YfdZddlZeeddeeejdz ZeeddZGddZGdd Z dS) zF Helpers for URI and method injection tests. @see: U{CVE-2019-12387} Nasciic*eZdZdZdZdZdZdZdS)MethodInjectionTestsMixina9 A mixin that runs HTTP method injection tests. Define L{MethodInjectionTestsMixin.attemptRequestWithMaliciousMethod} in a L{twisted.trial.unittest.SynchronousTestCase} subclass to test how HTTP client code behaves when presented with malicious HTTP methods. @see: U{CVE-2019-12387} ct)z Attempt to send a request with the given method. This should synchronously raise a L{ValueError} if either is invalid. @param method: the method (e.g. C{GET}) @param uri: the URI @type method: NotImplementedErrorselfmethods S/var/www/html/env/lib/python3.11/site-packages/twisted/web/test/injectionhelpers.py!attemptRequestWithMaliciousMethodz;MethodInjectionTestsMixin.attemptRequestWithMaliciousMethods"###c|t5}d}||dddn #1swxYwY|t |jddS)z Issuing a request with a method that contains a carriage return and line feed fails with a L{ValueError}. sGET X-Injected-Header: valueN^Invalid method) assertRaises ValueErrorr assertRegexstr exception)r cmr s rtest_methodWithCLRFRejectedz5MethodInjectionTestsMixin.test_methodWithCLRFRejected(s   z * * ;b7F  2 26 : : : ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; R\**,=>>>>>?AAc tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)z Issuing a request with a method that contains unprintable ASCII characters fails with a L{ValueError}. GET%sNr)UNPRINTABLE_ASCII bytearrayrrrrrrr cr rs r'test_methodWithUnprintableASCIIRejectedzAMethodInjectionTestsMixin.test_methodWithUnprintableASCIIRejected2s # C CAA3 11F"":.. ?"66v>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?   S..0A B B B B  C CAA !A c tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)zx Issuing a request with a method that contains non-ASCII characters fails with a L{ValueError}. rNr)NONASCIIrrrrrrrrs rtest_methodWithNonASCIIRejectedz9MethodInjectionTestsMixin.test_methodWithNonASCIIRejected=s  C CAA3 11F"":.. ?"66v>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?   S..0A B B B B  C Cr"N)__name__ __module__ __qualname____doc__rrr!r%rrrrsb $ $ $??? C C C C C C C Crrc<eZdZdZdZdZdZdZdZdZ dZ d S) URIInjectionTestsMixina A mixin that runs HTTP URI injection tests. Define L{MethodInjectionTestsMixin.attemptRequestWithMaliciousURI} in a L{twisted.trial.unittest.SynchronousTestCase} subclass to test how HTTP client code behaves when presented with malicious HTTP URIs. ct)z Attempt to send a request with the given URI. This should synchronously raise a L{ValueError} if either is invalid. @param uri: the URI. @type method: r r s rattemptRequestWithMaliciousURIz5URIInjectionTestsMixin.attemptRequestWithMaliciousURIRs"###rc|t5}d}||dddn #1swxYwY|t |jddS)z Issuing a request with a URI whose host contains a carriage return and line feed fails with a L{ValueError}. shttp://twisted .invalid/pathN ^Invalid URIrrr.rrrr ruris rtest_hostWithCRLFRejectedz0URIInjectionTestsMixin.test_hostWithCRLFRejected]   z * * 5b4C  / / 4 4 4 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 R\**N;;;;;rc tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)z Issuing a request with a URI whose host contains unprintable ASCII characters fails with a L{ValueError}. http://twisted%s.invalid/OKNr0rrrrr.rrrr r r3rs r)test_hostWithWithUnprintableASCIIRejectedz@URIInjectionTestsMixin.test_hostWithWithUnprintableASCIIRejectedg # @ @A0IqcNN3DDC"":.. 9"33C888 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9   S.. ? ? ? ?  @ @r"c tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)z{ Issuing a request with a URI whose host contains non-ASCII characters fails with a L{ValueError}. r7Nr0r$rrrr.rrrr9s rtest_hostWithNonASCIIRejectedz4URIInjectionTestsMixin.test_hostWithNonASCIIRejectedr  @ @A0IqcNN3DDC"":.. 9"33C888 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9   S.. ? ? ? ?  @ @r"c|t5}d}||dddn #1swxYwY|t |jddS)z Issuing a request with a URI whose path contains a carriage return and line feed fails with a L{ValueError}. shttp://twisted.invalid/ pathNr0r1r2s rtest_pathWithCRLFRejectedz0URIInjectionTestsMixin.test_pathWithCRLFRejected}r5rc tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)z Issuing a request with a URI whose path contains unprintable ASCII characters fails with a L{ValueError}. http://twisted.invalid/OK%sNr0r8r9s r)test_pathWithWithUnprintableASCIIRejectedz@URIInjectionTestsMixin.test_pathWithWithUnprintableASCIIRejectedr;r"c tD]}dt|gfz}|t5}||dddn #1swxYwY|t |jddS)z{ Issuing a request with a URI whose path contains non-ASCII characters fails with a L{ValueError}. rCNr0r=r9s rtest_pathWithNonASCIIRejectedz4URIInjectionTestsMixin.test_pathWithNonASCIIRejectedr?r"N) r&r'r(r)r.r4r:r>rArDrFr*rrr,r,Is $ $ $<<< @ @ @ @ @ @<<< @ @ @ @ @ @ @ @rr,) r)string frozensetranger printablerr$rr,r*rrrKs  IeeAsmm,,yy If((00 9UU3__ % %6C6C6C6C6C6C6C6CrR@R@R@R@R@R@R@R@R@R@r