Folder removed

2026-03-22 01:19:17 +01:00 · 2019-11-20 18:49:01 +01:00
parent 4ea29e2464
commit 955bddda2f
54 changed files with 163 additions and 163 deletions
--- a/fuzzer/unit_tests/fuzzing_json_decoder_tests.py
+++ b/fuzzer/unit_tests/fuzzing_json_decoder_tests.py
@@ -0,0 +1,117 @@
+import unittest
+import json
+from boofuzz import *
+from fuzzing_json_decoder import FuzzingJsonDecoder
+from fuzz_payloads import FuzzPayloads
+from configuration_manager import ConfigurationManager
+
+
+class FuzzingJsonDecoderTests(unittest.TestCase):
+    def setUp(self):
+        # Just init block for boofuzz
+        s_initialize(self.id())
+
+        # Generate at least few payloads for at least minimum number of mutations
+        FuzzPayloads.add_payload_to_list("payload 1", FuzzPayloads.CUSTOM_PAYLOADS_KEY)
+        FuzzPayloads.add_payload_to_list("payload 2", FuzzPayloads.CUSTOM_PAYLOADS_KEY)
+
+        # Generate fake configuration
+        ConfigurationManager.config = []
+
+    def __json_equality_assertion(self, original_json, generated_json):
+        self.assertDictEqual(json.loads(original_json), json.loads(generated_json))
+
+    def test_empty_dict(self):
+        # Prepare
+        original_json = '{}'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_empty_list(self):
+        # Prepare
+        original_json = '{"array": []}'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_dict_primitives(self):
+        # Prepare
+        original_json = '{"array": [{"primitives": {"1": 1, "2": 1e1, "3": false, "4": null}}]}'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_nested_dict(self):
+        # Prepare
+        original_json = '{ "problems": [{ "Diabetes":[{ "medications":[{ "medicationsClasses":[{ "className":[{ "associatedDrug":[{ "name":"asprin", "dose":"", "strength":"500 mg" }], "associatedDrug#2":[{ "name":"somethingElse", "dose":"", "strength":"500 mg" }] }], "className2":[{ "associatedDrug":[{ "name":"asprin", "dose":"", "strength":"500 mg" }], "associatedDrug#2":[{ "name":"somethingElse", "dose":"", "strength":"500 mg" }] }] }] }], "labs":[{ "missing_field": "missing_value" }] }], "Asthma":[{}] }]}'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_huge_dict(self):
+        # Prepare
+        original_json = ' { "medications":[{ "aceInhibitors":[{ "name":"lisinopril", "strength":"10 mg Tab", "dose":"1 tab", "route":"PO", "sig":"daily", "pillCount":"#90", "refills":"Refill 3" }], "antianginal":[{ "name":"nitroglycerin", "strength":"0.4 mg Sublingual Tab", "dose":"1 tab", "route":"SL", "sig":"q15min PRN", "pillCount":"#30", "refills":"Refill 1" }], "anticoagulants":[{ "name":"warfarin sodium", "strength":"3 mg Tab", "dose":"1 tab", "route":"PO", "sig":"daily", "pillCount":"#90", "refills":"Refill 3" }], "betaBlocker":[{ "name":"metoprolol tartrate", "strength":"25 mg Tab", "dose":"1 tab", "route":"PO", "sig":"daily", "pillCount":"#90", "refills":"Refill 3" }], "diuretic":[{ "name":"furosemide", "strength":"40 mg Tab", "dose":"1 tab", "route":"PO", "sig":"daily", "pillCount":"#90", "refills":"Refill 3" }], "mineral":[{ "name":"potassium chloride ER", "strength":"10 mEq Tab", "dose":"1 tab", "route":"PO", "sig":"daily", "pillCount":"#90", "refills":"Refill 3" }] } ], "labs":[{ "name":"Arterial Blood Gas", "time":"Today", "location":"Main Hospital Lab" }, { "name":"BMP", "time":"Today", "location":"Primary Care Clinic" }, { "name":"BNP", "time":"3 Weeks", "location":"Primary Care Clinic" }, { "name":"BUN", "time":"1 Year", "location":"Primary Care Clinic" }, { "name":"Cardiac Enzymes", "time":"Today", "location":"Primary Care Clinic" }, { "name":"CBC", "time":"1 Year", "location":"Primary Care Clinic" }, { "name":"Creatinine", "time":"1 Year", "location":"Main Hospital Lab" }, { "name":"Electrolyte Panel", "time":"1 Year", "location":"Primary Care Clinic" }, { "name":"Glucose", "time":"1 Year", "location":"Main Hospital Lab" }, { "name":"PT/INR", "time":"3 Weeks", "location":"Primary Care Clinic" }, { "name":"PTT", "time":"3 Weeks", "location":"Coumadin Clinic" }, { "name":"TSH", "time":"1 Year", "location":"Primary Care Clinic" } ], "imaging":[{ "name":"Chest X-Ray", "time":"Today", "location":"Main Hospital Radiology" }, { "name":"Chest X-Ray", "time":"Today", "location":"Main Hospital Radiology" }, { "name":"Chest X-Ray", "time":"Today", "location":"Main Hospital Radiology" } ] }'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_dicts_in_array(self):
