added string interpolation attack

Daniele Linguaglossa · Daniele Linguaglossa · commit d56d3c47b91f · 2017-03-29T14:40:03.000+02:00
diff --git a/pyjfuzz/core/pjf_configuration.py b/pyjfuzz/core/pjf_configuration.py
@@ -66,11 +66,11 @@ def __init__(self, arguments):
             self.parameters = str(self.parameters).split(",")
         if self.techniques:
             techniques = {
-                "C": [10, 5],
+                "C": [10, 5, 13],
                 "H": [9],
                 "P": [6, 2, 8],
                 "T": [11, 12],
-                "R": [13],
+                "R": [14],
                 "S": [3, 1],
                 "X": [0, 4, 7]
             }
diff --git a/pyjfuzz/core/pjf_mutators.py b/pyjfuzz/core/pjf_mutators.py
@@ -37,11 +37,11 @@ def __init__(self, configuration):
         self.config = configuration
         self.json_fuzzer = self.fuzz
         self.string_mutator = {
-            0: lambda x: x[::-1],
+            0: lambda x: False,
             1: lambda x: self.json_fuzzer(self.get_string_polyglot_attack(x)),
             2: lambda x: "",
             3: lambda x: [x],
-            4: lambda x: False,
+            4: lambda x: [{str(x): str(x)}],
             5: lambda x: {"param": self.json_fuzzer(self.get_string_polyglot_attack(x))},
             6: lambda x: 0,
         }
@@ -112,7 +112,8 @@ def __init__(self, configuration):
             10: "||cmd.exe&&id||%s",
             11: "${7*7}a{{%s}}b",
             12: "{{'%s'*7}}",
-            13: "".join(self.random_chars[random.randint(0, 94)]
+            13: "#{%%x['%s']}+foo",
+            14: "".join(self.random_chars[random.randint(0, 94)]
                         for _ in range(0, random.randint(1, 30))).replace("%", "%%") + "%s"
         }
 
