public void MutationalEmptyTest()
{
var config = new MutationConfig();
var data = new byte[200];
for (byte x = 0; x < data.Length; x++)
{
data[x] = x;
}
// Without entry
using (var copy = new MemoryStream())
using (var stream = new FuzzingStream(config, data))
{
stream.CopyTo(copy, 64);
CollectionAssert.AreEqual(data, copy.ToArray());
}
// With entry
config.Mutations.Add(new MutationalEntry());
using (var copy = new MemoryStream())
using (var stream = new FuzzingStream(config, data))
{
stream.CopyTo(copy, 64);
CollectionAssert.AreEqual(data, copy.ToArray());
}
}
/// <summary>
/// Init for
/// </summary>
/// <param name="stream">Stream</param>
public void InitFor(FuzzingStream stream, int index)
{
step s = new step();
// Max changes
s.MaxChanges = MaxChanges.Get();
if (FuzzPercentType == EFuzzingPercentType.PeerStream)
{
// Fill indexes
long length = stream.Length;
for (long x = Math.Max(1, (long)((length * FuzzPercent.Get()) / 100.0)); x >= 0; x--)
{
ulong value;
do
{
value = Math.Min((ulong)length, ValidOffset.Get());
}while (!s.FuzzIndex.Contains(value));
s.FuzzIndex.Add(value);
}
}
stream.Variables["Config_" + index.ToString()] = s;
}
public void CleanTest()
{
var original = new byte[90];
byte[] fuzzed;
using (var mem = new MemoryStream())
using (var stream = new FuzzingStream(null, original))
{
Assert.AreEqual(stream.CanRead, mem.CanRead);
Assert.AreEqual(stream.CanWrite, mem.CanWrite);
Assert.AreEqual(stream.CanSeek, mem.CanSeek);
Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
Assert.AreEqual(stream.Length, original.Length);
Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout = 1);
Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);
stream.CopyTo(mem, 16);
fuzzed = mem.ToArray();
CollectionAssert.AreEqual(original, fuzzed);
}
}
/// <summary>
/// Init for
/// </summary>
/// <param name="stream">Stream</param>
internal void InitFor(FuzzingStream stream, int index)
{
var s = new Step
{
// Max changes
MaxChanges = MaxChanges == null ? 1 : Math.Max(1, (int)MaxChanges.Get())
};
if (FuzzPercentType == EFuzzingPercentType.PeerStream)
{
// Fill indexes
var length = stream.Length;
var changes = Math.Min(s.MaxChanges, (long)(length * (FuzzPercent == null ? 100D : FuzzPercent.Get()) / 100.0));
while (changes > s.FuzzIndex.Count)
{
long value;
do
{
value = RandomHelper.GetRandom(0, length);
}while (s.FuzzIndex.Contains(value) || ValidOffset?.ItsValid(value) == false);
s.FuzzIndex.Add(value);
}
s.FuzzIndex.Sort();
}
stream.Variables[index] = s;
}
/// <summary>
/// Get next mutation
/// </summary>
/// <param name="stream">Stream</param>
public PatchChange Get(FuzzingStream stream)
{
if (Mutations == null)
{
return(null);
}
long offset = stream.Position;
// Fuzzer
ulong x = 0;
foreach (MutationalOffset cond in Mutations)
{
if (!cond.ValidOffset.ItsValid((ulong)offset))
{
x++;
continue;
}
// Try change
MutationalChange change = cond.Get(stream, x);
if (change != null)
{
return(change.Process(offset));
}
x++;
}
return(null);
}
public void CurrentStreamTest()
{
var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[],\"Type\":\"Patch\"}");
var fuzzed = new byte[10];
var original = new byte[114];
original[0] = 0x01;
using (var mem = new MemoryStream())
using (var current = new MemoryStream())
using (var stream = new FuzzingStream(cfg, original, current))
{
Assert.AreEqual(0, current.Position);
Assert.AreEqual(0, current.Length);
var r = stream.Read(fuzzed, 0, 1);
Assert.AreEqual(0x01, fuzzed[0]);
Assert.AreEqual(1, current.Position);
Assert.AreEqual(1, current.Length);
stream.CopyTo(mem, 32);
fuzzed = mem.ToArray();
}
CollectionAssert.AreEqual(original.Skip(1).ToArray(), fuzzed);
}
/// <summary>
/// Get next mutation
/// </summary>
/// <param name="stream">Stream</param>
public override PatchChange Get(FuzzingStream stream)
{
if (Mutations == null)
{
return(null);
}
var offset = stream.Position;
// Fuzzer
int x = 0;
foreach (var cond in Mutations)
{
var change = cond.Get(stream, offset, x);
if (change != null)
{
return(change.Process(offset));
}
x++;
}
return(null);
}
/// <summary>
/// Get next mutation change (if happend)
/// </summary>
/// <param name="stream">Stream</param>
/// <param name="offset">Offset</param>
/// <param name="index">Index</param>
public MutationalChange Get(FuzzingStream stream, long offset, int index)
{
if (ValidOffset?.ItsValid(offset) == false)
{
return(null);
}
switch (FuzzPercentType)
{
case EFuzzingPercentType.PeerByte:
{
// Check Max changes
if (MaxChanges != null &&
stream.Log.Length >= MaxChanges.Get())
{
return(null);
}
// Check Percent
if (FuzzPercent != null)
{
var value = FuzzPercent.Get();
if (!RandomHelper.IsRandomPercentOk(value))
{
return(null);
}
}
// Get Item
return(Changes.Get());
}
case EFuzzingPercentType.PeerStream:
{
// Check Max changes
var s = (Step)stream.Variables[index];
if (stream.Log.Length >= s.MaxChanges)
{
return(null);
}
if (!s.FuzzIndex.Contains(offset))
{
return(null);
}
// Get Item
