fuzzer 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/fuzzer +5 -0
- data/lib/fuzzer.rb +8 -0
- data/lib/fuzzer/cli.rb +119 -0
- data/lib/fuzzer/version.rb +3 -0
- data/test/test_fuzzer.rb +9 -0
- metadata +115 -0
data/bin/fuzzer
ADDED
data/lib/fuzzer.rb
ADDED
data/lib/fuzzer/cli.rb
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
require 'open-uri'
|
|
2
|
+
require 'right_aws'
|
|
3
|
+
|
|
4
|
+
module Fuzzer
|
|
5
|
+
|
|
6
|
+
class CLI
|
|
7
|
+
def self.start(argv)
|
|
8
|
+
url = argv.shift
|
|
9
|
+
|
|
10
|
+
data = YAML::load(File.read("config.yml"));
|
|
11
|
+
if data['secret_access_key'].nil? || data['access_key_id'].nil?
|
|
12
|
+
puts "In this directory, create a config.yml file with the Amazon secret_access_key: <value> and access_key_id: <value>"
|
|
13
|
+
exit(1)
|
|
14
|
+
end
|
|
15
|
+
if (url.nil?)
|
|
16
|
+
puts "Usage: bundle exec fuzzer <url>"
|
|
17
|
+
exit(1)
|
|
18
|
+
end
|
|
19
|
+
unless url =~ /^#{URI::regexp}$/
|
|
20
|
+
puts "I'm not seeing a valid URL here: #{url}"
|
|
21
|
+
exit(1)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
file_name = CLI.download(url)
|
|
25
|
+
short_name = CLI.gunzip(file_name)
|
|
26
|
+
|
|
27
|
+
# manipulate it
|
|
28
|
+
puts "We can corrupt this database two ways:"
|
|
29
|
+
puts " easy: only currupt data that would come from the feed"
|
|
30
|
+
puts " severe: also corrupt db integrity and delete nodes"
|
|
31
|
+
|
|
32
|
+
begin
|
|
33
|
+
print "e)asy or s)evere? "
|
|
34
|
+
input = gets.chomp
|
|
35
|
+
end while (input != "e" && input != "s")
|
|
36
|
+
|
|
37
|
+
db = SQLite3::Database.new(short_name)
|
|
38
|
+
CLI.fuzz_content(db)
|
|
39
|
+
CLI.fuzz_integrity(db) if input == "s"
|
|
40
|
+
|
|
41
|
+
# Query as to what should be broken?
|
|
42
|
+
final_name = CLI.gzip(short_name)
|
|
43
|
+
upload(data, final_name)
|
|
44
|
+
|
|
45
|
+
rescue Exception => e
|
|
46
|
+
puts "Well, that didn't end well: #{e.message}"
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
# content_items, content_item_details, that aren't id or *_fk
|
|
52
|
+
# change types, nullify, empty string, etc.
|
|
53
|
+
def self.fuzz_content(db)
|
|
54
|
+
values = ["null", "''", "'true'", "'false'", 0, 1, 4, 4.0, "'This is a very long string * This is a very long string * This is a very long string * This is a very long string * This is a very long string * This is a very long string * This is a very long string * This is a very long string * This is a very long string'"]
|
|
55
|
+
|
|
56
|
+
results = db.query("select * from content_items limit 1")
|
|
57
|
+
cols = results.columns.select { |name| name != "id" && !name.end_with?("_fk") }
|
|
58
|
+
|
|
59
|
+
db.execute("select * from content_items").each do |row|
|
|
60
|
+
(5).times do
|
|
61
|
+
db.execute("update content_items set #{cols.sample} = #{values.sample} where id = #{row[0]}")
