Comments (4)
break
will only exit the immediate loop, not the whole generator function. Example:
>>> def f():
... i = 0
... while True:
... yield i
... i = i + 1
... if i > 2:
... break
... while True:
... yield i
... i = i - 1
... if i < 0:
... break
...
>>> list(f())
[0, 1, 2, 3, 2, 1, 0]
As for the _fuzz_case_iterator
function, the code should proceed to the for loop that follows:
while self.fuzz_node.mutate():
self.total_mutant_index += 1
yield (edge, path)
if self._skip_after_cur_test_case:
self._skip_after_cur_test_case = False
break
self.fuzz_node.reset()
# recursively fuzz the remainder of the nodes in the session graph.
for x in self._fuzz_case_iterator(self.fuzz_node, path):
yield x
If it's not proceeding, something else might be going on. Can you share enough sample code and output to demonstrate the issue?
from boofuzz.
I am aware of this behaviour. I think this makes it clearer:
from boofuzz import *
from boofuzz import pedrpc
from boofuzz import instrumentation
s_initialize("test")
s_static("sometest")
s_byte(1, name="byte_1")
s_byte(2, name="byte_2")
sess = sessions.Session()
sc = SocketConnection(host='localhost', port=80, timeout=1)
target = sessions.Target(sc)
target.procmon = instrumentation.External(
post=lambda: False, # target crashed
start=lambda: True # restart succeeded
)
sess.add_target(target)
sess.connect(s_get("test"))
sess.fuzz()
What I expected to happen was that boofuzz fuzzes byte_1 three times (default crash_threshold) and then continues with byte_2. This code causes boofuzz to abort fuzzing after byte_1 causes 3 crashes.
The second for loop yields the next node in the graph (i.e. another Request
object). In order for this to work as I expected, I would need to use the following code:
s_initialize("test")
s_static("sometest")
s_initialize("test_byte_1")
s_byte(1, name="byte_1")
s_initialize("test_byte_2")
s_byte(2, name="byte_2")
...
sess.connect(s_get("test_byte_1"), s_get("test_byte_2"))
sess.connect(s_get("test"), s_get("test_byte_1"))
sess.connect(s_get("test"))
I guess constructing a definition of a bigger protocol this way could be rather tedious.
While debugging this issue I also realized that the Request
class does not inherit from pgraph.Node
. Since Request
objects are used in graphs I guess that should be the case?
Also pgraph.Graph.render_graph_gml
does not work. This seems to fix it:
# add the nodes to the GML definition.
for node in self.nodes.values():
- gml += node.render_node_gml(self)
+ gml += node.render_node_gml()
# add the edges to the GML definition.
for edge in self.edges.values():
from boofuzz.
Thanks a bunch for the clarification! Every s_initialize
delimits a separate message. So the current implementation of crash_threshold
is on a by-message instead of by-element basis. I'll call this a feature request to be able to specify a by-element crash threshold.
from boofuzz.
I also find this situation..
from boofuzz.
Related Issues (20)
- Logs to a txt or csv file missed some line for the last Test case HOT 3
- Problem with web interface (port: 26000) HOT 8
- Mirror primitive always returns the default value of the target primitive HOT 2
- How to use s_from_file()?It will cause some errors HOT 2
- How can I run boofuzz with 0.0.0.0 host IP HOT 2
- `Session.fuzz()` options to minimize redundant testcases HOT 3
- No boo utility HOT 2
- boofuzz/sessions.py is too long and complicated, let's fix that. HOT 8
- Session.fuzz_by_name is deprecated in favor of Session.fuzz(name=name). HOT 1
- "Aligned" definition function's implementation is incorrect,modify the encode method HOT 3
- Replace deprecated PyDbg library with a Python 3-based debugger
- http with multi-connect :session.connect(s.get"xxx") HOT 11
- Block "dep_value" Request is type bytes HOT 1
- usage for s_bits() HOT 4
- Test failure HOT 3
- ChildProcessError: [Errno 10] No child processes and module 'os' has no attribute 'WCOREDUMP' HOT 4
- The callback can not capture response when fuzzing http , because the boofuzz send tcp-fin before response . HOT 5
- Potential bug fix in session.py
- Group primitive: Value of default_value cannot be used in fuzzing HOT 1
- AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boofuzz.