From c13d23ae9bcc1ea41260b38ee6c3ba80455d6b0a Mon Sep 17 00:00:00 2001 From: Nathan Buckner Date: Mon, 13 Jul 2015 01:35:32 -0500 Subject: [PATCH] update --- scripts/syntribos-completion | 5 +- syntribos/arguments.py | 64 +++++++++++++++++ syntribos/runner.py | 90 +++++++----------------- syntribos/tests/fuzz/integer_overflow.py | 23 ++++++ syntribos/tests/fuzz/ldap.py | 23 ++++++ 5 files changed, 137 insertions(+), 68 deletions(-) create mode 100644 syntribos/arguments.py create mode 100644 syntribos/tests/fuzz/integer_overflow.py create mode 100644 syntribos/tests/fuzz/ldap.py diff --git a/scripts/syntribos-completion b/scripts/syntribos-completion index 18b2a840..1ea634cf 100644 --- a/scripts/syntribos-completion +++ b/scripts/syntribos-completion @@ -10,10 +10,9 @@ _syntribos() elif [[ ${COMP_CWORD} == 2 ]]; then COMPREPLY=( $(compgen -o filenames -A file "$cur") ) elif [[ ${cur} == -* ]]; then - opts="--help --test-types --verbose" + opts="--help --test-types --verbose --dry-run" else - opts=$(python -c "from syntribos.runner import Runner;Runner.populate_tests();from syntribos.tests.base import test_table -for i in test_table.keys():print i" 2>/dev/null) + opts=$(python -c "from syntribos.runner import Runner;Runner.print_tests()" 2>/dev/null) fi if [[ ${COMP_CWORD} -ne 2 ]]; then diff --git a/syntribos/arguments.py b/syntribos/arguments.py new file mode 100644 index 00000000..ac3f9c91 --- /dev/null +++ b/syntribos/arguments.py @@ -0,0 +1,64 @@ +import os +import sys +import argparse + +from cafe.drivers.unittest.arguments import ConfigAction + + +class InputType(object): + def __init__(self, mode, bufsize): + self._mode = mode + self._bufsize = bufsize + + def __call__(self, string): + if string == '-': + fp = sys.stdin + yield fp.name, fp.read() + elif os.path.isdir(string): + for path, _, files in os.walk(string): + for file_ in files: + file_path = os.path.join(path, file_) + fp = open(file_path, self._mode, self._bufsize) + yield file_, fp.read() + fp.close() + elif os.path.isfile(string): + try: + fp = open(string, self._mode, self._bufsize) + yield os.path.split(fp.name)[1], fp.read() + fp.close() + except Exception as e: + message = "can't open {}:{}" + raise Exception(message.format(string, e)) + else: + message = "can't open {} not a readable file or dir" + raise Exception(message.format(string)) + + +class SyntribosCLI(argparse.ArgumentParser): + def __init__(self, *args, **kwargs): + super(SyntribosCLI, self).__init__(*args, **kwargs) + self._add_args() + + def _add_args(self): + self.add_argument( + "config", metavar="", action=ConfigAction, + help="test config. Looks in the ~/.opencafe/configs directory" + "Example: compute/dev.environ") + + self.add_argument( + "input", metavar="", type=InputType('r', 0), + help="") + + self.add_argument( + "-t", "--test-types", metavar="TEST_TYPES", nargs="*", + default=[""], help="Test types to run against api") + + self.add_argument( + "-v", "--verbose", + action="store_true", + help="unittest verbose pass through") + + self.add_argument( + "--dry-run", + action="store_true", + help="Dry Run gets all test cases but does not run them") diff --git a/syntribos/runner.py b/syntribos/runner.py index 9f0f2764..be80b4f5 100644 --- a/syntribos/runner.py +++ b/syntribos/runner.py @@ -1,7 +1,6 @@ from __future__ import print_function from unittest.runner import _WritelnDecorator -import argparse import os import pkgutil import requests @@ -12,66 +11,12 @@ import unittest from cafe.common.reporting.cclogging import init_root_log_handler from cafe.configurator.managers import TestEnvManager from cafe.drivers.base import print_exception -from cafe.drivers.unittest.arguments import ConfigAction from cafe.drivers.unittest.suite import OpenCafeUnittestTestSuite as TestSuite from syntribos import tests from syntribos.tests.base import test_table from syntribos.config import MainConfig - - -class InputType(object): - def __init__(self, mode, bufsize): - self._mode = mode - self._bufsize = bufsize - - def __call__(self, string): - if string == '-': - fp = sys.stdin - yield fp.name, fp.read() - elif os.path.isdir(string): - for path, _, files in os.walk(string): - for file_ in files: - file_path = os.path.join(path, file_) - fp = open(file_path, self._mode, self._bufsize) - yield file_, fp.read() - fp.close() - elif os.path.isfile(string): - try: - fp = open(string, self._mode, self._bufsize) - yield os.path.split(fp.name)[1], fp.read() - fp.close() - except Exception as e: - message = "can't open {}:{}" - raise Exception(message.format(string, e)) - else: - message = "can't open {} not a readable file or dir" - raise Exception(message.format(string)) - - -class SyntribosCLI(argparse.ArgumentParser): - def __init__(self, *args, **kwargs): - super(SyntribosCLI, self).