public void MinimizePopulation() { Population = new List <RequestSequence>(); // We always need the option of starting from an empty sequence. Population.Add(new RequestSequence()); foreach (IBucketer bucketer in Bucketers.Values) { // Get the bucketed requests, then reset the bucketer to free up memory. List <List <RequestSequence> > buckets = bucketer.Bucketize(); bucketer.Reset(); // Go through each bucket and pick the shortest sequence to save. foreach (List <RequestSequence> bucket in buckets) { RequestSequence shortest = null; foreach (RequestSequence candidate in bucket) { bool candidateIsValid = (candidate.GetResponses().Count > 0 && candidate.GetLastResponse().Status != HttpStatusCode.RequestTimeout); if (candidateIsValid && (shortest == null || (candidate.StageCount() < shortest.StageCount() || (candidate.StageCount() == shortest.StageCount() && candidate.SubstitutionCount() < shortest.SubstitutionCount())))) { shortest = candidate; } } if (shortest != null) { Population.Add(shortest); bucketer.Add(shortest); } } } }
public IEnumerable <RequestSequence> Generate(List <KnownEndpoint> endpoints, RequestSequence sequence, List <TokenCollection> sequenceResults) { if (dictionary.Count == 0) { yield break; } for (int i = 0; i < MaxSubstitutions; ++i) { if (sequence.StageCount() == 0) { continue; } RequestSequence newSequence = sequence.Copy(); int selectedStage = rand.Next(0, newSequence.StageCount()); Stage stage = newSequence.Get(selectedStage); if (stage.Substitutions.Count == 0) { continue; } int subIndex = rand.Next(0, newSequence.Get(selectedStage).Substitutions.Count); ISubstitution sub = newSequence.Get(selectedStage).Substitutions[subIndex]; newSequence.Get(selectedStage).Substitutions.RemoveAt(subIndex); string replacement = dictionary[rand.Next(0, dictionary.Count)]; SubstituteConstant substituteConstant = new SubstituteConstant(sub.GetTarget(), replacement); newSequence.Get(selectedStage).Substitutions.Add(substituteConstant); yield return(newSequence); } yield break; }
public void AddResponse(RequestSequence sequence) { Request finalRequest = sequence.Get(sequence.StageCount() - 1).Request; Bucketers[finalRequest.OriginalEndpoint].Add(sequence); }
public async Task AddRequestSequence(RequestSequence sequence, FuzzerRunEntity run) { RequestSequenceEntity model = new RequestSequenceEntity(); model.request_count = sequence.StageCount(); model.substitution_count = sequence.SubstitutionCount(); model.run_id = run.id.GetValueOrDefault(0); using (var connection = GetConnection()) { connection.Open(); model.id = connection.Query <int>( @"INSERT INTO sequences ( request_count, substitution_count, run_id ) VALUES ( @request_count, @substitution_count, @run_id ) RETURNING id;", model).First(); foreach (SequenceMetadata meta in sequence.GetDebugMetadata()) { SequenceMetadataEntity metadata_entity = new SequenceMetadataEntity { sequence_id = model.id, content = meta.Content, type = meta.Type }; connection.Execute(@"INSERT INTO sequence_metadata ( sequence_id, type, content ) VALUES ( @sequence_id, @type, @content );", metadata_entity); } } sequence.Id = model.id; List <Response>?results = sequence.GetResponses(); if (results != null && results.Count == sequence.StageCount()) { for (int i = 0; i < sequence.StageCount(); ++i) { Request request = sequence.Get(i).Request; RequestEntity requestModel = RequestEntity.FromRequest(request); requestModel.sequence_id = model.id; requestModel.sequence_position = i; AddExecutedRequest(requestModel); request.Id = requestModel.id; Response response = results[i]; ResponseEntity responseModel = ResponseEntity.FromResponse(response); responseModel.sequence_id = model.id; responseModel.sequence_position = i; AddResponse(responseModel); response.Id = responseModel.id; foreach (ISubstitution sub in sequence.Get(i).Substitutions) { SubstitutionEntity subModel = SubstitutionEntity.FromSubstitution(sub); subModel.sequence_id = model.id; subModel.sequence_position = i; AddSubstitution(subModel); } } if (sequence.GetLastResponse() != null) { int statusCode = (int)sequence.GetLastResponse().Status; RequestSequenceLabelEntity labelEntity = new RequestSequenceLabelEntity(); labelEntity.sequence_id = model.id.Value; if (statusCode >= 100 && statusCode < 200) { labelEntity.name = "Informational"; } else if (statusCode >= 200 && statusCode < 300) { labelEntity.name = "Success"; } else if (statusCode >= 300 && statusCode < 400) { labelEntity.name = "Redirection"; } else if (statusCode >= 400 && statusCode < 500) { labelEntity.name = "Client Error"; } else if (statusCode >= 500 && statusCode < 600) { labelEntity.name = "Server Error"; } else { labelEntity.name = "Unknown Status"; } await AddRequestSequenceLabel(labelEntity); } } else { Console.WriteLine("Warning: Truncated request sequence."); } }