public void WhenGetPostData_IfSelectHasMultipleSelectedOptionDifferentSelected_ShouldAddAllOptionsValuesToPostdata()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<select name='select1'>
<option value='option1value' selected>option1text</option>
<option value='option2value' selected='true'>option2text</option>
<option value='option3value' selected='selected'>option3text</option>
</select>
<input type='text' name='input1' value='value1' />
<input type='submit' name='submit1' value='submit1' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&submit1=submit1&select1=option1value&select1=option2value&select1=option3value", postData.GetPostDataString());
}
public void IfFormContainsDifferentInputElements_PostDataCollection_ShouldBeAbleToFilter()
{
//Arrange
string html = @"
<html>
<body>
<form id='form1' action='action' method='put'>
<input type='text' name='textbox1' value='textvalue' />
<input type='password' name='password1' value='passvalue' />
<input type='checkbox' name='checkbox1' value='checkvalue' />
<input type='radio' name='radio1' value='radiovalue' />
<input type='reset' name='reset1' value='resetvalue' />
<input type='file' name='file1' value='filevalue' />
<input type='file' name='file2' value='filevalue2' />
</form>
</body>
</html>";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("textbox1=textvalue&password1=passvalue", postData.GetPostDataString(PostDataFieldType.Text));
MSAssert.AreEqual(4, postData.Count);
MSAssert.AreEqual(2, postData.FindAll(e => (e.Type == PostDataFieldType.File)).Count());
}
public void WhenGetPostData_IfSelectHasSelectedOptionWithNonStdSymbols_ShouldEncodeValue()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<select name='select1'>
<option selected>option1<text</option>
</select>
<input type='text' name='input1' value='value1' />
<input type='submit' name='submit1' value='submit1' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&submit1=submit1&select1=option1%3ctext", postData.GetPostDataString());
}
public void WhenGetPostData_IfSelectHasNoSelectedOptions_ShouldNotAddItToPostada()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<select name='select1'>
<option value='option1value' />
</select>
<input type='text' name='input1' value='value1' />
<input type='submit' name='submit1' value='submit1' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&submit1=submit1", postData.GetPostDataString());
}
public void WhenGetPostData_IfMultipleCheckboxesWithSameNamePresentAndCheckedWithValue_ShouldValueBeIncludItInPostdata()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<input type='text' name='input1' value='value1' />
<input type='checkbox' name='check1' value='checkvalue1' checked />
<input type='text' name='input2' value='value2' />
<input type='checkbox' name='check1' value='checkvalue2' checked />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&check1=checkvalue1&input2=value2&check1=checkvalue2", postData.GetPostDataString());
MSAssert.AreEqual(4, postData.Count);
}
/// <summary>
/// Prepares multipart request data (postdata and files to upload) and
/// outputs postdata collection to request stream.
/// </summary>
public static string AddMultipartRequestData(this HttpWebRequest request, PostDataCollection postData,
IFileSystem fileSystem)
{
// get ususal postdata and files
List <PostDataField> textPostData = postData.FindAll(f => f.Type != PostDataFieldType.File);
List <PostDataField> filePostData = postData.FindAll(f => f.Type == PostDataFieldType.File);
NameValueCollection filesToUpload = ParseFilePostData(filePostData);
// set corresponding content type
request.ContentType = "multipart/form-data; boundary=" + _boundary;
// stream where we going to combine postdata and files to upload
Stream memoryStream = new MemoryStream();
byte[] result = null;
try
{
// add postdata
foreach (PostDataField field in textPostData)
{
WriteFieldToMemoryStream(memoryStream, field.Name, field.Value);
}
// write boundary after every form element's value
memoryStream.Write(_boundaryBytes, 0, _boundaryBytes.Length);
// add files
foreach (string key in filesToUpload)
{
WriteFileToMemoryStream(memoryStream, key, filesToUpload[key], fileSystem);
}
// now read everything from memory stream to buffer
memoryStream.Position = 0;
result = new byte[memoryStream.Length];
memoryStream.Read(result, 0, result.Length);
// set correct content length
request.ContentLength = result.Length;
// write buffer to request stream
Stream requestStream = request.GetRequestStream();
requestStream.Write(result, 0, result.Length);
requestStream.Close();
}
finally
{
memoryStream.Close();
}
return(Encoding.UTF8.GetString(result));
}
/// <summary>
/// Executes a form submit
/// </summary>
private BrowserInfo ExecuteFormSubmit(HtmlFormElement form, HtmlInputElement submitInputElement = null)
{
Uri url = new Uri(this._emulator.CurrentUri, form.CachedAttributes.Get("action", this._emulator.CurrentUri));
PostDataCollection postdataCollection = form.GetPostDataCollection(submitInputElement);
// execute request
return(PerformRequest(url.AbsoluteUri, // url
