def test_g():
db = test2_setup()
x = fuzzy.mk_int('x')
r = db.query(Test2).get(x)
if r is None:
v = None
else:
v = r.value
print x, '->', v
g_results.add(v)
def test_g():
db = test2_setup()
x = fuzzy.mk_int('x')
r = db.query(Test2).get(x)
if r is None:
v = None
else:
v = r.value
print x, '->', v
g_results.add(v)
def test_f():
i = fuzzy.mk_int('i')
v = f(i)
print i, '->', v
f_results.add(v)
import symex.fuzzy as fuzzy
import z3
import traceback
import sys
class MyException(Exception):
def __init__(self, *args):
super(MyException, self).__init__(*args)
try:
fuzzy.cur_path_constr = []
fuzzy.cur_path_constr_callers = []
fuzzy.concrete_values = {'x': 10}
x = fuzzy.mk_int('x')
y = x * 2
if not isinstance(y, fuzzy.concolic_int):
raise MyException("ERROR: lost concolic object after multiply")
if y != 20:
raise MyException("ERROR: wrong concrete value for concolic object")
if len(fuzzy.cur_path_constr) == 0:
raise MyException("ERROR: no path constraint from equality check")
if len(fuzzy.cur_path_constr) > 1:
raise MyException(
"ERROR: too many path constraints from equality check")
def test_stuff():
method = fuzzy.mk_str('method')
if not method == 'get' and not method == 'post':
return
req = d.new()
from django.contrib.auth.models import User
User.objects.all().delete()
alice = adduser('alice')
bob = adduser('bob')
balance1 = sum([u.person.zoobars for u in User.objects.all()])
from zapp.models import Transfer
Transfer.objects.all().delete()
#User.objects.get(username = '******')
## In two cases, we over-restrict the inputs in order to reduce the
## number of paths that "make check" explores, so that it finishes
## in a reasonable amount of time. You could pass unconstrained
## concolic values for both REQUEST_METHOD and PATH_INFO, but then
## zoobar generates around 2000 distinct paths, and that takes many
## minutes to check.
path = fuzzy.mk_str('path') + '/'
if path[0] == '/':
return
data = {}
if method == 'post':
if path == 'transfer/':
data = post_data(zoobars=fuzzy.mk_int('transfer.zoobars'),
recipient=fuzzy.mk_str('transfer.recipient'))
logged_in = False
user = fuzzy.mk_str('user')
if user == 'alice' or user == 'bob':
if verbose > 0:
print('==> accessing %s as %s' % (path, user))
if user == 'alice':
req.login(username='******', password='******')
elif user == 'bob':
req.login(username='******', password='******')
logged_in = True
else:
if verbose > 0:
print('==> accessing %s anonymously' % path)
if cov is not None:
cov.start()
response = None
if method == 'get':
response = req.get(path)
elif method == 'post':
response = req.post(path, data=data)
if cov is not None:
cov.stop()
cov.save()
if verbose == 1 and response.status_code == 404:
print(" -> 404 not found...")
elif verbose == 1:
print(' -> %d %s' % (response.status_code, response.reason_phrase))
elif verbose > 1:
print(' -> %d %s\n -> %s' %
(response.status_code, response.reason_phrase, response.items()))
if verbose > 2 or response.status_code == 500:
print(80 * "-")
print(re.sub("^", "\t", response.content))
print(80 * "-")
if logged_in and path == "transfer/":
if verbose > 0:
if "Log out" in response.content:
print(" -> login works. that's nice.")
else:
print(" -> login doesn't work :(")
if method == "post":
if "warning" in response.content:
if verbose > 0:
# success is also notified using a warning span
wtext = re.search('<span class="warning">([^<]*)</span>',
response.content).group(1)
print(" -> transfer warning: %s" % wtext)
else:
print(" -> NO TRANSFER WARNING?!")
