def m_scrollIntoView(self): alignToTop = r.bool() behavior = r.choice(["auto", "instant", "smooth"]) block = r.choice(["start", "end"]) scrollIntoViewOptions = "{behavior:'%s',block:'%s',}" % (behavior, block) return r.choice(["", alignToTop, scrollIntoViewOptions])
def fuzz(self): codes = [] for i in range(randoms.MAX_ELEMENTS_NUM): tag_list = list(self.relation.keys()) tag = randoms.choice(tag_list) name = self.new_elem() codes += self.create_element(tag) elem = randoms.choice(self.elements) name = elem[0] tag = elem[1] cls = randoms.choice(self.relation[tag]) property_methods = dir(cls) properties = [func for func in property_methods if "p_" == func[0:2]] cur_props = randoms.sample(properties, 10) for prop in properties: prop_name = prop[2:] func = getattr(cls(), prop) ret = func() code = "" if isinstance(ret, int) is True: code = "%s.%s=%s;" % (name, prop_name, ret) if isinstance(ret, str) is True: code = "%s.%s=\"%s\";" % (name, prop_name, ret) if ret is None: code = "document.write(%s.%s);" % (name, prop_name) codes.append(code) methods = [func for func in property_methods if "m_" == func[0:2]] cur_mtds = randoms.sample(methods, 10) for method in methods: method_name = method[2:] func = getattr(cls(), method) ret = func() if ret is None: code = "%s.%s();" % (name, method_name) else: code = "%s.%s(%s);" % (name, method_name, ret) codes.append(code) cccccccccc = self.try_catch(codes) funcs = "" for j in range(randoms.MAX_FUNS_NUM): funcs += "function %s(){\r\n%s\r\n}\r\n" % ("Func%s"%j, cccccccccc) codes.append("window.location.reload(true);") return funcs + self.try_catch(codes)
def fuzz(self): codes = [] for i in range(randoms.MAX_ELEMENTS_NUM): tag_list = list(self.relation.keys()) tag = randoms.choice(tag_list) name = self.new_elem() codes += self.create_element(tag) elem = randoms.choice(self.elements) name = elem[0] tag = elem[1] cls = randoms.choice(self.relation[tag]) property_methods = dir(cls) properties = [func for func in property_methods if "p_" == func[0:2]] cur_props = randoms.sample(properties, 10) for prop in properties: prop_name = prop[2:] func = getattr(cls(), prop) ret = func() code = "" if isinstance(ret, int) is True: code = "%s.%s=%s;" % (name, prop_name, ret) if isinstance(ret, str) is True: code = "%s.%s=\"%s\";" % (name, prop_name, ret) if ret is None: code = "document.write(%s.%s);" % (name, prop_name) codes.append(code) methods = [func for func in property_methods if "m_" == func[0:2]] cur_mtds = randoms.sample(methods, 10) for method in methods: method_name = method[2:] func = getattr(cls(), method) ret = func() if ret is None: code = "%s.%s();" % (name, method_name) else: code = "%s.%s(%s);" % (name, method_name, ret) codes.append(code) cccccccccc = self.try_catch(codes) funcs = "" for j in range(randoms.MAX_FUNS_NUM): funcs += "function %s(){\r\n%s\r\n}\r\n" % ("Func%s" % j, cccccccccc) codes.append("window.location.reload(true);") return funcs + self.try_catch(codes)
def p_clear(self): # 设置一个元素的侧面是否允许其他的浮动元素 # left 在左侧不允许浮动元素 # right 在右侧不允许浮动元素 # both 在左右两侧均不允许浮动元素 # none 默认。允许浮动元素出现在两侧 return r.choice(["left", "right", "both", "none"])
def p_shape(self): shape = [ "default", "rect", "circ", "poly", ] return r.choice(shape)
