def swap_fragment(self, seed):
"""Substitutes a random fragment with another with the same symbol"""
if seed.has_structure:
n_nodes = self.count_nodes(seed.structure)
self.to_swap = random.randint(2, n_nodes)
new_structure = self.recursive_swap(seed.structure)
new_seed = Seed(tree_to_string(new_structure))
new_seed.has_structure = True
new_seed.structure = new_structure
return new_seed
return seed
def delete_fragment(self, seed):
"""Deletes a random fragment"""
if seed.has_structure:
n_nodes = self.count_nodes(seed.structure)
self.to_delete = random.randint(2, n_nodes)
new_structure = self.recursive_delete(seed.structure)
new_seed = Seed(tree_to_string(new_structure))
new_seed.has_structure = True
new_seed.structure = new_structure
# do not return an empty new_seed
if not new_seed.data: return seed
else: return new_seed
return seed
def delete_fragment(self, seed):
"""Deletes a random region"""
if not seed.has_structure and seed.has_regions:
regions = [r for r in seed.regions if len(seed.regions[r]) > 0]
if len(regions) == 0: return seed
key = random.choice(list(regions))
s, e = (0, 0)
while (e - s < 2):
s, e = random.choice(list(seed.regions[key]))
new_seed = Seed(seed.data[:s] + seed.data[e:])
new_seed.has_structure = False
new_seed.has_regions = False
return new_seed
else:
return super().delete_fragment(seed)
def swap_fragment(self, seed):
"""Chooses a random region and swaps it with a fragment
that starts with the same symbol"""
if not seed.has_structure and seed.has_regions:
regions = [
r for r in seed.regions
if (len(seed.regions[r]) > 0 and len(self.fragments[r]) > 0)
]
if len(regions) == 0: return seed
key = random.choice(list(regions))
s, e = random.choice(list(seed.regions[key]))
swap_structure = random.choice(self.fragments[key])
swap_string = tree_to_string(swap_structure)
new_seed = Seed(seed.data[:s] + swap_string + seed.data[e:])
new_seed.has_structure = False
new_seed.has_regions = False
return new_seed
else:
return super().swap_fragment(seed)
def print_stats(fuzzer, parser):
coverage, _ = population_coverage(fuzzer.inputs, my_parser)
has_structure = 0
for seed in fuzzer.inputs:
# reuse memoized information
if hasattr(seed, "has_structure"):
if seed.has_structure:
has_structure += 1
else:
if isinstance(seed, str):
seed = Seed(seed)
try:
signal.setitimer(signal.ITIMER_REAL, 0.2)
next(parser.parse(seed.data))
signal.setitimer(signal.ITIMER_REAL, 0)
has_structure += 1
except (SyntaxError, Timeout):
signal.setitimer(signal.ITIMER_REAL, 0)
print("From the %d generated inputs, %d (%0.2f%%) can be parsed.\n"
"In total, %d statements are covered." %
(len(fuzzer.inputs), has_structure,
100 * has_structure / len(fuzzer.inputs), len(coverage)))
if __package__ is None or __package__ == "":
from GreyboxFuzzer import Mutator, Seed, PowerSchedule, MutationFuzzer, GreyboxFuzzer
else:
from .GreyboxFuzzer import Mutator, Seed, PowerSchedule, MutationFuzzer, GreyboxFuzzer
if __package__ is None or __package__ == "":
from MutationFuzzer import FunctionCoverageRunner
else:
from .MutationFuzzer import FunctionCoverageRunner
if __name__ == "__main__":
Mutator().mutate("Hello World")
if __name__ == "__main__":
population = [Seed("A"), Seed("B"), Seed("C")]
schedule = PowerSchedule()
hits = {"A": 0, "B": 0, "C": 0}
for i in range(10000):
seed = schedule.choose(population)
hits[seed.data] += 1
hits
from html.parser import HTMLParser
def my_parser(inp):
parser = HTMLParser()
parser.feed(inp)