print(80 * "-")
print(re.sub("^", "\t", response.content))
print(80 * "-")
if User.objects.all().count() == 2:
balance2 = sum([u.person.zoobars for u in User.objects.all()])
if balance1 != balance2:
report_balance_mismatch()
utransfers = [t.sender.user.username for t in Transfer.objects.all()]
for p in User.objects.all():
if p.username not in utransfers:
if p.person.zoobars < 10:
report_zoobar_theft()
#!/usr/bin/python
import symex.fuzzy as fuzzy
import z3
import traceback
import sys
class MyException(Exception):
def __init__(self, *args):
super(MyException, self).__init__(*args)
try:
fuzzy.cur_path_constr = []
fuzzy.cur_path_constr_callers = []
fuzzy.concrete_values = {'x': 10}
x = fuzzy.mk_int('x')
y = x * 2
if not isinstance(y, fuzzy.concolic_int):
raise MyException("ERROR: lost concolic object after multiply")
if y != 20:
raise MyException("ERROR: wrong concrete value for concolic object")
if len(fuzzy.cur_path_constr) == 0:
raise MyException("ERROR: no path constraint from equality check")
if len(fuzzy.cur_path_constr) > 1:
raise MyException("ERROR: too many path constraints from equality check")
fuzzy.cur_path_constr = []
if y == 70:
raise MyException("ERROR: wrong concrete value for concolic object, take 2")
(ok, model) = fuzzy.fork_and_check(fuzzy.sym_not(fuzzy.cur_path_constr[0]))
if ok != z3.sat:
raise MyException("ERROR: unsolvable constraint")
def test_f():
i = fuzzy.mk_int('i')
v = f(i)
print i, '->', v
f_results.add(v)
def test_stuff():
method = fuzzy.mk_str('method')
if not method == 'get' and not method == 'post':
return
req = d.new()
from django.contrib.auth.models import User
User.objects.all().delete()
alice = adduser('alice')
bob = adduser('bob')
balance1 = sum([u.person.zoobars for u in User.objects.all()])
from zapp.models import Transfer
Transfer.objects.all().delete()
#User.objects.get(username = '******')
## In two cases, we over-restrict the inputs in order to reduce the
## number of paths that "make check" explores, so that it finishes
## in a reasonable amount of time. You could pass unconstrained
## concolic values for both REQUEST_METHOD and PATH_INFO, but then
## zoobar generates around 2000 distinct paths, and that takes many
## minutes to check.
path = fuzzy.mk_str('path') + '/'
if path[0] == '/':
return
data = {}
if method == 'post':
if path == 'transfer/':
data = post_data(
zoobars = fuzzy.mk_int('transfer.zoobars'),
recipient = fuzzy.mk_str('transfer.recipient')
)
logged_in = False
user = fuzzy.mk_str('user')
if user == 'alice' or user == 'bob':
if verbose > 0:
print('==> accessing %s as %s' % (path, user))
if user == 'alice':
req.login(username='******', password='******')
elif user == 'bob':
req.login(username='******', password='******')
logged_in = True
else:
if verbose > 0:
print('==> accessing %s anonymously' % path)
if cov is not None:
cov.start()
response = None
if method == 'get':
response = req.get(path)
elif method == 'post':
response = req.post(path, data=data)
if cov is not None:
cov.stop()
cov.save()
if verbose == 1 and response.status_code == 404:
print(" -> 404 not found...")
elif verbose == 1:
print(' -> %d %s' % (response.status_code, response.reason_phrase))
elif verbose > 1:
print(' -> %d %s\n -> %s' % (
response.status_code,
response.reason_phrase,
response.items())
)
if verbose > 2 or response.status_code == 500:
print(80 * "-")
print(re.sub("^", "\t", response.content))
print(80 * "-")
if logged_in and path == "transfer/":
if verbose > 0:
if "Log out" in response.content:
print(" -> login works. that's nice.")
else:
print(" -> login doesn't work :(")
if method == "post":
if "warning" in response.content:
if verbose > 0:
# success is also notified using a warning span
wtext = re.search('<span class="warning">([^<]*)</span>', response.content).group(1)
print(" -> transfer warning: %s" % wtext)
else:
print(" -> NO TRANSFER WARNING?!")
print(80 * "-")
print(re.sub("^", "\t", response.content))
print(80 * "-")
if User.objects.all().count() == 2:
balance2 = sum([u.person.zoobars for u in User.objects.all()])
if balance1 != balance2:
report_balance_mismatch()
utransfers = [t.sender.user.username for t in Transfer.objects.all()]
for p in User.objects.all():
if p.username not in utransfers:
if p.person.zoobars < 10:
report_zoobar_theft()
def test_f():
i = fuzzy.mk_int('i')
print "test_f is called "
v = f(i)
print i, '->', v
f_results.add(v)