return(Changes.Get());
}
default:
{
throw new ArgumentException(nameof(FuzzPercentType));
}
}
}
/// <summary>
/// Search in socket variables
/// </summary>
/// <param name="socket">Socket</param>
IEnumerable <ILogFile> GetLogsEntry(TuringSocket socket)
{
if (socket != null)
{
foreach (string key in socket.Variables.Key)
{
object o = socket.Variables[key];
if (o == null)
{
continue;
}
FuzzingLogInfo cfg = null;
if (o is FuzzingStream)
{
FuzzingStream f = (FuzzingStream)o;
cfg = new FuzzingLogInfo(f);
}
else
{
if (o is FuzzingLogInfo)
{
cfg = (FuzzingLogInfo)o;
}
}
if (cfg != null)
{
string iz, dr;
StringHelper.SplitInTwo(key, "=", out iz, out dr);
// Save original input
if (cfg.OriginalData != null)
{
yield return(new MemoryLogFile(dr + "_" + HashHelper.SHA1(cfg.OriginalData) + ".dat", cfg.OriginalData));
}
if (!string.IsNullOrEmpty(cfg.Info))
{
// Save info
byte[] data = Encoding.UTF8.GetBytes(cfg.Info);
yield return(new MemoryLogFile(dr + "_" + HashHelper.SHA1(data) + ".txt", data));
}
if (cfg.Patch != null)
{
// Save patch
byte[] bjson = Encoding.UTF8.GetBytes(cfg.Patch.ToJson());
yield return(new MemoryLogFile(dr + "_" + HashHelper.SHA1(bjson) + ".fpatch", bjson));
}
}
}
}
}
public void DisposeTest()
{
var original = new byte[90];
var disposed = new Disposable();
using (var stream = new FuzzingStream(null, original))
{
stream.Variables.Add(0, disposed);
Assert.AreEqual(0, disposed.IsDisposed);
}
Assert.AreEqual(1, disposed.IsDisposed);
}
/// <summary>
/// Get fixed patch
/// </summary>
/// <param name="stream">Stream</param>
public PatchChange Get(FuzzingStream stream)
{
long offset = stream.Position;
foreach (PatchChange p in Changes)
{
if (p.Offset == offset)
{
return(p);
}
}
return(null);
}
/// <summary>
/// Get fixed patch
/// </summary>
/// <param name="stream">Stream</param>
public override PatchChange Get(FuzzingStream stream)
{
var offset = stream.Position;
foreach (var p in Changes)
{
if (p.Offset == offset)
{
return(p);
}
}
return(null);
}
/// <summary>
/// Init for
/// </summary>
/// <param name="stream">Stream</param>
public override void InitFor(FuzzingStream stream)
{
if (Mutations == null)
{
return;
}
int x = 0;
foreach (var cond in Mutations)
{
cond.InitFor(stream, x);
x++;
}
}
/// <summary>
/// Init for
/// </summary>
/// <param name="stream">Stream</param>
public void InitFor(FuzzingStream stream)
{
if (Mutations == null)
{
return;
}
int x = 0;
foreach (MutationalOffset cond in Mutations)
{
cond.InitFor(stream, x);
x++;
}
}
/// <summary>
/// Get next mutation change (if happend)
/// </summary>
/// <param name="stream">Stream</param>
/// <param name="index">Index</param>
public MutationalChange Get(FuzzingStream stream, ulong index)
{
// Check Max changes
step s = (step)stream.Variables["Config_" + index.ToString()];
if (stream.Log.Length >= s.MaxChanges)
{
return(null);
}
switch (FuzzPercentType)
{
case EFuzzingPercentType.PeerByte:
{
// Check Percent
double value = FuzzPercent.Get();
if (!RandomHelper.IsRandomPercentOk(value))
{
return(null);
}
// Get Item
return(RandomHelper.GetRandom(_Steps));
}
case EFuzzingPercentType.PeerStream:
{
if (!s.FuzzIndex.Contains(index))
{
return(null);
}
return(RandomHelper.GetRandom(_Steps));
}
}
return(null);
}
public override void InitFor(FuzzingStream stream)
{
}
public void InitFor(FuzzingStream stream)
{
}
void _Fuzzer_OnPercentFactor(FuzzingStream stream, ref double percentFactor)
{
// TODO: Extract percentage in secuence
//percentFactor = uPercentWave1.GetPercentFactor(stream);
}
private void Test(FuzzerConnectionBase serverConnection, FuzzerConnectionBase clientConnection)
{
Fuzzer.Client.ExecutionTimeOut = TimeSpan.FromMilliseconds(5_000);
using (var server = new FuzzerServer())
using (var client = new FuzzerClient())
{
// Change name
client.PublicName = "TestClient_" + Guid.NewGuid().ToString();
// Ensure no error
client.SendLog(null);
// Dummy input
var entryIBuffer = new byte[100];
RandomHelper.FillWithRandomBytes(entryIBuffer);
var entryI = new FuzzerStat <FuzzingInputBase>(new ManualFuzzingInput(entryIBuffer)
{
Description = "1"
});
server.Inputs.Add(entryI.Source.Id, entryI);
entryI = new FuzzerStat <FuzzingInputBase>(new RandomFuzzingInput(new FromToValue <long>(100, 200))
{
Description = "2"
});
server.Inputs.Add(entryI.Source.Id, entryI);
// Dummy configurations
var entryC = new FuzzerStat <FuzzingConfigBase>(new PatchConfig("1", new PatchChange("1", 1, 1, new byte[0])));
server.Configurations.Add(entryC.Source.Id, entryC);
entryC = new FuzzerStat <FuzzingConfigBase>(new PatchConfig("2", new PatchChange("2", 2, 2, new byte[0])));
server.Configurations.Add(entryC.Source.Id, entryC);
// Check server
CheckConfig(() => ((IRandomValue <FuzzingConfigBase>)server).Get(), server.Configurations.Select(u => u.Value.Source).ToArray());
CheckConfig(() => ((IRandomValue <FuzzingInputBase>)server).Get(), server.Inputs.Select(u => u.Value.Source).ToArray());
