Propagated content-type header to Issues for reporting

Change-Id: Id842e091519acae80e28709a6d6cdde36b347c0a
2016-04-21 12:29:07 -05:00 · 2016-04-21 12:29:07 -05:00 · 58688be8d8
parent 679cfd5d2f
commit 58688be8d8
3 changed files with 12 additions and 1 deletions
--- a/syntribos/formatters/json_formatter.py
+++ b/syntribos/formatters/json_formatter.py
@ -45,7 +45,12 @@ class JSONFormatter(object):
                method = issue.impacted_parameter.method
                loc = issue.impacted_parameter.location
                name = issue.impacted_parameter.name
-                param = "{0} - {1}|{2}".format(method, loc, name)
+                content_type = issue.content_type
+                if loc == "data":
+                    param = "{0} - {1}:{2}|{3}".format(method, loc,
+                                                       content_type, name)
+                else:
+                    param = "{0} - {1}|{2}".format(method, loc, name)
            defect_type = issue.defect_type

            if url not in machine_output['failures']:
--- a/syntribos/issue.py
+++ b/syntribos/issue.py
@ -34,6 +34,7 @@ class Issue(object):
    :ivar test_type: The type of vulnerability that is being tested for. This
        is not necessarily the same as the Defect Type, which may be something
        like 500 error or DoS.
+    :ivar content_type: The content-type of the unmodified request
    :ivar impacted_parameter: For fuzz tests only, a
        :class:`syntribos.tests.fuzz.base_fuzz.ImpactedParameter` that holds
        data about what part of the request was affected by the fuzz test.
--- a/syntribos/tests/fuzz/base_fuzz.py
+++ b/syntribos/tests/fuzz/base_fuzz.py
@ -185,6 +185,7 @@ class BaseFuzzTestCase(base.BaseTestCase):
            file_content, os.environ.get("SYNTRIBOS_ENDPOINT"))
        prepared_copy = request_obj.get_prepared_copy()
        cls.init_response = cls.client.send_request(prepared_copy)
+        cls.init_request = cls.init_response.request
        # end block

        prefix_name = "{filename}_{test_name}_{fuzz_file}_".format(
@ -218,6 +219,10 @@ class BaseFuzzTestCase(base.BaseTestCase):
        url_components = urlparse(self.init_response.url)
        issue.target = url_components.netloc
        issue.path = url_components.path
+        if 'content-type' in self.init_request.headers:
+            issue.content_type = self.init_request.headers['content-type']
+        else:
+            issue.content_type = None

        issue.impacted_parameter = ImpactedParameter(method=req.method,
                                                     location=self.test_type,