class documentation
class MethodInjectionTestsMixin: (source)
Known subclasses: twisted.web.test.test_agent.AgentMethodInjectionTests, twisted.web.test.test_agent.RequestMethodInjectionTests, twisted.web.test.test_agent.RequestWriteToMethodInjectionTests
A mixin that runs HTTP method injection tests. Define MethodInjectionTestsMixin.attemptRequestWithMaliciousMethod in a twisted.trial.unittest.SynchronousTestCase subclass to test how HTTP client code behaves when presented with malicious HTTP methods.
| See Also | |
| CVE-2019-12387 |
| Method | attempt |
Attempt to send a request with the given method. This should synchronously raise a ValueError if either is invalid. |
| Method | test_method |
Issuing a request with a method that contains a carriage return and line feed fails with a ValueError. |
| Method | test_method |
Issuing a request with a method that contains non-ASCII characters fails with a ValueError. |
| Method | test_method |
Issuing a request with a method that contains unprintable ASCII characters fails with a ValueError. |
overridden in
twisted.web.test.test_agent.AgentMethodInjectionTests, twisted.web.test.test_agent.RequestMethodInjectionTests, twisted.web.test.test_agent.RequestWriteToMethodInjectionTestsAttempt to send a request with the given method. This should synchronously raise a ValueError if either is invalid.
| Parameters | |
| method: | the method (e.g. GET) |
| uri | the URI |
Issuing a request with a method that contains a carriage return and line feed fails with a ValueError.