class documentation
class MethodInjectionTestsMixin: (source)
Known subclasses: twisted.web.test.test_agent.AgentMethodInjectionTests
, twisted.web.test.test_agent.RequestMethodInjectionTests
, twisted.web.test.test_agent.RequestWriteToMethodInjectionTests
A mixin that runs HTTP method injection tests. Define MethodInjectionTestsMixin.attemptRequestWithMaliciousMethod
in a twisted.trial.unittest.SynchronousTestCase
subclass to test how HTTP client code behaves when presented with malicious HTTP methods.
See Also | |
CVE-2019-12387 |
Method | attempt |
Attempt to send a request with the given method. This should synchronously raise a ValueError if either is invalid. |
Method | test_method |
Issuing a request with a method that contains a carriage return and line feed fails with a ValueError . |
Method | test_method |
Issuing a request with a method that contains non-ASCII characters fails with a ValueError . |
Method | test_method |
Issuing a request with a method that contains unprintable ASCII characters fails with a ValueError . |
overridden in
twisted.web.test.test_agent.AgentMethodInjectionTests
, twisted.web.test.test_agent.RequestMethodInjectionTests
, twisted.web.test.test_agent.RequestWriteToMethodInjectionTests
Attempt to send a request with the given method. This should synchronously raise a ValueError
if either is invalid.
Parameters | |
method: | the method (e.g. GET) |
uri | the URI |
Issuing a request with a method that contains a carriage return and line feed fails with a ValueError
.