#!/usr/bin/env python3
"""
Test local web2py instance
"""

import requests
import urllib3
urllib3.disable_warnings()

BASE_URL = "https://localhost:5000"

print("[*] Testing local web2py instance...")

# Test basic access
r = requests.get(BASE_URL + "/welcome/default/index", verify=False)
print(f"[+] Status: {r.status_code}")
print(f"[+] Length: {len(r.text)}")

# Test with query parameter
r2 = requests.get(
    BASE_URL + "/welcome/default/index",
    params={"test": "SIMPLE_MARKER"},
    verify=False
)

if "SIMPLE_MARKER" in r2.text:
    print("[+] Query parameter appears in response")
    idx = r2.text.find("SIMPLE_MARKER")
    print(f"    At position: {idx}")
else:
    print("[-] Query parameter not found")

# Test SSTI
print("\n[*] Testing SSTI...")
r3 = requests.get(
    BASE_URL + "/welcome/default/index",
    params={"test": "{{='SSTI_TEST'}}"},
    verify=False
)

if "SSTI_TEST" in r3.text:
    print("[+] SSTI_TEST found!")
    
    # Check if it's evaluated or just escaped
    if "{{=" in r3.text:
        print("    -> Template syntax still present (not evaluated)")
    else:
        print("    -> [!!!] Template syntax evaluated!")
else:
    print("[-] SSTI_TEST not found")

# Save response for inspection
with open("local_test.html", "w", encoding="utf-8") as f:
    f.write(r3.text)

print("\n[+] Response saved to local_test.html")
print(f"[+] Local instance ready at {BASE_URL}")