def parse_storespost(data): """ Automatically generated response parser """ # Declare response variables temp_7262 = None # Parse the response into json try: data = json.loads(data) except Exception as error: raise ResponseParsingException("Exception parsing response, data was not valid json: {}".format(error)) # Try to extract each dynamic object try: temp_7262 = str(data["id"]) except Exception as error: # This is not an error, since some properties are not always returned pass # If no dynamic objects were extracted, throw. if not (temp_7262): raise ResponseParsingException("Error: all of the expected dynamic objects were not present in the response.") # Set dynamic variables if temp_7262: dependencies.set_variable("_stores_post_id", temp_7262)
def _namespace_rule(self): """ Try to hijack objects of @param target_types and use them via a secondary attacker user. @param target_types: The types of the target object to attemp hijack. @type target_types: Set @return: None @rtype : None """ # For the target types (target dynamic objects), get the latest # values which we know will exist due to the previous rendering. # We will later on use these old values atop a new rendering. hijacked_values = {} consumed_types = self._sequence.consumes consumed_types = set(itertools.chain(*consumed_types)) # Exit the checker and do not re-render if nothing is consumed since # the checker will have nothing to work on anyways. if not consumed_types: return # Render only last request if not in exhaustive (expensive) mode. # If that last request does not consume anything, stop here. if self._mode != 'exhaustive' and not self._sequence.last_request.consumes: return self._render_original_sequence_start(self._sequence) for type in consumed_types: hijacked_values[type] = dependencies.get_variable(type) self._checker_log.checker_print(f"Hijacked values: {hijacked_values}") RAW_LOGGING(f"Hijacked values: {hijacked_values}") for i, req in enumerate(self._sequence): # Render only last request if not in exhaustive (expensive) mode. if self._mode != 'exhaustive' and i != self._sequence.length - 1: continue # Skip requests that are not consumers. if not req.consumes: continue dependencies.reset_tlb() self._render_attacker_subsequence(req) # Feed hijacked values. for type in hijacked_values: dependencies.set_variable(type, hijacked_values[type]) self._render_hijack_request(req)
def parse_cityRoadNamePut(data): temp_123 = None try: data =json.loads(data) except Exception as error: raise ResponseParsingException("Exception parsing response, data was not valid json: {}".format(error)) try: temp_123 = str(data["name"]) except Exception as error: pass if temp_123: dependencies.set_variable("_city_road_put_name", temp_123)
def apply(self, rendered_sequence, lock): """ Applies check for resource hierarchy rule violations. @param rendered_sequence: Object containing the rendered sequence information @type rendered_sequence: RenderedSequence @param lock: Lock object used to sync more than one fuzzing job @type lock: thread.Lock @return: None @rtype : None """ if not rendered_sequence.valid: return self._sequence = rendered_sequence.sequence # We skip any sequence that contains DELETE methods so that we # keep in isolation this checker and the use-after-free checker. if self._sequence.has_destructor(): return consumes = self._sequence.consumes predecessors_types = consumes[:-1] # Last request is the victim -- our target! target_types = consumes[-1] # In the dictionary of "consumes" constraints, each request of the # sequence instance has its own dictionary of the dynamic variable # types produced by each request. We need to flatten this structure. predecessors_types = set(itertools.chain(*predecessors_types)) # Skip sequence if there are no predecessor dependencies or no # target objects to swap. if not predecessors_types.intersection(target_types)\ or not target_types - predecessors_types: return # For the victim types (target dynamic objects), get the lattest # values which we know will exist due to the previous rendering. # We will later on use these old values atop a new rendering. old_values = {} for target_type in target_types - predecessors_types: old_values[target_type] = dependencies.get_variable(target_type) # Reset tlb of all values and re-render all predecessor up to # the parent's parent. This will propagate new values for all # dynamic objects except for those with target type. That's what we # want and that's why we render up to the parent's parent (i.e., # up to length(seq) - 2. dependencies.reset_tlb() # Render sequence up to before the first predecessor that produces # the target type. that is, if any of the types produced by the # request is in the target types, then do not render this # predecessor and stop here. n_predecessors = 0 for req in self._sequence: if req.produces.intersection(target_types - predecessors_types): break n_predecessors += 1 new_seq = self._render_n_predecessor_requests(n_predecessors) # log some helpful info self._checker_log.checker_print("\nTarget types: {}".\ format(target_types - predecessors_types)) self._checker_log.checker_print( f"Predecesor types: {predecessors_types}") self._checker_log.checker_print("Clean tlb: {}".\ format(dependencies.tlb)) # Before rendering the last request, substitute all target types # (target dynamic object) with a value that does NOT belong to # the current rendering and should not (?) be accessible through # the new predecessors' rendering. for target_type in old_values: dependencies.set_variable(target_type, old_values[target_type]) self._checker_log.checker_print("Poluted tlb: {}".\ format(dependencies.tlb)) self._render_last_request(new_seq)