Commit Graph

2049 Commits

Author SHA1 Message Date
Maximilian Hils
5c0be1de4a
Merge pull request #3448 from cript0nauta/master
Fix command injection vulnerability when exporting to curl or httpie
2019-11-16 12:03:34 +01:00
Michael McKeirnan
a6e8b930c9 Adding raw_request and raw_response to export
This is a proposed change for
https://github.com/mitmproxy/mitmproxy/issues/3701 which alters the
behavior of a raw http export to include both the request and the
response. Additionally, this introduces two new export options
"raw_request" and "raw_response" which allow for exporting the raw HTTP
request or response individually.
2019-11-16 01:20:50 -08:00
Maximilian Hils
248034c528 tests++ 2019-11-15 21:17:29 +01:00
Maximilian Hils
484e099eb1 test coverage++ 2019-11-15 20:57:03 +01:00
Henrique M. D
021a141521
Merge branch 'master' into fix-command-bar-issue-3259 2019-11-15 13:59:57 -05:00
Henrique
8972250167 Removed the custom lexer in favor of using pyparsing. 2019-11-15 13:07:12 -05:00
Maximilian Hils
698f7e2e17
Merge pull request #3420 from rjt-gupta/multipart-fix
multipart-fix
2019-11-15 19:04:47 +01:00
Maximilian Hils
01ddda75e8 improve curl/httpie export 2019-11-15 19:02:59 +01:00
Maximilian Hils
0873566ff0 Merge remote-tracking branch 'origin/master' into pr-3448 2019-11-15 18:10:42 +01:00
Michael McKeirnan
dae01ad623 Adding export raw http response
Adding a new export type for raw http response, and changing export raw to export
raw_request to distinguish between the two. This is a proposed change for https://github.com/mitmproxy/mitmproxy/issues/3701
2019-11-15 01:21:54 -08:00
Henrique
f2b118817e Added a new test to test that the issue from the previous commit won't
happen anymore
2019-11-13 10:32:17 -05:00
Henrique
875adb2ba8 Added tests to reach 100% coverage 2019-11-13 09:32:51 -05:00
Henrique
d90262ad35 Getting 100% coverage in the lexer 2019-11-12 23:16:52 -05:00
Henrique
eee4b24e98 Fixing issues reported by the linter 2019-11-12 22:50:33 -05:00
Henrique
578eb7239c Tests for the new lexer 2019-11-12 22:09:04 -05:00
Henrique
561d6d91d1 Fixed test to use the new method to get the lexer 2019-11-12 22:08:10 -05:00
Henrique
c7ffc22819 Fix for issues when using \ and " on the commander bar 2019-11-12 18:57:39 -05:00
Maximilian Hils
dac0bfe786
Merge pull request #3691 from mhils/sans-io-adjustments
Update mypy, sans-io adjustments
2019-11-12 05:04:05 +01:00
Maximilian Hils
bdc15cbe0c update mypy 2019-11-12 04:38:13 +01:00
Maximilian Hils
f97996126f minor improvements and sans-io adjustments 2019-11-11 18:35:06 +01:00
Maximilian Hils
8e64ac0575
Merge pull request #3679 from tomlabaude/pf_ipv6
Added support for IPv6 in pf.py for macOS
2019-11-07 18:32:26 +01:00
Maximilian Hils
80963966b2 make duration formatting more forgiving 2019-11-07 18:19:50 +01:00
Tom
ff628e783e pfctl state output always have 2 lines for each socket. Adding outgoing lines in data which matches lines before incoming ones. Also adding IPv6 data and tests 2019-11-05 20:27:00 +01:00
Yoann L
3370740361 several fixes on command exports has several problems: #3676
* authority can usually rely on actual URL. as `:authority` headers will
break curl command. (advise if it's better to change them to Host, or if
it should be reported on curl side)
* `content-length`: 0 is added for each request. if it's found in the
curl argument list, it'll try to fetch an empty body (and crash).
also trying to guess on accept-encoding header to add the
`--compress` option when fetching potentially compressed content.
