boofuzz
boofuzz copied to clipboard
jtpereyda
Add option to extend the fuzz libary
This feature was present in Sulley, where one could create .fuzz_strings and .fuzz_ints containing custom values to be added to the primitives value library.
It seems that this feature war removed from boofuzz at some point.
We still have a unit-test for this feature in unit_tests/primitives.py, which fails but isn't properly integrated into our testing workflow atm. I'm working on fixing this.
I feel like this would be a nice feature to have in boofuzz, it's been requested in other issues too AFAIC. I wouldn't recommend the original approach of reading the values from a file in the project root. It would be better to pass a file object or a list to a primitive.
Yes, this would be very helpful and relatively straightforward to implement.
Perhaps implemented as a list argument that you can pass to the primitive itself? So you can add custom values for specific fields.
If you are changing behaviour there, please revisit the many self.add_long_strings("...") lines in the String primitive constructor and include an constructor option to disable this, too. These increase memory usage a lot and create a lot of testcases.
It is annoying for me, because I have a slow target which will stop accepting connections when you send more than ~1-5 requests per second and I think there is limited use. I don't see why a real world target would crash with 10000s of character B when it didn't crash with A's.
From https://github.com/jtpereyda/boofuzz/issues/113#issue-207288705:
For every kind of block/primitive/etc: Add a parameter that allows the user to inject a few custom cases. Parameter should probably be an iterable.
We don't have a unit test for fuzz_values atm right?
So we should rewrite https://github.com/jtpereyda/boofuzz/blob/71f69bf829f98114100d3c7815caa5e827980d1a/unit_tests/test_primitives.py#L148-L193
@SR4ven Correct, no UTs I believe.
@pytest.mark.skip(reason="Feature not implemented")
Didn't realize we had this lying around!