From bb7111a0d1ed6b1a0716a7a36fa9514ef9817e38 Mon Sep 17 00:00:00 2001 From: Kyle Marsh Date: Thu, 11 Aug 2011 15:18:27 -0700 Subject: [PATCH] S3 Fuzzer: Write Decision Graph Start writing the decision graph describing the fuzzer's attack surface in earnest. --- request_decision_graph.yml | 123 ++++++++++++++++++++++++++++-- s3tests/functional/test_fuzzer.py | 1 + s3tests/fuzz_headers.py | 10 ++- 3 files changed, 124 insertions(+), 10 deletions(-) diff --git a/request_decision_graph.yml b/request_decision_graph.yml index 0d686bb..5e8069f 100644 --- a/request_decision_graph.yml +++ b/request_decision_graph.yml @@ -1,22 +1,133 @@ start: set: {} - choice: + choices: - bucket bucket: set: urlpath: /{bucket} - choice: - - bucket_get - - bucket_put - - bucket_delete + choices: + - 13 bucket_get + - 8 bucket_put + - 5 bucket_delete + - bucket_garbage + +garbage_method: + set: + method: + - {random 1-100 printable} + - {random 10-100 binary} + urlpath: + - /{bucket} + - /{bucket}/{object} + - {random 10-1000 binary} + choices: + - bucket_get_simple + - bucket_get_filtered + - bucket_get_uploads + - bucket_put_create + - bucket_put_versioning + - bucket_put_simple bucket_delete: set: method: DELETE + bucket: + - {bucket_writable} + - {bucket_not_writable} + - {random 10-3000 printable} + - {random 10-1000 binary} query: - null - policy - website - choice: [] + - {random 2-20 printable} + - {random 10-1000 binary} + choices: [] + +bucket_get: + set: + method: GET + bucket: + - {bucket_readable} + - {bucket_not_readable} + - {random 10-3000 printable} + - {random 10-1000 binary} + choices: + - 11 bucket_get_simple + - bucket_get_filtered + - bucket_get_uploads + +bucket_get_simple: + set: + query: + - acl + - policy + - location + - logging + - notification + - versions + - requestPayment + - versioning + - website + - {random 2-20 printable} + - {random 10-1000 binary} + choices: [] + +bucket_get_uploads: + set: + query: + - + choices: [] + +bucket_get_filtered: + set: + delimiter: + - 'delimiter={random 10-50 binary}' + - 'delimiter={random 1000-3000 printable}' + prefix: + - 'prefix={random 10-50 binary}' + - 'prefix={random 100-3000 printable}' + marker: + - 'marker={object_readable}' + - 'marker={object_not_readable}' + - 'marker={invalid_key}' + - 'marker={random 100-1000 printable}' + max_keys: + - 'max-keys={random 1-5 binary}' + - 'max-keys={random 1-1000 digits}' + query: + - null + - '{delimiter}&{prefix}' + - '{max-keys}&{marker}' + - {random 10-1000 printable} + - {random 10-1000 binary} + choices: [] + +bucket_put: + set: + bucket: + - {bucket_writable} + - {bucket_not_writable} + - {random 10-3000 printable} + - {random 10-1000 binary} + method: PUT + choices: + - bucket_put_simple + - bucket_put_create + - bucket_put_versioning + +bucket_put_create: + set: + body: + - {random 3000 printable} + - {random 10-3000 binary} + - '{random 2-10 binary}' + acl: + - private + - {random 3000 letters} + - {random 100-1000 binary} + headers: + - ['0-1', 'x-amz-acl', '{acl}'] + choices: [] diff --git a/s3tests/functional/test_fuzzer.py b/s3tests/functional/test_fuzzer.py index fae6c90..46649ef 100644 --- a/s3tests/functional/test_fuzzer.py +++ b/s3tests/functional/test_fuzzer.py @@ -140,6 +140,7 @@ def test_SpecialVariables_dict(): eq(tester['foo'], 'bar') eq(tester['random 10-15 printable'], '[/pNI$;92@') + def test_SpecialVariables_binary(): prng = random.Random(1) tester = SpecialVariables({}, prng) diff --git a/s3tests/fuzz_headers.py b/s3tests/fuzz_headers.py index 026e947..092a53d 100644 --- a/s3tests/fuzz_headers.py +++ b/s3tests/fuzz_headers.py @@ -126,7 +126,8 @@ class SpecialVariables(dict): 'binary': 'binary', 'printable': string.printable, 'punctuation': string.punctuation, - 'whitespace': string.whitespace + 'whitespace': string.whitespace, + 'digits': string.digits } def __init__(self, orig_dict, prng): @@ -168,7 +169,6 @@ class SpecialVariables(dict): return tmpstring.replace('{', '{{').replace('}', '}}') - def parse_options(): parser = OptionParser() parser.add_option('-O', '--outfile', help='write output to FILE. Defaults to STDOUT', metavar='FILE') @@ -210,11 +210,13 @@ def _main(): constants = { 'bucket_readable': 'TODO', + 'bucket_not_readable': 'TODO', 'bucket_writable' : 'TODO', - 'bucket_nonexistant' : 'TODO', + 'bucket_not_writable' : 'TODO', 'object_readable' : 'TODO', + 'object_not_readable' : 'TODO', 'object_writable' : 'TODO', - 'object_nonexistant' : 'TODO' + 'object_not_writable' : 'TODO', } for request_seed in request_seeds: