t2 = test2_setup() t2a = Test2() t2a.name = 9241 t2a.value = 'firstthing' t2.add(t2a) t2b = Test2() t2b.name = 5 t2b.value = 'another' t2.add(t2b) t2c = Test2() t2c.name = -23 t2c.value = 'yy' t2.add(t2c) t2.commit() print 'Testing f..' fuzzy.concolic_test(test_f, verbose=10) f_expected = (924, 22) if all(x in f_results for x in f_expected): print "Found all cases for f" else: print "Missing some cases for f:", set(f_expected) - set(f_results) print 'Testing g..' fuzzy.concolic_test(test_g, verbose=10) g_expected = ('firstthing', 'another', 'yy') if all(x in g_results for x in g_expected): print "Found all cases for g" else: print "Missing some cases for g:", set(g_expected) - set(g_results)
environ["PATH_INFO"] = "trans" + fuzzy.mk_str("path") if environ["PATH_INFO"].startswith("//"): ## Don't bother trying to construct paths with lots of slashes; ## otherwise, the lstrip() code generates lots of paths.. return resp = zoobar.app(environ, startresp) if verbose: for x in resp: print x ## Exercise 6: your code here. ## Detect balance mismatch. ## When detected, call report_balance_mismatch() pdb = zoobar.zoodb.person_setup() balancet = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()]) if balance1 != balancet: report_balance_mismatch() ## Detect zoobar theft. ## When detected, call report_zoobar_theft() tdb = zoobar.zoodb.transfer_setup() for p in pdb.query(zoobar.zoodb.Person).all(): if tdb.query(zoobar.zoodb.Transfer).filter_by(sender=p.username).first() == None: report_zoobar_theft() fuzzy.concolic_test(test_stuff, maxiter=2000, verbose=1)
whole_pc = fuzzy.const_bool(True) is_first = True for pc in fuzzy.cur_path_constr: if is_first: whole_pc = pc is_first = False else: whole_pc = fuzzy.sym_and(whole_pc, pc) pc_query_dict[whole_pc] = query def test_func(): sym_table_name = fuzzy.mk_str("sym_tname") table = Table(sym_table_name) sym_column_1 = fuzzy.mk_str("sym_colname_1") sym_column_2 = fuzzy.mk_str("sym_colname_2") query = table.select(getattr(table, sym_column_1), \ getattr(table, sym_column_2)) sym_str = fuzzy.mk_str("sym_str") query.where = getattr(table, sym_column_2) == sym_str query = symsqlutils.symStrInterpolation(query) sym_output(query) if __name__ == '__main__': fuzzy.concolic_test(test_func) for pc, query in pc_query_dict.iteritems(): result, example = symsqlutils.checkSqlInjection(query, pc) if result == z3.sat: print("UNSAFE: ", example) else: print("SAFE")
if User.objects.all().count() == 2: balance2 = sum([u.person.zoobars for u in User.objects.all()]) if balance1 != balance2: report_balance_mismatch() utransfers = [t.sender.user.username for t in Transfer.objects.all()] for p in User.objects.all(): if p.username not in utransfers: if p.person.zoobars < 10: report_zoobar_theft() # technically, this check could be fooled if an attacker could insert # rows into the transfer db. Instead, we should keep a log of all # requests, and which user the request was issued as, but this seems # outside the scope of the exercise? start = time.time() fuzzy.concolic_test(test_stuff, maxiter=2000, v=verbose, uniqueinputs=True, removeredundant=True, usecexcache=True) end = time.time() print "%.2f seconds" % (end - start) if cov is not None: print "Coverage report stored in covhtml/" cov.html_report(directory='covhtml') os.remove('.coverage')
finaldb = persondb.query(zoobar.zoodb.Person).all() transferdb = tdb.query(zoobar.zoodb.Transfer).all() for i in initdb: initialZoobars = 0 finalZoobars = 0 personName1 = getattr(i, 'username') initialZoobars = getattr(i, 'zoobars') for j in finaldb: personName2 = getattr(j, 'username') if personName1 == personName2: finalZoobars = getattr(j, 'zoobars') break transfer = 0 for t in transferdb: if personName1 == getattr(t, 'sender'): transfer = transfer + getattr(t, 'amount') if initialZoobars - transfer != finalZoobars: report_zoobar_theft() # for p,q in zip(pdb.query(zoobar.zoodb.Person).all(),persondb.query(zoobar.zoodb.Person).all()): # if p is not None and q is not None: # if p.zoobars!=q.zoobars: # report_zoobar_theft() fuzzy.concolic_test(test_stuff, maxiter=2000, verbose=1)
print(re.sub("^", "\t", response.content)) print(80 * "-") if User.objects.all().count() == 2: balance2 = sum([u.person.zoobars for u in User.objects.all()]) if balance1 != balance2: report_balance_mismatch() utransfers = [t.sender.user.username for t in Transfer.objects.all()] for p in User.objects.all(): if p.username not in utransfers: if p.person.zoobars < 10: report_zoobar_theft() # technically, this check could be fooled if an attacker could insert # rows into the transfer db. Instead, we should keep a log of all # requests, and which user the request was issued as, but this seems # outside the scope of the exercise? start = time.time() fuzzy.concolic_test(test_stuff, maxiter=2000, v=verbose, uniqueinputs = True, removeredundant = True, usecexcache = True) end = time.time() print "%.2f seconds" %(end-start) if cov is not None: print "Coverage report stored in covhtml/" cov.html_report(directory = 'covhtml') os.remove('.coverage')
# return -1 # if(x>y): # return 1 f_results = set() # def test_f(): # i=fuzzy.mk_int('i') # j=fuzzy.mk_int('j') # v=f(i,j) # print i,j,'->',v # f_results.add(v) def test_f(): i = fuzzy.mk_int('i') print "test_f is called " v = f(i) print i, '->', v f_results.add(v) print 'Testing f..' fuzzy.concolic_test(test_f, maxiter=200, verbose=10) #f_expected = (0,-1,1,2) f_expected = (100, 70, 80, 33, 1234, 40) if all(x in f_results for x in f_expected): print "Found all cases for f" else: print "Missing some cases for f:", set(f_expected) - set(f_results)