def run_default_checks(self):
"""Tests for some default issues
These issues are not specific to any test type, and can be raised as a
result of many different types of attacks. Therefore, they're defined
separately from the test_case method so that they are not overwritten
by test cases that inherit from BaseFuzzTestCase.
Any extension to this class should call
self.run_default_checks() in order to test for the Issues
defined here
"""
if "HTTP_STATUS_CODE_5XX" in self.test_signals:
self.register_issue(
defect_type="500_errors",
severity=syntribos.LOW,
confidence=syntribos.HIGH,
description=(
"This request returns an error with status code "
"{0}, which might indicate some server-side "
"fault that may lead to further vulnerabilities").format(
self.test_resp.status_code))
self.diff_signals.register(length_diff(self))
if "LENGTH_DIFF_OVER" in self.diff_signals:
if self.init_resp.status_code == self.test_resp.status_code:
description = ("The difference in length between the response "
"to the baseline request and the request "
"returned when sending an attack string "
"exceeds {0} percent, which could indicate a "
"vulnerability to injection attacks").format(
CONF.test.length_diff_percent)
self.register_issue(defect_type="length_diff",
severity=syntribos.LOW,
confidence=syntribos.LOW,
description=description)
def run_default_checks(self):
"""Tests for some default issues
These issues are not specific to any test type, and can be raised as a
result of many different types of attacks. Therefore, they're defined
separately from the test_case method so that they are not overwritten
by test cases that inherit from BaseFuzzTestCase.
Any extension to this class should call
self.run_default_checks() in order to test for the Issues
defined here
"""
if "HTTP_STATUS_CODE_5XX" in self.test_signals:
self.register_issue(
defect_type="500_errors",
severity=syntribos.LOW,
confidence=syntribos.HIGH,
description=("This request returns an error with status code "
"{0}, which might indicate some server-side "
"fault that may lead to further vulnerabilities"
).format(self.test_resp.status_code))
self.diff_signals.register(length_diff(self))
if "LENGTH_DIFF_OVER" in self.diff_signals:
if self.init_resp.status_code == self.test_resp.status_code:
description = ("The difference in length between the response "
"to the baseline request and the request "
"returned when sending an attack string "
"exceeds {0} percent, which could indicate a "
"vulnerability to injection attacks"
).format(CONF.test.length_diff_percent)
self.register_issue(
defect_type="length_diff",
severity=syntribos.LOW,
confidence=syntribos.LOW,
description=description)
def test_percentage_difference(self, m):
content = u"""'Traceback (most recent call last):\n',
File "<doctest...>", line 10, in <module>\n
lumberjack()\n',
File "<doctest...>", line 4, in lumberjack\n
bright_side_of_death()\n',
File "<doctest...>", line 7, in bright_side_of_death\n
return tuple()[0]\n',
'IndexError: tuple index out of range\n']"""
m.register_uri(
"GET", "http://example.com", text=textwrap.dedent(content))
resp = requests.get("http://example.com")
test = FakeTestObject(resp)
self.assertIsNone(length_diff(test))
def test_percentage_difference(self, m):
content = u"""'Traceback (most recent call last):\n',
File "<doctest...>", line 10, in <module>\n
lumberjack()\n',
File "<doctest...>", line 4, in lumberjack\n
bright_side_of_death()\n',
File "<doctest...>", line 7, in bright_side_of_death\n
return tuple()[0]\n',
'IndexError: tuple index out of range\n']"""
m.register_uri("GET",
"http://example.com",
text=textwrap.dedent(content))
resp = requests.get("http://example.com")
test = FakeTestObject(resp)
self.assertIsNone(length_diff(test))
