def mutant_smart_fill(freq, dc_copy, ignore_pname, ignore_index, fuzzer_config):
'''
:param freq: The fuzzable request (original request instance) we're fuzzing
:param ignore_pname: A parameter name to ignore
:param ignore_index: The index we want to ignore
:return: A data container that has been filled using smart_fill, ignoring
the parameters that I'm fuzzing and filling the file inputs with
valid image file.
'''
for var_name_dc in dc_copy:
for element_index_dc, element_value_dc in enumerate(dc_copy[var_name_dc]):
if (var_name_dc, element_index_dc) == (ignore_pname, ignore_index):
continue
if dc_copy.get_type(var_name_dc) in AVOID_FILLING_FORM_TYPES:
continue
# Fill only if the parameter does NOT have a value set.
#
# The reason of having this already set would be that the form
# has something like this:
#
# <input type="text" name="p" value="foobar">
#
if dc_copy[var_name_dc][element_index_dc] == '':
#
# Fill it smartly
#
dc_copy[var_name_dc][
element_index_dc] = smart_fill(var_name_dc)
# Please see the comment above (search for __HERE__) for an explanation
# of what we are doing here:
for var_name in freq.get_file_vars():
# Try to upload a valid file
extension = fuzzer_config.get('fuzz_form_files') or 'gif'
success, file_content, file_name = get_file_from_template(extension)
# I have to create the NamedStringIO with a "name",
# required for MultipartPostHandler
str_file = NamedStringIO(file_content, name=file_name)
# TODO: Is this hard-coded [0] enough?
dc_copy[var_name][0] = str_file
return dc_copy
def test_get_file_from_template_false(self):
success, file_content, file_name = get_file_from_template('swf')
self.assertFalse(success)
self.assertTrue(file_name.endswith('.swf'), file_name)
def test_get_file_from_template_true(self):
success, file_content, file_name = get_file_from_template('gif')
self.assertTrue(success)
self.assertIn('GIF', file_content)
self.assertTrue(file_name.endswith('.gif'), file_name)