form.CachedAttributes.Get("method", "post"), // method
"application/x-www-form-urlencoded", // contentType
postdataCollection)); // postData
}
/// <summary>
/// Performes an actual request by calling requestor's ExecuteRequest
/// </summary>
/// <param name="url">Url to be requested</param>
/// <param name="method">Method: get/post</param>
/// <param name="contentType">content type</param>
/// <param name="postData">name/value collection of post data parameters</param>
/// <returns>BrowserInfo returned by requestor</returns>
private BrowserInfo PerformRequest(string url, string method, string contentType,
PostDataCollection postData)
{
// do a request
BrowserInfo browserInfo = this._emulator.ExecuteRequest(url, method, contentType, postData);
// successfull store current page's body
if (browserInfo != null)
{
this._currentBody = browserInfo.Data;
}
return(browserInfo);
}
/// <summary>
/// 将postData设置到postDataCollection
/// </summary>
public void SetPostDataCollection()
{
if (!string.IsNullOrWhiteSpace(PostData))
{
string[] formdatas = PostData.Split('&');
if (formdatas != null && formdatas.Length > 0)
{
foreach (var item in formdatas)
{
string[] formdata = item.Split('=');
if (formdata.Length == 2)
{
PostDataCollection.Add(formdata[0], formdata[1]);
}
}
}
}
}
public void BuildPostData_IfNoInputElementsExistReturnsEmpty()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.IsTrue(postData.Count == 0);
MSAssert.IsTrue(string.IsNullOrEmpty(postData.GetPostDataString()));
}
public void IfFormContainsUnknownElements_BuildPostData_ShouldContainOnlyKnownElements()
{
//Arrange
string html = @"
<html>
<body>
<form id='form1' action='action' method='put'>
<input type='text' name='textbox1' value='textvalue' />
<input type='password' name='password1' value='passvalue' />
<input type='checkbox' name='checkbox1' value='checkvalue' />
<input type='radio' name='radio1' value='radiovalue' />
<input type='reset' name='reset1' value='resetvalue' />
<input type='file' name='file1' value='filevalue' />
<input type='hidden' name='hidden1' value='hiddenvalue' />
<input type='submit' name='button1' value='button1' />
<input type='search' name='search1' value='search1' />
<input type='tel' name='tel1' value='tel1' />
<input type='url' name='url1' value='url1' />
<input type='email' name='email1' value='email1' />
<input type='datetime' name='datetime1' value='datetime1' />
<input type='date' name='date1' value='10/10/1981' />
<input type='month' name='month1' value='month1' />
<input type='week' name='week1' value='week1' />
<input type='time' name='time1' value='time1' />
<input type='number' name='number1' value='11' />
</form>
</body>
</html>";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("textbox1=textvalue&password1=passvalue&file1=filevalue&hidden1=hiddenvalue&button1=button1&search1=search1&tel1=tel1&url1=url1&email1=email1&datetime1=datetime1&date1=10%2f10%2f1981&month1=month1&week1=week1&time1=time1&number1=11", postData.GetPostDataString());
MSAssert.AreEqual(15, postData.Count);
}
public void WhenGetPostData_IfMultipleSubmitButtonsAndNoSubmitId_ShouldReturnBothSubmitButtonData()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<input type='text' name='input1' value='value1' />
<input type='submit' name='submit1' value='submit1' />
<input type='submit' name='submit2' value='submit2' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&submit1=submit1&submit2=submit2", postData.GetPostDataString());
}
public void BuildPostData_ReturnsNameValuePairsForInputElements()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<input type='text' name='input1' value='value1' />
<input type='text' name='input2' value='value2' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&input2=value2", postData.GetPostDataString());
MSAssert.AreEqual(2, postData.Count);
}
public void WhenGetPostData_IfMultipleSubmitButtonsWithSameName_ShouldOnlyReturnTheOneThatInitiatedThePost()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<input type='text' name='input1' value='value1' />
<input type='submit' name='submitname' value='submit1' />
<input type='submit' name='submitname' value='submit2' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
var inputElement = (HtmlInputElement)form.ChildElements.Find(new { value = "submit2" });
PostDataCollection postData = form.GetPostDataCollection(inputElement);
// Assert
MSAssert.AreEqual("input1=value1&submitname=submit2", postData.GetPostDataString());
}
public void WhenGetPostData_IfRadioPresentAndUnchecked_ShouldNotIncludeItInPostdata()
{
//Arrange
string html = @"
<html>
<form id='form1'>
<div>
<input type='text' name='input1' value='value1' />
<input type='radio' name='check1' />
<input type='text' name='input2' value='value2' />
</div>
</form>
</html>
";
HtmlFormElement form = (HtmlFormElement)HtmlElement.Create(html).ChildElements.Find("form1");
//Act
PostDataCollection postData = form.GetPostDataCollection();
// Assert
MSAssert.AreEqual("input1=value1&input2=value2", postData.GetPostDataString());
MSAssert.AreEqual(2, postData.Count);
}
/// <summary>
/// Fills the post data with tests.
