def _store_report(self, report):
self.logger.debug('<in>')
report.add('test_number', self.model.current_index())
report.add('fuzz_path', self.model.get_sequence_str())
test_info = self.model.get_test_info()
data_model_report = Report(name='Data Model')
for k, v in test_info.items():
new_entries = _flatten_dict_entry(k, v)
for (k_, v_) in new_entries:
data_model_report.add(k_, v_)
report.add(data_model_report.get_name(), data_model_report)
payload = self._last_payload
if payload is not None:
data_report = Report('payload')
data_report.add('raw', payload)
try:
data_report.add('hex', json.dumps(str(payload)).encode('hex'))
except UnicodeDecodeError:
print('cant serialize payload: %', payload)
data_report.add('length', len(payload))
report.add('payload', data_report)
else:
report.add('payload', None)
self.dataman.store_report(report, self.model.current_index())
self.dataman.get_report_by_id(self.model.current_index())
def _store_report(self, report):
"""
Enrich fuzz report
:param report: report to extend
"""
self.logger.debug('<in>')
report.add('test_number', self.model.current_index())
report.add('fuzz_path', self.model.get_sequence_str())
test_info = self.model.get_test_info()
data_model_report = Report(name='Data Model')
for k, v in test_info.items():
new_entries = _flatten_dict_entry(k, v)
for (k_, v_) in new_entries:
data_model_report.add(k_, v_)
report.add(data_model_report.get_name(), data_model_report)
payload = self._last_payload
if payload is not None:
data_report = Report('payload')
data_report.add('raw', payload)
data_report.add('length', len(payload))
report.add('payload', data_report)
else:
report.add('payload', None)
self.dataman.store_report(report, self.model.current_index())
def testFailureInSubReportEntry(self):
entry_name = 'sub report'
report = Report(self.report_name)
subreport = Report(entry_name)
report.add(entry_name, subreport)
subreport.failed(self.failure_reason)
self.assertEqual(report.get_status(), Report.FAILED)
self.assertEqual(report.get('reason'), self.failure_reason)
def testClearSubReportEntry(self):
entry_name = 'sub report'
report = Report(self.report_name)
subreport = Report(entry_name)
report.add(entry_name, subreport)
self.assertEqual(report.get(entry_name), subreport)
report.clear()
self.assertEqual(report.get(entry_name), None)
def testErrorInSubReportEntry(self):
entry_name = 'sub report'
report = Report(self.report_name)
subreport = Report(entry_name)
report.add(entry_name, subreport)
subreport.error(self.error_reason)
self.assertEqual(report.get_status(), Report.ERROR)
self.assertEqual(report.get('reason'), self.error_reason)
def testErrorInOneOfSubReportEntries(self):
entry_name1 = 'sub report 1'
entry_name2 = 'sub report 2'
entry_name3 = 'sub report 3'
report = Report(self.report_name)
subreport1 = Report(entry_name1)
subreport2 = Report(entry_name2)
subreport3 = Report(entry_name3)
report.add(entry_name1, subreport1)
report.add(entry_name2, subreport2)
report.add(entry_name3, subreport3)
subreport2.error(self.error_reason)
self.assertEqual(report.get_status(), Report.ERROR)
self.assertEqual(report.get('reason'), self.error_reason)
def testDataEntry(self):
report = Report(self.report_name)
entry_name = 'my entry'
entry_data = 'some data'
report.add(entry_name, entry_data)
self.assertEqual(report.get(entry_name), entry_data)
self.assertEqual(report.get(entry_name), entry_data)
def pre_test(self, test_num):
self.instrument.count_increment('pre_test')
self.instrument.list_add('pre_test', test_num)
self.config.set_func('pre_test')
self.config.set_test(test_num)
self.test_number = test_num
self.report = Report(self.name)
def __init__(self,
name,
host,
port,
max_retries=10,
timeout=None,
logger=None) -> object:
"""
:param name: name of the target
:param host: host ip (to send data to) currently unused
:param port: port to send to
:param max_retries: maximum connection retries (default: 10)
:param timeout: socket timeout (default: None)
:param logger: logger for the object (default: None)
"""
super(HttpTarget, self).__init__(name, logger)
self.host = host
self.port = port
if (host is None) or (port is None):
raise ValueError('host and port may not be None')
self.timeout = timeout
self.socket = None
self.max_retries = max_retries
self.config = ConfigParser()
self.use_tls = self.config.get_tls()
self.target_host = self.config.get_target_host_name()
self.report = Report('report')
self._uuid = GenerateUUID.generate_uuid()
def __init__(self, name='BaseTarget', logger=None):
super(BaseTarget, self).__init__(name, logger)
self.controller = None
self.monitors = []
self.report = Report(name)
self.test_number = None
self.fuzzer = None
def testSuccess(self):
'''
.. note:: success was deprecated, and it only calls passed()
'''
report = Report(self.report_name)
report.failed(self.failure_reason)
self.assertEqual(report.get_status(), Report.FAILED)
report.success()
self.assertEqual(report.get_status(), Report.PASSED)
def testDataEntryReplaced(self):
report = Report(self.report_name)
entry_name = 'my entry'
entry_data = 'some data'
report.add(entry_name, entry_data)
self.assertEqual(report.get(entry_name), entry_data)
new_data = 'some other data'
report.add(entry_name, new_data)
self.assertEqual(report.get(entry_name), new_data)
def pre_test(self, test_number):
'''
Called before a test is started. Call super if overriden.
