def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, 'alice', 'atok') adduser(pdb, 'bob', 'btok') balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x ## Exercise 6: your code here. ## Detect balance mismatch. ## When detected, call report_balance_mismatch() pdb = zoobar.zoodb.person_setup() balancet = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) if balance1 != balancet: report_balance_mismatch() ## Detect zoobar theft. ## When detected, call report_zoobar_theft() tdb = zoobar.zoodb.transfer_setup() for p in pdb.query(zoobar.zoodb.Person).all(): if tdb.query(zoobar.zoodb.Transfer).filter_by( sender=p.username).first() == None: report_zoobar_theft()
def test_func(): sym_table_name = fuzzy.mk_str("sym_tname") table = Table(sym_table_name) sym_column = fuzzy.mk_str("sym_colname") query = table.select(getattr(table, sym_column)) query = symsqlutils.symStrInterpolation(query) sym_output(query)
def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, "alice", "atok") adduser(pdb, "bob", "btok") balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ["wsgi.url_scheme"] = "http" environ["wsgi.input"] = "xxx" environ["SERVER_NAME"] = "zoobar" environ["SERVER_PORT"] = "80" environ["SCRIPT_NAME"] = "script" environ["QUERY_STRING"] = "query" environ["HTTP_REFERER"] = fuzzy.mk_str("referrer") environ["HTTP_COOKIE"] = fuzzy.mk_str("cookie") ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ["REQUEST_METHOD"] = "GET" environ["PATH_INFO"] = "trans" + fuzzy.mk_str("path") if environ["PATH_INFO"].startswith("//"): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x ## Exercise 6: your code here. ## Detect balance mismatch. ## When detected, call report_balance_mismatch() pdb = zoobar.zoodb.person_setup() balancet = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) if balance1 != balancet: report_balance_mismatch() ## Detect zoobar theft. ## When detected, call report_zoobar_theft() tdb = zoobar.zoodb.transfer_setup() for p in pdb.query(zoobar.zoodb.Person).all(): if tdb.query(zoobar.zoodb.Transfer).filter_by(sender=p.username).first() == None: report_zoobar_theft()
def test_func(): sym_table_name = fuzzy.mk_str("sym_tname") table = Table(sym_table_name) sym_column_1 = fuzzy.mk_str("sym_colname_1") sym_column_2 = fuzzy.mk_str("sym_colname_2") query = table.select(getattr(table, sym_column_1), \ getattr(table, sym_column_2)) sym_str = fuzzy.mk_str("sym_str") query.where = getattr(table, sym_column_2) == sym_str query = symsqlutils.symStrInterpolation(query) sym_output(query)
def test_func(): table_name = "table" table = Table(table_name) column = "column" sym_where = fuzzy.mk_str("sym_wherename") query = table.select(column, sym_where) sym_output(query)
def test_f(): db = test1_setup() s = fuzzy.mk_str('s') r = db.query(Test1).get(s) if r is None: v = None else: v = r.value print s, '->', v f_results.add(v)
def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, 'alice', 'atok') adduser(pdb, 'bob', 'btok') balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x
def test_f(): db = test1_setup() s = fuzzy.mk_str('s') #s is now a concolic value,with normal fucntion it is being passed as concrete value # print "printing s",s r = db.query(Test1).get(s) #returns the instance based on primary key identifier | None if Nothing found # print "after get ",db.query(Test1).get if r is None: v = None else: v = r.value # print value print s, '->', v f_results.add(v)
def test_g(): s = fuzzy.mk_str('s') v = g(s) print s, '->', v g_results.add(v)
def test_stuff(): method = fuzzy.mk_str('method') if not method == 'get' and not method == 'post': return req = d.new() from django.contrib.auth.models import User User.objects.all().delete() alice = adduser('alice') bob = adduser('bob') balance1 = sum([u.person.zoobars for u in User.objects.all()]) from zapp.models import Transfer Transfer.objects.all().delete() #User.objects.get(username = '******') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. path = fuzzy.mk_str('path') + '/' if path[0] == '/': return data = {} if method == 'post': if path == 'transfer/': data = post_data( zoobars = fuzzy.mk_int('transfer.zoobars'), recipient = fuzzy.mk_str('transfer.recipient') ) logged_in = False user = fuzzy.mk_str('user') if user == 'alice' or user == 'bob': if verbose > 0: print('==> accessing %s as %s' % (path, user)) if user == 'alice': req.login(username='******', password='******') elif user == 'bob': req.login(username='******', password='******') logged_in = True else: if verbose > 0: print('==> accessing %s anonymously' % path) if cov is not None: cov.start() response = None if method == 'get': response = req.get(path) elif method == 'post': response = req.post(path, data=data) if cov is not