Merge pull request #3294 from elijahbal/master

Fix XSS scanner failure in test_xss_scanner.py

examples/complex/xss_scanner.py

@@ -37,9 +37,9 @@ Line: 1029zxcs'd"ao<ac>so[sb]po(pc)se;sl/bsl\eq=3847asd
 
 from html.parser import HTMLParser
 from typing import Dict, Union, Tuple, Optional, List, NamedTuple
-from socket import gaierror, gethostbyname
 from urllib.parse import urlparse
 import re
+import socket
 
 import requests
 
@@ -109,8 +109,8 @@ def find_unclaimed_URLs(body: str, requestUrl: bytes) -> None:
         url_parser = urlparse(url)
         domain = url_parser.netloc
         try:
-            gethostbyname(domain)
+            socket.gethostbyname(domain)
-        except gaierror:
+        except socket.gaierror:
             ctx.log.error("XSS found in %s due to unclaimed URL \"%s\"." % (requestUrl, url))
 
 

test/examples/test_xss_scanner.py

@@ -252,8 +252,7 @@ class TestXSSScanner():
                 self.text = html
         return MockResponse("<html></html>")
 
-    def test_test_end_of_url_injection(self, monkeypatch):
+    def test_test_end_of_url_injection(self, get_request_vuln):
-        monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln)
         xss_info = xss.test_end_of_URL_injection("<html></html>", "https://example.com/index.html", {})[0]
         expected_xss_info = xss.XSSData('https://example.com/index.html/1029zxcs\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\eq=3847asd',
                                         'End of URL',
@@ -263,8 +262,7 @@ class TestXSSScanner():
         assert xss_info == expected_xss_info
         assert sqli_info is None
 
-    def test_test_referer_injection(self, monkeypatch):
+    def test_test_referer_injection(self, get_request_vuln):
-        monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln)
         xss_info = xss.test_referer_injection("<html></html>", "https://example.com/", {})[0]
         expected_xss_info = xss.XSSData('https://example.com/',
                                         'Referer',
@@ -274,8 +272,7 @@ class TestXSSScanner():
         assert xss_info == expected_xss_info
         assert sqli_info is None
 
-    def test_test_user_agent_injection(self, monkeypatch):
+    def test_test_user_agent_injection(self, get_request_vuln):
-        monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln)
         xss_info = xss.test_user_agent_injection("<html></html>", "https://example.com/", {})[0]
         expected_xss_info = xss.XSSData('https://example.com/',
                                         'User Agent',
@@ -285,8 +282,8 @@ class TestXSSScanner():
         assert xss_info == expected_xss_info
         assert sqli_info is None
 
-    def test_test_query_injection(self, monkeypatch):
+    def test_test_query_injection(self, get_request_vuln):
-        monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln)
+
         xss_info = xss.test_query_injection("<html></html>", "https://example.com/vuln.php?cmd=ls", {})[0]
         expected_xss_info = xss.XSSData('https://example.com/vuln.php?cmd=1029zxcs\'d"ao<ac>so[sb]po(pc)se;sl/bsl\\eq=3847asd',
                                         'Query',
@@ -296,16 +293,8 @@ class TestXSSScanner():
         assert xss_info == expected_xss_info
         assert sqli_info is None
 
-    def mocked_socket_gethostbyname(domain):
+    @pytest.fixture(scope='function')
-        claimed_domains = ["google.com"]
+    def logger(self, monkeypatch):
-        if domain not in claimed_domains:
-            from socket import gaierror
-            raise gaierror("[Errno -2] Name or service not known")
-        else:
-            return '216.58.221.46'
-
-    @pytest.fixture
-    def logger(self):
         class Logger():
             def __init__(self):
                 self.args = []
@@ -315,12 +304,32 @@ class TestXSSScanner():
 
             def error(self, str):
                 self.args.append(str)
-        return Logger()
 
-    def test_find_unclaimed_URLs(self, monkeypatch, logger):
+        logger = Logger()
-        logger.args = []
         monkeypatch.setattr("mitmproxy.ctx.log", logger)
-        monkeypatch.setattr("socket.gethostbyname", self.mocked_socket_gethostbyname)
+        yield logger
+
+    @pytest.fixture(scope='function')
+    def get_request_vuln(self, monkeypatch):
+        monkeypatch.setattr(requests, 'get', self.mocked_requests_vuln)
+
+    @pytest.fixture(scope='function')
+    def get_request_invuln(self, monkeypatch):
+        monkeypatch.setattr(requests, 'get', self.mocked_requests_invuln)
+
+    @pytest.fixture(scope='function')
+    def mock_gethostbyname(self, monkeypatch):
+        def gethostbyname(domain):
+            claimed_domains = ["google.com"]
+            if domain not in claimed_domains:
+                from socket import gaierror
+                raise gaierror("[Errno -2] Name or service not known")
+            else:
+                return '216.58.221.46'
+
+        monkeypatch.setattr("socket.gethostbyname", gethostbyname)
+
+    def test_find_unclaimed_URLs(self, logger, mock_gethostbyname):
         xss.find_unclaimed_URLs("<html><script src=\"http://google.com\"></script></html>",
                                 "https://example.com")
         assert logger.args == []
@@ -329,14 +338,12 @@ class TestXSSScanner():
         assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
         xss.find_unclaimed_URLs("<html><iframe src=\"http://unclaimedDomainName.com\"></iframe></html>",
                                 "https://example.com")
-        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
+        assert logger.args[1] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
         xss.find_unclaimed_URLs("<html><link rel=\"stylesheet\" href=\"http://unclaimedDomainName.com\"></html>",
                                 "https://example.com")
-        assert logger.args[0] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
+        assert logger.args[2] == 'XSS found in https://example.com due to unclaimed URL "http://unclaimedDomainName.com".'
 
-    def test_log_XSS_data(self, monkeypatch, logger):
+    def test_log_XSS_data(self, logger):
-        logger.args = []
-        monkeypatch.setattr("mitmproxy.ctx.log", logger)
         xss.log_XSS_data(None)
         assert logger.args == []
         # self, url: str, injection_point: str, exploit: str, line: str
@@ -350,9 +357,7 @@ class TestXSSScanner():
         assert logger.args[3] == 'Suggested Exploit: String'
         assert logger.args[4] == 'Line: Line of HTML'
 
-    def test_log_SQLi_data(self, monkeypatch, logger):
+    def test_log_SQLi_data(self, logger):
-        logger.args = []
-        monkeypatch.setattr("mitmproxy.ctx.log", logger)
         xss.log_SQLi_data(None)
         assert logger.args == []
         xss.log_SQLi_data(xss.SQLiData('https://example.com',
@@ -371,11 +376,11 @@ class TestXSSScanner():
         # It only uses the request cookies
         assert xss.get_cookies(mocked_flow) == {"cookieName2": "cookieValue2"}
 
-    def test_response(self, monkeypatch, logger):
+    def test_response(self, get_request_invuln, logger):
-        logger.args = []
+        mocked_flow = tflow.tflow(
-        monkeypatch.setattr("mitmproxy.ctx.log", logger)
+            req=tutils.treq(path=b"index.html?q=1"),
-        monkeypatch.setattr(requests, 'get', self.mocked_requests_invuln)
+            resp=tutils.tresp(content=b'<html></html>')
-        mocked_flow = tflow.tflow(req=tutils.treq(path=b"index.html?q=1"), resp=tutils.tresp(content=b'<html></html>'))
+        )
         xss.response(mocked_flow)
         assert logger.args == []