From 6de5c5984d44ea72548fd5fd4f1f94abf6145c93 Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Mon, 23 Mar 2020 22:15:48 -0300 Subject: [PATCH] Adds some operators to the fuzzing tests --- test/fuzzer/afl_fuzzer.cc | 88 ++++++++++++++++++++------------------- 1 file changed, 45 insertions(+), 43 deletions(-) diff --git a/test/fuzzer/afl_fuzzer.cc b/test/fuzzer/afl_fuzzer.cc index 16369f66..fc12f5e1 100644 --- a/test/fuzzer/afl_fuzzer.cc +++ b/test/fuzzer/afl_fuzzer.cc @@ -118,6 +118,12 @@ using namespace modsecurity; #include #include +inline void op_test(const std::string &opName, std::string &s) { + Operator *op = Operator::instantiate(opName, ""); + op->init("", nullptr); + op->evaluate(nullptr, nullptr, s, nullptr); + delete op; +} int main(int argc, char** argv) { uint8_t buf[128]; @@ -186,56 +192,52 @@ UrlEncode *urlencode = new UrlEncode("UrlEncode"); urlencode->evaluate(s, NULL); Utf8ToUnicode *utf8tounicode = new Utf8ToUnicode("Utf8ToUnicode"); utf8tounicode->evaluate(s, NULL); delete utf8tounicode; - /** * Operators, generated by: * * for i in $(grep "class " -Ri src/operators/* | grep " :" | awk {'print $2'}); do echo $i *$(echo $i | awk '{print tolower($0)}') = new $i\(\"$i\", z, false\)\; $(echo $i | awk '{print tolower($0)}')-\>evaluate\(t, s\)\; delete $(echo $i | awk '{print tolower($0)}')\;; done; * */ -#if 0 -BeginsWith *beginswith = new BeginsWith("BeginsWith", z, false); beginswith->evaluate(t, s); delete beginswith; -Contains *contains = new Contains("Contains", z, false); contains->evaluate(t, s); delete contains; -ContainsWord *containsword = new ContainsWord("ContainsWord", z, false); containsword->evaluate(t, s); delete containsword; -DetectSQLi *detectsqli = new DetectSQLi("DetectSQLi", z, false); detectsqli->evaluate(t, s); delete detectsqli; -DetectXSS *detectxss = new DetectXSS("DetectXSS", z, false); detectxss->evaluate(t, s); delete detectxss; -EndsWith *endswith = new EndsWith("EndsWith", z, false); endswith->evaluate(t, s); delete endswith; -Eq *eq = new Eq("Eq", z, false); eq->evaluate(t, s); delete eq; -FuzzyHash *fuzzyhash = new FuzzyHash("FuzzyHash", z, false); fuzzyhash->evaluate(t, s); delete fuzzyhash; -Ge *ge = new Ge("Ge", z, false); ge->evaluate(t, s); delete ge; -GeoLookup *geolookup = new GeoLookup("GeoLookup", z, false); geolookup->evaluate(t, s); delete geolookup; -GsbLookup *gsblookup = new GsbLookup("GsbLookup", z, false); gsblookup->evaluate(t, s); delete gsblookup; -Gt *gt = new Gt("Gt", z, false); gt->evaluate(t, s); delete gt; -InspectFile *inspectfile = new InspectFile("InspectFile", z, false); inspectfile->evaluate(t, s); delete inspectfile; -IpMatchF *ipmatchf = new IpMatchF("IpMatchF", z, false); ipmatchf->evaluate(t, s); delete ipmatchf; -IpMatchFromFile *ipmatchfromfile = new IpMatchFromFile("IpMatchFromFile", z, false); ipmatchfromfile->evaluate(t, s); delete ipmatchfromfile; -IpMatch *ipmatch = new IpMatch("IpMatch", z, false); ipmatch->evaluate(t, s); delete ipmatch; -Le *le = new Le("Le", z, false); le->evaluate(t, s); delete le; -Lt *lt = new Lt("Lt", z, false); lt->evaluate(t, s); delete lt; -NoMatch *nomatch = new NoMatch("NoMatch", z, false); nomatch->evaluate(t, s); delete