def p_formEncType(self): # application/x-www-form-urlencoded 在发送前对所有字符进行编码(默认) # multipart/form-data 不对字符编码。当使用有文件上传控件的表单时,该值是必需的 # text/plain 将空格转换为 "+" 符号,但不编码特殊字符 return r.choice([ "application/x-www-form-urlencoded", "multipart/form-data", "text/plain", "" ])
def m_animate(self): keyframes = r.choice([ "{opacity:[ %s,%s],color:[ '#%s','#%s']}" % (r.zint(2048), r.zint(2048), r.shex(3), r.shex(3)), "[{opacity:%s,color: '#%s'}, {opacity:%s,color: '#%s'}]" % (r.zint(2048), r.shex(3), r.zint(2048), r.shex(3)), "{opacity:[ %s,%s],color:[ '#%s','#%s']}" % (r.zint(2048), r.zint(2048), r.shex(6), r.shex(6)), "[{opacity:%s,color: '#%s'}, {opacity:%s,color: '#%s'}]" % (r.zint(2048), r.shex(6), r.zint(2048), r.shex(6)), ]) keyframeOptions = r.zint(65535) return "%s,%s" % (keyframes, keyframeOptions)
def m_insertAdjacentHTML(self): # 插入邻近的HTML position = r.choice(['beforebegin', 'afterbegin', 'beforeend', 'afterend']) tag = r.HTMLTags() # TODO:这里不支持script标签,查明原因 有可能是浏览器的问题 while tag == "script": tag = r.HTMLTags() text = "<%s>%s</%s>" % (tag, r.DOMString(r.zint(256)), tag) return "'%s',\"%s\"" % (position, text)
def p_coords(self): # 设置或者返回坐标值 rand = r.zint(2) if rand == 0: # rect num = 2 elif rand == 1: # circ num = 3 else: # poly num = r.zint(2048) return r.choice([r.coords(num), ""])
def p_playbackRate(self): # 设置或返回音频播放的速度 return r.choice([ 2.0, 1.0, 0.5, 0, -0.5, -1.0, ])
def p_defaultPlaybackRate(self): # 设置或返回音频的默认播放速度 return r.choice([ 2.0, 1.0, 0.5, 0, -0.5, -1.0, ])
def m_insertAdjacentHTML(self): # 插入邻近的HTML position = r.choice( ['beforebegin', 'afterbegin', 'beforeend', 'afterend']) tag = r.HTMLTags() # TODO:这里不支持script标签,查明原因 有可能是浏览器的问题 while tag == "script": tag = r.HTMLTags() text = "<%s>%s</%s>" % (tag, r.DOMString(r.zint(256)), tag) return "'%s',\"%s\"" % (position, text)
def p_rel(self): # 指定当前文档和被连接文档之间的关系 relation = [ "appendix", "chapter", "contents", "copyright", "glossary", "index", "section", "start", "subsection", # 已删除的值 "alternate", "stylesheet", "start", "next", "prev", "contents", "index", "glossary", "copyright", "chapter", "section", "subsection", "appendix", "help", "bookmark", "bookmark", "licence", "tag", "friend", "archives", "author", "bookmark", "external", "first", "index", "last", "license", "nofollow", "noreferrer", "search", "sidebar", "tag","up",# html5 "", ] return r.choice(relation)
def m_setUserData(self): # 把对象关联到节点上的一个键上 userKey = r.choice([r.randrange(40, 92), r.randrange(93, 127), r.DOMString(r.zint(256))]) userData = r.DOMString(r.zint(256)) handler = r.Funcs() return "'%s','%s',%s" % (userKey, userData, handler) # TODO:IE独有属性 需重新修改 #def m_selectNodes(self): # # 用一个 XPath 表达式查询选择节点 # pass #def m_selectSingleNode(self): # # 查找和 XPath 查询匹配的一个节点 # pass #def m_transformNode(self): # # 使用 XSLT 把一个节点转换为一个字符串 # pass #def m_transformNodeToObject(self): # # 使用 XSLT 把一个节点转换为一个文档 # pass
def m_replaceWith(self): node = r.Element() text = r.DOMString(r.zint(256)) return r.choice(["'%s'" % text, node])
def m_querySelectorAll(self): # 找出所有匹配的节点并返回数组 selectors = randoms.choice( [randoms.HTMLTags(), randoms.Element(), "*"]) return "'%s'" % selectors
def p_draggable(self): # 规定元素是否可拖动 value = ["true", "false", "auto"] return r.choice(value)
def p_target(self): target = ["_blank", "_self", "_parent", "_top", "", r.DOMString(r.zint(256))] return r.choice(target) # Methods # No specific method; inherits attributes from its parent, HTMLElement.