+        # Prepare
+        original_json = '{ "one": { "two": [{ "four": { "name": "four1_name" } }, { "four": { "name": "four2_name" } }] } }'
+
+        # Action
+        decoder = FuzzingJsonDecoder(False)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+    def test_that_quotation_marks_are_not_added_into_default_values(self):
+        # Prepare
+        original_json = '{ "one": false, "two": 0  }'
+
+        # Action
+        decoder = FuzzingJsonDecoder(True)
+        decoder.decode_dict(json.loads(original_json))
+        decoder.generate_mutations()
+        generated_json = s_render()
+
+        # Assert
+        self.__json_equality_assertion(original_json, generated_json)
+
+
+if __name__ == '__main__':
+    unittest.main()
--- a/fuzzer/unit_tests/json_schema_parser_tests.py
+++ b/fuzzer/unit_tests/json_schema_parser_tests.py
@@ -0,0 +1,68 @@
+import unittest
+import json
+from json_schema_parser import generate_json_dict_from_schema
+
+
+class FuzzingJsonDecoderTests(unittest.TestCase):
+
+    def test_single_bool_primitive(self):
+        # Prepare
+        original_json_schema = '{"test": {"Title": null,"Type": "boolean","Format": null,"Example": null}}'
+        loaded_json_schema = json.loads(original_json_schema)
+
+        # Action
+        generated_json = generate_json_dict_from_schema(loaded_json_schema)
+
+        # Assert
+        self.assertTrue("test" in generated_json)
+        self.assertTrue(isinstance(generated_json["test"], bool))
+        self.assertEqual(generated_json["test"], True)
+
+    def test_nested_string_primitive_with_example(self):
+        # Prepare
+        original_json_schema = '{"test": {"nested": {"Title": null,"Type": "string","Format": null,"Example": "example"}}}'
+        loaded_json_schema = json.loads(original_json_schema)
+
+        # Action
+        generated_json = generate_json_dict_from_schema(loaded_json_schema)
+
+        # Assert
+        self.assertTrue("test" in generated_json)
+        self.assertTrue("nested" in generated_json["test"])
+        self.assertTrue(isinstance(generated_json["test"]["nested"], str))
+        self.assertEqual(generated_json["test"]["nested"], "example")
+
+    def test_array_with_primitive(self):
+        # Prepare
+        original_json_schema = '{"test": {"Type": "array","ArrayItemSchema": {"Title": null,"Type": "number","Format": "double","Example": null}}}'
+        loaded_json_schema = json.loads(original_json_schema)
+
+        # Action
+        generated_json = generate_json_dict_from_schema(loaded_json_schema)
+
+        # Assert
+        self.assertTrue("test" in generated_json)
+        self.assertTrue(isinstance(generated_json["test"], list))
+        self.assertTrue(isinstance(generated_json["test"][0], float))
+        self.assertEqual(generated_json["test"][0], 0.0)
+
+    def test_array_with_complex_object(self):
+        # Prepare
+        original_json_schema = '{"test": {"Type": "array","ArrayItemSchema": {"nested1": {"Title": null,"Type": "string","Format": null,"Example": "example"},"nested2": {"Title": null,"Type": "integer","Format": null,"Example": null}}}}'
+        loaded_json_schema = json.loads(original_json_schema)
+
+        # Action
+        generated_json = generate_json_dict_from_schema(loaded_json_schema)
+
+        # Assert
+        self.assertTrue("test" in generated_json)
+        self.assertTrue(isinstance(generated_json["test"], list))
+        self.assertTrue(isinstance(generated_json["test"][0], dict))
