Skip to content

gargi/Fuzzing

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The goal of this workshop is to use fuzzing to test a tool called marqdown, which takes a markdown file, and generates a html rendering of a survey:

See marqdown in use at checkbox.io.

Fuzzing

Fuzzing is a random testing techique. Fuzzing can be divided into "black-box" (dumb) and "white-box" (smart) approaches. In this workshop, we focus on "black-box" fuzzing. Generally, black-box fuzzing can be implemented in two ways:

  1. generative: test input is randomly created. Generation can be guided by grammars or other domain knowledge. This approach is commonly used for security testing.
  2. mutation: test input is randomly modified. The test input can be existing templates, input files, or captured network traffic that is replayed. Imagine you were testing Microsoft Word and you had a 200 page document. If you randomly made changes to the document and attempted to open it with Word—chances are you might be able to discover a bug.

Setup

Clone this repository and run npm install.

We will be using a mutation approach in this workshop. To assist, two files have been provided, simple.md, and test.md, which are markdown files read by the program.

Running node main.js will output:

passed 1000, failed 0, reduced 0

The program is simply reading an input file and for a 1000 times

  • asking a fuzzer to randomly change the string
  • passing the fuzzed input to marqdown and simply checking for exceptions being thrown (our test oracle):
    var markDown = fs.readFileSync('test.md','utf-8');
    //var markDown = fs.readFileSync('simple.md','utf-8');

    for (var i = 0; i < 1000; i++) {

        var mutuatedString = fuzzer.mutate.string(markDown);

        try
        {
            marqdown.render(mutuatedString);
            passedTests++;
        }
        catch(e)
        {
            failedTests.push( {input:mutuatedString, stack: e.stack} );
        }
    }

But the fuzzer right now is just returning the same string!

Generating Fuzzed Input Files

Now, we need to generate mutations to the input file in order to discover failures. Add the following functionality:

  • With 5% chance, reverse the input string.

  • Alternate between templates.

  • With 25% chance, remove a random set of characters, from a random start position: HINT: See Array.splice

  • With a 25% chance, insert random characters into the string HINT: See insert array into another

  • With a 5% chance, repeat.

See random-js for tips on using some helpful random utilities.

Minification

Fuzzing may create many inputs that are exercising the same bug. A test suite minification step will attempt to discard test cases that are not any more effective. Use stack trace to help determine if you are triggering the same bug, then only save the minimum tests needed (Inside reducedTests).

Bonus

Consider a generative approach based on the grammar of markdown.

  • Headers
  • Lists
  • Inline HTML
  • etc.

About

FuzzingWorkshop

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 90.3%
  • HTML 9.7%