/// </summary>
/// <param name="postData"> The post data hastable.</param>
/// <returns> The updated post data hashtable.</returns>
public PostDataCollection FillPostData(PostDataCollection postData)
{
// ignore pattern and send PostData from FormData
return arguments.UserPostData;
}
/// <summary>
/// Sets the post data value to an element tag.
/// </summary>
/// <param name="postData"> The post data collection.</param>
/// <param name="tag"> The current tag base.</param>
/// <param name="index"> The index of the element.</param>
private void SetTagValue(PostDataCollection postData, HtmlTagBase tag, int index)
{
//
// Note: The input value has to UrlDecoded.
//
// Input Tag
if (tag is HtmlInputTag)
{
HtmlInputTag input=(HtmlInputTag)tag;
if ( postData[input.Name] != null )
{
ArrayList values = postData[input.Name];
switch ( input.Type )
{
case HtmlInputType.Radio:
if ( input.Checked.ToLower() == "true" )
if ( values.Count == 1 )
{
input.Value = EncodeDecode.UrlDecode((string)values[0]);
}
if ( values.Count > 1 )
{
input.Value = EncodeDecode.UrlDecode((string)values[index]);
}
break;
default:
input.Value = EncodeDecode.UrlDecode((string)values[index]);
break;
}
}
}
// Button Tag
if (tag is HtmlButtonTag)
{
HtmlButtonTag button = (HtmlButtonTag)tag;
if ( postData[button.Name] != null )
{
ArrayList values = postData[button.Name];
button.Value = EncodeDecode.UrlDecode((string)values[index]);
}
}
// Select Tag
if (tag is HtmlSelectTag)
{
HtmlSelectTag select = (HtmlSelectTag)tag;
if ( postData[select.Name] != null )
{
ArrayList values = postData[select.Name];
select.Value = EncodeDecode.UrlDecode((string)values[index]);
}
}
// Textarea Tag
if (tag is HtmlTextAreaTag)
{
HtmlTextAreaTag textarea=(HtmlTextAreaTag)tag;
if ( postData[textarea.Name] != null )
{
ArrayList values = postData[textarea.Name];
textarea.Value = EncodeDecode.UrlDecode((string)values[index]);
}
}
}
/// <summary>
/// Converts the PostDataCollection to a post data string.
/// </summary>
/// <param name="data"> The post data hashtable.</param>
/// <returns> A string representation of the post data.</returns>
public string GetString(PostDataCollection data)
{
StringBuilder postdata = new StringBuilder();
for (int i = 0;i<data.Count;i++ )
{
string key = data.Keys[i];
ArrayList values = data[key];
foreach ( string s in values )
{
postdata.Append(key);
postdata.Append("=");
postdata.Append(s);
postdata.Append("&");
}
}
return postdata.ToString();
}
/// <summary>
/// Converts the post data string to a PostDataCollection.
/// </summary>
/// <param name="data"> The post data string.</param>
/// <returns> A PostDataCollection representation of the post data.</returns>
public PostDataCollection GetPostDataCollection(string data)
{
if ( data.EndsWith("&") )
data = data.TrimEnd('&');
// PostData
PostDataCollection postData = new PostDataCollection();
string[] nameValueArray = data.Split('&');
for ( int i=0;i<nameValueArray.Length;i++ )
{
string pair = nameValueArray[i];
string[] keyValuePair = pair.Split('=');
string name = EncodeDecode.UrlDecode(keyValuePair[0]);
if ( pair.CompareTo(name) == 0 )
{
// this is not post data
break;
}
// If last item, check \0 else add \0.
