Skip to content

Commit

Permalink
change test for better quality of system
Browse files Browse the repository at this point in the history
  • Loading branch information
@lenonleite
lenonleite committed Oct 30, 2016
1 parent e725c81 commit fda9121
Show file tree
Hide file tree
Showing 5 changed files with 122 additions and 120 deletions.
37 changes: 0 additions & 37 deletions composer.json
View file

This file was deleted.

89 changes: 34 additions & 55 deletions src/CrossSiteScripting.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@

namespace Aszone\Vulnerabilities;

use Aszone\FakeHeaders\FakeHeaders;
use GuzzleHttp\Client;
use GuzzleHttp\ClientInterface;
use Psr\Log\LoggerInterface;
use Aszone\Vulnerabilities\Log\Logger;

class CrossSiteScripting implements VulnerabilityScanner
{
Expand All @@ -12,7 +13,25 @@ class CrossSiteScripting implements VulnerabilityScanner
const EXPLOIT1REGEX = "<script>alert\(aaabbbccc\);<\/script>";
const EXPLOIT2REGEX = "<h1>aaabbbccc<\/h1>";

private $errors = [];
private $compare;

private $client;

private $logger;

public function __construct(ClientInterface $client, array $compare, LoggerInterface $logger = null)
{
$this->client = $client;
$this->compare = $compare;

if (empty($logger)) {
$logger = new Logger;
}

$this->logger = $logger;


}

public function isVulnerable($target)
{
Expand All @@ -30,15 +49,16 @@ public function isXssPossible($target)

public function verify($target)
{

$urls = $this->generateUrls($target);

$this->output("\n");
$this->logger->info("\n");

foreach ($urls as $url) {
if ($this->attack($url)) {
$this->output('Is Vull');
$this->logger->info('Is Vull');

return $url;
return true;
}
}

Expand All @@ -47,23 +67,15 @@ public function verify($target)

public function attack($url)
{
$this->output('.');

$header = new FakeHeaders();
$client = new Client(['defaults' => [
'headers' => ['User-Agent' => $header->getUserAgent()],
'proxy' => $this->commandData['tor'],
'timeout' => 30,
]]);
$this->logger->info('.');

try {
$body = $client->get($url)->getBody()->getContents();

if ($body && $this->checkSuccess($body) && !$this->checkError($body)) {
$body = $this->client->get($url)->getBody()->getContents();
if ($body && $this->checkSuccess($body) && $this->checkCompare($body)) {
return true;
}
} catch (\Exception $e) {
$this->output('#');
$this->logger->error('#');
}

return false;
Expand All @@ -76,11 +88,9 @@ public function checkSuccess($body)

public function generateUrls($target)
{
$this->output("\n".$target);

$this->logger->info("\n".$target);
$urls1 = $this->generateUrlsByExploit($target, static::EXPLOIT1);
$urls2 = $this->generateUrlsByExploit($target, static::EXPLOIT2);

return array_merge($urls1, $urls2);
}

Expand Down Expand Up @@ -111,13 +121,11 @@ public function generateUrlsByExploit($target, $exploit)
return $urls;
}

public function checkError($body)
public function checkCompare($body)
{
$errors = $this->getErrors();

foreach ($errors as $error) {
$isValid = strpos($body, $error);
foreach ($this->compare as $compare) {

$isValid = strpos($body, $compare);
if ($isValid !== false) {
return true;
}
Expand All @@ -126,33 +134,4 @@ public function checkError($body)
return false;
}

protected function getErrors()
{
if (!$this->errors) {
$this->loadErrors();
}

return $this->errors;
}

protected function loadErrors()
{
$errorsMysql = parse_ini_file(__DIR__.'/../resources/Errors/mysql.ini');
$errorsMariaDb = parse_ini_file(__DIR__.'/../resources/Errors/mariadb.ini');
$errorsOracle = parse_ini_file(__DIR__.'/../resources/Errors/oracle.ini');
$errorssqlServer = parse_ini_file(__DIR__.'/../resources/Errors/sqlserver.ini');
$errorsPostgreSql = parse_ini_file(__DIR__.'/../resources/Errors/postgresql.ini');
$errorsAsp = parse_ini_file(__DIR__.'/../resources/Errors/asp.ini');
$errorsPhp = parse_ini_file(__DIR__.'/../resources/Errors/php.ini');

$this->errors = array_merge(
$errorsMysql,
$errorsMariaDb,
$errorsOracle,
$errorssqlServer,
$errorsPostgreSql,
$errorsAsp,
$errorsPhp
);
}
}
40 changes: 24 additions & 16 deletions src/LocalFileDownload.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,27 @@

namespace Aszone\Vulnerabilities;

use Aszone\FakeHeaders\FakeHeaders;
use GuzzleHttp\Client;
use GuzzleHttp\ClientInterface;
use Psr\Log\LoggerInterface;
use Aszone\Vulnerabilities\Log\Logger;

class LocalFileDownload implements VulnerabilityScanner
{
private $errors = [];
private $client;

private $logger;

public function __construct(ClientInterface $client, LoggerInterface $logger = null)
{
$this->client = $client;

if (empty($logger)) {
$logger = new Logger;
}
$this->logger = $logger;