CheckConfig(() => server.GetConfig(), server.Configurations.Select(u => u.Value.Source).ToArray());
CheckConfig(() => server.GetInput(), server.Inputs.Select(u => u.Value.Source).ToArray());
// Start
Assert.IsFalse(server.IsStarted);
Assert.IsFalse(client.IsStarted);
if (serverConnection == null && clientConnection == null)
{
Assert.Catch <NullReferenceException>(() => server.Start(serverConnection));
Assert.Catch <NullReferenceException>(() => client.Start(clientConnection));
return;
}
else
{
if (serverConnection is TestDummyConnection && clientConnection is TestDummyConnection)
{
Assert.Catch <ArgumentException>(() => server.Start(serverConnection));
Assert.Catch <ArgumentException>(() => client.Start(clientConnection));
return;
}
}
var waitInput = new ManualResetEvent(false);
var waitConfigs = new ManualResetEvent(false);
var waitLog = new ManualResetEvent(false);
var waitLogError = new ManualResetEvent(false);
client.OnReceiveInputs += (s, e) => waitInput.Set();
client.OnReceiveConfigurations += (s, e) => waitConfigs.Set();
server.OnReceiveLog += (s, e) => (e.Any(u => u.Error != null) ? waitLogError : waitLog).Set();
server.Start(serverConnection);
Thread.Sleep(250); // Wait for server
client.Start(clientConnection);
Assert.IsTrue(server.IsStarted);
Assert.IsTrue(client.IsStarted);
// Already started
Assert.Catch <Exception>(() => server.Start(serverConnection));
Assert.Catch <Exception>(() => client.Start(clientConnection));
// Check client
Assert.IsTrue(waitConfigs.WaitOne(TimeSpan.FromSeconds(10)), "Waiting for configs");
Assert.IsTrue(waitInput.WaitOne(TimeSpan.FromSeconds(10)), "Waiting for inputs");
Assert.AreEqual(1, server.Connections.Count);
Assert.IsTrue(server.Connections.Values.FirstOrDefault()?.Source.Description.Contains(client.PublicName));
Assert.AreNotEqual(Guid.Empty, server.Connections.Values.FirstOrDefault()?.Source.Id);
Assert.AreNotEqual(Guid.Empty, server.Connections.Values.FirstOrDefault()?.Id);
var speedInit = server.Connections.Values.FirstOrDefault().Source.Speed;
CheckConfig(() => ((IRandomValue <FuzzingConfigBase>)client).Get(), server.Configurations.Select(u => u.Value.Source).ToArray());
CheckConfig(() => ((IRandomValue <FuzzingInputBase>)client).Get(), server.Inputs.Select(u => u.Value.Source).ToArray());
CheckConfig(() => client.GetConfig(), server.Configurations.Select(u => u.Value.Source).ToArray());
CheckConfig(() => client.GetInput(), server.Inputs.Select(u => u.Value.Source).ToArray());
// Send log
var cfg = client.GetConfig();
var input = client.GetInput();
var log = new FuzzerLog()
{
ConfigId = cfg.Id,
InputId = input.Id,
Coverage = 10,
};
var sIn = server.Inputs.Select(u => u.Value).Where(u => u.Source.Id == log.InputId).FirstOrDefault();
var sCfg = server.Configurations.Select(u => u.Value).Where(u => u.Source.Id == log.ConfigId).FirstOrDefault();
Assert.AreEqual(0, server.Logs.Count);
Assert.AreEqual(0, server.UniqueErrors);
Assert.AreEqual(0, server.TotalErrors);
client.SendLog(log);
Assert.IsTrue(waitLog.WaitOne(TimeSpan.FromSeconds(10)), "Waiting for log");
Assert.AreEqual(0, server.Logs.Count);
Assert.AreEqual(0, server.UniqueErrors);
Assert.AreEqual(0, server.TotalErrors);
Thread.Sleep(250);
Assert.IsTrue(server.Connections.Values.FirstOrDefault().Source.Speed > speedInit);
Assert.AreEqual(log.Coverage, server.Connections.Values.FirstOrDefault().Source.Coverage);
// Check stats
Assert.AreEqual(1, sIn.Tests);
Assert.AreEqual(1, sCfg.Tests);
Assert.AreEqual(0, sIn.Crashes);
Assert.AreEqual(0, sCfg.Crashes);
Assert.AreEqual(0, sIn.Errors);
Assert.AreEqual(0, sCfg.Errors);
// Send error
log = new FuzzerLog()
{
ConfigId = cfg.Id,
InputId = input.Id,
Error = new FuzzerError()
{
ErrorId = Guid.NewGuid(),
Error = FuzzerError.EFuzzingErrorType.Crash,
ExplotationResult = FuzzerError.EExplotationResult.Exploitable,
ReplicationData = new byte[0],
}
};
Assert.AreEqual(0, server.UniqueErrors);
Assert.AreEqual(0, server.TotalErrors);
client.SendLog(log);
waitLogError.Reset();
Assert.IsTrue(waitLogError.WaitOne(TimeSpan.FromSeconds(10)), "Waiting for error");
Assert.AreEqual(1, server.Logs.Count);
Assert.IsTrue(server.Logs.TryGetValue(log.Error.ErrorId, out var peekLog));
Assert.IsTrue(log.Equals(peekLog));
Assert.AreEqual(1, server.UniqueErrors);
Assert.AreEqual(1, server.TotalErrors);
// Check stats
Assert.AreEqual(2, sIn.Tests);
Assert.AreEqual(2, sCfg.Tests);
Assert.AreEqual(1, sIn.Crashes);
Assert.AreEqual(1, sCfg.Crashes);
Assert.AreEqual(0, sIn.Errors);
Assert.AreEqual(0, sCfg.Errors);
// Generic MultiClient
FuzzerLog gerr = null;
Fuzzer.Client.Stop();
if (serverConnection != clientConnection)
{
// Test default
Fuzzer.Client.Start(clientConnection);
}
waitLogError.Reset();
Fuzzer.Run(FuzWERSample, new FuzzerRunArgs()
{
OnLog = (l, c) =>
{
if (l.Error != null)
{
c.Cancel = true;
gerr = l;
}
}
});
// Could spend more time because are more tests
Assert.IsTrue(waitLogError.WaitOne(TimeSpan.FromSeconds(30)), "Waiting for error");
