From d83ba3ba2ee7a497da8ab553d7c3410759978557 Mon Sep 17 00:00:00 2001 From: Rahul U Nair Date: Wed, 18 May 2016 10:37:21 -0500 Subject: [PATCH] Added String Validation Checks This test include checks for unicode validation issues, null character string issues and a few other possible string validation issues. Change-Id: I64295cf419bfe1e2a9117324b09d38e16fe5b13f --- data/string_validation.txt | 12 ++++++++ syntribos/tests/fuzz/string_validation.py | 37 +++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 data/string_validation.txt create mode 100644 syntribos/tests/fuzz/string_validation.py diff --git a/data/string_validation.txt b/data/string_validation.txt new file mode 100644 index 00000000..3e816ee0 --- /dev/null +++ b/data/string_validation.txt @@ -0,0 +1,12 @@ +\x00 +\\00 +\x80\xff +%uf%80%ff%xx%uffff +\u1111\uffff +\u2018 +\u201c +%2e%2e%2f +..%c0%af +%5c +..%255c..%255c..%255c +*!@#$^&()[]{}|.,"\'/''" diff --git a/syntribos/tests/fuzz/string_validation.py b/syntribos/tests/fuzz/string_validation.py new file mode 100644 index 00000000..0474e6bc --- /dev/null +++ b/syntribos/tests/fuzz/string_validation.py @@ -0,0 +1,37 @@ +# Copyright 2016 Intel +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from syntribos.tests.fuzz import base_fuzz + + +class StringValidationBody(base_fuzz.BaseFuzzTestCase): + test_name = "STRING_VALIDATION_VULNERABILITY_BODY" + test_type = "data" + data_key = "string_validation.txt" + + +class StringValidationParams(StringValidationBody): + test_name = "STRING_VALIDATION_VULNERABILITY_PARAMS" + test_type = "params" + + +class StringValidationHeaders(StringValidationBody): + test_name = "STRING_VALIDATION_VULNERABILITY_HEADERS" + test_type = "headers" + + +class StringValidationURL(StringValidationBody): + test_name = "STRING_VALIDATION_VULNERABILITY_URL" + test_type = "url" + url_var = "FUZZ"