added json generation via grammar

Daniele Linguaglossa · Daniele Linguaglossa · commit 457f6f2cd0d3 · 2017-03-30T00:55:10.000+02:00
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.1
+1.1.2
diff --git a/pyjfuzz/core/__init__.py b/pyjfuzz/core/__init__.py
@@ -21,3 +21,7 @@
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 """
+import os
+
+ROOT_PATH = "".join(x for x in __path__)
+GRAMMAR_PATH = "".join(x for x in __path__+ [os.sep, "pjf_grammar.py"])
diff --git a/pyjfuzz/core/pjf_configuration.py b/pyjfuzz/core/pjf_configuration.py
@@ -29,6 +29,8 @@
 from conf import CONF_PATH
 from argparse import Namespace
 from pjf_version import PYJFUZZ_LOGO
+from pjf_grammar import generate_json
+from . import GRAMMAR_PATH
 from errors import PJFInvalidType
 
 class PJFConfiguration(Namespace):
@@ -40,6 +42,8 @@ def __init__(self, arguments):
         Init the command line
         """
         super(PJFConfiguration, self).__init__(**arguments.__dict__)
+        setattr(self, "generate_json", generate_json)
+        setattr(self, "grammar_path", GRAMMAR_PATH)
         if self.json:
             if type(self.json) != dict:
                 if type(self.json) != list:
@@ -93,6 +97,8 @@ def __init__(self, arguments):
                 self.stdin = True
         if not self.parameters:
             self.parameters = []
+        if self.auto:
+            self.json = self.generate_json(self.grammar_path)
 
     def __contains__(self, items):
         if type(items) != list:
diff --git a/pyjfuzz/core/pjf_grammar.py b/pyjfuzz/core/pjf_grammar.py
@@ -0,0 +1,103 @@
+"""
+The MIT License (MIT)
+
+Copyright (c) 2016 Daniele Linguaglossa <d.linguaglossa@mseclab.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+"""
+from gramfuzz.fields import *
+import gramfuzz
+
+def generate_json(path):
+    grammar = gramfuzz.GramFuzzer()
+    grammar.load_grammar(path)
+    for x in grammar.gen(cat="json", num=10, max_recursion=10):
+        if x not in ["{}", "[]"]:
+            j = json.loads(x)
+            del grammar
+            return j
+    return {"dummy": 1}
+
+TOP_CAT = "json"
+
+class RDef(Def): cat="json-def"
+
+class RRef(Ref): cat="json-def"
+
+Def("json",
+    RRef("json-object") | RRef("json-array"),
+cat="json")
+
+RDef("json-array",
+     And("[",Join(RRef("value"), max=3, sep=","), "]") |
+     And('[',Join(RRef("empty"), max=1), "]") |
+     And('[',Join(RRef("json-array"), max=3, sep=","), "]")|
+     And('[',Join(RRef("json-object"), max=3, sep=","), "]")
+)
+
+RDef("key-value",
+
+     RRef("key") & ":" & RRef("value")
+
+)
+
+RDef("key-array",
+
+     RRef("key") & ":" & RRef("json-array")
+
+)
+
+RDef("key-object",
+
+     RRef("key") & ":" & RRef("json-object")
+
+)
+
+RDef("json-object",
+     And("{", Join(RRef("key-value"), max=3, sep=","), "}") |
+     And("{", Join(RRef("key-array"), max=3, sep=","), "}") |
+     And("{", Join(RRef("key-object"), max=3, sep=","), "}") |
+     And("{", RRef("empty"), "}")
+
+)
+
+RDef("key",
+     Q(String(charset=String.charset_alphanum, min=5, max=10))
+)
+
+RDef("sep",
+    ":"
+)
+
+RDef("value",
+    Int | Float | RRef("boolean") | RRef("key") | UInt | UFloat | RRef("null")
+)
+
+RDef("empty",
+
+     ""
+)
+
+RDef("null",
+     "null"
+)
+
+RDef("boolean",
+     Or("true", "false")
+)
diff --git a/pyjfuzz/core/pjf_version.py b/pyjfuzz/core/pjf_version.py
@@ -27,7 +27,7 @@
 
 PYJFUZZ_COMPANY = 'Mobile Security Lab 2016'
 
-PYJFUZZ_VERSION = '1.1.1'
+PYJFUZZ_VERSION = '1.1.2'
 
 PYJFUZZ_AUTHOR = "Daniele 'dzonerzy' Linguaglossa"
 
diff --git a/pyjfuzz/core/pjf_worker.py b/pyjfuzz/core/pjf_worker.py
@@ -45,7 +45,10 @@ def __init__(self, config):
     def browser_autopwn(self):
         try:
             from tools import TOOLS_DIR
-            to_fuzz = {'lvl1': {"lvl2": [1, 1.0, "True"]}, "lvl1-1": [{"none": None, "inf": [{"a": {"a": "a"}}]}]}
+            if not self.config.auto:
+                to_fuzz = {'lvl1': {"lvl2": [1, 1.0, "True"]}, "lvl1-1": [{"none": None, "inf": [{"a": {"a": "a"}}]}]}
+            else:
+                to_fuzz = self.config.generate_json(self.config.grammar_path)
             run = "{0} http://127.0.0.1:8080/fuzzer.html".format(self.config.browser_auto)
             config = PJFConfiguration(Namespace(json=to_fuzz,
                                                 html=TOOLS_DIR,
@@ -75,7 +78,10 @@ def browser_autopwn(self):
     def web_fuzzer(self):
         try:
             from tools import TOOLS_DIR
-            to_fuzz = {'lvl1': {"lvl2": [1, 1.0, "True"]}, "lvl1-1": [{"none": None, "inf": [{"a": {"a": "a"}}]}]}
+            if not self.config.auto:
+                to_fuzz = {'lvl1': {"lvl2": [1, 1.0, "True"]}, "lvl1-1": [{"none": None, "inf": [{"a": {"a": "a"}}]}]}
+            else:
+                to_fuzz = self.config.generate_json(self.config.grammar_path)
             run = "{0} http://127.0.0.1:8080/fuzzer.html".format(self.config.browser_auto)
             config = PJFConfiguration(Namespace(json=to_fuzz,
                                                 html=TOOLS_DIR,
diff --git a/pyjfuzz/pyjfuzz.py b/pyjfuzz/pyjfuzz.py
@@ -49,6 +49,9 @@ def main():
     group.add_argument('--F', metavar='FILE', help='Path to file', type=pjf_configuration.PJFConfiguration.valid_file,
                        default=None, dest="json_file")
 
+    group.add_argument('--auto', action='store_true', help='Automatically generate JSON init testcase', dest='auto',
+                        default=False)
+
     parser.add_argument('-p', metavar='PARAMS', help='Parameters comma separated', required=False, dest="parameters")
 
     parser.add_argument('-t', metavar='TECHNIQUES', help='Techniques "CHPTRSX"\n\n'
diff --git a/setup.py b/setup.py
@@ -63,7 +63,8 @@ def get_package_data():
     install_requires=[
         'bottle',
         'netifaces',
-        'GitPython'
+        'GitPython',
+        'gramfuzz'
     ],
 )
 

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,8 @@ def get_package_data():`
`63`	`63`	`install_requires=[`
`64`	`64`	`'bottle',`
`65`	`65`	`'netifaces',`
`66`		`- 'GitPython'`
	`66`	`+ 'GitPython',`
	`67`	`+ 'gramfuzz'`
`67`	`68`	`],`
`68`	`69`	`)`
`69`	`70`