Petstore",
"description": "A sample API that uses a petstore as an example to demonstrate features in the swagger-2.0 specification",
"termsOfService": "http://swagger.io/terms/",
"contact": {
"name": "Swagger API Team"
},
"license": {
"name": "MIT"
}
},
"host": "petstore.swagger.io",
"basePath": "/api",
"schemes": [
"http"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/pets": {
"post": {
"description": "Add multiple pets",
"operationId": "addMultiplePets",
"produces": [
"application/json"
],
"parameters": [
{
"name": "pets",
"in": "query",
"description": "array with pets to add",
"required": false,
"type": "array",
"items": {}
}
],
"responses": {
"200": {
"description": "pet response",
"schema": {
"$ref": "#/definitions/Pet"
}
}
}
}
}
},
"definitions": {
"Pet": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
},
"tag": {
"type": "string"
}
}
}
}
}
19 changes: 19 additions & 0 deletions w3af/core/data/parsers/doc/open_api/tests/test_requests.py
Original file line number Diff line number Diff line change
@@ -20,6 +20,7 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

"""
import json
import unittest

from w3af.core.data.parsers.doc.url import URL
@@ -312,6 +313,24 @@ def test_array_with_model_items_param_in_json(self):
self.assertEqual(fuzzable_request.get_headers(), e_headers)
self.assertEqual(fuzzable_request.get_data(), e_data)

def test_array_param_not_required_in_json(self):
"""
Regression test when param type is array and param is not required.
Param must be in query, not in body.
"""
test_spec_filename = (
'w3af/core/data/parsers/doc/open_api/tests/data/array_not_required_model_items.json'
)
with open(test_spec_filename, 'r') as file_:
specification_as_string = file_.read()

http_response = self.generate_response(specification_as_string)
handler = SpecificationHandler(http_response)
data = [item for item in handler.get_api_information()]
for spec_obj in data:
factory = RequestFactory(*spec_obj)
req = factory.get_fuzzable_request()

def test_model_param_nested_allOf_in_json(self):
specification_as_string = NestedModel().get_specification()
http_response = self.generate_response(specification_as_string)