+        self.assertTrue("nested1" in generated_json["test"][0])
+        self.assertTrue("nested2" in generated_json["test"][0])
+        self.assertEqual(generated_json["test"][0]["nested1"], "example")
+        self.assertEqual(generated_json["test"][0]["nested2"], 0)
+
+
+if __name__ == '__main__':
+    unittest.main()
--- a/fuzzer/unit_tests/request_build_helper_tests.py
+++ b/fuzzer/unit_tests/request_build_helper_tests.py
@@ -0,0 +1,100 @@
+import unittest
+from request_build_helper import RequestBuildHelper
+from boofuzz import *
+from configuration_manager import ConfigurationManager
+
+
+class RequestBuilderHelperTests(unittest.TestCase):
+    def setUp(self):
+        # Just init block for boofuzz
+        s_initialize(self.id())
+
+        ConfigurationManager.config = []
+
+    def test_generate_simple_uri_without_parameters(self):
+        uri_parameters = []
+        base_uri = '/api/endpoint'
+
+        RequestBuildHelper.generate_uri(base_uri, uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual(base_uri, uri)
+
+    def test_generate_uri_path_parameter_without_documentation(self):
+        uri_parameters = []
+
+        RequestBuildHelper.generate_uri('/api/endpoint/{id}', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint/attribute', uri)
+
+    def test_generate_uri_path_parameter_with_fixed_config_value(self):
+        uri_parameters = []
+        ConfigurationManager.config = {
+            "fixed_url_attributes": {
+                "id": "20"
+            }
+        }
+
+        RequestBuildHelper.generate_uri('/api/endpoint/{id}', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint/20', uri)
+
+    def test_generate_uri_path_parameter_with_documented_example(self):
+        uri_parameters = [{'Name': 'id', 'Required': True, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Path'}]
+
+        RequestBuildHelper.generate_uri('/api/endpoint/{id}', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint/1', uri)
+
+    def test_generate_uri_single_query_parameter_with_documented_example(self):
+        uri_parameters = [{'Name': 'id', 'Required': True, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Query'}]
+
+        RequestBuildHelper.generate_uri('/api/endpoint', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint?id=1', uri)
+
+    def test_generate_uri_single_query_parameter_with_multiple_documented_examples(self):
+        uri_parameters = [
+            {'Name': 'id', 'Required': True, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Query'},
+            {'Name': 'attr', 'Required': True, 'ExampleValue': '2', 'Type': 'string', 'Format': None, 'Location': 'Query'}
+        ]
+
+        RequestBuildHelper.generate_uri('/api/endpoint', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint?id=1&attr=2', uri)
+
+    def test_generate_uri_single_non_required_query_parameter_is_not_in_uri(self):
+        ConfigurationManager.config = {
+            "are_non_required_attributes_in_requests": False
+        }
+
+        uri_parameters = [
+            {'Name': 'id', 'Required': False, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Query'},
+        ]
+
+        RequestBuildHelper.generate_uri('/api/endpoint', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint', uri)
+
+    def test_generate_uri_combined_parameters(self):
+        ConfigurationManager.config = {
+            "fixed_url_attributes": {
+                "attr2": "20"
+            }
+        }
+        uri_parameters = [
+            {'Name': 'id', 'Required': True, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Path'},
+            {'Name': 'attr1', 'Required': True, 'ExampleValue': '2', 'Type': 'string', 'Format': None, 'Location': 'Query'},
+            {'Name': 'attr2', 'Required': True, 'ExampleValue': '3', 'Type': 'integer', 'Format': 'int32', 'Location': 'Query'}
+        ]
+
+        RequestBuildHelper.generate_uri('/api/endpoint/{id}', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint/1?attr1=2&attr2=20', uri)