None: cov.stop() cov.save() if verbose == 1 and response.status_code == 404: print(" -> 404 not found...") elif verbose == 1: print(' -> %d %s' % (response.status_code, response.reason_phrase)) elif verbose > 1: print(' -> %d %s\n -> %s' % ( response.status_code, response.reason_phrase, response.items()) ) if verbose > 2 or response.status_code == 500: print(80 * "-") print(re.sub("^", "\t", response.content)) print(80 * "-") if logged_in and path == "transfer/": if verbose > 0: if "Log out" in response.content: print(" -> login works. that's nice.") else: print(" -> login doesn't work :(") if method == "post": if "warning" in response.content: if verbose > 0: # success is also notified using a warning span wtext = re.search('<span class="warning">([^<]*)</span>', response.content).group(1) print(" -> transfer warning: %s" % wtext) else: print(" -> NO TRANSFER WARNING?!") print(80 * "-") print(re.sub("^", "\t", response.content)) print(80 * "-") if User.objects.all().count() == 2: balance2 = sum([u.person.zoobars for u in User.objects.all()]) if balance1 != balance2: report_balance_mismatch() utransfers = [t.sender.user.username for t in Transfer.objects.all()] for p in User.objects.all(): if p.username not in utransfers: if p.person.zoobars < 10: report_zoobar_theft()
def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, 'alice', 'atok') adduser(pdb, 'bob', 'btok') user1 = pdb.query(zoobar.zoodb.Person).all() nuser1 = len(user1) balance1 = sum([p.zoobars for p in user1]) pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x ## Detect balance mismatch. ## When detected, call report_balance_mismatch() user2 = pdb.query(zoobar.zoodb.Person).all() nuser2 = len(user2) balance2 = sum([p.zoobars for p in user2]) if nuser1 == nuser2 and balance1 != balance2: report_balance_mismatch() ## Detect zoobar theft. ## When detected, call report_zoobar_theft() transfers = tdb.query(zoobar.zoodb.Transfer).all() alice_balance = [ alice.zoobars for alice in user2 if alice.username == 'alice' ][0] bob_balance = [bob.zoobars for bob in user2 if bob.username == 'bob'][0] for user, zoobars in zip(['alice', 'bob'], [alice_balance, bob_balance]): did = len([t for t in transfers if t.sender == user]) != 0 if not did and zoobars < 10: report_zoobar_theft()
def test_stuff(): method = fuzzy.mk_str('method') if not method == 'get' and not method == 'post': return req = d.new() from django.contrib.auth.models import User User.objects.all().delete() alice = adduser('alice') bob = adduser('bob') balance1 = sum([u.person.zoobars for u in User.objects.all()]) from zapp.models import Transfer Transfer.objects.all().delete() #User.objects.get(username = '******') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. path = fuzzy.mk_str('path') + '/' if path[0] == '/': return data = {} if method == 'post': if path == 'transfer/': data = post_data(zoobars=fuzzy.mk_int('transfer.zoobars'), recipient=fuzzy.mk_str('transfer.recipient')) logged_in = False user = fuzzy.mk_str('user') if user == 'alice' or user == 'bob': if verbose > 0: print('==> accessing %s as %s' % (path, user)) if user == 'alice': req.login(username='******', password='******') elif user == 'bob': req.login(username='******', password='******') logged_in = True else: if verbose > 0: print('==> accessing %s anonymously' % path) if cov is not None: cov.start() response = None if method == 'get': response = req.get(path) elif method == 'post': response = req.post(path, data=data) if cov is not None: cov.stop() cov.save() if verbose == 1 and response.status_code == 404: print(" -> 404 not found...") elif verbose == 1: print(' -> %d %s' % (response.status_code, response.reason_phrase)) elif verbose > 1: print(' -> %d %s\n -> %s' % (response.status_code, response.reason_phrase, response.items())) if verbose > 2 or response.status_code == 500: print(80 * "-") print(re.sub("^", "\t", response.content)) print(80 * "-") if logged_in and path == "transfer/": if verbose > 0: if "Log out" in response.content: print(" -> login works. that's nice.") else: print(" -> login doesn't work :(") if method == "post": if "warning" in response.content: if verbose > 0: # success is also notified using a warning span wtext = re.search('<span class="warning">([^<]*)</span>', response.content).group(1) print(" -> transfer warning: %s" % wtext) else: print(" -> NO TRANSFER WARNING?!") print(80 * "-") print(re.sub("^", "\t", response.content)) print(80 * "-") if User.objects.all().count() == 2: balance2 = sum([u.person.zoobars for u in User.objects.all()]) if balance1 != balance2: report_balance_mismatch() utransfers = [t.sender.user.username for t in Transfer.objects.all()] for p in User.objects.all(): if p.username not in utransfers: if p.person.zoobars < 10: report_zoobar_theft()