Assert.AreEqual(2, server.Logs.Count);
Assert.IsTrue(server.Logs.TryGetValue(gerr.Error.ErrorId, out peekLog));
Assert.IsTrue(gerr.Equals(peekLog));
Assert.IsTrue(gerr.Error.ReplicationData.Length > 0);
Assert.AreEqual(FuzzerError.EExplotationResult.Exploitable, gerr.Error.ExplotationResult);
Assert.AreEqual(FuzzerError.EFuzzingErrorType.Crash, gerr.Error.Error);
Assert.AreEqual(2, server.UniqueErrors);
Assert.AreEqual(2, server.TotalErrors);
// Generic MultiThread Client
gerr = null;
Fuzzer.Client.Stop();
Thread.Sleep(250); // Wait some time for pipes
if (serverConnection != clientConnection)
{
// Test default
Fuzzer.Client.Start(clientConnection);
}
waitLogError.Reset();
Fuzzer.Run(1, FuzMultiThreadSample, new FuzzerRunArgs()
{
OnLog = (l, c) =>
{
if (l.Error != null)
{
c.Cancel = true;
gerr = l;
}
}
});
// Could spend more time because are more tests
Assert.IsTrue(waitLogError.WaitOne(TimeSpan.FromSeconds(30)), "Waiting for error");
Assert.AreEqual(3, server.Logs.Count);
Assert.IsTrue(server.Logs.TryGetValue(gerr.Error.ErrorId, out peekLog));
Assert.IsTrue(gerr.Equals(peekLog));
Assert.IsTrue(gerr.Error.ReplicationData.Length > 0);
Assert.AreEqual(3, server.UniqueErrors);
Assert.AreEqual(3, server.TotalErrors);
// Test timeout
gerr = null;
waitLogError.Reset();
Fuzzer.Client.ExecutionTimeOut = TimeSpan.FromMilliseconds(250);
Fuzzer.Run(FuzTimeoutSample, new FuzzerRunArgs()
{
OnLog = (l, c) =>
{
c.Cancel = true;
if (l.Error != null)
{
gerr = l;
}
}
});
Assert.IsTrue(waitLogError.WaitOne(TimeSpan.FromSeconds(5)), "Waiting for error");
Assert.AreEqual(4, server.Logs.Count);
Assert.IsTrue(server.Logs.TryGetValue(gerr.Error.ErrorId, out peekLog));
Assert.IsTrue(gerr.Equals(peekLog));
Assert.IsTrue(gerr.Error.ReplicationData.Length > 0);
Assert.AreEqual(4, server.UniqueErrors);
Assert.AreEqual(4, server.TotalErrors);
// Current stream
var logReaded = new byte[255];
var current = new byte[logReaded.Length];
FuzzingStream fuzStream = null;
Fuzzer.Run((stream) =>
{
Array.Resize(ref current, stream.Read(current, 0, current.Length));
fuzStream = (FuzzingStream)stream;
Assert.IsNotNull(fuzStream.CurrentStream);
},
new FuzzerRunArgs()
{
StoreCurrent = true,
OnLog = (l, c) =>
{
// Read current file
var fCurrent = ((FileStream)fuzStream.CurrentStream);
fCurrent.Seek(0, SeekOrigin.Begin);
Array.Resize(ref logReaded, fCurrent.Read(logReaded, 0, logReaded.Length));
c.Cancel = true;
},
});
Assert.IsNotNull(fuzStream);
Assert.IsNotNull(fuzStream.CurrentStream);
CollectionAssert.AreEqual(current, logReaded);
// Clean
Fuzzer.Client.Stop();
waitInput.Dispose();
waitConfigs.Dispose();
waitLog.Dispose();
waitLogError.Dispose();
}
}
public abstract void InitFor(FuzzingStream stream);
void SaveSelectedInputWith(bool toClipbard, IGetPatch config)
{
if (gridInput.SelectedRows.Count != 1)
{
return;
}
FuzzerStat <IFuzzingInput> inp = (FuzzerStat <IFuzzingInput>)gridInput.SelectedRows[0].DataBoundItem;
if (inp == null)
{
return;
}
byte[] stream = inp.Source.GetStream();
if (stream == null)
{
return;
}
if (toClipbard)
{
// Clipboard
StringBuilder sb = new StringBuilder();
sb.AppendLine("byte[] payload = new byte[]");
sb.Append("{");
PatchChange[] logs = null;
if (config != null)
{
using (MemoryStream ms = new MemoryStream())
using (FuzzingStream fzs = new FuzzingStream(stream, config))
{
fzs.CopyTo(ms);
stream = ms.ToArray();
logs = fzs.Log;
}
}
for (int x = 0, off = 0, v = 0, m = stream.Length; x < m; x++, v++, off++)
{
byte b = stream[x];
if (x != 0)
{
sb.Append(", ");
}
if (logs != null)
{
foreach (PatchChange ch in logs)
{
if (off == ch.Offset)
{
off -= ch.Remove;
if (ch.Append != null)
{
off += ch.Append.Length;
}
sb.AppendLine();
sb.AppendLine("\t/* " +
(string.IsNullOrEmpty(ch.Description) ? "" : ch.Description + " ") +
(ch.Append == null ? "0" : ch.Append.Length.ToString()) + " bytes */");
sb.Append("\t" + "".PadLeft(6 * v, ' '));
}
}
}
if (v == 0 || v % 20 == 0)
{
sb.AppendLine();
sb.Append("\t");
v = 0;
}
sb.Append("0x" + b.ToString("x2"));
}
sb.AppendLine();
sb.Append("};");
Clipboard.SetText(sb.ToString());
return;
}
// File
using (SaveFileDialog s = new SaveFileDialog()
{
Filter = "Dat file|*.dat",
DefaultExt = "*.dat",
})
{
if (s.ShowDialog() != DialogResult.OK)
{
return;
}
try
{
if (File.Exists(s.FileName))
{
File.Delete(s.FileName);
}
using (FileStream fs = File.OpenWrite(s.FileName))
{
if (config != null)
{
using (Stream fzs = new FuzzingStream(stream, config))
fzs.CopyTo(fs);
}
else
{
fs.Write(stream, 0, stream.Length);
}
}
}
catch (Exception e)
{
MessageBox.Show(e.ToString(), "ERROR", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
public abstract PatchChange Get(FuzzingStream stream);
/// <summary>
/// Execute action
/// </summary>
/// <param name="action">Action</param>
/// <param name="stream">Stream</param>
/// <returns>Log</returns>
public FuzzerLog Execute(Action <Stream> action, FuzzingStream stream)
{
var log = new FuzzerLog()
{
ConfigId = stream.ConfigId,
