def __build_assignment(self, try_catch=True): choice = random.randint(1, 20) js_obj = self.__get_an_js_object() js_function_name = random.choice(js_obj.methods_and_properties.keys()) if js_function_name == "removeChild" or js_function_name == "replaceChild": children = js_obj.get_children() if not children: js_function_name = "appendChild" js_obj_function = js_obj.methods_and_properties[js_function_name] parameters = js_obj_function['parameters'] ret_val = js_obj_function['ret_val'] optional = False if parameters is not None: for params in parameters: if "*" in params: if choice > 8: parameters = None else: optional = True if parameters is not None: params = self.__get_params(js_obj, js_obj_function['parameters']) code = js_obj_function['method'](*params) else: code = js_obj_function['method']() # TODO: how to involve operators in numbers and strings ... if not optional: ret_val = "JS_STRING" if ret_val == "STRING" else ret_val ret_val = "JS_NUMBER" if ret_val == "INT" or ret_val == "EXP_FLOAT" or ret_val == "FLOAT" else ret_val if ret_val == "JS_DOM_ELEMENT": new_js_obj = JsDomElement(self.__get_js_dom_element_name()) if choice < 10 else random.choice(self._js_objects['JS_DOM_ELEMENT']) self._js_objects['JS_DOM_ELEMENT'].append(new_js_obj) elif ret_val == "JS_STRING": new_js_obj = JsString(self.__get_js_string_name()) if choice < 10 else random.choice(self._js_objects['JS_STRING']) self._js_objects['JS_STRING'].append(new_js_obj) if choice >= 15: js_str = random.choice(self._js_objects['JS_STRING']) js_str_func = random.choice(js_str.methods_and_properties_by_return_type['JS_STRING']) js_str_func_params = self.__get_params(js_str, js_str_func['parameters']) if js_str_func['parameters'] is not None else None code += " + " + js_str_func['method'](*js_str_func_params) if js_str_func['parameters'] is not None else " + " + js_str_func['method']() elif ret_val == "JS_NUMBER": new_js_obj = JsNumber(self.__get_js_number_name()) if choice < 10 else random.choice(self._js_objects['JS_NUMBER']) self._js_objects['JS_NUMBER'].append(new_js_obj) if choice >= 15: number_operator = random.choice(JsNumber.OPERATORS) js_number = random.choice(self._js_objects['JS_NUMBER']) code += " " + number_operator + " " + js_number.name elif ret_val == "JS_ARRAY": new_js_obj = JsArray(self.__get_js_array_name()) if choice < 10 else random.choice(self._js_objects['JS_ARRAY']) self._js_objects['JS_ARRAY'].append(new_js_obj) else: new_js_obj = JsObject(self.__get_js_object_name()) if choice < 10 else random.choice(self._js_objects['JS_OBJECT']) self._js_objects['JS_OBJECT'].append(new_js_obj) code = new_js_obj.name + " = " + code return JsGlobal.try_catch_block(code + "; ") if try_catch else code + ";\n"
def __add_event_dispatcher(self): code = "function event_firing() {\n" for key in self._js_elements: for event in self._js_elements[key].registered_events.keys(): if 'DOM' in event: continue elif event == 'click': code += JsGlobal.try_catch_block( self._js_elements[key].click() + "\n", "ex") elif event == 'error': pass elif event == 'load': pass elif event == 'scroll': code += JsGlobal.try_catch_block( self._js_elements[key].scrollLeft() + " = 10;" + "\n", "ex") elif event == 'resize' or event == 'change': code += JsGlobal.try_catch_block( self._js_elements[key].innerHtml() + " = \"" + "A" * 100 + "\";\n", "ex") elif event == 'focus' or event == 'focusin': code += JsGlobal.try_catch_block( self._js_elements[key].focus() + "\n", "ex") elif event == 'blur': code += JsGlobal.try_catch_block( self._js_elements[key].blur() + "\n", "ex") elif event == 'select': code += JsGlobal.try_catch_block( self._js_elements[key].select() + "\n", "ex") code += "}\n" return code
def __add_function(self, func_name=None, event=False): if not func_name: func_name = "func_" + str(self._function_count) + "()" code = "function " + func_name + " {\n" func_count = random.randint(10, 50) for i in range(func_count): code += "\t" + JsGlobal.try_catch_block(self.__add_element_method()) if not event: self._function_count += 1 if random.randint(0, 10) <= 3: code += "\t" + JsWindow.setTimeout("func_" + str(self._function_count) + "()", self.TIMEOUT) + "\n" else: self._calls_in_startup.append("\tfunc_" + str(self._function_count) + "();") code += "}\n" return code
def __add_function(self, func_name=None, event=False): if not func_name: func_name = "func_" + str(self._function_count) + "()" code = "function " + func_name + " {\n" func_count = random.randint(10, 50) for i in range(func_count): code += "\t" + JsGlobal.try_catch_block( self.__add_element_method()) if not event: self._function_count += 1 if random.randint(0, 10) <= 3: code += "\t" + JsWindow.setTimeout( "func_" + str(self._function_count) + "()", self.TIMEOUT) + "\n" else: self._calls_in_startup.append("\tfunc_" + str(self._function_count) + "();") code += "}\n" return code
def __add_event_dispatcher(self): code = "function event_firing() {\n" for key in self._js_elements: for event in self._js_elements[key].registered_events.keys(): if 'DOM' in event: continue elif event == 'click': code += JsGlobal.try_catch_block(self._js_elements[key].click() + "\n", "ex") elif event == 'error': pass elif event == 'load': pass elif event == 'scroll': code += JsGlobal.try_catch_block(self._js_elements[key].scrollLeft() + " = 10;" + "\n", "ex") elif event == 'resize' or event == 'change': code += JsGlobal.try_catch_block(self._js_elements[key].innerHtml() + " = \"" + "A" * 100 + "\";\n", "ex") elif event == 'focus' or event == 'focusin': code += JsGlobal.try_catch_block(self._js_elements[key].focus() + "\n", "ex") elif event == 'blur': code += JsGlobal.try_catch_block(self._js_elements[key].blur() + "\n", "ex") elif event == 'select': code += JsGlobal.try_catch_block(self._js_elements[key].select() + "\n", "ex") code += "}\n" return code