def p_formTarget(self): target = [ "_blank", "_self", "_parent", "_top", r.DOMString(r.zint(256)) ] return r.choice(target)
def p_translate(self): # 规定是否应该翻译元素内容 value = ["yes", "no"] return r.choice(value)
def p_dir(self): # 规定元素内容的文本方向 value = ["ltr", "rtl", "auto", ""] return r.choice(value)
def p_defaultPlaybackRate(self): # 设置或返回音频的默认播放速度 return r.choice([2.0, 1.0, 0.5, 0, -0.5, -1.0, ])
def m_compareDocumentPosition(self): # 对比两个节点的文档位置 newElem = "document.createElement('%s')" % r.HTMLTags() curElem = r.Element() return r.choice([newElem, curElem])
def p_playbackRate(self): # 设置或返回音频播放的速度 return r.choice([2.0, 1.0, 0.5, 0, -0.5, -1.0, ])
def p_preload(self): # 设置或返回音频是否应该在页面加载后进行加载 return r.choice(["auto", "metadata", "null"])
def m_toDataURL(self): # 将canvas转换为基于Base64编码的图像 type = r.choice(["image/png", "image/jpeg"]) args = r.double(1) return r.choice(["'%s',%s" % (type, args), "'%s'" % type, ""])
def m_getContext(self): # 获取绘图环境 contextID = ["2d", "webgl2", "webgl", "bitmaprenderer"] return "'%s'" % r.choice(contextID)
def m_captureStream(self): return r.choice([r.double(1), ""])
def p_target(self): target = ["_blank", "_self", "_parent", "_top", "", r.DOMString(r.zint(256))] return r.choice(target)
def m_getUserData(self): # 返回与此节点上的某个键相关联的对象 # 此对象必须首先通过使用相同的键来调用 setUserData 被设置到此节点 userKey = r.choice([r.randrange(40, 92), r.randrange(93, 127)]) return "'%s'" % userKey
def m_cloneNode(self): # 复制节点 return r.choice([r.bool(), ""])
def m_insertBefore(self): # 在指定的子节点前插入新的子节点 newNode = r.choice(["document.createElement('%s')" % r.HTMLTags(), r.Element()]) existingnode = r.choice(["document.createElement('%s')" % r.HTMLTags(), r.Element()]) return r.choice(["%s,%s" % (newNode, existingnode), newNode])
def m_close(self): return r.choice(["", "'%s'" % r.DOMString(r.zint(256))])
def p_autofocus(self): # 规定当页面加载时按钮应当自动地获得焦点 return r.choice([r.bool(), "autofocus"])
def m_prepend(self): # 将指定元素插入匹配元素内部的开头 node = randoms.Element() text = randoms.DOMString(randoms.zint(256)) return "'%s'" % randoms.choice([node, text])
def p_formMethod(self): # 覆盖 form 元素的 method 属性 return r.choice(["get", "post"])
def m_querySelector(self): # 找到一个后就返回节点对象 selectors = randoms.choice([randoms.HTMLTags(), randoms.Element(), "*"]) return "'%s'" % selectors
def p_type(self): behavior = ["submit", "reset", "button", "menu"] return r.choice(behavior)
def m_before(self): node = r.Element() text = r.DOMString(r.zint(256)) return r.choice(["'%s'" % text, node])
def m_attachShadow(self): shadowRootInit = r.choice(["open", "closed"]) return shadowRootInit
def p_align(self): r.choice(["left", "right", "justify", "center", ""])
def p_accessKey(self): # 设置或返回访问一个链接的键盘按键 index = [r.DOMString(2), r.DOMString(1), ""] return r.choice(index)
def m_querySelector(self): # 找到一个后就返回节点对象 selectors = randoms.choice( [randoms.HTMLTags(), randoms.Element(), "*"]) return "'%s'" % selectors
def p_shape(self): shape = ["default", "rect", "circ", "poly", ] return r.choice(shape)
def m_queryAll(self): n = randoms.choice([randoms.HTMLTags(), randoms.Element(), "'*'"]) return "'%s'" % n
def m_removeChild(self): # 删除(并返回)当前节点的指定子节点 return r.choice(["document.createElement('%s')" % r.HTMLTags(), r.Element()])
def m_querySelectorAll(self): # 找出所有匹配的节点并返回数组 selectors = randoms.choice([randoms.HTMLTags(), randoms.Element(), "*"]) return "'%s'" % selectors
def m_replaceChild(self): # 用新节点替换一个子节点 newNode = r.choice(["document.createElement('%s')" % r.HTMLTags(), r.Element()]) oldnode = r.choice(["document.createElement('%s')" % r.HTMLTags(), r.Element()]) return "%s,%s" % (newNode, oldnode)
def m_replaceWith(self): node = r.Element() text = r.DOMString(r.zint(256)) return r.choice(["'%s'" % text , node])
def m_appendChild(self): # 向节点的子节点列表的结尾添加新的子节点 newElem = "document.createElement('%s')" % r.HTMLTags() curElem = r.Element() return r.choice([newElem, curElem])
def m_isSupported(self): # 返回当前节点是否支持某个特性 feature = r.DOMString(r.zint(256)) version = r.choice(["1.0", "2.0", "3.0", "4.0", "5.0"]) return "'%s','%s'" % (feature, version)
def p_dropzone(self): # 规定在元素上拖动数据时,是否拷贝、移动或链接被拖动数据 value = ["copy", "move", "link"] return r.choice(value)
def m_showModal(self): return r.choice(["", r.Element(), r.EvtObj()])
def m_lookupPrefix(self): # 返回匹配指定命名空间 URI 的前缀 return "'%s'" % r.choice([r.URI(), ""])