__init__(*args, **kwargs) - self._add_args() - - def _add_args(self): - self.add_argument( - "config", metavar="", action=ConfigAction, - help="test config. Looks in the ~/.opencafe/configs directory." - "Example: compute/dev.environ") - - self.add_argument( - "input", metavar="", type=InputType('r', 0), - help="") - - self.add_argument( - "-t", "--test-types", metavar="TEST_TYPES", nargs="*", - default=[""], help="Test types to run against api") - - self.add_argument( - "-v", "--verbose", - action="store_true", - help="unittest verbose pass through") +from syntribos.arguments import SyntribosCLI class Runner(object): @@ -85,6 +30,19 @@ class Runner(object): onerror=lambda x: None): __import__(modname, fromlist=[]) + @classmethod + def get_tests(cls, test_types=None): + cls.load_modules(tests) + test_types = test_types or [""] + for k, v in sorted(test_table.items()): + if any([True for t in test_types if t in k]): + yield k, v + + @classmethod + def print_tests(cls): + for name, test in cls.get_tests(): + print(name) + @staticmethod def print_symbol(): """ Syntribos radiation symbol """ @@ -135,28 +93,30 @@ class Runner(object): "", args.config, test_repo_package_name="os") test_env_manager.finalize() cls.set_env() - cls.print_log() init_root_log_handler() - cls.load_modules(tests) + + cls.print_log() result = unittest.TextTestResult( _WritelnDecorator(sys.stdout), True, 2 if args.verbose else 1) start_time = time.time() for file_path, req_str in args.input: - for test_name, test_class in test_table.items(): - if any([True for t in args.test_types if t in test_name]): - for test in test_class.get_test_cases( - file_path, req_str): - cls.run_test(test, result) + for test_name, test_class in cls.get_tests(args.test_types): + for test in test_class.get_test_cases(file_path, req_str): + cls.run_test(test, result, args.dry_run) cls.print_result(result, start_time) except KeyboardInterrupt: print_exception("Runner", "run", "Keyboard Interrupt, exiting...") exit(0) @classmethod - def run_test(cls, test, result): + def run_test(cls, test, result, dry_run=False): suite = TestSuite() suite.addTest(test("test_case")) - suite(result) + if dry_run: + for test in suite: + print(test) + else: + suite(result) @classmethod def set_env(cls): diff --git a/syntribos/tests/fuzz/integer_overflow.py b/syntribos/tests/fuzz/integer_overflow.py new file mode 100644 index 00000000..b53b8793 --- /dev/null +++ b/syntribos/tests/fuzz/integer_overflow.py @@ -0,0 +1,23 @@ +from syntribos.tests.fuzz import base_fuzz + + +class IntOverflowBody(base_fuzz.BaseFuzzTestCase): + test_name = "INT_OVERFLOW_BODY" + test_type = "data" + data_key = "integer-overflow.txt" + + +class IntOverflowParams(IntOverflowBody): + test_name = "INT_OVERFLOW_PARAMS" + test_type = "params" + + +class IntOverflowHeaders(IntOverflowBody): + test_name = "INT_OVERFLOW_HEADERS" + test_type = "headers" + + +class IntOverflowURL(IntOverflowBody): + test_name = "INT_OVERFLOW_URL" + test_type = "url" + url_var = "FUZZ" diff --git a/syntribos/tests/fuzz/ldap.py b/syntribos/tests/fuzz/ldap.py new file mode 100644 index 00000000..558751e6 --- /dev/null +++ b/syntribos/tests/fuzz/ldap.py @@ -0,0 +1,23 @@ +from syntribos.tests.fuzz import base_fuzz + + +class LDAPInjectionBody(base_fuzz.BaseFuzzTestCase): + test_name = "LDAP_INJECTION_BODY" + test_type = "data" + data_key = "ldap.txt" + + +class LDAPInjectionParams(LDAPInjectionBody): + test_name = "LDAP_INJECTION_PARAMS" + test_type = "params" + + +class LDAPInjectionHeaders(LDAPInjectionBody): + test_name = "LDAP_INJECTION_HEADERS" + test_type = "headers" + + +class LDAPInjectionURL(LDAPInjectionBody): + test_name = "LDAP_INJECTION_URL" + test_type = "url" + url_var = "FUZZ"