openstack/syntribos
Code Issues Proposed changes

Propagated content-type header to Issues for reporting

Browse Source 
Change-Id: Id842e091519acae80e28709a6d6cdde36b347c0a
This commit is contained in:
michael.dong@rackspace.com 2016-04-21 12:29:07 -05:00
parent 679cfd5d2f
commit 58688be8d8
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
syntribos/formatters/json_formatter.py
View File

@ -45,6 +45,11 @@ class JSONFormatter(object):
method = issue.impacted_parameter.method method = issue.impacted_parameter.method
loc = issue.impacted_parameter.location loc = issue.impacted_parameter.location
name = issue.impacted_parameter.name name = issue.impacted_parameter.name
content_type = issue.content_type
if loc == "data":
param = "{0} - {1}:{2}|{3}".format(method, loc,
content_type, name)
else:
param = "{0} - {1}|{2}".format(method, loc, name) param = "{0} - {1}|{2}".format(method, loc, name)
defect_type = issue.defect_type defect_type = issue.defect_type

1
syntribos/issue.py
View File

@ -34,6 +34,7 @@ class Issue(object):
:ivar test_type: The type of vulnerability that is being tested for. This :ivar test_type: The type of vulnerability that is being tested for. This
is not necessarily the same as the Defect Type, which may be something is not necessarily the same as the Defect Type, which may be something
like 500 error or DoS. like 500 error or DoS.
:ivar content_type: The content-type of the unmodified request
:ivar impacted_parameter: For fuzz tests only, a :ivar impacted_parameter: For fuzz tests only, a
:class:`syntribos.tests.fuzz.base_fuzz.ImpactedParameter` that holds :class:`syntribos.tests.fuzz.base_fuzz.ImpactedParameter` that holds
data about what part of the request was affected by the fuzz test. data about what part of the request was affected by the fuzz test.

5
syntribos/tests/fuzz/base_fuzz.py
View File

@ -185,6 +185,7 @@ class BaseFuzzTestCase(base.BaseTestCase):
file_content, os.environ.get("SYNTRIBOS_ENDPOINT")) file_content, os.environ.get("SYNTRIBOS_ENDPOINT"))
prepared_copy = request_obj.get_prepared_copy() prepared_copy = request_obj.get_prepared_copy()
cls.init_response = cls.client.send_request(prepared_copy) cls.init_response = cls.client.send_request(prepared_copy)
cls.init_request = cls.init_response.request
# end block # end block
prefix_name = "{filename}_{test_name}_{fuzz_file}_".format( prefix_name = "{filename}_{test_name}_{fuzz_file}_".format(
@ -218,6 +219,10 @@ class BaseFuzzTestCase(base.BaseTestCase):
url_components = urlparse(self.init_response.url) url_components = urlparse(self.init_response.url)
issue.target = url_components.netloc issue.target = url_components.netloc
issue.path = url_components.path issue.path = url_components.path
if 'content-type' in self.init_request.headers:
issue.content_type = self.init_request.headers['content-type']
else:
issue.content_type = None
issue.impacted_parameter = ImpactedParameter(method=req.method, issue.impacted_parameter = ImpactedParameter(method=req.method,
location=self.test_type, location=self.test_type,