Dirty first version.

Mickael-van-der-Beek · Oct 4, 2014 · dc0d318 · dc0d318
1 parent 427377e
commit dc0d318
Show file tree

Hide file tree

Showing 14 changed files with 317 additions and 0 deletions.
diff --git a/src/cerberus.js b/src/cerberus.js
@@ -1,3 +1,5 @@
+var Fuzzer = require('./fuzzer');
+
 module.exports = (function () {
 	'use strict';
 
@@ -9,6 +11,9 @@ module.exports = (function () {
 
 	};
 
+	Fuzzer.fuzzModules();
+	// console.log(Fuzzer.generatePayloads());
+
 	return Cerberus;
 
 })();
diff --git a/src/fuzzer.js b/src/fuzzer.js
@@ -0,0 +1,142 @@
+var crypto = require('crypto');
+
+var Validator = require('./validator');
+
+var Functions = require('./payloads/functions');
+var Booleans = require('./payloads/booleans');
+var Objects = require('./payloads/objects');
+var Numbers = require('./payloads/numbers');
+var Strings = require('./payloads/strings');
+var Buffers = require('./payloads/buffers');
+var RegExps = require('./payloads/regexps');
+var Errors = require('./payloads/errors');
+var Arrays = require('./payloads/arrays');
+var Dates = require('./payloads/dates');
+
+var CryptoSchema = require('./schemas/core/crypto');
+
+module.exports = (function () {
+	'use strict';
+
+	function Fuzzer () {
+		Validator.configure({
+			typeStrict: true,
+			formatStrict: true,
+			existenceStrict: true,
+			nullAsExistence: false,
+			undefinedAsExistence: false
+		});
+
+		this.payloads = [].concat(
+			[
+				undefined
+			],
+			Functions,
+			Booleans,
+			Objects,
+			Numbers,
+			Strings,
+			Buffers,
+			RegExps,
+			Errors,
+			Arrays,
+			Dates,
+			[
+				null
+			]
+		);
+
+		this.modules = {
+			crypto: crypto
+		}
+
+		this.schemas = {
+			crypto: CryptoSchema
+		}
+	}
+
+	Fuzzer.prototype.fuzzModules = function (config) {
+		var schema;
+		var module;
+
+		for(var moduleName in this.schemas) {
+			schema = this.schemas[moduleName];
+			module = this.modules[moduleName];
+
+			this.fuzzModule(schema, module);
+		}
+	};
+
+	Fuzzer.prototype.fuzzModule = function (schema, module) {
+		for(var methodName in schema) {
+			this.fuzzMethod(schema, module, methodName);
+		}
+	};
+
+	Fuzzer.prototype.fuzzMethod = function (schema, module, methodName) {
+		var outputSchema = schema[methodName].output;
+		var inputSchema = schema[methodName].input;
+
+		var overload = [];
+		for(var i = 0; i < inputSchema.length; i++) {
+			overload.push(this.payloads);
+		}
+
+		var payloads = this.generatePayloads(overload);
+		var len = payloads.length;
+		var output;
+		var input;
+
+		var errors = {};
+
+		while(len--) {
+			input = payloads[len];
+
+			console.log('1 INPUT:', input);
+			console.log('1 NAME:', methodName);
+
+			try {
+				output = module[methodName].apply(module, input);
+			}
+			catch(e) {
+				output = e;
+			}
+
+			if(output instanceof Error) {
+				if(!errors[output]) {
+					errors[output] = output;
+					console.log('\n---------------------');
+					console.log('1 OUTPUT:', output);
+					console.log('1 ERROR:', input);
+				}
+			}
+			else if(!Validator.validate(outputSchema, output)) {
+				console.log('\n---------------------');
+				console.log('2 OUTPUT:', output);
+				console.log('2 CORRUPT:', input);
+			}
+		}
+	};
+
+	Fuzzer.prototype.generatePayloads = function (payloads) {
+		var inputs = [];
+		var max = payloads.length - 1;
+		function getCombinations(array, i) {
+			for (var j = 0, l = payloads[i].length; j < l; j++) {
+				var combination = array.slice(0);
+				combination.push(payloads[i][j])
+				if (i === max) {
+					inputs.push(combination);
+				}
+				else {
+					getCombinations(combination, i + 1);
+				}
+			}
+		}
+		getCombinations([], 0);
+		return inputs;
+	};
+
+	return new Fuzzer();
+
+})();
diff --git a/src/payloads/arrays.js b/src/payloads/arrays.js
@@ -0,0 +1,9 @@
+var list = ['a'];
+
+module.exports = [
+	[],
+	[1, 'a'],
+	(list['test'] = 1) && list,
+	new Array(),
+	new Array(5)
+];
diff --git a/src/payloads/booleans.js b/src/payloads/booleans.js
@@ -0,0 +1,4 @@
+module.exports = [
+	false,
+	true
+];
diff --git a/src/payloads/buffers.js b/src/payloads/buffers.js
@@ -0,0 +1,12 @@
+module.exports = [
+	new Buffer(0),
+	new Buffer(1),
+	new Buffer(10, 'binary'),
+	new Buffer('ﬂ∂∏', 'utf8'),
+	new Buffer('ﬂ∂∏', 'ucs2'),
+	new Buffer('ﬂ∂∏', 'utf16le'),
+	new Buffer('HelloWorld', 'base64'),
+	new Buffer('Hello World!', 'ascii'),
+	new Buffer('Hello World!', 'ascii'),
+	new Buffer('0123456789abcdef', 'hex')
+];
diff --git a/src/payloads/dates.js b/src/payloads/dates.js
@@ -0,0 +1,6 @@
+module.exports = [
+	new Date(),
+	new Date(NaN),
+	new Date(8640000000000000),
+	new Date(-8640000000000000)
+];
diff --git a/src/payloads/errors.js b/src/payloads/errors.js
@@ -0,0 +1,5 @@
+module.exports = [
+	new Error(),
+	new TypeError(),
+	new SyntaxError()
+];
diff --git a/src/payloads/falsies.js b/src/payloads/falsies.js
@@ -0,0 +1,4 @@
+module.exports = [
+	null,
+	undefined
+];
diff --git a/src/payloads/functions.js b/src/payloads/functions.js
@@ -0,0 +1,5 @@
+module.exports = [
+	function () {},
+	new Function (),
+	function noop() {}
+];
diff --git a/src/payloads/numbers.js b/src/payloads/numbers.js
@@ -0,0 +1,19 @@
+module.exports = [
+	0,
+	-1,
+	1,
+	Math.pow(2, 8),
+	Math.pow(2, 8) + 1,
+	Math.pow(2, 8) - 1,
+	Math.pow(2, 16),
+	Math.pow(2, 16) + 1,
+	Math.pow(2, 16) - 1,
+	Math.pow(2, 32),
+	Math.pow(2, 32) + 1,
+	Math.pow(2, 32) - 1,
+	Math.pow(2, 64),
+	Math.pow(2, 64) + 1,
+	Math.pow(2, 64) - 1,
+	Number.MAX_VALUE,
+	Number.MIN_VALUE
+];
diff --git a/src/payloads/objects.js b/src/payloads/objects.js
@@ -0,0 +1,8 @@
+module.exports = [
+	{},
+	{
+		1: 'a',
+		a: '1'
+	},
+	new Object()
+];
diff --git a/src/payloads/regexps.js b/src/payloads/regexps.js
@@ -0,0 +1,4 @@
+module.exports = [
+	/.+/,
+	/.+/gim
+];
diff --git a/src/payloads/strings.js b/src/payloads/strings.js
@@ -0,0 +1,32 @@
+module.exports = [
+	'',
+	'`',
+	'´',
+	'_',
+	'.',
+	'-',
+	'+',
+	'˙',
+	'"',
+	'<',
+	'>',
+	';',
+	'&',
+	'@',
+	'--',
+	'\\',
+	'//',
+	'\n',
+	'\r',
+	'\'',
+	'://',
+	'\n\r',
+	'%00',
+	'\x00',
+	'\u0000',
+	'\0',
+	'null',
+	'ﬂ∂∏ı',
+	'undefined',
+	new Buffer(0x64).toString()
+];
diff --git a/src/schemas/core/crypto.js b/src/schemas/core/crypto.js
@@ -2,6 +2,68 @@ var crypto = require('crypto');
 