def fuzz(self): if self._canvas_type == "2d": js_canvas = JsCanvas.Canvas2d(self._canvas_id) else: return function = "function func_" + self._canvas_id + "() {\r\n" function += "var " + self._canvas_id + ' = document.getElementById("' + self._canvas_id + '");\r\n' function += js_canvas.get_context("ctx") for i in range(self._count): function += "\t" luck = random.choice(range(0, 10)) if luck < 3: key = random.choice(js_canvas.attributes.keys()) function += JsGlobal.try_catch_block( js_canvas.attributes[key]["func"](random.choice(js_canvas.attributes[key]["parameter"])) ) else: method = random.choice(js_canvas.methods) if method == "create_linear_gradient": x0, y0, x1, y1 = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) function += JsGlobal.try_catch_block(js_canvas.create_linear_gradient(x0, y0, x1, y1)) elif method == "create_pattern": function += JsGlobal.try_catch_block( js_canvas.create_pattern(js_canvas.name, random.choice(js_canvas.PATTERN_TYPES)) ) elif method in js_canvas.rect_methods: x, y, width, height = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) if method == "rect": function += JsGlobal.try_catch_block(js_canvas.rect(x, y, width, height)) elif method == "fill_rect": function += JsGlobal.try_catch_block(js_canvas.fill_rect(x, y, width, height)) elif method == "stroke_rect": function += JsGlobal.try_catch_block(js_canvas.stroke_rect(x, y, width, height)) elif method == "clear_rect": function += JsGlobal.try_catch_block(js_canvas.clear_rect(x, y, width, height)) elif method == "clip": function += JsGlobal.try_catch_block(js_canvas.clip()) elif method == "scale": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.scale(x, y)) elif method == "rotate": angle = random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.rotate(angle)) elif method == "translate": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.translate(x, y)) elif method == "transform" or method == "set_transform": a, b, c, d, e, f = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) function += ( JsGlobal.try_catch_block(js_canvas.transform(a, b, c, d, e, f)) if method == "transform" else JsGlobal.try_catch_block(js_canvas.set_transform(a, b, c, d, e, f)) ) elif method == "fill_text" or method == "stroke_text": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) text = random.choice(FuzzValues.STRINGS) function += ( JsGlobal.try_catch_block(js_canvas.fill_text(text, x, y)) if method == "fill_text" else JsGlobal.try_catch_block(js_canvas.stroke_text(text, x, y)) ) elif method == "measure_text": text = random.choice(FuzzValues.STRINGS) function += JsGlobal.try_catch_block(js_canvas.measure_text(text)) elif method == "draw_image": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.draw_image(js_canvas.name, x, y)) elif method in js_canvas.path_methods: if not js_canvas.has_active_path: function += js_canvas.begin_path() + "\t" if method == "stroke": function += JsGlobal.try_catch_block(js_canvas.stroke()) elif method == "fill": function += JsGlobal.try_catch_block(js_canvas.fill()) elif method == "move_to": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.move_to(x, y)) elif method == "close_path": function += JsGlobal.try_catch_block(js_canvas.close_path()) elif method == "line_to": x, y = random.choice(js_canvas.ints), random.choice(js_canvas.ints) function += JsGlobal.try_catch_block(js_canvas.line_to(x, y)) elif method == "quadratic_curve_to": cpx, cpy, x, y = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) function += JsGlobal.try_catch_block(js_canvas.quadratic_curve_to(cpx, cpy, x, y)) elif method == "bezier_curve_to": cp1x, cp1y, cp2x, cp2y, x, y = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) function += JsGlobal.try_catch_block(js_canvas.bezier_curve_to(cp1x, cp1y, cp2x, cp2y, x, y)) elif method == "arc": x, y, r, start, end = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) counter = random.choice(FuzzValues.BOOL) function += JsGlobal.try_catch_block(js_canvas.arc(x, y, r, start, end, counter)) elif method == "arc_to": x0, y0, x1, y1, r = ( random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), random.choice(js_canvas.ints), ) function += JsGlobal.try_catch_block(js_canvas.arc_to(x0, y0, x1, y1, r)) if js_canvas.has_active_path: function += JsGlobal.try_catch_block(js_canvas.stroke()) function += "}\r\n" return function
def __build_for_loop_block(self, length): code = "\tfor (var i = 0; i < " + (random.choice(self._js_objects['JS_ARRAY'])).length() + ";i++) {\n" for i in range(length): code += "\t\t" + self.__build_assignment(False) code += "\t}\n" return "\t" + JsGlobal.try_catch_block("\n" + code)
def __build_if_statement_block(self, length): code = "\tif " + self.__create_bool_expression() + "{ \n" for i in range(length): code += "\t\t" + self.__build_assignment(False) code += "\t}\n" return "\t" + JsGlobal.try_catch_block("\n" + code)