Skip to content

Commit 5663962

Browse files
hahwulhahwul
authored
Merge pull request #685 from hahwul/ci/improve-tests
Update Scan tests and mock server usage
2 parents 2b31412 + bec29e0 commit 5663962

File tree

3 files changed

+181
-13
lines changed

3 files changed

+181
-13
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
<p align="center">
66
<a href="https://github.com/hahwul/dalfox/releases/latest"><img src="https://img.shields.io/github/v/release/hahwul/dalfox?style=for-the-badge&logoColor=%2330365e&label=dalfox&labelColor=%2330365e&color=%2330365e"></a>
77
<a href="https://dalfox.hahwul.com/page/overview/"><img src="https://img.shields.io/badge/documents---.svg?style=for-the-badge&labelColor=%2330365e&color=%2330365e"></a>
8+
<a href="https://app.codecov.io/gh/hahwul/dalfox"><img src="https://img.shields.io/codecov/c/gh/hahwul/dalfox?style=for-the-badge&labelColor=%2330365e&color=%2330365e"></a>
89
<a href="https://x.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=for-the-badge&logo=x&labelColor=%2330365e&color=%2330365e"></a>
910
<a href="https://github.com/hahwul/dalfox/blob/main/CONTRIBUTING.md"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=for-the-badge&labelColor=%2330365e&color=%2330365e"></a>
1011
</p>