if ( i == (nameValueArray.Length-1) )
{
keyValuePair[1] = AddEndLine(keyValuePair[1]);
}
#region Add to PostDataCollection
if ( postData[name] != null )
{
ArrayList list = postData[name];
// The value is add 'as is'
list.Add(keyValuePair[1]);
// Debug
System.Diagnostics.Debug.Write("ConvertPostDataString: Name= " + name + " Value= " + keyValuePair[1] + "\r\n");
}
else
{
if ( keyValuePair.Length == 2 )
{
ArrayList list = new ArrayList();
// The value is add 'as is'
list.Add(keyValuePair[1]);
postData.Add(name, list);
// Debug
System.Diagnostics.Debug.Write("ConvertPostDataString: Name= " + name + " Value= " + keyValuePair[1] + "\r\n");
}
}
#endregion
}
return postData;
}
/// <summary>
/// Converts the PostDataCollection to a post data ArrayList.
/// </summary>
/// <param name="data"> The post data collection.</param>
/// <returns> An ArrayList representation of the post data.</returns>
public ArrayList GetArrayList(PostDataCollection data)
{
ArrayList list = new ArrayList();
for (int i = 0;i<data.Count;i++ )
{
string key = data.Keys[i];
ArrayList values = data[key];
foreach ( string s in data )
{
list.Add(key + "=" + s);
}
}
return list;
}
/// <summary>
/// Fills the post data with tests.
/// </summary>
/// <param name="postData"> The post data hastable.</param>
/// <returns> The updated post data hashtable.</returns>
public PostDataCollection FillPostData(PostDataCollection postData)
{
string buffer = this.SqlValue;
// ArrayList keys = new ArrayList(postData.Keys);
for (int i=0;i<postData.Keys.Count;i++)
{
ArrayList values = postData[postData.Keys[i]];
for (int j=0;j<values.Count;j++)
{
values[j] = buffer;
}
}
return postData;
}
/// <summary>
/// Loads the post data tree.
/// </summary>
public void LoadPostData()
{
postDataEditor.Clear();
string postDataString = this.PostData;
// TODO: Change to PostDataCollection method.
postDataItems = formConverter.GetPostDataCollection(postDataString);
// Create parent node
TreeEditorNode parentNode = new TreeEditorNode();
parentNode.Text = "Post Data";
postDataEditor.Nodes.Add(parentNode);
for (int j=0;j<postDataItems.Count;j++)
{
string name = postDataItems.Keys[j];
ArrayList values = postDataItems[name];
TreeEditorNode labelNode = new TreeEditorNode();
labelNode.Text = name;
parentNode.Nodes.Add(labelNode);
int i = 0;
foreach ( object val in values )
{
string value = (string)val;
// TODO: Put format
postDataEditor.AddTextBoxControl(labelNode, "Index " + i.ToString() + ":", value, 350);
i++;
}
}
postDataEditor.ExpandAll();
}
/// <summary>
/// Builds a unit test for a post data ArrayList.
/// </summary>
/// <param name="testType"> The test type to create.</param>
/// <param name="postData"> The post data values to edit.</param>
/// <returns> An edited post data ArrayList with applied test.</returns>
public PostDataCollection BuildUnitTestPostData(UnitTestType testType, PostDataCollection postData)
{
PostDataCollection ret=null;
IHtmlFormUnitTest tester;
// Call FillPostData
switch (testType)
{
case UnitTestType.BufferOverflow:
tester = new BufferOverflowTester((BufferOverflowTesterArgs)this.Arguments);
ret = tester.FillPostData(postData);
break;
case UnitTestType.DataTypes:
tester = new DataTypesTester((DataTypesTesterArgs)this.Arguments);
ret = tester.FillPostData(postData);
break;
case UnitTestType.Predefined:
tester = new PredefinedTester(((PredefinedTesterArgs)this.Arguments));
ret = tester.FillPostData(postData);
break;
case UnitTestType.SqlInjection:
tester = new SqlInjectionTester((SqlInjectionTesterArgs)this.Arguments);
ret = tester.FillPostData(postData);
break;
case UnitTestType.XSS:
tester = new XssInjectionTester((XssInjectionTesterArgs)this.Arguments);
ret = tester.FillPostData(postData);
break;
}
return ret;
}
/// <summary>
/// Applies the test to a form.
/// </summary>
/// <param name="test"> The test to apply.</param>
/// <param name="postData"> The post data collection.</param>
/// <returns> A form with the new values.</returns>
protected PostDataCollection ApplyTestToPostData(Test test, PostDataCollection postData)
{
UnitTester tester = new UnitTester(test.Arguments);
return tester.BuildUnitTestPostData(test.TestType, postData);
}
/// <summary>
/// Fills the post data with tests.
