remove getGET/POSTVars references, use fuzzrequest methods instead

meprajjwal · Dec 28, 2018 · e143431 · e143431
1 parent bcd76d6
commit e143431
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 18 deletions.
diff --git a/src/wfuzz/fuzzobjects.py b/src/wfuzz/fuzzobjects.py
@@ -144,7 +144,8 @@ def post(self):
     @post.setter
     def post(self, pp):
         if isinstance(pp, dict):
-            self._req.setPostData("&".join(["=".join([n, str(v)]) if v is not None else n for n, v in list(pp.items())]))
+            for key, value in pp.items():
+                self._req.setVariablePOST(key, str(value))
         elif isinstance(pp, str):
             self._req.setPostData(pp)
 
@@ -344,24 +345,23 @@ def get_field(self, field):
     @property
     def wf_allvars_set(self):
         if self.wf_allvars == "allvars":
-            return self._request.getGETVars()
+            return self.params.get
         elif self.wf_allvars == "allpost":
-            return self._request.getPOSTVars()
+            return self.params.post
         elif self.wf_allvars == "allheaders":
-            return self._request.getHeaders()
+            return self.headers.request
         else:
             raise FuzzExceptBadOptions("Unknown variable set: " + self.wf_allvars)
 
     @wf_allvars_set.setter
     def wf_allvars_set(self, varset):
-        variable, payload_content = varset
         try:
             if self.wf_allvars == "allvars":
-                self._request.setVariableGET(variable, payload_content)
+                self.params.get = varset
             elif self.wf_allvars == "allpost":
-                self._request.setVariablePOST(variable, payload_content)
+                self.params.post = varset
             elif self.wf_allvars == "allheaders":
-                self._request.headers.add({variable: payload_content})
+                self._request.headers.add(varset)
             else:
                 raise FuzzExceptBadOptions("Unknown variable set: " + self.wf_allvars)
         except TypeError:
@@ -414,13 +414,8 @@ def update_from_raw_http(self, raw, scheme, raw_response=None):
     def to_cache_key(self):
         key = self._request.urlWithoutVariables
 
-        dicc = {}
-
-        for j in [i.name for i in self._request.getGETVars()]:
-            dicc[j] = True
-
-        for j in [i.name for i in self._request.getPOSTVars()]:
-            dicc[j] = True
+        dicc = {key: True for key in self.params.get.keys()}
+        dicc.update({key: True for key in self.params.post.keys()})
 
         # take URL parameters into consideration
         url_params = list(dicc.keys())
@@ -631,13 +626,13 @@ def from_all_fuzz_request(seed, payload):
         if len(payload) > 1:
             raise FuzzExceptBadOptions("Only one payload is allowed when fuzzing all parameters!")
 
-        for variable in seed.history.wf_allvars_set:
+        for var_name in seed.history.wf_allvars_set.keys():
             payload_content = payload[0]
             fuzzres = seed.from_soft_copy()
-            fuzzres._description = variable.name + "=" + payload_content
+            fuzzres._description = var_name + "=" + payload_content
             fuzzres.payload.append(payload_content)
 
-            fuzzres.history.wf_allvars_set = (variable.name, payload_content)
+            fuzzres.history.wf_allvars_set = {var_name: payload_content}
 
             yield fuzzres
 

diff --git a/tests/test_reqresp.py b/tests/test_reqresp.py
@@ -95,6 +95,53 @@ def test_setgetdata(self):
         self.assertEqual(fr.method, "GET")
         self.assertEqual(fr.params.get, {'a': '1'})
 
+    def test_allvars(self):
+        fr = FuzzRequest()
+
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.get = {'a': '1', 'b': '2'}
+        fr.wf_allvars = "allvars"
+        self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
+
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.post = {'a': '1', 'b': '2'}
+        fr.wf_allvars = "allpost"
+        self.assertEqual(fr.wf_allvars_set, {'a': '1', 'b': '2'})
+
+        default_headers = dict([
+            ('Content-Type', 'application/x-www-form-urlencoded'),
+            ('User-Agent', f'Wfuzz/{wfuzz_version}'),
+            ('Host', 'www.wfuzz.org')
+        ])
+
+        fr.url = "http://www.wfuzz.org/"
+        fr.wf_allvars = "allheaders"
+        self.assertEqual(fr.wf_allvars_set, default_headers)
+
+    def test_cache_key(self):
+        fr = FuzzRequest()
+
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.get = {'a': '1', 'b': '2'}
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-a-b')
+
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.post = {'c': '1', 'd': '2'}
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-c-d')
+
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.get = {'a': '1', 'b': '2'}
+        fr.params.post = {'c': '1', 'd': '2'}
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-a-b-c-d')
+
+        fr = FuzzRequest()
+        fr.url = "http://www.wfuzz.org/"
+        fr.params.get = {'a': '1', 'b': '2'}
+        fr.params.post = {'a': '1', 'b': '2'}
+        self.assertEqual(fr.to_cache_key(), 'http://www.wfuzz.org/-a-b')
+
 
 if __name__ == '__main__':
     unittest.main()