diff options
| author | Jesse Luehrs <doy@tozt.net> | 2015-03-19 23:30:00 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2015-03-19 23:30:59 -0400 |
| commit | 1d465be4f8f3998c0ae315177456e5b4b86e13b8 (patch) | |
| tree | d815f29fa4cf540e02cf1414f5314a422d26c445 | |
| parent | 425bfded4175663c632d27db1496e3e0b5b158e6 (diff) | |
| download | matasano-1d465be4f8f3998c0ae315177456e5b4b86e13b8.tar.gz matasano-1d465be4f8f3998c0ae315177456e5b4b86e13b8.zip | |
and also implement the inverse
| -rw-r--r-- | src/http.rs | 48 | ||||
| -rw-r--r-- | src/lib.rs | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/src/http.rs b/src/http.rs index bfc65ed..2763636 100644 --- a/src/http.rs +++ b/src/http.rs @@ -24,6 +24,21 @@ pub fn parse_query_string (string: &str) -> HashMap<&str, &str> { return map; } +pub fn create_query_string (params: HashMap<&str, &str>) -> String { + fn escape (s: &str) -> String { + s.replace("%", "%25").replace("&", "%26").replace("=", "%3D") + } + + let mut parts = vec![]; + for (k, v) in params { + let mut part = escape(k); + part.push_str("="); + part.push_str(&escape(v)[..]); + parts.push(part); + } + return parts.connect("&"); +} + #[test] fn test_parse_query_string () { let got = parse_query_string("foo=bar&baz=qux&zap=zazzle"); @@ -33,3 +48,36 @@ fn test_parse_query_string () { expected.insert("zap", "zazzle"); assert_eq!(got, expected); } + +#[test] +fn test_create_query_string () { + let mut params = HashMap::new(); + params.insert("foo", "bar"); + params.insert("baz", "qux"); + params.insert("zap", "zazzle"); + let got = create_query_string(params); + let expected1 = "foo=bar&baz=qux&zap=zazzle"; + let expected2 = "foo=bar&zap=zazzle&baz=qux"; + let expected3 = "baz=qux&foo=bar&zap=zazzle"; + let expected4 = "baz=qux&zap=zazzle&foo=bar"; + let expected5 = "zap=zazzle&foo=bar&baz=qux"; + let expected6 = "zap=zazzle&baz=qux&foo=bar"; + assert!( + got == expected1 || + got == expected2 || + got == expected3 || + got == expected4 || + got == expected5 || + got == expected6, + "didn't parse query string correctly: {}", got + ); +} + +#[test] +fn test_create_query_string_malicious () { + let mut params = HashMap::new(); + params.insert("email", "foo@bar.com&role=admin"); + let got = create_query_string(params); + let expected = "email=foo@bar.com%26role%3Dadmin"; + assert_eq!(got, expected); +} @@ -18,6 +18,7 @@ pub use aes::detect_ecb_cbc; pub use aes::crack_padded_aes_128_ecb; pub use base64::to_base64; pub use http::parse_query_string; +pub use http::create_query_string; pub use primitives::fixed_xor; pub use primitives::pad_pkcs7; pub use primitives::repeating_key_xor; |