/// </summary>
/// <param name="postData"> The post data hastable.</param>
/// <returns> The updated post data hashtable.</returns>
public PostDataCollection FillPostData(PostDataCollection postData)
{
BufferOverflowGenerator gen = new BufferOverflowGenerator();
string buffer = gen.GenerateStringBuffer(this.BufferLength);
// chop extra chars
buffer = buffer.Substring(0,this.BufferLength);
buffer = EncodeDecode.UrlEncode(buffer);
//ArrayList keys = new ArrayList(postData.Keys);
for (int i=0;i<postData.Keys.Count;i++)
{
ArrayList values = postData[postData.Keys[i]];
for (int j=0;j<values.Count;j++)
{
values[j] = buffer;
}
}
return postData;
}
/// <summary>
/// Save the post data changes
/// </summary>
private void SavePostDataChanges()
{
PostDataCollection values = new PostDataCollection();
foreach ( TreeEditorNode tn in postDataEditor.Nodes[0].Nodes )
{
// get key
string key = tn.Text;
ArrayList indices = new ArrayList(tn.Nodes.Count);
foreach ( TreeEditorNode valueNode in tn.Nodes )
{
indices.Add(postDataEditor.GetTextBoxValue(valueNode));
}
// add item
values.Add(key, indices);
}
postDataItems = values;
}
/// <summary>
/// Initializes and executes request and handles response.
/// </summary>
internal BrowserInfo ExecuteRequest(string url, string method, string contentType, PostDataCollection postData)
{
BrowserInfo browserInfo = new BrowserInfo();
HttpWebRequest request = this._webRequestor.CreateRequest(url);
request.Method = method.ToUpperInvariant();
// Note: cookies should be set before ContentType (request reorganize headers and cookies after that)
request.AddCookies(this._currentCookies);
// Note: content type (and length) should be set before data sent to the request stream
if (!string.IsNullOrEmpty(contentType))
{
request.ContentType = contentType;
}
string requestData = "";
if ((request.Method.Equals("post", StringComparison.OrdinalIgnoreCase) ||
request.Method.Equals("put", StringComparison.OrdinalIgnoreCase)) &&
postData != null)
{
if (postData.HasFilesToUpload)
{
//request.KeepAlive = true;
// Note: AddMultipartRequestData sets corresponding ContentType
requestData = request.AddMultipartRequestData(postData, this._fileSystem);
}
else
{
requestData = request.AddStandardRequestData(postData.GetPostDataString());
}
}
// fire event before request has been sent
RequestSendingEventArgs args = new RequestSendingEventArgs(request, requestData);
OnRequestSending(args);
request = args.Request;
HttpWebResponse response = null;
try
{
// execute request
response = this._webRequestor.ExecuteRequest(request);
}
catch (WebException e)
{
// We catch only WebException here. In this case there should be valid error page,
// which we want to obtain from the Response. If there was different type of exception,
// or we have another exception while reading response, then we let it go through.
if (e.Response != null)
{
response = (HttpWebResponse)e.Response;
}
else
{
throw;
}
}
// get raw body
string body = GetStringFromStream(response.GetResponseStream(), Encoding.UTF8);
// fire event after responce has been received
OnResponseReceived(new ResponseReceivedEventArgs(response, body));
if (!string.IsNullOrEmpty(body))
{
// store response body
browserInfo.Data = "<BrowserEmulatorRoot>" + body + "</BrowserEmulatorRoot>";
// remember current URL
this._currentUri = response.ResponseUri;
return(browserInfo);
}
throw new InvalidOperationException("Response did not contain html markup.");
}
/// <summary>
/// Fills the post data with tests.
/// </summary>
/// <param name="postData"> The post data hastable.</param>
/// <returns> The updated post data hashtable.</returns>
public PostDataCollection FillPostData(PostDataCollection postData)
{
string buffer = String.Empty;
switch ( this.SelectedDataType )
{
case DataType.Character:
buffer = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
break;
case DataType.Numeric:
buffer = "0123456789";
break;
case DataType.Null:
buffer = "";
break;
}
//ArrayList keys = new ArrayList(postData.Keys);
for (int i=0;i<postData.Keys.Count;i++)
{
ArrayList values = postData[postData.Keys[i]];
for (int j=0;j<values.Count;j++)
{
values[j] = buffer;
}
}
return postData;
}