InputId = stream.InputId
};
var task = new FuzzerTask()
{
Action = action,
Stream = stream
};
try
{
var thread = new Thread(new ParameterizedThreadStart(AsyncTask))
{
Priority = ThreadPriority.Normal,
Name = "Fuzzing Thread",
IsBackground = true
};
thread.Start(task);
if (!thread.Join(ExecutionTimeOut))
{
try { thread.Abort(); } catch { }
throw new TimeoutException(thread.ThreadState.ToString());
}
else
{
if (task.Exception != null)
{
throw task.Exception;
}
}
}
catch (Exception e)
{
var errorMsg = e.ToString();
if (!string.IsNullOrEmpty(stream.ExtraLogInformation))
{
errorMsg += "\nExtraInformation: " + stream.ExtraLogInformation;
}
var zip = new byte[0];
var error = FuzzerError.EFuzzingErrorType.Fail;
var result = FuzzerError.EExplotationResult.Unknown;
var errorId = new Guid(HashHelper.Md5(Encoding.UTF8.GetBytes(errorMsg)));
if (e is AggregateException agg)
{
e = agg.InnerException;
}
if (e is FuzzerException wer)
{
zip = wer.Zip;
result = wer.Result;
error = FuzzerError.EFuzzingErrorType.Crash;
errorId = new Guid(HashHelper.Md5(Encoding.UTF8.GetBytes(errorId.ToString() + wer.ErrorId.ToString())));
}
log.Error = new FuzzerError()
{
Error = error,
ErrorId = errorId,
ExplotationResult = result,
ReplicationData = stream.GenerateZip(zip, errorMsg)
};
}
// Update coverage & send
log.Coverage = CoverageHelper.CurrentCoverage;
return(log);
}
public void Test2()
{
var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[" +
"{\"Offset\":16,\"Remove\":18,\"Append\":\"MTg0NDY3NDQwNzM3MDk1NTE2MTV7IiI6MH0=\"}," +
"{\"Offset\":84,\"Remove\":0,\"Append\":\"LCIiIiI6\"}," +
"{\"Offset\":104,\"Remove\":4,\"Append\":\"WzBd\"}],\"Type\":\"Patch\"}");
var original = new byte[114];
byte[] fuzzed;
using (var mem = new MemoryStream())
using (var stream = new FuzzingStream(cfg, original))
{
Assert.AreEqual(stream.CanRead, mem.CanRead);
Assert.AreEqual(stream.CanWrite, mem.CanWrite);
Assert.AreEqual(stream.CanSeek, mem.CanSeek);
Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
Assert.AreEqual(stream.Length, original.Length);
Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout = 1);
Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);
stream.CopyTo(mem, 32);
fuzzed = mem.ToArray();
}
using (var copyRead = new MemoryStream(original))
using (var copy = new MemoryStream())
{
var buffer = new byte[128];
// 1 - Offset
copyRead.Read(buffer, 0, 16);
copy.Write(buffer, 0, 16);
// 1 - Remove
copyRead.Read(buffer, 0, 18);
// 1 - Append
var data = Convert.FromBase64String("MTg0NDY3NDQwNzM3MDk1NTE2MTV7IiI6MH0=");
copy.Write(data, 0, data.Length);
// 2 - Offset
var l = (int)(84 - copyRead.Position);
copyRead.Read(buffer, 0, l);
copy.Write(new byte[l], 0, l);
// 2 - Append
data = Convert.FromBase64String("LCIiIiI6");
copy.Write(data, 0, data.Length);
// 3 - Offset
l = (int)(104 - copyRead.Position);
copyRead.Read(buffer, 0, l);
copy.Write(new byte[l], 0, l);
// 3 - Remove
copyRead.Read(buffer, 0, 4);
// 3 - Append
data = Convert.FromBase64String("WzBd");
copy.Write(data, 0, data.Length);
// Extra
l = (int)(copyRead.Length - copyRead.Position);
copyRead.Read(buffer, 0, l);
copy.Write(new byte[l], 0, l);
var dataCopy = copy.ToArray();
CollectionAssert.AreEqual(dataCopy, fuzzed);
}
}
public void MutationalEntryPeerStreamTest()
{
var config = new MutationConfig()
{
Description = "Test"
};
var entry = new MutationalEntry()
{
FuzzPercent = new FromToValue <double>(100),
ValidOffset = new FromToValue <long>(0, long.MaxValue),
MaxChanges = new FromToValue <ushort>(50),
FuzzPercentType = EFuzzingPercentType.PeerStream
};
// Config
config.Mutations.Add(entry);
entry.Changes.Add(new MutationalChange()
{
Weight = 1,
Append = new MutationalFromTo(0x01),
RemoveLength = new FromToValue <ushort>(),
AppendIterations = new FromToValue <ushort>(1)
});
// 100% / 50 changes
var input = new ManualFuzzingInput(new byte[200]);
using (var copy = new MemoryStream())
using (var stream = new FuzzingStream(config, input.GetStream()))
{
stream.CopyTo(copy, 200);
Assert.AreEqual(50, copy.ToArray().Count(u => u == 0x01));
}
// 0%
entry.FuzzPercent = new FromToValue <double>(0);
input = new ManualFuzzingInput(new byte[200]);
using (var copy = new MemoryStream())
using (var stream = new FuzzingStream(config, input.GetStream()))
{
stream.CopyTo(copy, 200);
Assert.AreEqual(200, copy.ToArray().Count(u => u == 0x00));
}
// Only offset 5
entry.FuzzPercent = new FromToValue <double>(100);
entry.ValidOffset = new FromToValue <long>(5);
entry.MaxChanges = new FromToValue <ushort>(1);
input = new ManualFuzzingInput(new byte[200]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
for (long x = 0; x < 200; x++)
{
var next = entry.Get(stream, x, 0);
if (x == 5)
{
Assert.IsNotNull(next);
}
else
{
Assert.IsNull(next);
}
}
}
// Max changes 2
entry.ValidOffset = new FromToValue <long>(0, long.MaxValue);
entry.MaxChanges = new FromToValue <ushort>(2);
input = new ManualFuzzingInput(new byte[200]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
