def test_custom_dictionaries(self):
request_endpoint1 = 'test/{testSomething}/moreTest'
request_endpoint2 = 'different/{other}/somethingElse'
request_endpoint3 = 'final/{testing}/theEnd'
dict1 = "dict1.json"
dict2 = "dict2.json"
settings_file = {
'per_resource_settings': {
request_endpoint1: {
'custom_dictionary': dict1
},
request_endpoint2: {
'custom_dictionary': dict2
},
request_endpoint3: {}
}
}
RestlerSettings(settings_file)
custom_dicts = RestlerSettings.Instance(
).get_endpoint_custom_mutations_paths()
self.assertEqual(2, len(custom_dicts))
self.assertEqual(dict1, custom_dicts[hex_def(request_endpoint1)])
self.assertEqual(dict2, custom_dicts[hex_def(request_endpoint2)])
self.assertTrue(hex_def(request_endpoint3) not in custom_dicts)
def test_per_resource_timing_delays(self):
request_endpoint1 = 'test/{testSomething}/moreTest'
request_endpoint2 = 'different/{other}/somethingElse'
request_endpoint3 = 'final/{testing}/theEnd'
settings_file = {
'global_producer_timing_delay': 5,
'per_resource_settings': {
request_endpoint1: {
'producer_timing_delay': 3
},
request_endpoint2: {
'producer_timing_delay': 7
}
}
}
user_args = {'producer_timing_delay': 1}
user_args.update(settings_file)
settings = RestlerSettings(user_args)
# Set in settings file
self.assertEqual(
3, settings.get_producer_timing_delay(hex_def(request_endpoint1)))
# Set in settings file (different value)
self.assertEqual(
7, settings.get_producer_timing_delay(hex_def(request_endpoint2)))
# Not set in settings file
self.assertEqual(
5, settings.get_producer_timing_delay(hex_def(request_endpoint3)))
def test_custom_bug_codes(self):
user_args = {"custom_bug_codes": ["200", "4?4", "3*"]}
try:
settings = RestlerSettings(user_args)
settings.validate_options()
except:
assert False
response200 = HttpResponse('HTTP/1.1 200 response')
response201 = HttpResponse('HTTP/1.1 201 response')
response400 = HttpResponse('HTTP/1.1 400 response')
response404 = HttpResponse('HTTP/1.1 404 response')
response414 = HttpResponse('HTTP/1.1 414 response')
response300 = HttpResponse('HTTP/1.1 300 response')
response301 = HttpResponse('HTTP/1.1 301 response')
response500 = HttpResponse('HTTP/1.1 500 response')
self.assertTrue(response200.has_bug_code())
self.assertFalse(response201.has_bug_code())
self.assertFalse(response400.has_bug_code())
self.assertTrue(response404.has_bug_code())
self.assertTrue(response414.has_bug_code())
self.assertTrue(response300.has_bug_code())
self.assertTrue(response301.has_bug_code())
self.assertTrue(response500.has_bug_code())
def test_refresh_interval_no_cmd(self):
user_args = {'target_port': 500,
'target_ip': '192.168.0.1',
'token_refresh_interval': 30}
settings = RestlerSettings(user_args)
with self.assertRaises(OptionValidationError):
settings.validate_options()
def test_checkers_in_settings(self):
settings_file = {
'settings_file_exists':True,
'checkers' :
{
'NamespaceRule' : {
'mode' : 'exhaustive'
},
'useafterfree' : {
'mode' : 'exhaustive'
},
'leakagerule' : {
'mode' : 'exhaustive'
},
'resourcehierarchy' : {
'mode' : 'exhaustive'
}
}
}
settings = RestlerSettings(settings_file)
candidate_values = primitives.CandidateValuesPool()
test_dict = {
}
candidate_values.set_candidate_values(test_dict)
self.assertEqual('exhaustive', settings.get_checker_arg('namespacerule', 'mode'))
self.assertEqual('exhaustive', settings.get_checker_arg('USEAFTERFREE', 'mode'))
self.assertEqual('exhaustive', settings.get_checker_arg('LeakageRule', 'mode'))
self.assertEqual('exhaustive', settings.get_checker_arg('resourcehierarchy', 'mode'))