pkg/scanning/scan_test.go

Lines changed: 150 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -105,9 +105,17 @@ func Test_generatePayloads(t *testing.T) {
105105
wantDurlsCount int
106106
}{
107107
{
108-
name: "Basic payload generation",
109-
target: server.URL + "/?param=test",
110-
options: options,
108+
name: "Basic payload generation",
109+
target: server.URL + "/?param=test",
110+
options: model.Options{
111+
Concurrence: 1,
112+
Format: "plain",
113+
Silence: true,
114+
NoSpinner: true,
115+
CustomAlertType: "none",
116+
IgnoreParams: []string{"param2"},
117+
UseHeadless: true,
118+
},
111119
policy: map[string]string{"Content-Type": "text/html"},
112120
pathReflection: make(map[int]string),
113121
params: map[string]model.ParamResult{
@@ -118,6 +126,13 @@ func Test_generatePayloads(t *testing.T) {
118126
ReflectedPoint: "Injected:inHTML",
119127
Chars: []string{"'", "\"", "<", ">", "(", ")", "{", "}", "[", "]", " ", "\t", "\n", "\r", "\f", "\v", "\\", "/", "?", "#", "&", "=", "%", ":", ";", ",", "@", "$", "*", "+", "-", "_", ".", "!", "~", "`", "|", "^"},
120128
},
129+
"param2": {
130+
Name: "param2",
131+
Type: "URL",
132+
Reflected: true,
133+
ReflectedPoint: "",
134+
Chars: []string{},
135+
},
121136
},
122137
wantQueryCount: 1, // At least one query should be generated
123138
wantDurlsCount: 0,
@@ -140,10 +155,98 @@ func Test_generatePayloads(t *testing.T) {
140155
pathReflection: map[int]string{
141156
0: "Injected:/inHTML",
142157
},
143-
params: make(map[string]model.ParamResult),
158+
params: map[string]model.ParamResult{
159+
"param": {
160+
Name: "param",
161+
Type: "URL",
162+
Reflected: true,
163+
ReflectedPoint: "Injected:inJS-single",
164+
Chars: []string{},
165+
},
166+
},
144167
wantQueryCount: 1, // At least one query should be generated
145168
wantDurlsCount: 0,
146169
},
170+
{
171+
name: "Path reflection payload (body)",
172+
target: server.URL + "/path",
173+
options: model.Options{
174+
Concurrence: 1,
175+
Format: "plain",
176+
Silence: true,
177+
NoSpinner: true,
178+
CustomAlertType: "none",
179+
Data: "param=test",
180+
},
181+
policy: map[string]string{"Content-Type": "text/html"},
182+
pathReflection: map[int]string{
183+
0: "Injected:/inHTML",
184+
},
185+
params: map[string]model.ParamResult{
186+
"param": {
187+
Name: "param",
188+
Type: "URL",
189+
Reflected: true,
190+
ReflectedPoint: "Injected:inJS-single",
191+
Chars: []string{},
192+
},
193+
},
194+
wantQueryCount: 1, // At least one query should be generated
195+
wantDurlsCount: 0,
196+
},
197+
{
198+
name: "Reflected, but not chars",
199+
target: server.URL,
200+
options: options,
201+
policy: map[string]string{"Content-Type": "text/html"},
202+
pathReflection: make(map[int]string),
203+
params: make(map[string]model.ParamResult),
204+
wantQueryCount: 0,
205+
wantDurlsCount: 0,
206+
},
207+
{
208+
name: "inJS reflected parameter",
209+
target: server.URL + "/path/?param=test",
210+
options: options,
211+
policy: map[string]string{"Content-Type": "text/html"},
212+
pathReflection: make(map[int]string),
213+
params: map[string]model.ParamResult{
214+
"param": {
215+
Name: "param",
216+
Type: "URL",
217+
Reflected: true,
218+
ReflectedPoint: "Injected:inJS-single",
219+
Chars: []string{"'", "\"", "<", ">", "(", ")", "{", "}", "[", "]", " ", "\t", "\n", "\r", "\f", "\v", "\\", "/", "?", "#", "&", "=", "%", ":", ";", ",", "@", "$", "*", "+", "-", "_", ".", "!", "~", "`", "|", "^"},
220+
},
221+
},
222+
wantQueryCount: 1,
223+
wantDurlsCount: 0,
224+
},
225+
{
226+
name: "inJS reflected parameter",
227+
target: server.URL + "/path/",
228+
options: model.Options{
229+
Concurrence: 1,
230+
Format: "plain",
231+
Silence: true,
232+
NoSpinner: true,
233+
CustomAlertType: "none",
234+
Data: "param=test",
235+
},
236+
policy: map[string]string{"Content-Type": "text/html"},
237+
pathReflection: make(map[int]string),
238+
params: map[string]model.ParamResult{
239+
"param": {
240+
Name: "param",
241+
Type: "URL",
242+
Reflected: true,
243+
ReflectedPoint: "Injected:inATTR-none",
244+
Chars: []string{"'", "\"", "<", ">", "(", ")", "{", "}", "[", "]", " ", "\t", "\n", "\r", "\f", "\v", "\\", "/", "?", "#", "&", "=", "%", ":", ";", ",", "@", "$", "*", "+", "-", "_", ".", "!", "~", "`", "|", "^"},
245+
},
246+
},
247+
wantQueryCount: 1,
248+
wantDurlsCount: 0,
249+
},
147250
}
148251

149252
for _, tt := range tests {
@@ -255,7 +358,7 @@ func Test_updateSpinner(t *testing.T) {
255358

256359
func Test_Scan(t *testing.T) {
257360
// Create a mock server
258-
server := mockServer()
361+
server := mockServerForScanTest()
259362
defer server.Close()
260363