}

public function isVulnerable($target)
{
Expand All @@ -27,13 +42,13 @@ protected function verify($target)
{
$urls = $this->generateUrls($target);

$this->output("\n");
$this->logger->info("\n");

foreach ($urls as $url) {
$result = $this->attack($url);

if ($result && $this->isApplicationFile($result)) {
$this->output('Is Vull');
$this->logger->info('Is Vull');

return $url;
}
Expand All @@ -49,27 +64,20 @@ protected function isApplicationFile($body)

protected function attack($url)
{
$this->output('.');

$header = new FakeHeaders();
$client = new Client(['defaults' => [
'headers' => ['User-Agent' => $header->getUserAgent()],
'proxy' => $this->commandData['tor'],
'timeout' => 30,
]]);
$this->logger->info('.');

try {
return $client->get($url)->getBody()->getContents();
return $this->client->get($url)->getBody()->getContents();
} catch (\Exception $e) {
$this->output('#');
$this->logger->error('#');
}

return false;
}

public function generateUrls($target)
{
$this->output("\n".$target);
$this->logger->info($target);

$parts = parse_url($target);

Expand Down
48 changes: 38 additions & 10 deletions tests/CrossSiteScriptingTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,29 +3,57 @@
namespace Aszone\Vulnerabilities\Test;

use Aszone\Vulnerabilities\CrossSiteScripting;
use GuzzleHttp\ClientInterface;
use Psr\Log\LoggerInterface;
use GuzzleHttp\Message\ResponseInterface;
use GuzzleHttp\Stream\StreamInterface;


class CrossSiteScriptingTest extends \PHPUnit_Framework_TestCase
{
private $instance;

private $stream;

public function setUp()
{
$this->instance = new CrossSiteScripting([]);
$client = $this->createMock(ClientInterface::class);
$logger = $this->createMock(LoggerInterface::class);
$response = $this->createMock(ResponseInterface::class);
$this->stream = $this->createMock(StreamInterface::class);
$compare = [CrossSiteScripting::EXPLOIT2];

$client->method('get')
->willReturn($response);

$response->method('getBody')
->willReturn($this->stream);

$this->instance = new CrossSiteScripting($client, $compare, $logger);
}

public function testIsVulnerable()
{
$target = 'http://www.insecurelabs.org/task/Rule1?query=a';
$target = 'http://www.example.com/index.html?query=a';

$this->assertEquals(
substr($target, 0, -1).CrossSiteScripting::EXPLOIT2,
$this->stream->method('getContents')
->willReturn('lorem '.CrossSiteScripting::EXPLOIT2.' ipsum');

$this->assertTrue(
$this->instance->isVulnerable($target)
);
}

public function testIsNotVulnerable()
{
$target = 'http://www.insecurelabs.org';
$target = 'http://www.example.com/';

$this->assertFalse($this->instance->isVulnerable($target));

$target = 'http://example.com/index.html?param=a';

$this->stream->method('getContents')
->willReturn('lorem ipsum');

$this->assertFalse($this->instance->isVulnerable($target));
}
Expand Down Expand Up @@ -80,17 +108,17 @@ public function testCheckNotSuccess()
$this->assertFalse($this->instance->checkSuccess($body));
}

public function testCheckError()
public function testCheckCompare()
{
$body = 'lorem mysql_ ipsum';
$body = 'lorem '.CrossSiteScripting::EXPLOIT2.' ipsum';

$this->assertTrue($this->instance->checkError($body));
$this->assertTrue($this->instance->checkCompare($body));
}

public function testCheckNotError()
public function testCheckNotCompare()
{
$body = 'lorem ipsum';

$this->assertFalse($this->instance->checkError($body));
$this->assertFalse($this->instance->checkCompare($body));
}
}
28 changes: 26 additions & 2 deletions tests/LocalFileDownloadTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,43 @@
namespace Aszone\Vulnerabilities\Test;

use Aszone\Vulnerabilities\LocalFileDownload;
use GuzzleHttp\ClientInterface;
use Psr\Log\LoggerInterface;
use GuzzleHttp\Message\ResponseInterface;
use GuzzleHttp\Stream\StreamInterface;

class LocalFileDownloadTest extends \PHPUnit_Framework_TestCase
{
private $instance;

private $stream;

public function setUp()
{
$this->instance = new LocalFileDownload([]);
$client = $this->createMock(ClientInterface::class);
$logger = $this->createMock(LoggerInterface::class);
$response = $this->createMock(ResponseInterface::class);
$this->stream = $this->createMock(StreamInterface::class);

$client->method('get')
->willReturn($response);

$response->method('getBody')
->willReturn($this->stream);

$this->instance = new LocalFileDownload($client, $logger);
}

public function testIsNotVulnerable()
{
$target = 'http://example.com/index.html?a=1';
$target = 'http://example.com/index.html';

$this->assertFalse($this->instance->isVulnerable($target));

$target = 'http://example.com/index.html?param=a';

$this->stream->method('getContents')
->willReturn('lorem ipsum');

$this->assertFalse($this->instance->isVulnerable($target));
}
Expand Down

0 comments on commit fda9121

Please sign in to comment.