 module.exports = {
 
+	// createCredentials: {
+	// 	input: [{
+	// 		name: 'pfx',
+	// 		type: 'String' // or Buffer
+	// 	}, {
+	// 		name: 'key',
+	// 		type: 'String'
+	// 	}, {
+	// 		name: 'passphrase',
+	// 		type: 'String'
+	// 	}, {
+	// 		name: 'cert',
+	// 		type: 'String'
+	// 	}, {
+	// 		name: 'ca',
+	// 		type: 'String',
+	// 		optional: true
+	// 	}, {
+	// 		name: 'crl',
+	// 		type: 'String'
+	// 	}, {
+	// 		name: 'ciphers',
+	// 		type: 'String'
+	// 	}],
+	// 	output: [{
+	// 		type: 'String'
+	// 	}]
+	// },
+
+	createDiffieHellman: {
+		input: [{
+			name: 'prime_length',
+			type: 'Number'
+		}],
+		output: [{
+			type: crypto.Cipher
+		}]
+	},
+
+	createDiffieHellman: {
+		input: [{
+			name: 'prime',
+			type: 'Number'
+		}, {
+			name: 'encoding',
+			type: 'String'
+		}],
+		output: [{
+			type: 'String'
+		}]
+	},
+
+	createHash: {
+		input: [{
+			name: 'algorithm',
+			type: 'String'
+		}],
+		output: [{
+			type: 'String'
+		}]
+	},
+
 	createCipher: {
 		input: [{
 			name: 'algorithm',