self.assertEqual(None, settings.get_checker_arg('namespace_rule_mode', 'mode'))
self.assertEqual(None, settings.get_checker_arg('use_after_free_rule_mode', 'mode'))
self.assertEqual(None, settings.get_checker_arg('leakage_rule_mode', 'mode'))
self.assertEqual(None, settings.get_checker_arg('resource_hierarchy_rule_mode', 'mode'))
def test_create_once(self):
request_endpoint1 = 'test/{testSomething}/moreTest'
request_endpoint2 = 'different/{other}/somethingElse'
request_endpoint3 = 'final/{testing}/theEnd'
settings_file = {
'per_resource_settings': {
request_endpoint1: {
'create_once': 1
},
request_endpoint2: {
'create_once': 1
},
request_endpoint3: {
'create_once': 0
}
}
}
RestlerSettings(settings_file)
create_once_list = RestlerSettings.Instance().create_once_endpoints
self.assertEqual(2, len(create_once_list))
self.assertEqual(True, hex_def(request_endpoint1) in create_once_list)
self.assertEqual(True, hex_def(request_endpoint2) in create_once_list)
self.assertNotEqual(True,
hex_def(request_endpoint3) in create_once_list)
def test_max_async_wait_time(self):
request_endpoint1 = 'test/{testSomething}/moreTest'
request_endpoint2 = 'different/{other}/somethingElse'
request_endpoint3 = 'final/{testing}/theEnd'
settings_file = {
'global_producer_timing_delay': 5,
'per_resource_settings': {
request_endpoint1: {
'producer_timing_delay': 3
},
request_endpoint2: {
'producer_timing_delay': 7
}
},
'max_async_resource_creation_time': 6
}
user_args = {}
user_args.update(settings_file)
settings = RestlerSettings(user_args)
self.assertEqual(
6,
settings.get_max_async_resource_creation_time(
hex_def(request_endpoint1)))
# producer timing delay > max async
self.assertEqual(
7,
settings.get_max_async_resource_creation_time(
hex_def(request_endpoint2)))
self.assertEqual(
6,
settings.get_max_async_resource_creation_time(
hex_def(request_endpoint3)))
def test_random_walk_sequence_length(self):
user_args = {'target_port': 500,
'target_ip': '192.168.0.1',
'fuzzing_mode': 'random-walk',
'max_sequence_length': 50}
settings = RestlerSettings(user_args)
with self.assertRaises(OptionValidationError):
settings.validate_options()
def test_single_instance(self):
settings1 = RestlerSettings({})
settings2 = RestlerSettings.Instance()
self.assertEqual(settings1, settings2)
with self.assertRaises(NewSingletonError):
# Test can't create new instance
RestlerSettings({})
def test_custom_bug_code_list_mutual_exclusiveness(self):
user_args = {
"custom_bug_codes": ["200", "4?4", "3*"],
"custom_non_bug_codes": ["500"]
}
settings = RestlerSettings(user_args)
with self.assertRaises(OptionValidationError):
settings.validate_options()
def test_valid_option_validation(self):
user_args = {
'target_port': 500,
'target_ip': '192.168.0.1',
'token_refresh_cmd': 'some command',
'token_refresh_interval': 30,
'client_certificate_path': '\\path\\to\\file.pem',
'fuzzing_mode': 'random-walk',
'ignore_decoding_failures': True
}
try:
settings = RestlerSettings(user_args)
settings.validate_options()
except:
assert False
settings.TEST_DeleteInstance()
user_args = {'target_port': 500, 'target_ip': '192.168.0.1'}
try:
settings = RestlerSettings(user_args)
settings.validate_options()
except:
assert False
def test_throttling_multiple_fuzzing_jobs(self):
user_args = {'target_port': 500,
'target_ip': '192.168.0.1',
'token_refresh_cmd': 'some command',
'token_refresh_interval': 30,
'fuzzing_mode': 'random-walk',
'fuzzing_jobs': 2,
'request_throttle_ms': 100}
settings = RestlerSettings(user_args)
with self.assertRaises(OptionValidationError):
settings.validate_options()
def test_invalid_max_request_execution_time(self):