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
results.close
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
# blobs, android_metadata can also be corrupted.
|
|
68
|
+
# Nodes can be deleted. ids and fks can be nullified.
|
|
69
|
+
# For now, just find and change an app_unique_key
|
|
70
|
+
def self.fuzz_integrity(db)
|
|
71
|
+
rows = db.execute("select app_unique_key from content_items where app_unique_key is not null and app_unique_key != 'Settings' and app_unique_key != 'settings'")
|
|
72
|
+
key = rows.sample
|
|
73
|
+
db.execute("update content_items set title='Fuzzed',app_unique_key='fuzzed' where app_unique_key = ?", key)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def self.download(url)
|
|
77
|
+
uri = URI.parse(url)
|
|
78
|
+
file_name = uri.path[uri.path.rindex("/")+1,uri.path.length]
|
|
79
|
+
File.open(file_name, "wb") do |saved_file|
|
|
80
|
+
open(url, 'rb') do |read_file|
|
|
81
|
+
saved_file.write(read_file.read)
|
|
82
|
+
puts "Downloaded: #{url}"
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
file_name
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def self.gunzip(file_name)
|
|
89
|
+
short_name = file_name.gsub('.gz','')
|
|
90
|
+
File.open(short_name, "w+") do |file|
|
|
91
|
+
gunk = File.open(file_name, "rb")
|
|
92
|
+
file.write( Zumobi::GzipReader.un_gzip(gunk.read))
|
|
93
|
+
end
|
|
94
|
+
FileUtils.rm(file_name)
|
|
95
|
+
puts "Gunzipped the db: #{file_name}"
|
|
96
|
+
short_name
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
def self.gzip(file_name)
|
|
100
|
+
new_name = file_name.gsub(".db", ".#{Time.now.to_i.to_s}.db.gz")
|
|
101
|
+
File.open(new_name, "w+") do |file|
|
|
102
|
+
gunk = File.open(file_name, "rb")
|
|
103
|
+
file.write( Zumobi::GzipWriter.gzip(gunk.read))
|
|
104
|
+
end
|
|
105
|
+
FileUtils.rm(file_name)
|
|
106
|
+
puts "Gzipped the db: #{new_name}"
|
|
107
|
+
new_name
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def self.upload(data, final_name)
|
|
111
|
+
s3 = Rightscale::S3.new(data['access_key_id'], data['secret_access_key'])
|
|
112
|
+
bucket = s3.bucket('media.test.zumobi.net', true)
|
|
113
|
+
key = bucket.key("fuzzed/#{final_name}")
|
|
114
|
+
key.put(File.read(final_name), 'public-read')
|
|
115
|
+
puts "Fuzzed db now available at: http://media.test.zumobi.net/fuzzed/#{final_name}"
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
end
|
data/test/test_fuzzer.rb
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
require 'test/unit'
|
|
2
|
+
require 'rubygems' # Tests don't run without this, in 1.8.7 at least.
|
|
3
|
+
require 'fuzzer'
|
|
4
|
+
|
|
5
|
+
class FuzzerTest < Test::Unit::TestCase
|
|
6
|
+
def test_output
|
|
7
|
+
# assert_equal "This is my task".colorize(:color => :green), Fuzzer.new.generate()
|
|
8
|
+
end
|
|
9
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: fuzzer
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
prerelease:
|
|
6
|
+
platform: ruby
|
|
7
|
+
authors:
|
|
8
|
+
- Alx Dark
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2013-07-29 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: right_aws
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '0'
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0'
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: zumobi
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
34
|
+
requirements:
|
|
35
|
+
- - ! '>='
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
type: :runtime
|
|
39
|
+
prerelease: false
|
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
42
|
+
requirements:
|
|
43
|
+
- - ! '>='
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
46
|
+
- !ruby/object:Gem::Dependency
|
|
47
|
+
name: sqlite3
|
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
50
|
+
requirements:
|
|
51
|
+
- - ! '>='
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '0'
|
|
54
|
+
type: :runtime
|
|
55
|
+
prerelease: false
|
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
58
|
+
requirements:
|
|
59
|
+
- - ! '>='
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
- !ruby/object:Gem::Dependency
|
|
63
|
+
name: debugger
|
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
66
|
+
requirements:
|
|
67
|
+
- - ! '>='
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '0'
|
|
70
|
+
type: :runtime
|
|
71
|
+
prerelease: false
|
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
+
none: false
|
|
74
|
+
requirements:
|
|
75
|
+
- - ! '>='
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
version: '0'
|
|
78
|
+
description: Downloads, corrupts, and uploads client sqlite dbs for testing purposes.
|
|
79
|
+
email: alx.dark@zumobi.com
|
|
80
|
+
executables:
|
|
81
|
+
- fuzzer
|
|
82
|
+
extensions: []
|
|
83
|
+
extra_rdoc_files: []
|
|
84
|
+
files:
|
|
85
|
+
- lib/fuzzer/cli.rb
|
|
86
|
+
- lib/fuzzer/version.rb
|
|
87
|
+
- lib/fuzzer.rb
|
|
88
|
+
- test/test_fuzzer.rb
|
|
89
|
+
- bin/fuzzer
|
|
90
|
+
homepage: ''
|
|
91
|
+
licenses: []
|
|
92
|
+
post_install_message:
|
|
93
|
+
rdoc_options: []
|
|
94
|
+
require_paths:
|
|
95
|
+
- lib
|
|
96
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
97
|
+
none: false
|
|
98
|
+
requirements:
|
|
99
|
+
- - ! '>='
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: '0'
|
|
102
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
|
+
none: false
|
|
104
|
+
requirements:
|
|
105
|
+
- - ! '>='
|
|
106
|
+
- !ruby/object:Gem::Version
|
|
107
|
+
version: '0'
|
|
108
|
+
requirements: []
|
|
109
|
+
rubyforge_project:
|
|
110
|
+
rubygems_version: 1.8.23
|
|
111
|
+
signing_key:
|
|
112
|
+
specification_version: 3
|
|
113
|
+
summary: Fuzzes client sqlite dbs.
|
|
114
|
+
test_files:
|
|
115
|
+
- test/test_fuzzer.rb
|