:param test_number: current test number
'''
self.report = Report(self.name)
self.report.add('start_time', time.time())
self.test_number = test_number
def __init__(self, name, logger=None):
'''
:param name: name of the monitor
:param logger: logger for the monitor (default: None)
'''
super(BaseMonitor, self).__init__(name, logger)
self.report = Report(name)
self.monitor_thread = None
self.test_number = None
def _store_report(self, report):
self.logger.debug('<in>')
report.add('test_number', self.model.current_index())
report.add('fuzz_path', self.model.get_sequence_str())
test_info = self.model.get_test_info()
data_model_report = Report(name='Data Model')
for k, v in test_info.items():
data_model_report.add(k, v)
report.add(data_model_report.get_name(), data_model_report)
payload = self._last_payload
if payload is not None:
data_report = Report('payload')
data_report.add('raw', payload)
data_report.add('hex', payload.encode('hex'))
data_report.add('length', len(payload))
report.add('payload', data_report)
else:
report.add('payload', None)
self.dataman.store_report(report, self.model.current_index())
self.dataman.get_report_by_id(self.model.current_index())
def pre_test(self, test_num):
'''
Called when a test is started
'''
self.test_number = test_num
self.report = Report(self.name)
if self.controller:
self.controller.pre_test(test_number=self.test_number)
for monitor in self.monitors:
monitor.pre_test(test_number=self.test_number)
self.report.add('test_number', test_num)
self.report.add('state', 'STARTED')
def pre_test(self, test_number):
'''
Called before a test is started. Call super if overriden.
:param test_number: current test number
'''
self.test_number = test_number
self.report = Report(self.name)
self.report.add('start_time', time.time())
self.report.add('test_number', self.test_number)
self.report.add('state', 'pre_test')
last_log = 0
while not self.is_victim_alive():
if time.time() - last_log >= 10:
last_log = time.time()
self.logger.warn('waiting for target to be alive')
time.sleep(self.victim_alive_check_delay)
if last_log > 0: # only if we logged that we're waiting, should we log that we're now alive
self.logger.warn('target is now alive')
def _pre_test(self):
self._requested_stages = []
self._report = Report(self.get_name())
super(ClientFuzzer, self)._pre_test()
def pre_test(self, test_num):
self.config.set_func('pre_test')
self.config.set_test(test_num)
self.test_number = test_num
self.report = Report(self.name)
def _cleanup(self):
'''
perform a monitor cleanup
'''
self.report = Report(self.name)
def testClearRestoresStatusToDefaultPassed(self):
report = Report(self.report_name)
self.assertEqual(report.get_status(), Report.PASSED)
report.failed('mock failure')
report.clear()
self.assertEqual(report.get_status(), Report.PASSED)
def testDeprecatedApi_is_failed(self):
report = Report(self.report_name)
with self.assertRaises(NotImplementedError):
report.is_failed()
def testClearKeepsName(self):
report = Report(self.report_name)
self.assertEqual(report.get_name(), self.report_name)
report.clear()
self.assertEqual(report.get_name(), self.report_name)
def testPassed(self):
report = Report(self.report_name)
report.failed(self.failure_reason)
self.assertEqual(report.get_status(), Report.FAILED)
report.passed()
self.assertEqual(report.get_status(), Report.PASSED)
def testErrorWithoutReason(self):
report = Report(self.report_name)
self.assertEqual(report.get_status(), Report.PASSED)
report.error()
self.assertEqual(report.get_status(), Report.ERROR)
self.assertEqual(report.get('reason'), None)
def testFailedWithoutReason(self):
report = Report(self.report_name)
self.assertEqual(report.get_status(), Report.PASSED)
report.failed()
self.assertEqual(report.get_status(), Report.FAILED)
self.assertEqual(report.get('reason'), None)
def testReportName(self):
report = Report(self.report_name)
self.assertEqual(report.get_name(), self.report_name)
def transmit(self, payload):
"""
This is the original transmit method from ServerTarget overwritten with
special cases such as 40X or 50X according to the aim of the test.