user_args = {'max_request_execution_time' : 0}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
settings_file = {
'max_request_execution_time' : -1
}
with self.assertRaises(InvalidValueError):
RestlerSettings(settings_file)
user_args = {'max_request_execution_time': restler_settings.MAX_REQUEST_EXECUTION_TIME_MAX+1}
settings_file = {
'max_request_execution_time' : restler_settings.MAX_REQUEST_EXECUTION_TIME_MAX+1
}
user_args.update(settings_file)
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
def test_max_combinations_in_settings(self):
settings_file = {'settings_file_exists': True, 'max_combinations': 10}
settings = RestlerSettings(settings_file)
candidate_values = primitives.CandidateValuesPool()
test_dict = {}
candidate_values.set_candidate_values(test_dict)
self.assertEqual(10, settings.max_combinations)
def test_max_request_execution_time(self):
user_args = {'max_request_execution_time': 15}
settings_file = {
'max_request_execution_time' : 12
}
user_args.update(settings_file)
settings = RestlerSettings(user_args)
self.assertEqual(12, settings.max_request_execution_time)
def test_invalid_entries(self):
user_args = {'max_sequence_length': '10'}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {'max_sequence_length': -1}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {'target_port': 2**16}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {"checkers": 5}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {"checkers": [5]}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {"checkers": {"namespacerule": 5}}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {'per_resource_settings': {'producer_timing_delay': 5}}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {
'per_resource_settings': {
'endpoint': {
'producer_timing_delay': [5]
}
}
}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
user_args = {
'per_resource_settings': {
'endpoint': {
'producer_timing_delay': "somestring"
}
}
}
with self.assertRaises(InvalidValueError):
RestlerSettings(user_args)
def test_valid_option_validation(self):
user_args = {'target_port': 500,
'target_ip': '192.168.0.1',
'token_refresh_cmd': 'some command',
'token_refresh_interval': 30,
'fuzzing_mode': 'random-walk'}
try:
settings = RestlerSettings(user_args)
settings.validate_options()
except:
assert False
settings.TEST_DeleteInstance()
user_args = {'target_port': 500,
'target_ip': '192.168.0.1'}
try:
settings = RestlerSettings(user_args)
settings.validate_options()
except:
assert False
def test_set_version(self):
user_args = {'set_version': '5.3.0'}
settings = RestlerSettings(user_args)
self.assertEqual('5.3.0', settings.version)
def test_default_version(self):
user_args = {}
settings = RestlerSettings(user_args)
self.assertEqual('0.0.0', settings.version)
def test_settings_file_upload(self):
with open(
os.path.join(os.path.dirname(__file__),
"restler_user_settings.json")) as json_file:
settings_file = json.load(json_file)
settings = RestlerSettings(settings_file)
self.assertEqual('exhaustive',
settings.get_checker_arg('namespacerule', 'mode'))
self.assertEqual('exhaustive',
settings.get_checker_arg('useafterfree', 'mode'))
self.assertEqual('exhaustive',
settings.get_checker_arg('leakagerule', 'mode'))
self.assertEqual('exhaustive',
settings.get_checker_arg('resourcehierarchy', 'mode'))
self.assertEqual(
None, settings.get_checker_arg('invaliddynamicobject', 'mode'))
self.assertEqual('normal',
settings.get_checker_arg('payloadbody', 'mode'))
self.assertTrue(
settings.get_checker_arg('payloadbody', 'start_with_valid'))
self.assertTrue(