nomatch; -PmF *pmf = new PmF("PmF", z, false); pmf->evaluate(t, s); delete pmf; -PmFromFile *pmfromfile = new PmFromFile("PmFromFile", z, false); pmfromfile->evaluate(t, s); delete pmfromfile; -Pm *pm = new Pm("Pm", z, false); pm->evaluate(t, s); delete pm; -// Rbl test is too slow to be tested here. -// Rbl *rbl = new Rbl("Rbl", z, false); rbl->evaluate(t, s); delete rbl; -Rsub *rsub = new Rsub("Rsub", z, false); rsub->evaluate(t, s); delete rsub; -Rx *rx = new Rx("Rx", z, false); rx->evaluate(t, s); delete rx; +op_test("BeginsWith", s); +op_test("Contains", s); +op_test("ContainsWord", s); +op_test("DetectSQLi", s); +op_test("DetectXSS", s); +op_test("EndsWith", s); +op_test("Eq", s); +//op_test("FuzzyHash", s); +op_test("Ge", s); +//op_test("GeoLookup", s); +//op_test("GsbLookup", s); +op_test("Gt", s); +//op_test("InspectFile", s); +//op_test("IpMatchF", s); +//op_test("IpMatchFromFile", s); +op_test("IpMatch", s); +op_test("Le", s); +op_test("Lt", s); +op_test("NoMatch", s); +//op_test("PmF", s); +//op_test("PmFromFile", s); +op_test("Pm", s); +op_test("Rbl", s); +op_test("Rsub", s); +op_test("Rx", s); +op_test("StrEq", s); +op_test("StrMatch", s); +op_test("UnconditionalMatch", s); +//op_test("ValidateByteRange", s); +//op_test("ValidateDTD", s); +//op_test("ValidateHash", s); +//op_test("ValidateSchema", s); +//op_test("ValidateUrlEncoding", s); +op_test("ValidateUtf8Encoding", s); +op_test("VerifyCC", s); +op_test("VerifyCPF", s); +op_test("VerifySSN", s); +op_test("VerifySVNR", s); +op_test("Within", s); -StrEq *streq = new StrEq("StrEq", z, false); streq->evaluate(t, s); delete streq; - -StrMatch *strmatch = new StrMatch("StrMatch", z, false); strmatch->evaluate(t, s); delete strmatch; -UnconditionalMatch *unconditionalmatch = new UnconditionalMatch("UnconditionalMatch", z, false); unconditionalmatch->evaluate(t, s); delete unconditionalmatch; -ValidateByteRange *validatebyterange = new ValidateByteRange("ValidateByteRange", z, false); validatebyterange->evaluate(t, s); delete validatebyterange; -ValidateDTD *validatedtd = new ValidateDTD("ValidateDTD", z, false); validatedtd->evaluate(t, s); delete validatedtd; -ValidateHash *validatehash = new ValidateHash("ValidateHash", z, false); validatehash->evaluate(t, s); delete validatehash; -ValidateSchema *validateschema = new ValidateSchema("ValidateSchema", z, false); validateschema->evaluate(t, s); delete validateschema; -ValidateUrlEncoding *validateurlencoding = new ValidateUrlEncoding("ValidateUrlEncoding", z, false); validateurlencoding->evaluate(t, s); delete validateurlencoding; -ValidateUtf8Encoding *validateutf8encoding = new ValidateUtf8Encoding("ValidateUtf8Encoding", z, false); validateutf8encoding->evaluate(t, s); delete validateutf8encoding; -VerifyCC *verifycc = new VerifyCC("VerifyCC", z, false); verifycc->evaluate(t, s); delete verifycc; -VerifyCPF *verifycpf = new VerifyCPF("VerifyCPF", z, false); verifycpf->evaluate(t, s); delete verifycpf; -VerifySSN *verifyssn = new VerifySSN("VerifySSN", z, false); verifyssn->evaluate(t, s); delete verifyssn; -Within *within = new Within("Within", z, false); within->evaluate(t, s); delete within; -#endif /** * ModSec API