stream.CopyTo(new MemoryStream(), 200);
Assert.AreEqual(2, stream.Log.Length);
}
}
public void Test1()
{
var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[" +
"{\"Offset\":1,\"Remove\":7}," +
"{\"Offset\":23,\"Remove\":11,\"Append\":\"XHVEODAwXHVEQzAwe3t9fQ==\"}],\"Type\":\"Patch\"}");
var original = new byte[90];
byte[] fuzzed;
using (var mem = new MemoryStream())
using (var stream = new FuzzingStream(cfg, original))
{
Assert.AreEqual(stream.CanRead, mem.CanRead);
Assert.AreEqual(stream.CanWrite, mem.CanWrite);
Assert.AreEqual(stream.CanSeek, mem.CanSeek);
Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
Assert.AreEqual(stream.Length, original.Length);
Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout = 1);
Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);
stream.CopyTo(mem, 16);
fuzzed = mem.ToArray();
}
using (var copyRead = new MemoryStream(original))
using (var copy = new MemoryStream())
{
var buffer = new byte[128];
// 1 - Offset
copyRead.Read(buffer, 0, 1);
copy.Write(buffer, 0, 1);
// 1 - Remove
copyRead.Read(buffer, 0, 7);
// 2 - Offset
var l = (int)(23 - copyRead.Position);
copyRead.Read(buffer, 0, l);
copy.Write(new byte[l], 0, l);
// 2 - Remove
copyRead.Read(buffer, 0, 11);
// 2 - Append
var data = Convert.FromBase64String("XHVEODAwXHVEQzAwe3t9fQ==");
copy.Write(data, 0, data.Length);
// Extra
l = (int)(copyRead.Length - copyRead.Position);
copyRead.Read(buffer, 0, l);
copy.Write(new byte[l], 0, l);
var dataCopy = copy.ToArray();
CollectionAssert.AreEqual(dataCopy, fuzzed);
}
}
public void Test_Patch_Serialization()
{
// Test deserialization
var value = File.ReadAllText("Samples/PatchSample.fpatch");
var config = (PatchConfig)SerializationHelper.DeserializeFromJson <FuzzingConfigBase>(value);
Assert.AreEqual("8492c051-3acc-4681-8c42-51088cfa0f13", config.Id.ToString());
Assert.AreEqual("Test", config.Description);
Assert.AreEqual("Patch", config.Type);
Assert.AreEqual(1, config.Changes.Count);
var entry = config.Changes[0];
Assert.IsTrue(new PatchChange("Buffer overflow (by char)", 16, 1,
Convert.FromBase64String("dyBNZN08Nkq2oGTa7pQJ2lsu/hCqfIEWFsJdMv9gpG/vvAatcqpgJQhQekofQzCSdQIWRAwR+vqeN04b3gRKV/v16jKPW2mxztkJWwM39tOTy7z+S2Bj38ILDztcRkYEByROKlj9AxuYZHYyCKD4aEB7iBRISwybkgxwhUwvVomUBlTf6c17lciiZ+fqMdciEqf64L0zvLsZsphNjn7OaQ/tngNMGn5z//NLpeQksWE0TnOkNXXLYUmZxzg1LwdK1P3Z/JPV1vgqh+DK5xfW9AI3GUAMKjWZIz25slNHPtHsAtHnS7TOX3h7e62VAnoyw9I3/hbHP6rIQNpWHCSm4koQ3uZG76lNabrIkK+HBSLDh++AEUC7JcInHwzZeERV1ZhkhiOU7NQq6ZVc/6/7QTy5k5Q0JtIKVLkkINCec/B3dLsXJH/+L5scVieqYCYULN3PIeWvIa/GWjJqcMwEjHel5Yzz5B69u2T4Gc+rX/OTEfTyzlMLx1MMUclNlL7OGMqwBnuaIEfAEmWBtgjfG/o/11/YEr0kmh4555RUcSimKgEG+lp5+fCtMrztihFLLTbOD7xf9gcNjWxdYTmybKE+240I2iGhxd5uK98CNhAO7btehWNrRzT6+G7tHZi4+sYcsK+ERFIWLkne8MsnDFdcUHR9Vec/0pRZDeKys6hHtjAa5oZhialqSFgajFZp0+wXks0kO6bf3N0bLDdvZHqgmDubDibR+sbKFA6PJUc+7zr1myLbI3uKOwqoR15z+uPeefQczsXGRpcHWiiYULiX3Dz9echZxXbAEdMdKbRpWBoqsKtTIyJ0L1WK1chU8upSEmsjdoEchrR+XL3yqh7jngMOb6ANRbkaiUpzzu+ubB/oyxdKRuGYDyv31MdkgoU4pjjFRoNLRc2xCuw3qLfF0O+fCt4ImlghdmF1FnDytQfFPCm46CebnoZKmD31YmZzMgXXxXmmMQ3gpdAj1TBdvlTmcm2PDujIBWtZvgIbLBT6A+NsHPCOHwwc10RXeMlX7NrpD+/44yUcD8AOTnMLxnm8KNJN8KJjWFNiczakco2iAtEnMR0kAx++UA0wgdCZEhLKm1D2Cvs4hredl3DveJ00a0yh45VdmCazjqGWM9eCyWIk2tc9rPfW76tmh2uvz9hw/BaE9y99bgMrQ3xbolPfG84Py53G979Vy/Tq9hG6Bb/IJzfB/tE0p23UE2l8e01Yhm2doAQ8qgZXMC06k3fycD68knwdHh382yUx8eRW2FCnk3GkHWW8jXwya86l+RT24qIsv+jRO2hRoMXeDLghAVjckgEHTlPZAQb/67NOWOESOxBCKxlo1lgJU32g3oLEEWp2yGcU75RQUr/j0VC1A0njzdGp3tY/dbyo/frWOiOEPNtJ1496/Ut78thahAUIU1E1vBKxGzKUOFSra/KZeRmcX5Z1bSu5ac+GLuz95PC3oaqqon0S0yGptKA7zpJY4nrAvSZuk+Yme1RCK+1GllNk9MpI7tebi4x2y7iLfpo+L0xyPSjKSQ7EhCcqz6k0ZB9N19rHEfOjJTKa+Mcum/25Bfuh01ksmau8g2uwcrziQmiaPqe/dh5Zzxj1MVFHl+kqcMutkpHFIj4wC42J8rN2t7Zgk11X+Y/eSQRCNmhbduyBhwPwNq/X1R1pkGuR0N1lf3qa5gSN0nY9z0qNhOvV1ZWhCGuxhYIHib5B7WokTnkm3LfuwI/o9LSMtGdmSlIxk7vW78hytPn4k15GTOUNGYLRaKc15xUGuBS3JdEcoUBtEVuvTl6wtCm99i4yo6jPgJzklOKq+6ym0Te0u5Ap3fEf2TyLXsokIbR/ePDn0xZs56Q1Nw5ewhWuCX0o/PiZlBo8E8psRSPRwXMvLIS8v/0hSdTr9KbkwRco3FVO/CW75uTWq8FM/6OCZHWaMJeR8kl/B7MlraBzWFKzRWjNg8ROc0Wg5RQ91UoxapAySpKAl+oNz/ZylzlEZFRvmLo7tOCxTbxS8A01QzFp80QQQg7AM65+wbTO29wMXIHAzT6Q9rWwgf3VL6bd143FCaP1NSNHr2UMvfIt4nHgRpWLdXXz2fyOYMER6gUJoOkoCdM5FydfeR/YhDrDg56M9egRU2IY0jCmZ9VhNsVhBB4JBtqepy9uLPtXG1XDy9wjhPQc902IEDajkq9S/kRad4Adun7E7k65oydnwbfa45z5PrLQRQ3QgfWk+hWAHS64/KTUphJeX5amYlUnIk9+yK4UWcCRiTJ0TTmJIfM6Oob4rsQUBj6LnN8cKuO3qWCnJjJmbcRuJ3RyYVnZ1D+ibSjOL3OKa8NxibzgdmBPvaTY4frC083CiodRoqXkssehery76XvsHrtv9eQIjrEUJKS1AfNE4JpbDKTsOckejdf1P/ujk9Mq68RAU93pu/zVPX4CL7HUXpojYd3WAeTxUWkOEk+2cZDQjBYvBI28cVGnF/xLHV4mIuFigTP2U+vgTwN13KmuIMzuMqKcpVsOZu+ML+nnpzUL5/BuVe9e2ToqT7WKR5Wo+fcwXOu7inyGVBtDayQC+KfOavS4QMvckVhpclelgx9a5DbxuEtJT1505wHUG28WKVYOvNyg77otU8uTUxgm4dH76YfuEEFdhRyXRFjLCHfoU0oCl8ZDuvR7xWV/tfxGTwcv2TLoKBkVsTjBCaxiYktVqv/OJEoMuS+Sc0vc3c8fUvRSnC9FASwx7OWPgbFJGmQaKwv8dyy8JCADVrTOOdRoo7e3EMUdEKrUnjhkfDl+Slrnw7LEI9vJlnkQQ6p4Y7QSJ976kQqe/RthKdjzWKfnhA1a5nYio4Db7XpNDs3/XTuEU1ZbhLhQScWYZPoD1T7RKL6eHnw+74NeH6OQUfBOYcuecAZSjQFUCp2wikCG2Bg8fOUPYj++RmPS/GUWwPjVSgMvZWY5gJu+SxTfjmZD10aMVNULQP+N3yqif5CcP0ql2kA+WHSyA/tKUBcr37f9jyYfimwjywsDoYY8lwELIw3KOrQmBn/S2VHZwO/pYv9zpPBrfbXdghA2O7btdmz7QC4LYKYE14qmTLAbSQsbGj+GyfIQoKVY7bek8MrI5GTl3oHB3gNab8xnxDIFwjoFGyJ4aK1565+Js3PuX+fA3WdNNmuJWTs9LVomqdt0Uyt+n9aoUX22bPLhOSyPbBDlp+fKuI3OfMHmOztTU0PEFmBIcL8RGI3plsl5pyEQrcBLQAP0qZuesCQVwRZDZBmvHiPMR/tQ1Y9a4CLDVdSg1456CBNAz2zFqsCc/FZ3pzKwyYn+Q2bF+mtzmsl52ltQdeqIyFwGcE+2CJ08tNg64znwE4xLopQotQ6ozDWjTNBmTYhr7t/Wqlo7SDzJiUeTOreQicfOBdJWYRNPXqMaFLvM1mhRzvRZGmkzEFpYXizHFZN9E8MKl0i1Fo7Nh022IjWB/bPeQmvDN29fnPR4/QPmiEkRnAH3w0AgnLlnjJMcfO4m12F56NMoutxVq/pUPRmL5v8EpYU0ijp0v6ayXarcQyEGUyeibqB26OIloxlFzF+h26aTGdZq8U0nBSkudl4yeGjaTurx6Xhgjr2jEOYiL/NHEoEFSSpKnGHZe2p3SHOE8iuwa351r/EvNIsax+FnBtU252TcLi8+kLKJGW8P6EZKHx67ccR10mOP1RafMNV/c3WUQmEPqMX8c9rL65aDIExFz6jEq5QSwBUCTVgan2DdC6b5e6fkO3ZYv/7pqufMDbbKWmAtu8fhgoFMDlxt4tN67uHwiqWkYJUybOuVKRcuNUGiUEX/sE/eGPgmmS4b690rb7sG3IIRJvrL+k/cTFprH9gby5OPez6SEnKtf8dnGIEPa7lbKFm+kSpKNbX/A8yeunpW/yFKm/R9dMoQZKYzZePOzuGgEfZ/XDpqRUaJkhCmD8VOEhhhxM/F3rSOry6DGNDRMjTq/aqD1qPm4Fau9OG7alXh5VPMbgoT2zJD8a0M5i52t2HbuxIbyjx0euR5F+nS00XZojN9BsMr2CN4QeX22/kpOD6B365ExhwYWfQlmsRJcR5oM0X7+bGdsePuo4pXfp7qUN+sUfOXldsXZq3PBj9eMM/Hjqm1Lj+M5C7LVSSSwdtWOkrlnCEr0Z1p5JQFzqykkXS6j+/1NiOgIW3Fy0G4haXRecv0eJOvnbwMTUmrhxeCJ8Sv1zLrYQUnRXu0ZQddsWDuM1XgsBngDPI06eja9ZpXRKR9Ca105hjGzTQZ+ji1r5zovFTBonerz8s/t3gdTU/hXiJi4Kiye009GuLlyBG7fjpN8TpGlaIu0TriNS+gqoHkN50XVM/zN0EIhIiUxQi7hDo+z1wWnMiANQ9u0EcenXBiAZF0pCtrWbr4PxEamQwzKLH1Y9slzpvVlx/AhWf66ecYM8V2R+AP0nahHl63ZpwDPKmVKDqVPTP2ng0Nq9NU/lUqA2ZHveDR55BlhLE+HjKDvUq9ZsGug/aTf6nTAyiiTR8JjmM2vH/JxEGpMLmBuYDbie2KlpmTfH9wtD43/eRpwjeSNZDOTgLK9KGBBVM+EsYp+Hk7GbaGdhLkxQhCksZcQW2C7oXwDTzrv6L3E3csM6J4DwZsLqqADL9+6oj6iWLbJcPluyRBOes+T1kVj2OauJJlyYTA8BPDAuLGciOz8TdAHO60R3d/N9UaLt9SbH1c4zP1lb/eHDSxI7pBe8fJi14i1HR15nIb5pOupsM0cpVmao7vvV13YgG6AyS9PrsPUaOBMJgK5v3A2q8tMXVxfbEl2xI62c0Cq3Nzu+ROXqjXn1YhskP9XYORMOKtSzGLSoVzmGKq1XfVgIQmliwac30HVpEfUMtuKH+OqKrqVGBC6HFf28VGLcnfSzK+2MdXeLxmp/WfbPm6BXHjHS3M6y0l4667u5e3wCnIQAWZsFC4NzHtha1ro3x3pNZVYxGdE2AGmvQZnLwlrubM1y30IVUhK+X73maAuUEzRBfBY14ZKy6llBdbn5t1yNbGnstPgoOBNDgsoTT5heC05limZEyItKz/UI0/xoxKhxeQuRx148GUQC8n7Yr5qxA2prhEzmWLP+ofUDP2Q26s4RseasvEQASXEyQdYscjBqV+CSDTB7ixBnsyVpOPnfzBegxv20FEcWe0rLxBbtwk/EqNeTtP2NtibWRRk+lwCHUnW+e7sypkOpe5H1r8cJeeD1pJAyXCc6IxDm/d8959RKVHGhT1aEkhKT+jlrmBZvzNsoWPKAZRZOhGiqa6h0e5PNq1tVaEqaYSKdnlIN3osKhzEEFZ7R2f9rUrr96iZqH46VrfzLCmSgnffv4ta0UMXdr9SHgGYU69Fr6gWvrIb8M47TeDCuP3zMY5eXAfc4txH1MEpR4q8okMIrbyBu8PGBA79H4PiVT2B3uxzOfen6M0MDunxMqlDvutd+guBsfWK2Jh434OY5X/DZ6ieCahLoMUvta0Z1NFleaDYRNryQK026KFfrslJ82mqLctBJbVDUlmGkfxIsQQHE+YigKDlESc7p2EHK/H75gJD76bGZJRrVXJBq+7w7nddmNtjJzLIxV0kBX4UvCaniuu6BMHdAO8R9ytuo6U4SvjpqVNW2P7PuypKIl9WVxkMGeFDdun1wNgsUa/HmiG367qFqtMTUTHsqonXUx6P+6BSosnD9RQPc+i7KoePCCEJEjak0OwGeIkvloxgHu25nJYP9TdX9DamtjcqWCZqnaKojoFn6ur0DGpA1F6H7xU7Ac4xv1MpsR3Afhr03CCixTkp91BskfHrG6jNVyAYHwdiL1ZYuR5P/x2jZ+yQf3BJ3g9lnfeFDrAcRqPqHJo96B9TkuzKikwa2nhyyanFWxx4Q/kQ8kFP3WDmfHK6ZaKDpb+NvOyD/1QDisP/EgUGVyuH8dkhLTXeBDWMJA4ZYLSWL2QqN95v9MSlDae9UItb4GVHcrPJ4rhKL3j299tGKipPaWLhHB8NmDzU+9/OYLNqcAQokm3BDIzroEileP0pH2N9bmdouoRGuZr29SbY+88FzMfXnVg8TlzWNbvWqF9/q5y8UPIMAfV/oliTShemEuR5n6w1kcJLgSBK0sVIsBG7twmKnKsc+ctSWDr/aURFsCLXnMkzCloasNASAa7wdzJHF5MOG7Z5HSWhI3mHTBecBWLicNNIyKzvcCvbCvicYiDI+JIxd1Ssnr+jUmcgU2T4tfwMDgafPk8mHquKnhKtBMFZPlOFqs3OtZKTpbZGD1zHIpT8UFRaqbpDC1jo4gCtdk2mB5URcwtufZhzy9jYoE+PA7u9sLRtPlUZQt+05dPSJm9pH8fINe+JzlL75p4hqmsJWd6FL4XZOMk/9/CruVfE4eVpr4CIB03MNCKh8Rg299h0q4w1DXbpkCb+iD4/HlT690T4+DrqgZLROPtjd0fxCX/Yds3Lz9Tuv9+ZiX8PzRYOJvnTfj/diip5ZFR7RpjfTf7+JudHL2fwCngbUXhTgWwllVCOHcsAeu0jkmtAszlG+nuAkeYux3eSY3PHwniyJiMoVfEIkW/z/ew6I108b5c+lJc8ky+GNs5ZO7qXOHi0caxImB1IvmkLzNP6NKPaljOdCW2h9VNzYp8i71X1HMWzRjGw89f5tlZt8Maby8KqfmWHei9LErwZVXV+ZY8TVq/Ohu6yKeJcI1LXtASM19bc+LDwbiLWaLO1l57ie1EHWpqWjYVT+FTDqxccs563zL2eoa0eIyhNeB57PJJD+afCEFmqNkpRyQBcbMNL+bTVPYthQ9nj6TdyCVVm2PuCv7FvGqNFDdYzTRiswjYlQf6pZj7HYrYOHmciOC01KzBE2i1R3J9RkHA1LfbBtydBjMfW/XK8ux17YTx8YxXpPmHoaCfJE+UfWBYPEnS/DOc/oOulXm29yF7QFrui1W0ajG+VGU8/eHji92Wc7ako/BRVfIJqA+A0amAJeT1pfILo9IZFKnOYQGhygucIIRq15xpnTdiq8EiP4K7vNn97uXri8/jjI9HgvTxaN4F5LImFk1IjAm7qfcS9tUnFKUopNslsJS1hkwOIhtCcETiHlrQlaaMtWLdMOLX0pW5IW9QysMD3zQecJACO2vuejm0L9h7V37+m+55SICx3rS2VAKs8qaB4D4msiYWi3v37raqJKS8PsrwUS/UipizbJLbS+ZpQ4iSNE+bVqRZ6RF0gVnKCLoR+RY4u6F4rFemckaTO0CUj6wvGfBVIugml2geYQk/6WXXy1HRMofmGof49eNexa7R3/KtnO7Ku9gtEiU5W0tOZ4nhvG/uwl4mSP5pXS0Gx9K5TYEWkk52DRB5pSBjrb88qo9afQpA4h2ViFXwYl+sJ0pSgA/KOdQ8a69gdh4+wppALbOerEvIemplgQv5hquxzX7VES6xcnK6HxNb323+V8W6sTWsD3v/igakZbfKQ+QErqmgabJsjrtB4404bpr8ZipGP9V2Br4D1YcpDQ268NwuVzLEX+4TTiN6ayvuxxxrqP+NhQQQjanqnZMsRIKuh/OxCxdpOAc8M/Cy/JqUFQ9rvWUOLWzYH8qI2sJb5wuhzOQ4Pb0GA3D4UlIUXZEPVoiEwIcdoVqI2OtN4F5F4EzmEjC2XdhSZrr0FdsaxcE6eoQ61iiDhCyLr2TRuSMStHEHLkxhWfmwM1rMKYx+bhQrE2fZCwolY40FLK10gK2Y4mBqFJd22CGKiqTNt1yfDUJRpqa7Oapn4sq+XC5NPbKtNEYtFFp8tTtGUIBmV6wyZh9rI9oI3Kq2BDLNt3zzPk7xIIMXcvjn1PFrdugqAosfjfYP4RrYplibdhEpr/6+UhMzdTgqG/MnhE/onGfCjQKnriqG5Vw1GXorfPznviXzrSXW9o1T9HID517K8Arx2ekPggHUOG22/ly9/p/3QMUq9e5D65Z1VLq4hP3+ailwOqMT2D0lH3W3IPgxlvbSDKiYofobr+1Tmi9HHbRwuJQzTsT85GeJBtZ6i8ueRb7D5XhWZskvVYu1wD8P3QPBSGdk/Uky1idBD5skoSQitFVxgzg8G1LLBfg5SCQoeyjUuURkOkd2kg9SFVcuC7NokwzpnlvLhS4WmfhQ+I8DGZR0T+jgvXoP+vEp6gb7nfpF0bQYP9zNCjQWT6FOJpmAT/vDurvLh9aS2qNpopooGvv+DCfb69q3pka1ym7ZwdVYqJwLOOI/ekrdhmQ6ZGeZ7jalUBtypWQhDBV2F71ouBrNEfn+HuEZv5Hc/WV3fkLeHNw5NHK65gQ56S3OyWONds1KbFNtmtFUjZCJlaf+qo3Sl/rgMIWoFCv2xjS1SvYvUIiYLRPucYEM5afhMlFcOkCg/DJprEZJolkpd9Sdn0OaW0YgZ3574yd61UrexuHamoz0FU3ExaNCT4q5xvmsbkdkSNcLPNPCJRoM7tf8atx3TtxIqYr11ZWi3hjzwh0tzWgEen4Lz165MvA0udfMRuWuQngeZcS9b3JCaV68z2P83iJv+e9ebX9+j3eawh2+1pgzRYCkEGmjRgwNyGf//WONN9q1XU31UdX5n9VNJK1WhJLGiYrjWM+4zLPkUaQYf5IVDYtCCXlMPfOrq3CTViNftkXUOnTYqt8M/JE="))
.Equals(entry));
// Test PatchConfig and default constructor
var json = SerializationHelper.SerializeToJson(config, true);
var copy = SerializationHelper.DeserializeFromJson <PatchConfig>(json);
var copy2 = new PatchConfig(copy.Description, copy.Changes.ToArray())
{
Id = copy.Id
};
Assert.AreEqual(JObject.Parse(value).ToString(Formatting.Indented), SerializationHelper.SerializeToJson(config, true));
Assert.AreEqual(SerializationHelper.SerializeToJson(config, true), SerializationHelper.SerializeToJson(copy, true));
Assert.AreEqual(SerializationHelper.SerializeToJson(copy, true), SerializationHelper.SerializeToJson(copy2, true));
var copy3 = SerializationHelper.DeserializeFromJson <FuzzingConfigBase>(json);
Assert.IsTrue(copy.Equals(copy3));
// Get null
var stream = new FuzzingStream(config, new byte[100]);
config.InitFor(stream);
var change = config.Get(stream);
Assert.IsNull(change);
// Seek Offset
stream.Position = 16;
change = config.Get(stream);
Assert.AreEqual(change, config.Changes[0]);
// Test PatchChange Equals
Assert.IsTrue(entry.Equals(copy.Changes[0]));
Assert.IsTrue(entry.Equals((object)copy.Changes[0]));
Assert.IsFalse(entry.Equals(new object()));
Assert.IsFalse(entry.Equals((FuzzingConfigBase) new MutationConfig()));
Assert.AreEqual(entry.GetHashCode(), copy.Changes[0].GetHashCode());
entry.Offset++;
Assert.AreNotEqual(entry.GetHashCode(), copy.Changes[0].GetHashCode());
// Test PatchConfig Equals
config = SerializationHelper.DeserializeFromJson <PatchConfig>(json);
copy = SerializationHelper.DeserializeFromJson <PatchConfig>(json);
Assert.IsTrue(config.Equals(copy));
Assert.IsTrue(config.Equals((object)copy));
Assert.IsFalse(config.Equals(new object()));
Assert.IsFalse(config.Equals((FuzzingConfigBase) new MutationConfig()));
Assert.AreEqual(config.GetHashCode(), copy.GetHashCode());
config.Id = Guid.NewGuid();
Assert.AreNotEqual(config.GetHashCode(), copy.GetHashCode());
}
public void MutationalEntryPeerByteTest()
{
var config = new MutationConfig()
{
Description = "Test"
};
var entry = new MutationalEntry()
{
FuzzPercent = new FromToValue <double>(100),
ValidOffset = new FromToValue <long>(0, long.MaxValue),
MaxChanges = new FromToValue <ushort>(ushort.MaxValue),
FuzzPercentType = EFuzzingPercentType.PeerByte
};
// Config
config.Mutations.Add(entry);
entry.Changes.Add(new MutationalChange()
{
Weight = 5,
Description = "Add A",
Append = new MutationalFromTo((byte)'A'),
RemoveLength = new FromToValue <ushort>(1),
AppendIterations = new FromToValue <ushort>(1)
});
entry.Changes.Add(new MutationalChange()
{
// Remmove
Weight = 1,
Description = "Remove",
RemoveLength = new FromToValue <ushort>(1),
AppendIterations = new FromToValue <ushort>(1)
});
// 100%
var input = new ManualFuzzingInput(new byte[200]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
for (long x = 0; x < 200; x++)
{
Assert.IsNotNull(entry.Get(stream, x, 0));
}
}
// 0%
entry.FuzzPercent = new FromToValue <double>(0);
input = new ManualFuzzingInput(new byte[200]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
for (long x = 0; x < 200; x++)
{
Assert.IsNull(entry.Get(stream, x, 0));
}
}
// Argument excepcion
entry.FuzzPercentType = (EFuzzingPercentType)197;
Assert.Throws <ArgumentException>(() => entry.Get(null, 0, 0));
// Only offset 5
entry.FuzzPercentType = EFuzzingPercentType.PeerByte;
entry.FuzzPercent = new FromToValue <double>(100);
entry.ValidOffset = new FromToValue <long>(5);
input = new ManualFuzzingInput(new byte[100]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
for (long x = 0; x < 100; x++)
{
var next = entry.Get(stream, x, 0);
if (x == 5)
{
Assert.IsNotNull(next);
}
else
{
Assert.IsNull(next);
}
}
}
// Max changes 2
entry.Changes.RemoveAt(1);
entry.ValidOffset = new FromToValue <long>(0, long.MaxValue);
entry.MaxChanges = new FromToValue <ushort>(2);
input = new ManualFuzzingInput(new byte[100]);
using (var stream = new FuzzingStream(config, input.GetStream()))
{
stream.CopyTo(new MemoryStream(), 16);
Assert.AreEqual(2, stream.Log.Length);
Assert.AreEqual(0, stream.Log[0].Offset);
Assert.AreEqual(1, stream.Log[1].Offset);
}
}
