Adds details of User defined test
Updating the doc with details of the user defined test which gives the user the ability to fuzz using user defined fuzz data and optional failure strings as provided by the user. Fixes simple RST error. Change-Id: I1898d3a408686d9b271b2558a987826214ddce12
This commit is contained in:
parent
9816f6ed9f
commit
6bf76ac1fb
16
README.rst
16
README.rst
|
@ -86,6 +86,7 @@ A short list of tests that can be run using syntribos is given below:
|
|||
* Cross Site Scripting ( XSS )
|
||||
* Regex Denial of Service (ReDoS)
|
||||
* JSON Parser Depth Limit
|
||||
* User Defined
|
||||
|
||||
Buffer Overflow
|
||||
---------------
|
||||
|
@ -186,6 +187,19 @@ resulting in a successful overflow of the JSON parsers depth limit, leading
|
|||
to a DoS vulnerability. Syntribos tries to check for this, and raises an issue
|
||||
if the parser crashes.
|
||||
|
||||
User defined Test
|
||||
-----------------
|
||||
|
||||
This test gives users the ability to fuzz using user defined fuzz data and
|
||||
provides an option to look for failure strings provided by the user. The fuzz
|
||||
data needs to be provided using the config option :option:`[user_defined]`.
|
||||
|
||||
Example::
|
||||
|
||||
[user_defined]
|
||||
payload=<payload_file>
|
||||
failure_strings=<[list_of_failure_strings] # optional
|
||||
|
||||
.. _buffer overflow attacks: https://en.wikipedia.org/wiki/Buffer_overflow
|
||||
.. _Command injection attacks: https://www.owasp.org/index.php/Command_Injection
|
||||
.. _CORS wildcard test: https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_(OTG-CLIENT-007)
|
||||
|
@ -197,6 +211,7 @@ if the parser crashes.
|
|||
.. _ReDoS: https://en.wikipedia.org/wiki/ReDoS
|
||||
|
||||
**Details**
|
||||
|
||||
* `Documentation`_
|
||||
* Free software: `Apache license`_
|
||||
* `Launchpad project`_
|
||||
|
@ -204,6 +219,7 @@ if the parser crashes.
|
|||
* `Bugs`_
|
||||
* `Source code`_
|
||||
|
||||
|
||||
Supported Operating Systems
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
|
@ -61,6 +61,7 @@ A short list of tests that can be run using syntribos is given below:
|
|||
* Cross Site Scripting ( XSS )
|
||||
* Regex Denial of Service (ReDoS)
|
||||
* JSON Parser Depth Limit
|
||||
* User Defined
|
||||
|
||||
Buffer Overflow
|
||||
---------------
|
||||
|
@ -161,6 +162,19 @@ resulting in a successful overflow of the JSON parsers depth limit, leading
|
|||
to a DoS vulnerability. Syntribos tries to check for this, and raises an issue
|
||||
if the parser crashes.
|
||||
|
||||
User defined Test
|
||||
-----------------
|
||||
|
||||
This test gives users the ability to fuzz using user defined fuzz data and
|
||||
provides an option to look for failure strings provided by the user. The fuzz
|
||||
data needs to be provided using the config option :option:`[user_defined]`.
|
||||
|
||||
Example::
|
||||
|
||||
[user_defined]
|
||||
payload=<payload_file>
|
||||
failure_strings=<[list_of_failure_strings] # optional
|
||||
|
||||
.. _buffer overflow attacks: https://en.wikipedia.org/wiki/Buffer_overflow
|
||||
.. _Command injection attacks: https://www.owasp.org/index.php/Command_Injection
|
||||
.. _CORS wildcard test: https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_(OTG-CLIENT-007)
|
||||
|
@ -172,6 +186,7 @@ if the parser crashes.
|
|||
.. _ReDoS: https://en.wikipedia.org/wiki/ReDoS
|
||||
|
||||
**Details**
|
||||
|
||||
* `Documentation`_
|
||||
* Free software: `Apache license`_
|
||||
* `Launchpad project`_
|
||||
|
@ -179,6 +194,7 @@ if the parser crashes.
|
|||
* `Bugs`_
|
||||
* `Source code`_
|
||||
|
||||
|
||||
Supported Operating Systems
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
|
Loading…
Reference in New Issue