* ditto for httpie
2019-10-28 17:51:59 +01:00
Maximilian Hils
902ef59d01
Move onboardingapp from tornado to flask (#3661) 2019-10-06 14:41:46 +02:00
vin01
93f9e30728 Add key_size option to define rsa key size (#3657) 2019-09-30 19:19:52 +02:00
Thomas Kriechbaumer
ace79afefc bump more deps 2019-09-28 23:29:13 +02:00
Thomas Kriechbaumer
53cb5bf40f bump deps 2019-09-28 17:37:43 +02:00
Thomas Kriechbaumer
7d60dde76c
Merge pull request #3464 from rjt-gupta/url-fix
Non ascii characters in url
2019-09-28 11:46:58 +02:00
Thomas Kriechbaumer
76bd3ef82d
Merge pull request #3486 from rjt-gupta/unicode-filter
filter unicode fix
2019-09-28 11:44:15 +02:00
Thomas Kriechbaumer
26e55b0a7f
Merge pull request #3526 from pierlon/feature/allow-hosts
Add --allow_hosts option
2019-09-28 11:40:18 +02:00
Maximilian Hils
a08c22dcdd
Merge pull request #3631 from mhils/lint
Fix CI
2019-09-05 23:20:54 +02:00
Maximilian Hils
e77f375186 lint 2019-09-05 22:08:21 +02:00
Tero Saaristo
dd3589ce34 encoding: add support for zstd (zstandard)
Handles zstandard-compressed bodies labeled as zstd.
2019-09-05 17:52:04 +03:00
Pierre Gordon
1b3f86e709 Verify ignore_hosts & allow_hosts are mutually exclusive 2019-04-19 13:10:39 -05:00
Pierre Gordon
8d0c800d15 Add --allow_hosts option
Closes #3295
2019-04-19 12:39:53 -05:00
Anthony Biondo
a8489466c1 update formatdate for cookies and tests to use GMT formatting 2019-04-16 22:11:27 -04:00
rjt-gupta
6e153b2c01 filter unicode fix 2019-02-24 01:45:45 +05:30
rjt-gupta
580ba356ad test coverage improved 2019-02-06 03:42:07 +05:30
rjt-gupta
d08d2185ea multipart encoder and tests 2019-02-06 03:42:07 +05:30
rjt-gupta
4df325335b multipart-fix 2019-02-06 03:42:07 +05:30
rjt-gupta
cec8c67465 non ascii fix and tests 2019-02-03 00:49:53 +05:30
Thomas Kriechbaumer
67aa1b63f9
Merge pull request #3437 from yan12125/fix-tests-on-mojave
Fix a failing test on macOS Mojave
2019-01-26 14:57:41 +01:00
Matías Lang
e6da62a50a Merge branch 'master' of https://github.com/mitmproxy/mitmproxy 2019-01-13 23:55:27 -03:00
Matías Lang
eab4174b87 Fix command injection when exporting to httpie
The command generated by `export.clip httpie @focus` or `export.file
httpie @focus /path/to/file` wasn't being properly escaped so it could
contain a malicious command instead of just a simple httpie call.
2019-01-13 23:45:28 -03:00
Matías Lang
d027891cec Fix command injection when exporting to curl
The command generated by `export.clip curl @focus` or `export.file curl
@focus /path/to/file` wasn't being properly escaped so it could contain
a malicious command instead of just a simple curl.
