Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GUIFuzzer: Error on newline in html attribute #77

Open
SecureAB opened this issue Jun 20, 2020 · 0 comments
Open

GUIFuzzer: Error on newline in html attribute #77

SecureAB opened this issue Jun 20, 2020 · 0 comments

Comments

@SecureAB
Copy link
Contributor

SecureAB commented Jun 20, 2020
edited
Loading

Describe the bug
The grammar which is generated by the GUIGrammarMiner doesn't handle newlines in html attributes correctly.

To Reproduce

  1. Try to run the following example:
import threading
import html
import time

from http.server import HTTPServer, BaseHTTPRequestHandler, HTTPStatus
from fuzzingbook.GUIFuzzer import start_webdriver, GUIRunner, GUICoverageFuzzer, GUIGrammarMiner

EXAMPLE_PAGE = """
<html>
    <body>
        <button name="test
">Button with a newline</button>
    </body>
</html>
"""

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):

    def do_GET(self):
        self.send_response(HTTPStatus.OK, "Testpage")
        self.send_header("Content-type", "text/html")
        self.end_headers()
        self.wfile.write(EXAMPLE_PAGE.encode("utf8"))

def run_httpd_forever():
    httpd_address = ("127.0.0.1", 9000)
    httpd = HTTPServer(httpd_address, SimpleHTTPRequestHandler)
    httpd.serve_forever()
    print("Serving forever")


def main():
    http_thread = threading.Thread(target=run_httpd_forever, daemon=True)
    http_thread.start()

    print("Starting driver")
    gui_driver = start_webdriver("chrome", True)
    gui_driver.get("http://127.0.0.1:9000/")


    runner = GUIRunner(gui_driver)
    fuzzer = GUICoverageFuzzer(gui_driver, log_gui_exploration=True)

    fuzzer.explore_all(runner)


if __name__ == "__main__":
    main()
  1. The following error is thrown:
 Starting driver
127.0.0.1 - - [15/Jun/2020 14:31:10] "GET / HTTP/1.1" 200 -
Run #1
127.0.0.1 - - [15/Jun/2020 14:31:10] "GET / HTTP/1.1" 200 -
Action submit('test
') -> <state-1>
Traceback (most recent call last):
  File "bug.py", line 50, in <module>
    main()
  File "bug.py", line 44, in main
    fuzzer.explore_all(runner)
  File "/home/SecureAB/.local/lib/python3.7/site-packages/fuzzingbook/GUIFuzzer.py", line 1149, in explore_all
    self.run(runner)
  File "/home/SecureAB/.local/lib/python3.7/site-packages/fuzzingbook/GUIFuzzer.py", line 1012, in run
    result, outcome = runner.run(action)
  File "/home/SecureAB/.local/lib/python3.7/site-packages/fuzzingbook/GUIFuzzer.py", line 792, in run
    {'fill': fill, 'check': check, 'submit': submit, 'click': click})
  File "<string>", line 1
    submit('test
               ^

Expected behavior
The explore_all call should return normally.

Desktop (please complete the following information):

  • OS: Debian Linux
  • Browser: Chromium
  • Python version: 3.7

Additional context
The grammar generates python code which is later executed. Python strings like the following are invalid:

submit('test
')

The same exists if the html text ends with a backslash \.
SecureAB added a commit to SecureAB/fuzzingbook that referenced this issue Jun 20, 2020
@SecureAB
Fix handling of newlines in html attributes
c2fd76f 
Fix uds-se#77
@SecureAB SecureAB mentioned this issue Jun 20, 2020
Closed
SecureAB added a commit to SecureAB/fuzzingbook that referenced this issue Jun 21, 2020
@SecureAB
Fix handling of newlines in html attributes
823ded7 
Fix uds-se#77
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GUIFuzzer: Fix handling of newlines in html attributes SecureAB/fuzzingbook
1 participant
@SecureAB