Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/fuzz/component/body_test.go
2070 views
1
package component

2


3
import (

4
	"bytes"

5
	"io"

6
	"mime/multipart"

7
	"strings"

8
	"testing"

9


10
	"github.com/projectdiscovery/retryablehttp-go"

11
	urlutil "github.com/projectdiscovery/utils/url"

12
	"github.com/stretchr/testify/require"

13
)

14


15
func TestBodyComponent(t *testing.T) {

16
	req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(`{"foo":"bar"}`))

17
	if err != nil {

18
		t.Fatal(err)

19
	}

20
	req.Header.Set("Content-Type", "application/json")

21


22
	body := New(RequestBodyComponent)

23
	_, err = body.Parse(req)

24
	if err != nil {

25
		t.Fatal(err)

26
	}

27


28
	var keys []string

29
	var values []string

30
	_ = body.Iterate(func(key string, value interface{}) error {

31
		keys = append(keys, key)

32
		values = append(values, value.(string))

33
		return nil

34
	})

35


36
	require.Equal(t, []string{"foo"}, keys, "unexpected keys")

37
	require.Equal(t, []string{"bar"}, values, "unexpected values")

38


39
	_ = body.SetValue("foo", "baz")

40


41
	rebuilt, err := body.Rebuild()

42
	if err != nil {

43
		t.Fatal(err)

44
	}

45


46
	newBody, err := io.ReadAll(rebuilt.Body)

47
	if err != nil {

48
		t.Fatal(err)

49
	}

50
	require.Equal(t, `{"foo":"baz"}`, string(newBody), "unexpected body")

51
}

52


53
func TestBodyXMLComponent(t *testing.T) {

54
	var body = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><stockCheck><productId>1</productId><storeId>1</storeId></stockCheck>"

55


56
	req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(body))

57
	if err != nil {

58
		t.Fatal(err)

59
	}

60
	req.Header.Set("Content-Type", "application/xml")

61


62
	bodyComponent := New(RequestBodyComponent)

63
	parsed, err := bodyComponent.Parse(req)

64
	if err != nil {

65
		t.Fatal(err)

66
	}

67
	require.True(t, parsed, "could not parse body")

68


69
	_ = bodyComponent.SetValue("stockCheck~productId", "2'6842")

70
	rebuilt, err := bodyComponent.Rebuild()

71
	if err != nil {

72
		t.Fatal(err)

73
	}

74


75
	newBody, err := io.ReadAll(rebuilt.Body)

76
	if err != nil {

77
		t.Fatal(err)

78
	}

79
	require.Equal(t, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><stockCheck><productId>2'6842</productId><storeId>1</storeId></stockCheck>", string(newBody), "unexpected body")

80
}

81


82
func TestBodyFormComponent(t *testing.T) {

83
	formData := urlutil.NewOrderedParams()

84
	formData.Set("key1", "value1")

85
	formData.Set("key2", "value2")

86


87
	req, err := retryablehttp.NewRequest("POST", "https://example.com", strings.NewReader(formData.Encode()))

88
	if err != nil {

89
		t.Fatal(err)

90
	}

91
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

92


93
	body := New(RequestBodyComponent)

94
	_, err = body.Parse(req)

95
	if err != nil {

96
		t.Fatal(err)

97
	}

98


99
	var keys []string

100
	var values []string

101
	_ = body.Iterate(func(key string, value interface{}) error {

102
		keys = append(keys, key)

103
		values = append(values, value.(string))

104
		return nil

105
	})

106


107
	require.ElementsMatch(t, []string{"key1", "key2"}, keys, "unexpected keys")

108
	require.ElementsMatch(t, []string{"value1", "value2"}, values, "unexpected values")

109


110
	_ = body.SetValue("key1", "updatedValue1")

111


112
	rebuilt, err := body.Rebuild()

113
	if err != nil {

114
		t.Fatal(err)

115
	}

116


117
	newBody, err := io.ReadAll(rebuilt.Body)

118
	if err != nil {

119
		t.Fatal(err)

120
	}

121
	require.Equal(t, "key1=updatedValue1&key2=value2", string(newBody), "unexpected body")

122
}

123


124
func TestMultiPartFormComponent(t *testing.T) {

125
	formData := &bytes.Buffer{}

126
	writer := multipart.NewWriter(formData)

127


128
	// Hypothetical form fields

129
	_ = writer.WriteField("username", "testuser")

130
	_ = writer.WriteField("password", "testpass")

131


132
	contentType := writer.FormDataContentType()

133
	_ = writer.Close()

134


135
	req, err := retryablehttp.NewRequest("POST", "https://example.com", formData)

136
	if err != nil {

137
		t.Fatal(err)

138
	}

139
	req.Header.Set("Content-Type", contentType)

140


141
	body := New(RequestBodyComponent)

142
	_, err = body.Parse(req)

143
	if err != nil {

144
		t.Fatal(err)

145
	}

146


147
	var keys []string

148
	var values []string

149
	_ = body.Iterate(func(key string, value interface{}) error {

150
		keys = append(keys, key)

151
		values = append(values, value.(string))

152
		return nil

153
	})

154


155
	require.ElementsMatch(t, []string{"username", "password"}, keys, "unexpected keys")

156
	require.ElementsMatch(t, []string{"testuser", "testpass"}, values, "unexpected values")

157


158
	// Update a value in the form

159
	_ = body.SetValue("password", "updatedTestPass")

160


161
	rebuilt, err := body.Rebuild()

162
	if err != nil {

163
		t.Fatal(err)

164
	}

165


166
	newBody, err := io.ReadAll(rebuilt.Body)

167
	if err != nil {

168
		t.Fatal(err)

169
	}

170


171
	// Check if the body contains the updated multipart form data

172
	require.Contains(t, string(newBody), "updatedTestPass", "unexpected body content")

173
	require.Contains(t, string(newBody), "username", "unexpected body content")

174
	require.Contains(t, string(newBody), "testuser", "unexpected body content")

175
}

176


177