Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
"""
self.server_init()
try:
for fuzz_args in fuzz_case_iterator:
self._check_message(*fuzz_args)
except KeyboardInterrupt:
# TODO: should wait for the end of the ongoing test case, and stop gracefully netmon and procmon
self.export_file()
self._fuzz_data_logger.log_error("SIGINT received ... exiting")
raise
except exception.BoofuzzRestartFailedError:
self._fuzz_data_logger.log_error("Restarting the target failed, exiting.")
self.export_file()
raise
except exception.BoofuzzTargetConnectionFailedError:
# exception should have already been handled but rethrown in order to escape test run
pass
except Exception:
self._fuzz_data_logger.log_error("Unexpected exception! {0}".format(traceback.format_exc()))
self.export_file()
raise
"""
self.server_init()
try:
for fuzz_args in fuzz_case_iterator:
self._check_message(*fuzz_args)
except KeyboardInterrupt:
# TODO: should wait for the end of the ongoing test case, and stop gracefully netmon and procmon
self.export_file()
self._fuzz_data_logger.log_error("SIGINT received ... exiting")
raise
except exception.BoofuzzRestartFailedError:
self._fuzz_data_logger.log_error("Restarting the target failed, exiting.")
self.export_file()
raise
except exception.BoofuzzTargetConnectionFailedError:
# exception should have already been handled but rethrown in order to escape test run
pass
except Exception:
self._fuzz_data_logger.log_error("Unexpected exception! {0}".format(traceback.format_exc()))
self.export_file()
raise
udp_broadcast (bool): Set to True to enable UDP broadcast. Must supply appropriate broadcast address for send()
to work, and '' for bind host for recv() to work.
server (bool): Set to True to enable server side fuzzing.
sslcontext (ssl.SSLContext): Python SSL context to be used. Required if server=True or server_hostname=None.
server_hostname (string): server_hostname, required for verifying identity of remote SSL/TLS server.
"""
warnings.warn(
"SocketConnection is deprecated and will be removed in a future version of Boofuzz. "
"Use the classes derived from BaseSocketConnection instead.",
DeprecationWarning,
)
if proto not in _PROTOCOLS:
raise exception.SullyRuntimeError("INVALID PROTOCOL SPECIFIED: %s" % proto)
if proto in _PROTOCOLS_PORT_REQUIRED and port is None:
raise ValueError("__init__() argument port required for protocol {0}".format(proto))
if proto == "udp":
return udp_socket_connection.UDPSocketConnection(
host, port, send_timeout, recv_timeout, server, bind, udp_broadcast
)
elif proto == "tcp":
return tcp_socket_connection.TCPSocketConnection(host, port, send_timeout, recv_timeout, server)
elif proto == "ssl":
return ssl_socket_connection.SSLSocketConnection(
host, port, send_timeout, recv_timeout, server, sslcontext, server_hostname
)
elif proto == "raw-l2":
return raw_l2_socket_connection.RawL2SocketConnection(host, send_timeout, recv_timeout)
def _open_connection_keep_trying(self, target):
""" Open connection and if it fails, keep retrying.
Args:
target (Target): Target to open.
"""
if not self._reuse_target_connection:
out_of_available_sockets_count = 0
while True:
try:
target.open()
break # break if no exception
except exception.BoofuzzTargetConnectionFailedError:
self._fuzz_data_logger.log_info(constants.WARN_CONN_FAILED_TERMINAL)
self._restart_target(target)
except exception.BoofuzzOutOfAvailableSockets:
out_of_available_sockets_count += 1
if out_of_available_sockets_count == 50:
raise exception.BoofuzzError("There are no available sockets. Ending fuzzing.")
self._fuzz_data_logger.log_info("There are no available sockets. Waiting for another 5 seconds.")
time.sleep(5)
def _iterate_protocol(self):
"""
Iterates over fuzz cases and mutates appropriately.
On each iteration, one may call fuzz_current_case to do the
actual fuzzing.
:raise sex.SullyRuntimeError:
"""
# we can't fuzz if we don't have at least one target and one request.
if not self.targets:
raise exception.SullyRuntimeError("No targets specified in session")
if not self.edges_from(self.root.id):
raise exception.SullyRuntimeError("No requests specified in session")
self._reset_fuzz_state()
for x in self._iterate_protocol_recursive(this_node=self.root, path=[]):
yield x
# Edge cases and a couple arbitrary strings (all 1s, all Es)
self._fuzz_library = [
"\x00" * self._length,
"\x11" * self._length,
"\xEE" * self._length,
"\xFF" * self._length,
"\xFF" * (self._length - 1) + "\xFE",
"\x00" * (self._length - 1) + "\x01",
]
if self._algorithm == "udp":
if not self._ipv4_src_block_name:
raise exception.SullyRuntimeError("'udp' checksum algorithm requires ipv4_src_block_name")
if not self._ipv4_dst_block_name:
raise exception.SullyRuntimeError("'udp' checksum algorithm requires ipv4_dst_block_name")
self._rendered = self._get_dummy_value()
# Set the recursion flag before calling a method that may cause a recursive loop.
self._recursion_flag = False
# create a root node. we do this because we need to start fuzzing from a single point and the user may want
# to specify a number of initial requests.
self.root = pgraph.Node()
self.root.name = "__ROOT_NODE__"
self.root.label = self.root.name
self.last_recv = None
self.last_send = None
self.add_node(self.root)
if target is not None:
target.procmon_options["crash_filename"] = self._crash_filename
try:
self.add_target(target=target)
except exception.BoofuzzRpcError as e:
self._fuzz_data_logger.log_error(str(e))
raise
def __init__(self, name, request, value, options=None):
if not options:
options = {}
super(String, self).__init__(name, request)
self.value = value
self.options = options
self.prefix = options.get("prefix", b"\x04")
if not self.value:
raise exception.SullyRuntimeError("MISSING LEGO.ber_string DEFAULT VALUE")
str_block = blocks.Block(name + "_STR", request)
str_block.push(primitives.String(self.value))
self.push(blocks.Size(name + "_STR", request, endian=BIG_ENDIAN, fuzzable=True))
self.push(str_block)
def get_test_case_data(self, index):
c = self._db_cursor
try:
test_case_row = next(c.execute("""SELECT * FROM cases WHERE number=?""", [index]))
except StopIteration:
raise exception.BoofuzzNoSuchTestCase()
rows = c.execute("""SELECT * FROM steps WHERE test_case_index=?""", [index])
steps = []
for row in rows:
data = row[3]
# Little hack since BLOB becomes type buffer in py2 and bytes in py3
# At the end, data will be equivalent types: bytes in py3 and str in py2
try:
if isinstance(data, buffer):
data = str(data)
except NameError as e:
if "buffer" in str(e): # buffer type does not exist in py3
pass
else:
raise
steps.append(