2019-01-13 23:39:50 -03:00
Maximilian Hils
82bc8c7ca2
Merge pull request #3444 from BoboTiG/fix-resource-leaks
Fix ResourceWarning: unclosed file, prevent resource leaks
2019-01-06 17:43:47 +01:00
Mickaël Schoentgen
c03b07930c Fix ResourceWarning: unclosed file, prevent resource leaks
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-06 15:06:30 +01:00
Mickaël Schoentgen
3a2d7bb119 Fix several DeprecationWarning: invalid escape sequence
Signed-off-by: Mickaël Schoentgen <contact@tiger-222.fr>
2019-01-05 23:37:48 +01:00
Chih-Hsuan Yen
cc33f40f29
Fix a failing test on macOS Mojave 2018-12-29 21:24:46 +08:00
Rajat Gupta
e2bcca47b1 charset in meta tags (#3411)
original contribution from @0xHJK in https://github.com/mitmproxy/mitmproxy/pull/3150
2018-12-13 15:34:12 +01:00
Rajat Gupta
db658b12ed fix query array
fixes #3072 
closes #3254
2018-12-03 22:05:59 +01:00
Thomas Kriechbaumer
2fb2b48a06 bump dependencies 2018-12-02 15:48:20 +01:00
Abhigyan Khaund
cda4248610 Change variable o to organization for generated certficates. 2018-11-11 10:58:14 +05:30
Abcdefghijklmnopqrstuvwxyzxyz
d4f4cfe225 Add Organization field for the generated certificate (#3376)
add organization field for the generated certificate
2018-11-09 09:06:04 +01:00
Jessica Favin
0cbbcffd89 test_dumper.py - Add sio_err everywhere + adjust test_simple 2018-11-04 17:24:34 +01:00
Jessica Favin
312f922316 Fix test_dumper.py - Dumper constructor 2018-11-04 16:26:51 +01:00
Jessica Favin
ade136dc4d Update test_dumper.py 2018-11-04 16:06:17 +01:00
Maximilian Hils
28551e9655
use skip_windows decorator consistently 2018-10-23 15:24:59 +02:00
Fred Miller
bf3570b3b9
Skip file permission test on Windows 2018-10-23 08:53:51 +08:00
Fred Miller
f16621a38b
Make private keys readable only by the owner 2018-10-22 22:53:58 +08:00
Miroslav
ed9e3d5137 keys.yaml priority over defaultkeys.py. Test for this. 2018-09-29 15:54:17 +03:00
Maximilian Hils
e15619f34e
Merge pull request #3319 from mhils/issue-3316
Fix #3316
2018-09-07 10:34:55 +02:00
Maximilian Hils
1b6a8d6acd fix #3316 2018-09-07 10:24:28 +02:00
David Kremer
dcd8ba34ab [test/xss_scanner] add fixtures in tests
The previous version of that script made a repetitive use
of the  pytest builtin fixture, with always
the same arguments.

This is a small refactoring and cleanup, mainly adding the 'function'
scope to ensure proper cleaning and using the @pytest.fixture
decorator where I could.
2018-08-15 19:47:55 +02:00
madt1m
a52451900c session: implemented changes requested after PR review. 2018-08-05 21:57:55 +02:00
madt1m
e9c2b12dab tests: Full coverage. Everything working, ready for review 2018-08-03 16:32:50 +02:00
madt1m
4e0c10b88b tests: 97% coverage reached. Session opportunely patched after emerged defects. 2018-08-02 05:55:35 +02:00
Pietro Francesco Tirenna
9c949bd2f8
Merge pull request #3252 from madt1m/session-db
Session - Hybrid DB
2018-07-24 16:26:10 +02:00
madt1m
8c7793b91a session: temporary DB is now stored in temporary dir 2018-07-24 15:57:11 +02:00
madt1m
68eb07b668 session: modified schema. Now SessionDB uses tempfile module for temp session 2018-07-24 11:58:33 +02:00
madt1m
e727446f14 benchmark: some improvements - limit to queue size 2018-07-23 21:18:24 +02:00
madt1m
8ab82ad9a3 benchmark: new protobuf serialization performance profiler 2018-07-22 12:47:54 +02:00
Aldo Cortesi
ec092fdc12
Merge pull request #3245 from madt1m/protobuf-serialization-clean
Shifting to Protobuf Serialization - Cleaned
2018-07-21 16:13:25 +12:00
madt1m
3b5cdf7f67 test_linting: removed some unused local variables 2018-07-20 18:15:27 +02:00
madt1m
fad8e7c99b tests: SessionDB fully tested 2018-07-20 16:58:11 +02:00
Miroslav
dcb3de40b1 Some refactoring. New test case. 2018-07-19 16:56:34 +03:00
Pietro Francesco Tirenna
d5da74645b protobuf: tests implemented, full coverage 2018-07-17 19:23:01 +02:00
Miroslav
ffbd7c20e5 Command history implementation 2018-07-17 18:37:45 +03:00
Thomas Kriechbaumer
3cd3765270
Merge pull request #3211 from cortesi/tcheck
Add typechecking of Any values for state object
2018-06-17 08:45:03 +02:00
Aldo Cortesi
77b49aa8de Add typechecking of Any values for state object
An ugly solution for an ugly little problem. This patch uses JSON's type
checker to validate Any values in stateobject, in order to avoid a circular
import.

