//[TestMethod] public void TestCssEncode6() { var solver = new Z3Provider(); var st = BekConverter.BekFileToST(solver, sampleDir + "bek/CssEncode6.bek"); //st.STb.ShowGraph(); //st.STb.ExploreBools().ShowGraph(); var sft = st.Explore(); //sft.Simplify(); //sft.ShowGraph(20); //just to get longer input strings var restr = sft.RestrictDomain("^[^\0-\x32]{5,}$"); restr.AssertTheory(); Expr inputConst = solver.MkFreshConst("input", sft.InputListSort); Expr outputConst = solver.MkFreshConst("output", sft.OutputListSort); solver.MainSolver.Assert(restr.MkAccept(inputConst, outputConst)); int okCnt = 0; int error0Cnt = 0; int error1Cnt = 0; //validate correctness for some values against the actual CssEncode //validate also exceptional behavior for (int i = 0; i < 10; i++) { var model = solver.MainSolver.GetModel(solver.True, inputConst, outputConst); string input = model[inputConst].StringValue; string output = model[outputConst].StringValue; Assert.IsFalse(string.IsNullOrEmpty(output)); char lastChar = output[output.Length - 1]; //try //{ var output_expected = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(input); Assert.AreEqual<string>(output_expected, output); okCnt += 1; //} //catch (Microsoft.Security.Application.InvalidSurrogatePairException) //{ // Assert.AreEqual<char>('\0', lastChar); // error0Cnt += 1; //} //catch (Microsoft.Security.Application.InvalidUnicodeValueException) //{ // Assert.AreEqual<char>('\x01', lastChar); // error1Cnt += 1; //} //exclude this solution, before picking the next one solver.MainSolver.Assert(solver.MkNeq(inputConst, model[inputConst].Value)); } Console.WriteLine(string.Format("okCnt={0}, error0Cnt={1}, error1Cnt={2}", okCnt, error0Cnt, error1Cnt)); }
//[TestMethod] public void TestCssEncode() { var solver = new Z3Provider(); var st = BekConverter.BekFileToST(solver, "../../Samples/bek/CssEncode.bek"); var st1 = st;// st.ExploreBools(); //st1.Simplify(); //st1.ShowGraph(10); var comp = st1 + st1; //comp.Simplify(); //comp.ShowGraph(10); //5 or more characters in the input var restr = st1.RestrictDomain("^[^\0-\x32]{7,}$"); //restr.ShowGraph(10); restr.AssertTheory(); comp.AssertTheory(); Expr inp = solver.MkFreshConst("inp", comp.InputListSort); Expr out1 = solver.MkFreshConst("out1", comp.OutputListSort); Expr out2 = solver.MkFreshConst("out2", comp.OutputListSort); solver.MainSolver.Assert(restr.MkAccept(inp, out1)); solver.MainSolver.Assert(comp.MkAccept(inp, out2)); solver.MainSolver.Assert(solver.MkNeq(out1, out2)); //validate correctness for some values for (int i = 0; i < 5; i++) { var model = solver.MainSolver.GetModel(solver.True, inp, out1, out2); string input = model[inp].StringValue; string output1 = model[out1].StringValue; string output2 = model[out2].StringValue; var output1_expected = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(input); var output2_expected = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(output1_expected); Assert.AreNotEqual(output1, output2); Assert.AreEqual(output1_expected, output1); Assert.AreEqual(output2_expected, output2); solver.MainSolver.Assert(solver.MkNeq(inp, model[inp].Value)); } }
public void TestUtf8range3() { //coding sequences with full precision inlcuding elimination of surrogates as valid codepoints var one = @"[\x00-\x7F]"; var two = @"[\xC2-\xDF][\x80-\xBF]"; var thr = @"(\xE0[\xA0-\xBF]|\xED[\x80-\x9F]|[\xE1-\xEC\xEE\xEF][\x80-\xBF])[\x80-\xBF]"; var fou = @"(\xF0[\x90-\xBF]|[\xF1-\xF3][\x80-\xBF]|\xF4[\x80-\x8F])[\x80-\xBF]{2}"; var regex = string.Format("^(({0})|({1})|({2})|({3}))*$", one, two, thr, fou); Z3Provider solver = new Z3Provider(); var st = BekConverter.BekFileToST(solver, sampleDir + "bek/UTF8Encode.bek"); var aut2 = solver.CharSetProvider.Convert(regex).Determinize(solver.CharSetProvider).Minimize(solver.CharSetProvider); //solver.CharSetProvider.ShowGraph(aut2, "Utf8_3"); //solver.CharSetProvider.ShowGraph(st.ToSFA().Concretize(), "test"); var aut = new SFAModel(solver, solver.CharSort, solver.RegexConverter.Convert(regex)).Complement(); var preim = st.ComputePreImage(aut).ToSFA(); //preim.ShowGraph(1); Assert.IsTrue(preim.IsEmpty); }
public void TestUtf8range2() { //coding sequences with more precision regarding min max cases var one = @"[\x00-\x7F]"; var two = @"[\xC2-\xDF][\x80-\xBF]"; var thr = @"(\xE0[\xA0-\xBF]|[\xE1-\xEF][\x80-\xBF])[\x80-\xBF]"; var fou = @"(\xF0[\x90-\xBF]|[\xF1-\xF3][\x80-\xBF]|\xF4[\x80-\x8F])[\x80-\xBF]{2}"; var regex = string.Format("^(({0})|({1})|({2})|({3}))*$", one, two, thr, fou); Z3Provider solver = new Z3Provider(); var st = BekConverter.BekFileToST(solver, sampleDir + "bek/UTF8Encode.bek"); var aut2 = solver.CharSetProvider.Convert(regex); aut2 = aut2.Determinize(solver.CharSetProvider); aut2 = aut2.MinimizeHopcroft(solver.CharSetProvider); //solver.CharSetProvider.ShowGraph(aut2, "Utf8_2"); var aut = new SFAModel(solver, solver.CharSort, solver.RegexConverter.Convert(regex)).Complement(); var preim = st.ComputePreImage(aut).ToSFA(); //preim.ShowGraph(); Assert.IsTrue(preim.IsEmpty); }
public void TestUtf8range1() { //coding sequences var one = @"[\x00-\x7F]"; var two = @"[\xC2-\xDF][\x80-\xBF]"; var thr = @"[\xE0-\xEF][\x80-\xBF]{2}"; var fou = @"[\xF0-\xF4][\x80-\xBF]{3}"; var regex = string.Format("^(({0})|({1})|({2})|({3}))*$", one, two, thr, fou); Z3Provider solver = new Z3Provider(); var st = BekConverter.BekFileToST(solver, sampleDir + "bek/UTF8Encode.bek"); var aut2 = solver.CharSetProvider.Convert(regex).Determinize(solver.CharSetProvider).MinimizeHopcroft(solver.CharSetProvider); //solver.CharSetProvider.ShowGraph(aut2, "Utf8_1"); var aut = new SFAModel(solver, solver.CharSort, solver.RegexConverter.Convert(regex)).Complement(); var st1 = st.ComputePreImage(aut); //st1.ShowGraph(5); var preim = st1.ToSFA(); //preim.ShowGraph(); Assert.IsTrue(preim.IsEmpty); }