Comments (4)
jtpereyda
commented on July 20, 2024
break will only exit the immediate loop, not the whole generator function. Example:
>>> def f():
... i = 0
... while True:
... yield i
... i = i + 1
... if i > 2:
... break
... while True:
... yield i
... i = i - 1
... if i < 0:
... break
...
>>> list(f())
[0, 1, 2, 3, 2, 1, 0]As for the _fuzz_case_iterator function, the code should proceed to the for loop that follows:
while self.fuzz_node.mutate():
self.total_mutant_index += 1
yield (edge, path)
if self._skip_after_cur_test_case:
self._skip_after_cur_test_case = False
break
self.fuzz_node.reset()
# recursively fuzz the remainder of the nodes in the session graph.
for x in self._fuzz_case_iterator(self.fuzz_node, path):
yield xIf it's not proceeding, something else might be going on. Can you share enough sample code and output to demonstrate the issue?
from boofuzz.
ettisan
commented on July 20, 2024
I am aware of this behaviour. I think this makes it clearer:
from boofuzz import *
from boofuzz import pedrpc
from boofuzz import instrumentation
s_initialize("test")
s_static("sometest")
s_byte(1, name="byte_1")
s_byte(2, name="byte_2")
sess = sessions.Session()
sc = SocketConnection(host='localhost', port=80, timeout=1)
target = sessions.Target(sc)
target.procmon = instrumentation.External(
post=lambda: False, # target crashed
start=lambda: True # restart succeeded
)
sess.add_target(target)
sess.connect(s_get("test"))
sess.fuzz()What I expected to happen was that boofuzz fuzzes byte_1 three times (default crash_threshold) and then continues with byte_2. This code causes boofuzz to abort fuzzing after byte_1 causes 3 crashes.
The second for loop yields the next node in the graph (i.e. another Request object). In order for this to work as I expected, I would need to use the following code:
s_initialize("test")
s_static("sometest")
s_initialize("test_byte_1")
s_byte(1, name="byte_1")
s_initialize("test_byte_2")
s_byte(2, name="byte_2")...
sess.connect(s_get("test_byte_1"), s_get("test_byte_2"))
sess.connect(s_get("test"), s_get("test_byte_1"))
sess.connect(s_get("test"))I guess constructing a definition of a bigger protocol this way could be rather tedious.
While debugging this issue I also realized that the Request class does not inherit from pgraph.Node. Since Request objects are used in graphs I guess that should be the case?
Also pgraph.Graph.render_graph_gml does not work. This seems to fix it:
# add the nodes to the GML definition.
for node in self.nodes.values():
- gml += node.render_node_gml(self)
+ gml += node.render_node_gml()
# add the edges to the GML definition.
for edge in self.edges.values():from boofuzz.
jtpereyda
commented on July 20, 2024
Thanks a bunch for the clarification! Every s_initialize delimits a separate message. So the current implementation of crash_threshold is on a by-message instead of by-element basis. I'll call this a feature request to be able to specify a by-element crash threshold.
from boofuzz.
xclonger
commented on July 20, 2024
I also find this situation..
from boofuzz.
Related Issues (20)
- Logs to a txt or csv file missed some line for the last Test case HOT 3
- Problem with web interface (port: 26000) HOT 8
- Mirror primitive always returns the default value of the target primitive HOT 2
- How to use s_from_file()?It will cause some errors HOT 2
- How can I run boofuzz with 0.0.0.0 host IP HOT 2
- `Session.fuzz()` options to minimize redundant testcases HOT 3
- No boo utility HOT 2
- boofuzz/sessions.py is too long and complicated, let's fix that. HOT 8
- Session.fuzz_by_name is deprecated in favor of Session.fuzz(name=name). HOT 1
- "Aligned" definition function's implementation is incorrect,modify the encode method HOT 3
- Replace deprecated PyDbg library with a Python 3-based debugger
- http with multi-connect :session.connect(s.get"xxx") HOT 11
- Block "dep_value" Request is type bytes HOT 1
- usage for s_bits() HOT 4
- Test failure HOT 3
- ChildProcessError: [Errno 10] No child processes and module 'os' has no attribute 'WCOREDUMP' HOT 4
- The callback can not capture response when fuzzing http , because the boofuzz send tcp-fin before response . HOT 5
- Potential bug fix in session.py
- Group primitive: Value of default_value cannot be used in fuzzing HOT 1
- AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boofuzz.