support for empty postdata

meprajjwal · Dec 28, 2018 · cb715db · cb715db
1 parent e143431
commit cb715db
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 5 deletions.
diff --git a/src/wfuzz/externals/reqresp/Request.py b/src/wfuzz/externals/reqresp/Request.py
@@ -88,7 +88,7 @@ def __init__(self):
         @property
         def method(self):
             if self._method is None:
-                return "POST" if self.postdata else "GET"
+                return "POST" if self.getPOSTVars() else "GET"
 
             return self._method
 
@@ -334,7 +334,7 @@ def to_pycurl_object(c, req):
             else:
                 c.setopt(pycurl.CUSTOMREQUEST, req.method)
 
-            if req.postdata:
+            if req.getPOSTVars():
                 c.setopt(pycurl.POSTFIELDS, python2_3_convert_to_unicode(req.postdata))
 
             c.setopt(pycurl.FOLLOWLOCATION, 1 if req.followLocation else 0)

diff --git a/src/wfuzz/externals/reqresp/Variables.py b/src/wfuzz/externals/reqresp/Variables.py
@@ -64,6 +64,9 @@ def urlEncoded(self):
         def parseUrlEncoded(self, cad):
                 dicc = []
 
+                if cad == '':
+                    dicc.append(Variable('', None))
+
                 for i in cad.split("&"):
                         if i:
                                 list = i.split("=", 1)

diff --git a/tests/test_reqresp.py b/tests/test_reqresp.py
@@ -63,25 +63,36 @@ def test_seturl(self):
 
     def test_setpostdata(self):
         fr = FuzzRequest()
-
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = 'a=1'
         self.assertEqual(fr.method, "POST")
         self.assertEqual(fr.params.post, {'a': '1'})
 
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.post = '1'
+        self.assertEqual(fr.method, "POST")
+        self.assertEqual(fr.params.post, {'1': None})
+
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = ''
         self.assertEqual(fr.method, "POST")
+        self.assertEqual(fr.params.post, {'': None})
 
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = {}
-        self.assertEqual(fr.method, "POST")
+        self.assertEqual(fr.method, "GET")
+        self.assertEqual(fr.params.post, {})
 
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = {'a': 1}
         self.assertEqual(fr.method, "POST")
         self.assertEqual(fr.params.post, {'a': '1'})
 
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = {'a': '1'}
         self.assertEqual(fr.method, "POST")
@@ -97,12 +108,12 @@ def test_setgetdata(self):
 
     def test_allvars(self):
         fr = FuzzRequest()
-
         fr.url = "http://www.wfuzz.org/"
         fr.params.get = {'a': '1', 'b': '2'}
         fr.wf_allvars = "allvars"
         self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
 
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.params.post = {'a': '1', 'b': '2'}
         fr.wf_allvars = "allpost"
@@ -114,6 +125,7 @@ def test_allvars(self):
             ('Host', 'www.wfuzz.org')
         ])
 
+        fr = FuzzRequest()
         fr.url = "http://www.wfuzz.org/"
         fr.wf_allvars = "allheaders"
         self.assertEqual(fr.wf_allvars_set, default_headers)
@@ -142,6 +154,15 @@ def test_cache_key(self):
         fr.params.post = {'a': '1', 'b': '2'}
         self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-a-b')
 
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.post = '1'
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-1')
+
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.post = ''
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-')
 
 if __name__ == '__main__':
     unittest.main()