-
Notifications
You must be signed in to change notification settings - Fork 1
/
fuzzingFunctions.py
160 lines (134 loc) · 3.83 KB
/
fuzzingFunctions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
'''
fuzzingFunctions.py
Copyright 2006 Andres Riancho
This file is part of untidy, untidy.sourceforge.net .
untidy is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
untidy is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with untidy; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
import re
class fuzzingFunctions:
'''
This class has a collection of fuzzing funcions for xml tags, text and attrs.
@author: Andres Riancho ( [email protected] )
'''
def __init__(self):
self._ffTestList = [ self.ff0 ]
def _getTestFuzzFunctions( self ):
'''
@return: A list of fuzzing functions for testing.
'''
return self._ffTestList
def _getFuzzFunctions( self ):
'''
@return: A list of fuzzing functions.
'''
res = []
i = 0
try:
while True:
# pure python love :P
res.append( getattr( self, 'ff'+str(i) ) )
i += 1
except:
# I dont care
pass
return res
###############################################
# #
# These are the fuzzing functions, the Core. #
# #
###############################################
def ff0( self, xmlItem, repetitions=[] ):
'''
Return the item without changes
'''
return [xmlItem,]
######################################
# #
# This set of ff's break the XML sintax #
# #
######################################
def ff1( self, xmlItem, repetitions=[] ):
'''
Matches the opening <, replace with '>'*repetitions
'''
result = []
p = re.compile('^<')
for rep in repetitions:
if p.match( xmlItem ):
fuzzedItem = p.sub('>'*rep , xmlItem )
result.append( fuzzedItem )
return result
def ff2( self, xmlItem, repetitions=[] ):
'''
If repetitions=2 and xmlItem='<foo>'
this ff returns '<foo><<>>'
'''
result = []
for rep in repetitions:
fuzzedItem = xmlItem
for i in range( rep ):
fuzzedItem += '<'
for i in range( rep ):
fuzzedItem += '>'
result.append( fuzzedItem )
return result
def ff3( self, xmlItem, repetitions=0 ):
result = []
for rep in repetitions:
fuzzedItem = xmlItem
fuzzedItem += 'A'*rep
result.append( fuzzedItem )
return result
def ff4( self, xmlItem, repetitions=[] ):
result = []
for rep in repetitions:
result.append(xmlItem*rep)
return result
def ff5( self, xmlItem, repetitions=0 ):
return ['',]
######################################
# #
# This set of ff's fuzz the XML ( mostly ) without #
# breaking XML sintax #
# #
######################################
def _sameType( self, charA, charB ):
if charA.isalpha() and charB.isalpha():
return True
elif charA.isdigit() and charB.isdigit():
return True
else:
return False
def ff6( self, xmlItem, repetitions=[] ):
'''
Lots of fuzzing going on here! :)
Some of this fuzzed XML's will be valid, some not.
'''
result = []
last = ''
pointer = 0
for char in xmlItem:
if not self._sameType( last, char ):
for rep in repetitions:
fuzzedItem = xmlItem[ : pointer ]
# This helps me identify the bugs on the remote side
if char.isalpha():
fuzzedItem += 'A'* rep
elif char.isdigit():
fuzzedItem += '1'* rep
else:
fuzzedItem += char* rep
fuzzedItem += xmlItem[ pointer : ]
result.append( fuzzedItem )
pointer += 1
last = char
return result