Exemplo n.º 1
0
        public void RunFuzz()
        {
            //  Fuzz the web services

            //  First set up our parameter dictionary
            //  TOFIX - Load these from files and flesh out the types that are supported.  This is really weak right now.
            //  TOFIX - Also figure out how to feed "null" values through the DynWSLib without getting exceptions
            Dictionary <Type, object[]> parameterLibrary = new Dictionary <Type, object[]>();

            parameterLibrary.Add(Type.GetType("System.String"), new object[] { string.Empty, "'JUNK", "\"JUNK", "1234567890", "`~!@#$%^&*()_-+={[}]|\\:;<,>.?/",
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
                                                                               "AAAAAAAAAAAAAAAAAAAAAAAAA" //  1025 A's
                                 });
            parameterLibrary.Add(Type.GetType("System.Int32"), new object[] { int.MinValue, -1025, -1024, -1023, -129, -128, -127, -101, -100, -99, -10, -5, -1, 0, 1, 5, 10, 100, 127, 128, 129, 1023, 1024, 1025, int.MaxValue });
            parameterLibrary.Add(Type.GetType("System.Single"), new object[] { float.MinValue, float.MaxValue, float.NaN, float.NegativeInfinity, float.PositiveInfinity, float.Epsilon, 0.0, -1.0, 1.0 });
            parameterLibrary.Add(Type.GetType("System.Double"), new object[] { double.MinValue, double.MaxValue, double.NaN, double.NegativeInfinity, double.PositiveInfinity, double.Epsilon, 0.0, -1.0, 1.0 });

            Log("About to fuzz the web services");
            foreach (Uri wsUri in _webServicesCollections.Keys)
            {
                Log("Attempting to fuzz web service at: " + wsUri.AbsoluteUri);
                //  TODO - Non-Atlas, non-.NET web services will need different logic here
                string sWsdlUri = wsUri.AbsoluteUri + "?wsdl";
                Log("Looking for WSDL at: " + sWsdlUri);
                WebServiceEnumerator wsEnumerator = new WebServiceEnumerator(sWsdlUri);
                WebServiceCollection wsCollection = wsEnumerator.Enumerate();
                this._WebServicesCollectionsHydrated[wsUri] = wsCollection;

                // List<Method> methods = wsEnumerator.Services.AllMethods;
                foreach (WebService w in wsCollection.WebServices)
                {
                    foreach (Method m in w.Methods)
                    {
                        Log(m.ToString());
                        MethodTracker tracker = new MethodTracker(m, parameterLibrary, this);
                        Log("Call count for the method will be: " + tracker.CallCount);
                        try
                        {
                            tracker.RunCalls();
                        }
                        catch (Exception ex)
                        {
                            Log("Unhandled exception: " + ex.Message + ", Stack Trace: " + ex.StackTrace);
                        }
                    }
                }
            }

            Log("Successful calls: " + _successfulCalls);
            Log("Failed calls: " + _failedCalls);
        }
Exemplo n.º 2
0
        public void RunFuzz()
        {
            //  Fuzz the web services

            //  First set up our parameter dictionary
            //  TOFIX - Load these from files and flesh out the types that are supported.  This is really weak right now.
            //  TOFIX - Also figure out how to feed "null" values through the DynWSLib without getting exceptions
            Dictionary<Type, object[]> parameterLibrary = new Dictionary<Type, object[]>();
            parameterLibrary.Add(Type.GetType("System.String"), new object[] { string.Empty, "'JUNK", "\"JUNK", "1234567890", "`~!@#$%^&*()_-+={[}]|\\:;<,>.?/",
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+
                "AAAAAAAAAAAAAAAAAAAAAAAAA" //  1025 A's
            });
            parameterLibrary.Add(Type.GetType("System.Int32"), new object[] { int.MinValue, -1025, -1024, -1023, -129, -128, -127, -101, -100, -99, -10, -5, -1, 0, 1, 5, 10, 100, 127, 128, 129, 1023, 1024, 1025, int.MaxValue });
            parameterLibrary.Add(Type.GetType("System.Single"), new object[] { float.MinValue, float.MaxValue, float.NaN, float.NegativeInfinity, float.PositiveInfinity, float.Epsilon, 0.0, -1.0, 1.0 });
            parameterLibrary.Add(Type.GetType("System.Double"), new object[] { double.MinValue, double.MaxValue, double.NaN, double.NegativeInfinity, double.PositiveInfinity, double.Epsilon, 0.0, -1.0, 1.0 });

            Log("About to fuzz the web services");
            foreach (Uri wsUri in _webServicesCollections.Keys)
            {
                Log("Attempting to fuzz web service at: " + wsUri.AbsoluteUri);
                //  TODO - Non-Atlas, non-.NET web services will need different logic here
                string sWsdlUri = wsUri.AbsoluteUri + "?wsdl";
                Log("Looking for WSDL at: " + sWsdlUri);
                WebServiceEnumerator wsEnumerator = new WebServiceEnumerator(sWsdlUri);
                WebServiceCollection wsCollection = wsEnumerator.Enumerate();
                this._WebServicesCollectionsHydrated[wsUri] = wsCollection;

                // List<Method> methods = wsEnumerator.Services.AllMethods;
                foreach (WebService w in wsCollection.WebServices)
                {
                    foreach (Method m in w.Methods)
                    {
                        Log(m.ToString());
                        MethodTracker tracker = new MethodTracker(m, parameterLibrary, this);
                        Log("Call count for the method will be: " + tracker.CallCount);
                        try
                        {
                            tracker.RunCalls();
                        }
                        catch (Exception ex)
                        {
                            Log("Unhandled exception: " + ex.Message + ", Stack Trace: " + ex.StackTrace);
                        }
                    }
                }
            }

            Log("Successful calls: " + _successfulCalls);
            Log("Failed calls: " + _failedCalls);
        }