Comments (6)
SR4ven
commented on July 23, 2024
Good point @cq674350529.
The reason for this discrepancy in the args of the old and new format is that the static format s_* primitives don't take kwargs.
fuzz_values comes from Fuzzable which all primitives inherit from so it's not just a thing for String().
I'd say the new format is definitely preferable and it would make the API and code more clean if we'd remove the old static format. I think we've discussed this somewhere with @jtpereyda and it was found that backward compatibility is more important.
Maybe we could mark s_* blocks and primitives deprecated so that new users don't get tempted to use them?
In case we want to keep supporting s_* primitives, we could add *args and **kwargs. That should at least fix this specific issue.
from boofuzz.
cq674350529
commented on July 23, 2024
The reason for this discrepancy in the args of the old and new format is that the static format s_* primitives don't take kwargs.
fuzz_valuescomes fromFuzzablewhich all primitives inherit from so it's not just a thing forString().
Yes, that's the point. And as you mentioned, adding *args and **kwargs can resolve this. I'm just curious about this behaviour, and there might be some reasons behind it. Thanks for your detailed explanation. @SR4ven
One more thing, if using the former, one must specify name to each primitive manually, even if the name is empty or useless. Is it possible to change it into the Spike-style way?
hello = Request("hello", children=(
String("boofuzz", name="mark", max_len=0, fuzz_values=["boofuzz123","boofuzzaaa"])
))
from boofuzz.
SR4ven
commented on July 23, 2024
There's no need to set a name with the new format.
You can do something like this, which will generate the default name String1
String(default_value="boofuzz", max_len=0, fuzz_values=["boofuzz123", "boofuzzaaa"])from boofuzz.
cq674350529
commented on July 23, 2024
Yeah, actually I prefer the following:
String("boofuzz", max_len=0, fuzz_values=["boofuzz123", "boofuzzaaa"])When defining many primitives, less means faster and convenience, just my original opinion :)
from boofuzz.
SR4ven
commented on July 23, 2024
I think at some point we agreed to place the name argument first because every primitive and block has a name but not everyone has a default value. Not exactly sure though.
However, now it's too late to change the order. It would be a breaking change which we're trying to avoid.
But thanks for sharing your thoughts @cq674350529!
from boofuzz.
cq674350529
commented on July 23, 2024
Indeed a breaking change. Neverthelsess, it doesn't matter, maybe just my personal favor.
Thanks!
from boofuzz.
Related Issues (20)
- Logs to a txt or csv file missed some line for the last Test case HOT 3
- Problem with web interface (port: 26000) HOT 8
- Mirror primitive always returns the default value of the target primitive HOT 2
- How to use s_from_file()?It will cause some errors HOT 2
- How can I run boofuzz with 0.0.0.0 host IP HOT 2
- `Session.fuzz()` options to minimize redundant testcases HOT 3
- No boo utility HOT 2
- boofuzz/sessions.py is too long and complicated, let's fix that. HOT 8
- Session.fuzz_by_name is deprecated in favor of Session.fuzz(name=name). HOT 1
- "Aligned" definition function's implementation is incorrect,modify the encode method HOT 3
- Replace deprecated PyDbg library with a Python 3-based debugger
- http with multi-connect :session.connect(s.get"xxx") HOT 11
- Block "dep_value" Request is type bytes HOT 1
- usage for s_bits() HOT 4
- Test failure HOT 3
- ChildProcessError: [Errno 10] No child processes and module 'os' has no attribute 'WCOREDUMP' HOT 4
- The callback can not capture response when fuzzing http , because the boofuzz send tcp-fin before response . HOT 5
- Potential bug fix in session.py
- Group primitive: Value of default_value cannot be used in fuzzing HOT 1
- AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boofuzz.