Adding query attributes

fuzzer/src/blocks_generator.py

@@ -89,7 +89,7 @@ def _generate_content_body(is_body_json, json_decoder, body_string_example, fuzz
 
 def _generate_http_header(request, endpoint, fuzzable):
     s_static(request["Method"].upper() + " ")
-    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], ConfigurationManager.config, fuzzable)
+    RequestBuildHelper.generate_uri(endpoint["Uri"], request["UriAttributes"], fuzzable)
     s_static(" HTTP/1.1\r\n")
     RequestBuildHelper.generate_headers(ConfigurationManager.config)
     s_static("\r\n\r\n")

fuzzer/src/request_build_helper.py

@@ -1,8 +1,10 @@
 import json
-from boofuzz import s_static, s_size
+from typing import List
+from boofuzz import s_static, s_size, s_render
 from fuzz_payloads import s_http_string, s_http_number, s_http_boolean
 from encodings_helper import EncodingTypes
 from parameter import Parameter
+from configuration_manager import ConfigurationManager
 
 
 class RequestBuildHelper(object):
@@ -34,10 +36,12 @@ class RequestBuildHelper(object):
         return headers is not None and header_name in headers
 
     @staticmethod
-    def generate_uri(uri, uri_parameters, config, fuzzable=False):
+    def generate_uri(uri, uri_parameters, fuzzable=False):
-        fixed_attributes = config["fixed_url_attributes"] if "fixed_url_attributes" in config else None
         id_generator = _unique_uri_attribute_id()
 
+        already_used_parameters: List[str] = []
+
+        # 1] Generate URI as it is in payloads file
         while True:
             try:
                 # Find first not yet found parameter, if there is one
@@ -48,24 +52,40 @@ class RequestBuildHelper(object):
                 index = uri.index("}")
                 parameter_name = uri[0:index]
 
-                parameter: Parameter = RequestBuildHelper._get_parameter(parameter_name, fixed_attributes, uri_parameters)
+                RequestBuildHelper._append_parameter(parameter_name, id_generator, uri_parameters, fuzzable)
-                name = "URI attribute, default value: " + parameter.value + ", id: " + next(id_generator)
-                is_part_fuzzable = fuzzable and not parameter.is_from_config
-
-                if parameter.data_type and (parameter.data_type == 'integer' or parameter.data_type == 'number'):
-                    s_http_number(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
-                elif parameter.data_type and parameter.data_type == 'string':
-                    s_http_boolean(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
-                else:
-                    s_http_string(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
 
                 uri = uri[index + 1:]
+                already_used_parameters.append(parameter_name)
             except ValueError:
                 if len(uri) > 0:
                     name = "URI attribute, default value: " + uri + ", id: " + next(id_generator)
                     s_http_string(uri, fuzzable=False, encoding=EncodingTypes.ascii, name=name)
                 break
 
+        # 2] Append another URI attributes
+        for uri_parameter in uri_parameters:
+            parameter_name = uri_parameter["Name"]
+            if parameter_name not in already_used_parameters and uri_parameter["Location"] == "Query":
+                prefix = "?" if "?" not in s_render() else "&"
+                name = "URI attribute, default value: " + uri + ", id: " + next(id_generator)
+                s_http_string(prefix + parameter_name + "=", fuzzable=False, encoding=EncodingTypes.ascii, name=name)
+                RequestBuildHelper._append_parameter(parameter_name, id_generator, uri_parameters, fuzzable)
+
+    @staticmethod
+    def _append_parameter(parameter_name, id_generator, uri_parameters, fuzzable):
+        fixed_attributes = ConfigurationManager.config["fixed_url_attributes"] if "fixed_url_attributes" in ConfigurationManager.config else None
+
+        parameter: Parameter = RequestBuildHelper._get_parameter(parameter_name, fixed_attributes, uri_parameters)
+        name = "URI attribute, default value: " + parameter.value + ", id: " + next(id_generator)
+        is_part_fuzzable = fuzzable and not parameter.is_from_config
+
+        if parameter.data_type and (parameter.data_type == 'integer' or parameter.data_type == 'number'):
+            s_http_number(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
+        elif parameter.data_type and parameter.data_type == 'string':
+            s_http_boolean(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
+        else:
+            s_http_string(parameter.value, fuzzable=is_part_fuzzable, encoding=EncodingTypes.urlencoded, name=name)
+
     # Getting parameter value from these sources (ordered):
     # 1] Fixed attributes from config
     # 2] Example value from documentation

parser/Models/UriAttribute.cs

@@ -10,6 +10,7 @@ namespace Models
 
         public string Type { get; set; }
         public string Format { get; set; }
+        public string Location { get; set; }
 
         public UriAttribute(string name, bool required)
         {

parser/Parser/AttributeParser.cs

@@ -21,7 +21,8 @@ namespace Parser
                                    ContentParser.GetSingleExample(parameter.Schema?.Example) ??
                                    PrimitiveDataTypeExampleGenerator.GenerateExampleValueByType(parameter.Schema.Type, parameter.Schema.Format),
                     Type = parameter.Schema.Type,
-                    Format = parameter.Schema.Format
+                    Format = parameter.Schema.Format,
+                    Location = parameter.In == ParameterLocation.Path ? "Path" : "Query"
                 };
                 return attribute;
             }