def parse_storespost(data):
""" Automatically generated response parser """
# Declare response variables
temp_7262 = None
# Parse the response into json
try:
data = json.loads(data)
except Exception as error:
raise ResponseParsingException("Exception parsing response, data was not valid json: {}".format(error))
# Try to extract each dynamic object
try:
temp_7262 = str(data["id"])
except Exception as error:
# This is not an error, since some properties are not always returned
pass
# If no dynamic objects were extracted, throw.
if not (temp_7262):
raise ResponseParsingException("Error: all of the expected dynamic objects were not present in the response.")
# Set dynamic variables
if temp_7262:
dependencies.set_variable("_stores_post_id", temp_7262)
def _namespace_rule(self):
""" Try to hijack objects of @param target_types and use them via
a secondary attacker user.
@param target_types: The types of the target object to attemp hijack.
@type target_types: Set
@return: None
@rtype : None
"""
# For the target types (target dynamic objects), get the latest
# values which we know will exist due to the previous rendering.
# We will later on use these old values atop a new rendering.
hijacked_values = {}
consumed_types = self._sequence.consumes
consumed_types = set(itertools.chain(*consumed_types))
# Exit the checker and do not re-render if nothing is consumed since
# the checker will have nothing to work on anyways.
if not consumed_types:
return
# Render only last request if not in exhaustive (expensive) mode.
# If that last request does not consume anything, stop here.
if self._mode != 'exhaustive' and not self._sequence.last_request.consumes:
return
self._render_original_sequence_start(self._sequence)
for type in consumed_types:
hijacked_values[type] = dependencies.get_variable(type)
self._checker_log.checker_print(f"Hijacked values: {hijacked_values}")
RAW_LOGGING(f"Hijacked values: {hijacked_values}")
for i, req in enumerate(self._sequence):
# Render only last request if not in exhaustive (expensive) mode.
if self._mode != 'exhaustive' and i != self._sequence.length - 1:
continue
# Skip requests that are not consumers.
if not req.consumes:
continue
dependencies.reset_tlb()
self._render_attacker_subsequence(req)
# Feed hijacked values.
for type in hijacked_values:
dependencies.set_variable(type, hijacked_values[type])
self._render_hijack_request(req)
def parse_cityRoadNamePut(data):
temp_123 = None
try:
data =json.loads(data)
except Exception as error:
raise ResponseParsingException("Exception parsing response, data was not valid json: {}".format(error))
try:
temp_123 = str(data["name"])
except Exception as error:
pass
if temp_123:
dependencies.set_variable("_city_road_put_name", temp_123)
def apply(self, rendered_sequence, lock):
""" Applies check for resource hierarchy rule violations.
@param rendered_sequence: Object containing the rendered sequence information
@type rendered_sequence: RenderedSequence
@param lock: Lock object used to sync more than one fuzzing job
@type lock: thread.Lock
@return: None
@rtype : None
"""
if not rendered_sequence.valid:
return
self._sequence = rendered_sequence.sequence
# We skip any sequence that contains DELETE methods so that we
# keep in isolation this checker and the use-after-free checker.
if self._sequence.has_destructor():
return
consumes = self._sequence.consumes
predecessors_types = consumes[:-1]
# Last request is the victim -- our target!
target_types = consumes[-1]
# In the dictionary of "consumes" constraints, each request of the
# sequence instance has its own dictionary of the dynamic variable
# types produced by each request. We need to flatten this structure.
predecessors_types = set(itertools.chain(*predecessors_types))
# Skip sequence if there are no predecessor dependencies or no
# target objects to swap.
if not predecessors_types.intersection(target_types)\
or not target_types - predecessors_types:
return
# For the victim types (target dynamic objects), get the lattest
# values which we know will exist due to the previous rendering.
# We will later on use these old values atop a new rendering.
old_values = {}
for target_type in target_types - predecessors_types:
old_values[target_type] = dependencies.get_variable(target_type)
# Reset tlb of all values and re-render all predecessor up to
# the parent's parent. This will propagate new values for all
# dynamic objects except for those with target type. That's what we
# want and that's why we render up to the parent's parent (i.e.,
# up to length(seq) - 2.
dependencies.reset_tlb()
# Render sequence up to before the first predecessor that produces
# the target type. that is, if any of the types produced by the
# request is in the target types, then do not render this
# predecessor and stop here.
n_predecessors = 0
for req in self._sequence:
if req.produces.intersection(target_types - predecessors_types):
break
n_predecessors += 1
new_seq = self._render_n_predecessor_requests(n_predecessors)
# log some helpful info
self._checker_log.checker_print("\nTarget types: {}".\
format(target_types - predecessors_types))
self._checker_log.checker_print(
f"Predecesor types: {predecessors_types}")
self._checker_log.checker_print("Clean tlb: {}".\
format(dependencies.tlb))
# Before rendering the last request, substitute all target types
# (target dynamic object) with a value that does NOT belong to
# the current rendering and should not (?) be accessible through
# the new predecessors' rendering.
for target_type in old_values:
dependencies.set_variable(target_type, old_values[target_type])
self._checker_log.checker_print("Poluted tlb: {}".\
format(dependencies.tlb))
self._render_last_request(new_seq)
