diff --git a/tests/parsers/test_swagger_parser.py b/tests/parsers/test_swagger_parser.py index 9eab53039..1c1ff5440 100644 --- a/tests/parsers/test_swagger_parser.py +++ b/tests/parsers/test_swagger_parser.py @@ -76,18 +76,18 @@ def test_swagger_file_complexe(): request_get.set_headers({'X-Request-Id': 'default'}) params = '{"name": "default", "description": "default", "expires_at": "1337", "access": [{"resource": "default", "action": "default", "effect": "default"}]}' - request_post = Request("https://fakeSwagger.fr/api/v2.0/projects/default/robots", "POST", post_params=params, file_params=[]) + request_post = Request("https://fakeSwagger.fr/api/v2.0/projects/default/robots", "POST", post_params=params, file_params=[], enctype="application/json") request_post.set_headers({'X-Request-Id': 'default'}) request_delete = Request("https://fakeSwagger.fr/api/v2.0/users/1337", "DELETE", post_params="", file_params=[]) request_delete.set_headers({'X-Request-Id': 'default'}) - params = '{"id": "1337", "name": "default", "description": "default", "color": "default", "scope": "default", "project_id": "1337", "creation_time": "default", "update_time": "default"}' - request_put = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "PUT", post_params=params, file_params=[]) + params = '{"id": "1337", "name": "default", "description": "default", "color": "default", "scope": "default", "project_id": "1337", "creation_time": "2024-08-16T16:03:08", "update_time": "2024-08-16T16:03:08"}' + request_put = Request("https://fakeSwagger.fr/api/v2.0/labels/1337", "PUT", post_params=params, file_params=[], enctype="application/json") request_put.set_headers({'X-Request-Id': 'default'}) params = '{"id": "1337", "vendor_type": "default", "vendor_id": "1337", "status": "default", "status_message": "default", "metrics": {"task_count": "1337", "success_task_count": "1337", "error_task_count": "1337", "pending_task_count": "1337", "running_task_count": "1337", "scheduled_task_count": "1337", "stopped_task_count": "1337"}, "trigger": "default", "extra_attrs": {}, "start_time": "default", "end_time": "default"}' - request_patch = Request("https://fakeSwagger.fr/api/v2.0/projects/default/preheat/policies/default/executions/1337", "PATCH", post_params=params, file_params=[]) + request_patch = Request("https://fakeSwagger.fr/api/v2.0/projects/default/preheat/policies/default/executions/1337", "PATCH", post_params=params, file_params=[], enctype="application/json") request_patch.set_headers({'X-Request-Id': 'default'}) list_request = [request_header, request_get, request_post, request_delete, request_put, request_patch] @@ -128,15 +128,16 @@ def test_openapi_file(): request_delete = Request("https://fake.openapi.fr/v1/AdministrationSettings/MailAccount?id=1337", "DELETE", post_params="", file_params=[]) - request_put = Request("https://fake.openapi.fr/v1/Alarms/1337", "PUT", post_params="", file_params=[]) + params = '{"alarmState": "default", "confirmingUserName": "default", "confirmingDateTime": "2024-08-16T16:03:08", "confirmingNote": "default"}' + request_put = Request("https://fake.openapi.fr/v1/Alarms/1337", "PUT", post_params=params, file_params=[], enctype= "application/json") - params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}' - request_put = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PUT", post_params=params, file_params=[]) + params = '{"active": true, "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": true}' + request_put2 = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PUT", post_params=params, file_params=[], enctype= "application/json") - params = '{"active": "true", "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": "true"}' - request_patch = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PATCH", post_params=params, file_params=[]) + params = '{"active": true, "userName": "default", "emailAddress": "default", "role": "1337", "networksVisibility": true}' + request_patch = Request("https://fake.openapi.fr/v1/AdministrationSettings/GroupUsers", "PATCH", post_params=params, file_params=[], enctype= "application/json") - list_request = [request_get, request_post, request_delete, request_put, request_patch] + list_request = [request_get, request_post, request_delete, request_patch, request_put, request_put2] requests = page.get_requests() for item in list_request: diff --git a/wapitiCore/net/crawler.py b/wapitiCore/net/crawler.py index 12dcbadb1..feba00c1d 100644 --- a/wapitiCore/net/crawler.py +++ b/wapitiCore/net/crawler.py @@ -335,6 +335,10 @@ async def async_request( @rtype: Response """ form_headers = {} + + if not form.is_multipart: + form_headers = {"Content-Type": form.enctype} + if isinstance(headers, dict) and headers: form_headers.update(headers) diff --git a/wapitiCore/net/web.py b/wapitiCore/net/web.py index d95e682d5..b98f4b021 100644 --- a/wapitiCore/net/web.py +++ b/wapitiCore/net/web.py @@ -316,7 +316,7 @@ def __init__( self._method = method self._enctype = "" - if self._method == "POST": + if self._method in ["POST", "PUT", "PATCH"]: if enctype: self._enctype = enctype.lower().strip() else: diff --git a/wapitiCore/parsers/swagger.py b/wapitiCore/parsers/swagger.py index 9db8b6ccb..e355d6070 100644 --- a/wapitiCore/parsers/swagger.py +++ b/wapitiCore/parsers/swagger.py @@ -26,6 +26,7 @@ from wapitiCore.net import Request from wapitiCore.main.log import logging + class Swagger: AUTOFILL_VALUES = { "file": ("pix.gif", b"GIF89a", "image/gif"), @@ -33,8 +34,9 @@ class Swagger: "number": "13.37", "string": "default", "time": "13:37", + "date-time": "2024-08-16T16:03:08", "url": "https://wapiti-scanner.github.io/", - "boolean": "true", + "boolean": True, "object": {}, } @@ -138,7 +140,10 @@ def _parse_object(self, model_name): ref = self._check_properties(model_name[key]['items']) model[key]["array"] = self._parse_object(ref) else: - model[key] = model_name[key]['type'] + if 'format' in model_name[key] and 'date-time' in model_name[key]['format']: + model[key] = model_name[key]['format'] + else: + model[key] = model_name[key]['type'] else: model[key] = model_name[key] except ValueError as e: @@ -215,6 +220,8 @@ def _get_routes(self, swagger_dict: dict, base_url: str) -> dict: request_route['params'] = [] if 'requestBody' in params: request_route['params'] += self._check_params(params['requestBody']['content']) + if 'parameters' in params: + request_route['params'] += self._check_params(params['parameters']) request_route['params'] += self._check_params(params) request[route].append(request_route) else: @@ -246,7 +253,8 @@ def _get_parameters(self, swagger_dict: dict, route: str, url: str) -> list: for path in swagger_dict['paths']: if route == path: if 'parameters' in swagger_dict['paths'][path][method]: - return swagger_dict['paths'][path][method]['parameters'] + if 'requestBody' not in swagger_dict['paths'][path][method]: + return swagger_dict['paths'][path][method]['parameters'] return swagger_dict['paths'][path][method] return None except KeyError as e: @@ -283,7 +291,10 @@ def _transform_query(self, route: str, param: dict, option: str): elif 'array' in param['type']: option += self.AUTOFILL_VALUES[param['type']['array']] else: - option += self.AUTOFILL_VALUES[param['type']] + if isinstance(self.AUTOFILL_VALUES[param['type']], bool): + option += str(self.AUTOFILL_VALUES[param['type']]) + else: + option += self.AUTOFILL_VALUES[param['type']] elif "in" in param: if param['in'] == "query": if self.swagger_dict['basePath']: @@ -309,6 +320,7 @@ def _transform_query(self, route: str, param: dict, option: str): return option + def _transform_url(self, param: dict, url: str, route: str) -> str: name = param['name'] if "{" in url: @@ -372,6 +384,8 @@ def _create_request(self, routes: dict) -> list[Request]: if 'in' in param: if param['in'] == "path": url = self._transform_url(param, url, route) + if 'model' in param: + data = self._transform_body(param) elif param['in'] == "query": option = self._transform_query(route, param, option) elif param['in'] == "body" and 'model' in param: @@ -382,7 +396,8 @@ def _create_request(self, routes: dict) -> list[Request]: if not 'type' in param: param["type"] = "string" header[param['name']] = self.AUTOFILL_VALUES[param['type']] - request = Request(path=url+option, method=urls[0]['method'], post_params=data, file_params=files) + request = Request(path=url+option, method=urls[0]['method'], post_params=data, file_params=files, + enctype="application/json") request.set_headers(header) requests_list.append(request) return requests_list