-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathfuzz.js
More file actions
64 lines (51 loc) · 1.51 KB
/
fuzz.js
File metadata and controls
64 lines (51 loc) · 1.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
const { it, describe } = require('mocha')
const assert = require('assert')
const crypto = require('crypto')
const { DDWAF } = require('..')
const rules = require('./rules.json')
const blns = require('./blns.json')
const TIMEOUT = 9999e3
const waf = new DDWAF(rules, 'recommended')
const ENCODINGS = [ // from https://github.com/nodejs/node/blob/master/lib/buffer.js
'utf8',
'ucs2',
'utf16le',
'latin1',
'ascii',
'base64',
'base64url',
'hex'
].filter((encoding) => {
try {
Buffer.from('hello', encoding)
return true
} catch (_) {
return false
}
})
function test (buff, encoding = 'utf8') {
const str = buff.toString(encoding)
const context = waf.createContext()
const r1 = context.run({ persistent: { value_attack: str } }, TIMEOUT)
assert(r1 && r1.events, `Expected to handle string value 0x${buff.toString('hex')} in ${encoding}`)
const r2 = context.run({ persistent: { key_attack: { [str]: '' } } }, TIMEOUT)
assert(r2 && r2.events, `Expected to handle string key 0x${buff.toString('hex')} in ${encoding}`)
context.dispose()
}
describe('fuzzing', () => {
it('should hanlde BLNS', () => {
for (let i = 0; i < blns.length; ++i) {
const buff = Buffer.from(blns[i], 'utf8')
test(buff)
}
}).timeout(5000)
it('should handle random strings', () => {
for (let i = 0; i < 1000; ++i) {
const buff = Buffer.alloc(10)
crypto.randomFillSync(buff)
for (const encoding of ENCODINGS) {
test(buff, encoding)
}
}
}).timeout(5000)
})