Fixes #3180
2018-06-17 10:22:17 +12:00
Aldo Cortesi
9ff4f55614
Merge pull request #3202 from madt1m/view-cleanup
View Cleanup - Initial steps
2018-06-17 09:20:34 +12:00
Aldo Cortesi
9463fee764 cibuild: permit non-dev versions on maintenance branches
Cater for the corner case where commits are incorporated on a maintenance
branch. We should be able to test these without adding a dev suffix to the tool
versions.
2018-06-16 15:09:34 +12:00
Aldo Cortesi
85526e5370 cibuild: Match Travis env variable behaviour
Whenever TRAVIS_TAG is non-empty, TRAVIS_BRANCH is over-ridden to match the
TRAVIS_TAG value. Adjust our tests to reflect this, and add a sanity check that
fails hard if this constraint is ever not met.

See https://github.com/travis-ci/travis-ci/issues/4745
2018-06-16 10:23:33 +12:00
Aldo Cortesi
bf791ba1d5 cibuild: refactor to handle v prefix for release tag names 2018-06-16 09:48:21 +12:00
madt1m
af54c26014 fixed exception type; full coverage on view 2018-06-13 17:39:46 +02:00
madt1m
40faf2c662 Added tests for new primitives 2018-06-13 15:57:21 +02:00
madt1m
773c953514 View API slightly extended; codebase cleaned in some points 2018-06-13 11:56:14 +02:00
Thomas Kriechbaumer
be26958ea8 improve websocket frame masking api 2018-06-11 13:28:28 +02:00
Maximilian Hils
09ff5df2fb Such CI, Very Wow. (#3182) 2018-06-02 21:37:44 +02:00
Maximilian Hils
aa0cb2ba2f add missing await 2018-05-28 22:27:27 +02:00
Aldo Cortesi
a38d2d7b0e addons/block: teach block about IPv6 scope suffixes
Fixes #3160
2018-05-27 10:48:23 +12:00
Aldo Cortesi
ec2ae19e22 optmanager: tweaks and cleanups 2018-05-27 10:43:14 +12:00
Aldo Cortesi
e59ba13417 Use deferral mechanism for cfg file options
Fixes #3162
2018-05-27 10:12:24 +12:00
Aldo Cortesi
b6e1c4bb9d cibuild: tweak docker tag, only upload prod builds to pypi 2018-05-25 12:46:56 +12:00
Aldo Cortesi
ff92962c51 cibuild: start building version awareness 2018-05-25 10:50:48 +12:00
Aldo Cortesi
fdf0d9974e cibuild: more accurate PR test, better dump output 2018-05-24 22:58:33 +12:00
Aldo Cortesi
e9b19dba8a cibuild: fix docker upload condition, expand tests 2018-05-24 22:32:31 +12:00
Aldo Cortesi
c91b511bc7 cibuild: extract upload conditions 2018-05-24 22:18:01 +12:00
Aldo Cortesi
0afff3a952 cibuild: add docker tag calculation to environ 2018-05-24 21:59:45 +12:00