Ë ÏªÍfÙãó¨—dZddlZeedd««eeej d««z Zeedd««ZGd„d«ZGd„d «Z y) zF Helpers for URI and method injection tests. @see: U{CVE-2019-12387} éNé€Úasciiécó(—eZdZdZd„Zd„Zd„Zd„Zy)ÚMethodInjectionTestsMixina9 A mixin that runs HTTP method injection tests. Define L{MethodInjectionTestsMixin.attemptRequestWithMaliciousMethod} in a L{twisted.trial.unittest.SynchronousTestCase} subclass to test how HTTP client code behaves when presented with malicious HTTP methods. @see: U{CVE-2019-12387} có—t«‚)z÷ Attempt to send a request with the given method. This should synchronously raise a L{ValueError} if either is invalid. @param method: the method (e.g. C{GET}) @param uri: the URI @type method: ©ÚNotImplementedError©ÚselfÚmethods úC/usr/lib/python3/dist-packages/twisted/web/test/injectionhelpers.pyÚ!attemptRequestWithMaliciousMethodz;MethodInjectionTestsMixin.attemptRequestWithMaliciousMethods €ô"Ó#Ð#ócóÈ—|jt«5}d}|j|«ddd«|jt j «d«y#1swYŒ/xYw)zƒ Issuing a request with a method that contains a carriage return and line feed fails with a L{ValueError}. sGET X-Injected-Header: valueNú^Invalid method)Ú assertRaisesÚ ValueErrorrÚ assertRegexÚstrÚ exception)r Úcmr s rÚtest_methodWithCLRFRejectedz5MethodInjectionTestsMixin.test_methodWithCLRFRejected(sX€ð × Ñ œzÓ *ð ;¨bØ7ˆFØ × 2Ñ 2°6Ô :÷ ;ð ×Ñœ˜RŸ\™\Ó*Ð,=Õ>÷ ;ð ;úó –AÁA!cóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)z€ Issuing a request with a method that contains unprintable ASCII characters fails with a L{ValueError}. óGET%sNr)ÚUNPRINTABLE_ASCIIÚ bytearrayrrrrrr©r Úcr rs rÚ'test_methodWithUnprintableASCIIRejectedzAMethodInjectionTestsMixin.test_methodWithUnprintableASCIIRejected2su€ô #ò CˆAؤ¨A¨3£Ð 1Ñ1ˆFØ×"Ñ"¤:Ó.ð ?°"Ø×6Ñ6°vÔ>÷ ?à × Ñ œS §¡Ó.Ð0AÕ Bñ  C÷ ?ð ?úó ¯A1Á1A: cóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)zx Issuing a request with a method that contains non-ASCII characters fails with a L{ValueError}. rNr)ÚNONASCIIrrrrrrrrs rÚtest_methodWithNonASCIIRejectedz9MethodInjectionTestsMixin.test_methodWithNonASCIIRejected=su€ô ò CˆAؤ¨A¨3£Ð 1Ñ1ˆFØ×"Ñ"¤:Ó.ð ?°"Ø×6Ñ6°vÔ>÷ ?à × Ñ œS §¡Ó.Ð0AÕ Bñ  C÷ ?ð ?úr"N)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrr!r%©rrrrs„ñò $ò?ò Có Crrcó:—eZdZdZd„Zd„Zd„Zd„Zd„Zd„Z d„Z y ) ÚURIInjectionTestsMixina A mixin that runs HTTP URI injection tests. Define L{MethodInjectionTestsMixin.attemptRequestWithMaliciousURI} in a L{twisted.trial.unittest.SynchronousTestCase} subclass to test how HTTP client code behaves when presented with malicious HTTP URIs. có—t«‚)zà Attempt to send a request with the given URI. This should synchronously raise a L{ValueError} if either is invalid. @param uri: the URI. @type method: r r s rÚattemptRequestWithMaliciousURIz5URIInjectionTestsMixin.attemptRequestWithMaliciousURIRs €ô"Ó#Ð#rcóÈ—|jt«5}d}|j|«ddd«|jt j «d«y#1swYŒ/xYw)z† Issuing a request with a URI whose host contains a carriage return and line feed fails with a L{ValueError}. shttp://twisted .invalid/pathNú ^Invalid URI©rrr.rrr©r rÚuris rÚtest_hostWithCRLFRejectedz0URIInjectionTestsMixin.test_hostWithCRLFRejected]óW€ð × Ñ œzÓ *ð 5¨bØ4ˆCØ × /Ñ /°Ô 4÷ 5ð ×Ñœ˜RŸ\™\Ó*¨NÕ;÷ 5ð 5úrcóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)zƒ Issuing a request with a URI whose host contains unprintable ASCII characters fails with a L{ValueError}. óhttp://twisted%s.invalid/OKNr0©rrrrr.rrr©r r r3rs rÚ)test_hostWithWithUnprintableASCIIRejectedz@URIInjectionTestsMixin.test_hostWithWithUnprintableASCIIRejectedgót€ô #ò @ˆAØ0´I¸q¸c³NÐ3DÑDˆCØ×"Ñ"¤:Ó.ð 9°"Ø×3Ñ3°CÔ8÷ 9à × Ñ œS §¡Ó.°Õ ?ñ  @÷ 9ð 9úr"cóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)z{ Issuing a request with a URI whose host contains non-ASCII characters fails with a L{ValueError}. r7Nr0©r$rrrr.rrrr9s rÚtest_hostWithNonASCIIRejectedz4URIInjectionTestsMixin.test_hostWithNonASCIIRejectedrót€ô ò @ˆAØ0´I¸q¸c³NÐ3DÑDˆCØ×"Ñ"¤:Ó.ð 9°"Ø×3Ñ3°CÔ8÷ 9à × Ñ œS §¡Ó.°Õ ?ñ  @÷ 9ð 9úr"cóÈ—|jt«5}d}|j|«ddd«|jt j «d«y#1swYŒ/xYw)z† Issuing a request with a URI whose path contains a carriage return and line feed fails with a L{ValueError}. shttp://twisted.invalid/ pathNr0r1r2s rÚtest_pathWithCRLFRejectedz0URIInjectionTestsMixin.test_pathWithCRLFRejected}r5rcóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)zƒ Issuing a request with a URI whose path contains unprintable ASCII characters fails with a L{ValueError}. óhttp://twisted.invalid/OK%sNr0r8r9s rÚ)test_pathWithWithUnprintableASCIIRejectedz@URIInjectionTestsMixin.test_pathWithWithUnprintableASCIIRejected‡r;r"cóú—tD]f}dt|g«fz}|jt«5}|j |«ddd«|j t j«d«Œhy#1swYŒ1xYw)z{ Issuing a request with a URI whose path contains non-ASCII characters fails with a L{ValueError}. rCNr0r=r9s rÚtest_pathWithNonASCIIRejectedz4URIInjectionTestsMixin.test_pathWithNonASCIIRejected’r?r"N) r&r'r(r)r.r4r:r>rArDrFr*rrr,r,Is.„ñò $ò<ò @ò @ò<ò @ó @rr,) r)ÚstringÚ frozensetÚrangerÚ printablerr$rr,r*rrúrKsiðñó á™e A s›mÓ,©yÙ ˆf×Ñ Ó(ó0ñÐñ ‘U˜3 “_Ó %€÷6Cñ6C÷rR@òR@r