-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcheck-symex-zoobar.py
executable file
·87 lines (67 loc) · 2.37 KB
/
check-symex-zoobar.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env python2
verbose = True
import symex.fuzzy as fuzzy
import __builtin__
import inspect
import symex.importwrapper as importwrapper
import symex.rewriter as rewriter
importwrapper.rewrite_imports(rewriter.rewriter)
import symex.symflask
import symex.symsql
import symex.symeval
import zoobar
def startresp(status, headers):
if verbose:
print 'startresp', status, headers
def report_balance_mismatch():
print "WARNING: Balance mismatch detected"
def report_zoobar_theft():
print "WARNING: Zoobar theft detected"
def adduser(pdb, username, token):
u = zoobar.zoodb.Person()
u.username = username
u.token = token
pdb.add(u)
def test_stuff():
pdb = zoobar.zoodb.person_setup()
pdb.query(zoobar.zoodb.Person).delete()
adduser(pdb, 'alice', 'atok')
adduser(pdb, 'bob', 'btok')
balance1 = sum([p.zoobars for p in pdb.query(zoobar.zoodb.Person).all()])
pdb.commit()
tdb = zoobar.zoodb.transfer_setup()
tdb.query(zoobar.zoodb.Transfer).delete()
tdb.commit()
environ = {}
environ['wsgi.url_scheme'] = 'http'
environ['wsgi.input'] = 'xxx'
environ['SERVER_NAME'] = 'zoobar'
environ['SERVER_PORT'] = '80'
environ['SCRIPT_NAME'] = 'script'
environ['QUERY_STRING'] = 'query'
environ['HTTP_REFERER'] = fuzzy.mk_str('referrer')
environ['HTTP_COOKIE'] = fuzzy.mk_str('cookie')
## In two cases, we over-restrict the inputs in order to reduce the
## number of paths that "make check" explores, so that it finishes
## in a reasonable amount of time. You could pass unconstrained
## concolic values for both REQUEST_METHOD and PATH_INFO, but then
## zoobar generates around 2000 distinct paths, and that takes many
## minutes to check.
# environ['REQUEST_METHOD'] = fuzzy.mk_str('method')
# environ['PATH_INFO'] = fuzzy.mk_str('path')
environ['REQUEST_METHOD'] = 'GET'
environ['PATH_INFO'] = 'trans' + fuzzy.mk_str('path')
if environ['PATH_INFO'].startswith('//'):
## Don't bother trying to construct paths with lots of slashes;
## otherwise, the lstrip() code generates lots of paths..
return
resp = zoobar.app(environ, startresp)
if verbose:
for x in resp:
print x
## Exercise 6: your code here.
## Detect balance mismatch.
## When detected, call report_balance_mismatch()
## Detect zoobar theft.
## When detected, call report_zoobar_theft()
fuzzy.concolic_test(test_stuff, maxiter=2000, verbose=1)