def cookies(self): hdr = self.environ.get('HTTP_COOKIE', '') name = fuzzy.mk_str('cookie_name') val = fuzzy.mk_str('cookie_val') fuzzy.require(hdr == name + '=' + val) res = {name: val} return res
def form(self): ## Maybe make a concolic_dict() that would eliminate the need ## to enumerate all the keys of interest here? res = {} for k in ('recipient', 'zoobars'): if fuzzy.mk_int('form_%s_present' % k) == 0: continue res[k] = fuzzy.mk_str('form_%s_val' % k) return res
def test_bug1(): time.sleep(0.1) try: username = fuzzy.mk_str('username') password = '******' register(username, password) except sqlalchemy.exc.IntegrityError: print "Verification: Gotcha!"
def parse(self): post, files = super(MPP, self).parse() newpost = QueryDict('', mutable=True) for k, vs in post.iterlists(): if len(vs) == 1 and vs[0].startswith('CoNcOlIc::'): v = vs[0][len('CoNcOlIc::'):] ts = v.split(':', 2) if ts[0] == "concolic_int": vs = [fuzzy.mk_int(ts[1])] elif ts[0] == "concolic_str": vs = [fuzzy.mk_str(ts[1])] else: print("UNKNOWN CONCOLIC TYPE %s" % ts[0]) newpost.setlist(k, vs) return newpost, files
def test_zoobar(): time.sleep(0.1) environ = {} environ['wsgi.url_scheme'] = 'http' environ['wsgi.input'] = 'xxx' environ['SERVER_NAME'] = 'zoobar' environ['SERVER_PORT'] = '80' environ['SCRIPT_NAME'] = 'script' environ['QUERY_STRING'] = 'query' environ['HTTP_REFERER'] = fuzzy.mk_str('referrer') environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie') # environ['REQUEST_METHOD'] = fuzzy.mk_str('method') # environ['PATH_INFO'] = fuzzy.mk_str('path') environ['REQUEST_METHOD'] = 'GET' environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path') if environ['PATH_INFO'].startswith('//'): return try: resp = zoobar.app(environ, startresp) except RequireMismatch: pass
def _make_fields_concolic(self, query_id, obj, blacklist = set(), prefix = ''): blacklist.add('_' + type(obj)._meta.model_name + '_cache') for prop in vars(obj): # Ignore private fields if (prop.startswith('_') and not prop.endswith('_cache')) or prop in blacklist: continue value = getattr(obj, prop) if isinstance(value, fuzzy.concolic_int) or isinstance(value, fuzzy.concolic_str): continue if hasattr(value, '__dict__'): setattr(obj, prop, self._make_fields_concolic(query_id, value, blacklist, type(value)._meta.model_name)) if isinstance(value, int): setattr(obj, prop, fuzzy.mk_int(query_id + prefix + '__' + prop, value)) elif isinstance(value, str) or isinstance(value, unicode): setattr(obj, prop, fuzzy.mk_str(query_id + prefix + '__' + prop, value)) return obj
def match(self, path): # print 'match', path, 'rule', self.rule orig = super(SymbolicRule, self).match(path) expectpath = "|" res = {v: fuzzy.mk_str(n) for (v, n) in self.symvarnames.items()} for converter, arguments, variable in werkzeug.routing.parse_rule(self.rule): if arguments is not None: return orig if converter is None: expectpath += variable elif converter is 'default': expectpath += res[variable] fuzzy.require('/' not in res[variable]) else: return orig if expectpath == path: return res else: return orig
def match(self, path): # print 'match', path, 'rule', self.rule orig = super(SymbolicRule, self).match(path) expectpath = "|" res = {v: fuzzy.mk_str(n) for (v, n) in self.symvarnames.items()} for converter, arguments, variable in werkzeug.routing.parse_rule( self.rule): if arguments is not None: return orig if converter is None: expectpath += variable elif converter is 'default': expectpath += res[variable] fuzzy.require('/' not in res[variable]) else: return orig if expectpath == path: return res else: return orig
def test_bug2or3(): time.sleep(0.1) username1 = fuzzy.mk_str('u1') username2 = fuzzy.mk_str('u2') transfer(username1,username2,1)