settings.get_checker_arg('payloadbody', 'start_with_examples'))
self.assertFalse(
settings.get_checker_arg('payloadbody', 'size_dep_budget'))
self.assertTrue(settings.get_checker_arg('payloadbody',
'use_feedback'))
self.assertEqual(
'C:\\restler\\restlerpayloadbody\\recipe_custom.json',
settings.get_checker_arg('payloadbody', 'recipe_file'))
request1 = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/dnsZones/{zoneName}/{recordType}/{relativeRecordSetName}"
request2 = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/dnsZones/{zoneName}"
self.assertEqual(1,
settings.get_producer_timing_delay(hex_def(request1)))
self.assertEqual(5,
settings.get_producer_timing_delay(hex_def(request2)))
self.assertEqual(
2,
settings.get_producer_timing_delay(
hex_def("test_unknown_request_id")))
custom_dicts = settings.get_endpoint_custom_mutations_paths()
self.assertEqual("c:\\restler\\custom_dict1.json",
custom_dicts[hex_def(request1)])
self.assertEqual("c:\\restler\\custom_dict2.json",
custom_dicts[hex_def(request2)])
self.assertEqual(20, settings.max_combinations)
self.assertEqual(90, settings.max_request_execution_time)
self.assertEqual(True,
hex_def(request1) in settings.create_once_endpoints)
self.assertNotEqual(
True,
hex_def(request2) in settings.create_once_endpoints)
self.assertEqual("\\path\\to\\file.pem",
settings.client_certificate_path)
self.assertEqual(200, settings.dyn_objects_cache_size)
self.assertEqual(2, settings.fuzzing_jobs)
self.assertEqual('directed-smoke-test', settings.fuzzing_mode)
self.assertEqual(30, settings.garbage_collection_interval)
self.assertTrue(settings.ignore_dependencies)
self.assertTrue(settings.ignore_feedback)
self.assertTrue(settings.connection_settings.include_user_agent)
self.assertEqual(45, settings.max_async_resource_creation_time)
self.assertEqual(11, settings.max_sequence_length)
self.assertFalse(settings.connection_settings.use_ssl)
self.assertTrue(settings.connection_settings.disable_cert_validation)
self.assertTrue(settings.no_tokens_in_logs)
self.assertEqual('(\w*)/ddosProtectionPlans(\w*)', settings.path_regex)
self.assertEqual(500, settings.request_throttle_ms)
self.assertEqual('100.100.100.100',
settings.connection_settings.target_ip)
self.assertEqual(500, settings.connection_settings.target_port)
self.assertEqual(12, settings.time_budget)
self.assertEqual('some refresh command', settings.token_refresh_cmd)
self.assertEqual(60, settings.token_refresh_interval)
self.assertEqual(False, settings.wait_for_async_resource_creation)
self.assertEqual(True, settings.ignore_decoding_failures)
self.assertEqual('0.0.0', settings.version)
code1 = re.compile('400')
code2 = re.compile('2.4')
code3 = re.compile('3.+')
code4 = re.compile('404')
code5 = re.compile('500')
self.assertEqual([code1, code2, code3], settings.custom_bug_codes)
self.assertEqual([code4, code5], settings.custom_non_bug_codes)
def test_commmand_line_producer_timing_delay(self):
user_args = {'producer_timing_delay': 1}
settings = RestlerSettings(user_args)
self.assertEqual(1, settings.get_producer_timing_delay(0))
def test_empty_settings_file(self):
settings = RestlerSettings({})
self.assertEqual(0, settings.get_producer_timing_delay(10))
def test_not_yet_initialzed(self):
with self.assertRaises(UninitializedError):
settings = RestlerSettings.Instance()
def tearDown(self):
RestlerSettings.TEST_DeleteInstance()
def test_command_line_max_request_execution_time(self):
user_args = {'max_request_execution_time': 15}
settings = RestlerSettings(user_args)
self.assertEqual(15, settings.max_request_execution_time)