#!/usr/bin/env python2 import symex.fuzzy as fuzzy import z3 import traceback import sys class MyException(Exception): def __init__(self, *args): super(MyException, self).__init__(*args) try: fuzzy.cur_path_constr = [] fuzzy.cur_path_constr_callers = [] fuzzy.concrete_values = {'s': 'abcdef'} s = fuzzy.mk_str('s') t = 'foo' + s + 'bar' if not isinstance(t, fuzzy.concolic_str): raise MyException("ERROR: lost concolic object after concat") l = len(t) if not isinstance(l, fuzzy.concolic_int): raise MyException("ERROR: lost concolic object after len") if l != 12: raise MyException("ERROR: wrong concrete value for concolic object") if len(fuzzy.cur_path_constr) == 0: raise MyException("ERROR: no path constraint") if len(fuzzy.cur_path_constr) > 1: raise MyException("ERROR: too many path constraints") fuzzy.cur_path_constr = [] if l + 2 == 22: raise MyException("ERROR: wrong concrete value, take 2")
def test_func(): sym_table_name = fuzzy.mk_str("sym_tname") table = Table(sym_table_name) query = table.select() query = symsqlutils.symStrInterpolation(query) sym_output(query)
def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, 'alice', 'atok') adduser(pdb, 'bob', 'btok') balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) people1 = sum([1 for p in pdb.query(zoobar.zoodb.Person).all()]) all_balances1 = { p.username: p.zoobars for p in pdb.query(zoobar.zoodb.Person).all() } pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x ## Exercise 6: your code here. ## Detect balance mismatch. ## When detected, call report_balance_mismatch() balanceEnd = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) peopleEnd = sum([1 for p in pdb.query(zoobar.zoodb.Person).all()]) if balanceEnd != balance1 and peopleEnd == people1: print "balance1=", balance1, "balanceEnd=", balanceEnd, "people1=", people1 report_balance_mismatch() #return ## Detect zoobar theft. ## When detected, call report_zoobar_theft() all_balancesEnd = { p.username: p.zoobars for p in pdb.query(zoobar.zoodb.Person).all() } if len(all_balancesEnd.keys()) == len(all_balances1.keys()) and set( all_balancesEnd.keys()) == set(all_balances1.keys()): # same number and set of users diff_balance_users = [] for user in all_balances1: if all_balances1[user] != all_balancesEnd[user]: diff_balance_users.append(user) # check all the users with different balances that they have entries in the Tranfer table tdb = zoobar.zoodb.transfer_setup() for user in diff_balance_users: net_balance_change = 0 user_transfer = tdb.query(zoobar.zoodb.Transfer).filter_by(sender=user) for transfer in user_transfer: net_balance_change -= transfer.amount user_transfer = tdb.query( zoobar.zoodb.Transfer).filter_by(recipient=user) for transfer in user_transfer: net_balance_change += transfer.amount if all_balancesEnd[user] != all_balances1[user] + net_balance_change: print "user="******",berfore=", all_balances1[ user], ",after=", all_balancesEnd[ user], ",net_balance_change=", net_balance_change report_zoobar_theft()
def test_stuff(): pdb = zoobar.zoodb.person_setup() pdb.query(zoobar.zoodb.Person).delete() adduser(pdb, 'alice', 'atok') adduser(pdb, 'bob', 'btok') balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) pdb.commit() tdb = zoobar.zoodb.transfer_setup() tdb.query(zoobar.zoodb.Transfer).delete() tdb.commit() environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') ## In two cases, we over-restrict the inputs in order to reduce the ## number of paths that "make check" explores, so that it finishes ## in a reasonable amount of time. You could pass unconstrained ## concolic values for both REQUEST_METHOD and PATH_INFO, but then ## zoobar generates around 2000 distinct paths, and that takes many ## minutes to check. # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x after_balance = sum( [p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) if after_balance != balance1: debug_out = 'balance_mismatch: ' for p in pdb.query(zoobar.zoodb.Person).all(): debug_out += '%s: %d, ' % (p.username, p.zoobars) print debug_out report_balance_mismatch() check_user = ['alice', 'bob'] for idx, user in enumerate(['alice', 'bob']): if environ['HTTP_COOKIE'].startswith('PyZoobarLogin=%s' % user): del check_user[idx] for user in check_user: user_row = pdb.query(zoobar.zoodb.Person).get(user) if user_row != None and user_row.zoobars < 10: debug_out = 'zoobar_theft: ' for t in tdb.query(zoobar.zoodb.Transfer).all(): debug_out += '%s ,' % vars(t) print debug_out report_zoobar_theft()
def test_func(): sym_table_name = fuzzy.mk_str("sym_tname") table = Table(sym_table_name) sym_column = fuzzy.mk_str("sym_colname") query = table.select(sym_column) sym_output(query)