Accordin to https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/500
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
506 Variant Also Negotiates
507 Insufficient Storage
508 Loop Detected
510 Not Extended
511 Network Authentication Required
Original method docstring:
Transmit single payload, and receive response, if expected.
The actual implementation of the send/receive should be in
``_send_to_target`` and ``_receive_from_target``.
:type payload: str
:param payload: payload to send
:rtype: str
:return: the response (if received)
"""
SERVER_50x_CODES = [
'500 Internal Server Error', '501 Not Implemented',
'502 Bad Gateway', '503 Service Unavailable',
'504 Gateway Timeout', '505 HTTP Version Not Supported',
'506 Variant Also Negotiates', '507 Insufficient Storage',
'508 Loop Detected', '510 Not Extended',
'511 Network Authentication Required'
]
SERVER_40xCODES = [
'400 Bad Request', '401 Unauthorized', '402 Payment Required',
'403 Forbidden', '404 Not Found', '405 Method Not Allowed',
'406 Not Acceptable', '407 Proxy Authentication Required',
'408 Request Timeout', '409 Conflict', '410 Gone',
'411 Length Required', '412 Precondition Failed',
'413 Payload Too Large', '414 URI Too Long',
'415 Unsupported Media Type', '416 Range Not Satisfiable',
'417 Expectation Failed', '422 Unprocessable Entity',
'425 Too Early', '426 Upgrade Required',
'428 Precondition Required', '429 Too Many Requests',
'431 Request Header Fields Too Large',
'451 Unavailable For Legal Reasons'
]
response = None
trans_report_name = 'transmission_0x%04x' % self.transmission_count
trans_report = Report(trans_report_name)
self.transmission_report = trans_report
self.report.add(trans_report_name, trans_report)
try:
trans_report.add('request (hex)', hexlify(payload).decode())
trans_report.add('request (raw)', '%s' % payload)
trans_report.add('request length', len(payload))
trans_report.add('request time', time.time())
request = hexlify(payload).decode()
request = request if len(request) < 100 else (request[:100] +
' ...')
self.logger.info(f"request({len(payload)}): {request}")
self.logger.debug(f"payload {payload}")
self._send_to_target(payload)
trans_report.success()
if self.expect_response:
try:
response = self._receive_from_target()
trans_report.add('response time', time.time())
trans_report.add('response (hex)',
hexlify(response).decode())
trans_report.add('response (raw)', '%s' % response)
trans_report.add('response length', len(response))
trans_report.add('Session ID', str(self._uuid))
printed_response = hexlify(response).decode()
printed_response = printed_response if len(
printed_response) < 100 else (printed_response[:100] +
' ...')
self.logger.info(
f"response({len(response)}): {printed_response}")
string_response = response.decode('utf-8')
response_code_string = string_response.splitlines()[0]
response_code = response_code_string.replace(
'HTTP/1.1 ', '')
if response_code in SERVER_40xCODES or response_code in SERVER_50x_CODES:
self.logger.info(
f"response failure {response.decode('utf-8')}")
trans_report.failed('Failure in HTTP-PROTO response.')
trans_report.add('Response', response.decode('utf-8'))
self.report.set_status('failed')
self.receive_failure = True
except Exception as ex2:
trans_report.failed('failed to receive response: %s' % ex2)
trans_report.add('traceback', traceback.format_exc())
self.logger.error(
f"target.transmit - failure in receive (exception: {ex2})"
)
self.logger.error(traceback.format_exc())
self.receive_failure = True
else:
response = ''
except Exception as ex1:
#trans_report.failed('failed to send payload: %s' % ex1)
#trans_report.add('traceback', traceback.format_exc())
self.logger.error(
f"target.transmit - failure in send (exception: {ex1})")
self.logger.error(traceback.format_exc())
#self.send_failure = True
self.transmission_count += 1
return response
def testDefaultStatusIsPassed(self):
report = Report(self.report_name)
self.assertEqual(report.get_status(), Report.PASSED)
def testStatusIsFailedByConstructor(self):
report = Report(self.report_name, default_failed=True)
self.assertEqual(report.get_status(), Report.FAILED)