261364
type args struct {
@@ -286,14 +389,14 @@ func Test_Scan(t *testing.T) {
286389
{
287390
name: "Basic scan with skip discovery",
288391
args: args{
289-
target: server.URL + "/?param=test",
392+
target: server.URL + "/?query=test",
290393
options: model.Options{
291394
Concurrence: 1,
292395
Format: "plain",
293396
Silence: true,
294397
NoSpinner: true,
295398
SkipDiscovery: true,
296-
UniqParam: []string{"param"},
399+
UniqParam: []string{"query"},
297400
OnlyDiscovery: true, // To make test faster
298401
},
299402
sid: "1",
@@ -303,14 +406,14 @@ func Test_Scan(t *testing.T) {
303406
{
304407
name: "Basic scan with remote payloads",
305408
args: args{
306-
target: server.URL + "/?param=test",
409+
target: server.URL + "/?query=test",
307410
options: model.Options{
308411
Concurrence: 1,
309412
Format: "plain",
310413
Silence: true,
311414
NoSpinner: true,
312415
SkipDiscovery: true,
313-
UniqParam: []string{"param"},
416+
UniqParam: []string{"query"},
314417
RemotePayloads: "portswigger,payloadbox",
315418
},
316419
sid: "1",
@@ -320,15 +423,16 @@ func Test_Scan(t *testing.T) {
320423
{
321424
name: "Basic scan with blind xss",
322425
args: args{
323-
target: server.URL + "/?param=test",
426+
target: server.URL + "/?query=test",
324427
options: model.Options{
325428
Concurrence: 1,
326429
Format: "plain",
327430
Silence: true,
328431
NoSpinner: true,
329432
SkipDiscovery: true,
330-
UniqParam: []string{"param"},
433+
UniqParam: []string{"query"},
331434
BlindURL: "https://dalfox.hahwul.com",
435+
Data: "query=1234",
332436
},
333437
sid: "1",
334438
},
@@ -337,15 +441,16 @@ func Test_Scan(t *testing.T) {
337441
{
338442
name: "Basic scan with headless",
339443
args: args{
340-
target: server.URL + "/?param=test",
444+
target: server.URL + "/abcd/?query=test",
341445
options: model.Options{
342446
Concurrence: 1,
343447
Format: "plain",
344448
Silence: true,
345449
NoSpinner: true,
346450
SkipDiscovery: true,
347-
UniqParam: []string{"param"},
451+
UniqParam: []string{"query"},
348452
UseHeadless: true,
453+
IgnoreReturn: "404",
349454
},
350455
sid: "1",
351456
},
@@ -362,3 +467,35 @@ func Test_Scan(t *testing.T) {
362467
})
363468
}
364469
}
470+
471+
func Test_initializeSpinner(t *testing.T) {
472+
type args struct {
473+
options model.Options
474+
}
475+
tests := []struct {
476+
name string
477+
args args
478+
}{
479+
{
480+
name: "No spinner",
481+
args: args{
482+
options: model.Options{
483+
NoSpinner: true,
484+
},
485+
},
486+
},
487+
{
488+
name: "Spinner",
489+
args: args{
490+
options: model.Options{
491+
NoSpinner: false,
492+
},
493+
},
494+
},
495+
}
496+
for _, tt := range tests {
497+
t.Run(tt.name, func(t *testing.T) {
498+
initializeSpinner(tt.args.options)
499+
})
500+
}
501+
}

pkg/scanning/transport_example_test.go

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -391,3 +391,33 @@ func TestCreateTransportChainWithExamples(t *testing.T) {
391391
t.Errorf("Expected response to be '%s', got '%s'", expected, body)
392392
}
393393
}
394+
395+
func TestExampleCustomTransportWithTLS(t *testing.T) {
396+
tests := []struct {
397+
name string
398+
}{
399+
{
400+
name: "ExampleCustomTransportWithTLS",
401+
},
402+
}
403+
for _, tt := range tests {
404+
t.Run(tt.name, func(t *testing.T) {
405+
ExampleCustomTransportWithTLS()
406+
})
407+
}
408+
}
409+
410+
func TestExampleTransportChain(t *testing.T) {
411+
tests := []struct {
412+
name string
413+
}{
414+
{
415+
name: "ExampleTransportChain",
416+
},
417+
}
418+
for _, tt := range tests {
419+
t.Run(tt.name, func(t *testing.T) {
420+
ExampleTransportChain()
421+
})
422+
}
423+
}

0 commit comments

Comments
 (0)