twisted.web.test.injectionhelpers.MethodInjectionTestsMixin(object) class documentationtwisted.web.test.injectionhelpers
(View In Hierarchy)
Known subclasses: twisted.web.test.test_agent.AgentMethodInjectionTests, twisted.web.test.test_agent.RequestMethodInjectionTests, twisted.web.test.test_agent.RequestWriteToMethodInjectionTests, twisted.web.test.test_webclient.DownloadPageMethodInjectionTests, twisted.web.test.test_webclient.GetPageMethodInjectionTests, twisted.web.test.test_webclient.HTTPClientFactoryMethodInjectionTests, twisted.web.test.test_webclient.HTTPDownloaderMethodInjectionTests, twisted.web.test.test_webclient.HTTPPageGetterMethodInjectionTests
A mixin that runs HTTP method injection tests. Define MethodInjectionTestsMixin.attemptRequestWithMaliciousMethod
in a twisted.trial.unittest.SynchronousTestCase
subclass to test how HTTP client code behaves when presented with malicious
HTTP methods.
| See Also | CVE-2019-12387 | |
| Method | attemptRequestWithMaliciousMethod | Attempt to send a request with the given method. This should
synchronously raise a ValueError
if either is invalid. |
| Method | test_methodWithCLRFRejected | Issuing a request with a method that contains a carriage return and line
feed fails with a ValueError. |
| Method | test_methodWithUnprintableASCIIRejected | Issuing a request with a method that contains unprintable ASCII
characters fails with a ValueError. |
| Method | test_methodWithNonASCIIRejected | Issuing a request with a method that contains non-ASCII characters fails
with a ValueError. |
Attempt to send a request with the given method. This should
synchronously raise a ValueError
if either is invalid.
| Parameters | method | the method (e.g. GET\x00) (type: ) |
| uri | the URI |
Issuing a request with a method that contains a carriage return and line
feed fails with a ValueError.
Issuing a request with a method that contains unprintable ASCII
characters fails with a ValueError.
Issuing a request with a method that contains non-ASCII characters fails
with a ValueError.