Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing on PyLoxone at Uni-Ulm #292

Open
wants to merge 266 commits into
base: master
Choose a base branch
from
Open

Fuzzing on PyLoxone at Uni-Ulm #292

wants to merge 266 commits into from

Conversation

ThorbenCarl
Copy link

Hi everyone,
hi @JoDehli,

we are 5 students from the University of Ulm and we had to fuzz some project for our lecture "Software Security Testing".

You can do whatever you want with our work. For us it was more about the lecture, trying things out and getting a grade bonus ;-)

We found two little things in helpers.py that we don't want to withhold from you:

  • map_range():
    • A possible 0 division is not checked or intercepted.
    • If in_max and in_min are equal.
  • get_all():
    • If the key controls or type is not in the json_data: dict the function crashes.

Chears

Hit me up for the non-existent documentation... ;-)

ThorbenCarl and others added 30 commits May 22, 2024 08:43
@ThorbenCarl
update uml and readme
fc02ea9
@ThorbenCarl
UML update
aedb167
@jonathanheitzmann
all_values_pool verbessert
97a7662
@jonathanheitzmann
dummy
2511dff
@ThorbenCarl
Merge pull request #4 from ThorbenCarl/fuzzing/value_pools
b0bcd9d 
Fuzzing/value pools
@jonathanheitzmann
returns list of lists without combination
f23d947
@ThorbenCarl
fixed ValuePoolFuzzer to generate full param_set
faaadb7
@ThorbenCarl
add testcases for all functions in helper.py
d91e9d1
@ThorbenCarl
update docs
a1cd636
@ThorbenCarl
Merge pull request #2 from ThorbenCarl/fuzzing/value_pool__value_pool…
daea2d1 
…_fuzzer

Add Value Pools and Value Pool Fuzzer
@ThorbenCarl
Merge pull request #3 from ThorbenCarl/fuzzing/value_pools
f364c56 
Add value pools to the fuzzing project.
@ThorbenCarl
Update UML
7bbf16a
@ThorbenCarl
update TODOs in readme
50ec586
add grammar fuzzer base
45e3cf0
Merge branch 'refs/heads/master' into fuzzing/grammars
fabfa64
@ThorbenCarl
Add Dummy test case for grammars
886efea
@ThorbenCarl
Merge pull request #5 from ThorbenCarl/fuzzing/general
208507e 
Update of TODOs and UML
@ThorbenCarl
Merge remote-tracking branch 'origin/master' into fuzzing/grammars
d92d952
@ThorbenCarl
update TODOs in readme
95060cd
@ThorbenCarl
UML update
1cc4f9a
@ThorbenCarl
Merge branch 'fuzzing/grammars' into fuzzing/general
a3a4c84
@jonathanheitzmann
implemented parameter combination
0502ccd
@ThorbenCarl
update TODO in readme
ce83571
@ThorbenCarl
update UML,
be7fdec 
update readme
@jonathanheitzmann
updated documentation, removed doubled for loop, set different param_…
25d699d 
…combi values
@ThorbenCarl
change inline docstring comments to normal comments,
ff02d9d 
run auto formatter
Add method limit_param_set to ValuePoolFuzzer class
06c5276 
- Implemented limit_param_set method which reduces the number of
  elements in a param_set to a specified number
- Tested function by implementing the method into the test function
  "test_map_range()"
Add method limit_param_set to ValuePoolFuzzer class
df9b195 
- Implemented limit_param_set method which reduces the number of
  elements in a param_set to a specified number
- Tested function by implementing the method into the test function
  "test_map_range()"
Add method limit_param_set to ValuePoolFuzzer class
1cdbd03 
- Implemented limit_param_set method which reduces the number of elements in a param_set to a specified number
- Tested function by implementing the method into the test function "test_map_range()"
@jonathanheitzmann
fixed return list of lists, made methods private
d5ecf44
David Sievers and others added 30 commits July 2, 2024 19:53
Merge remote-tracking branch 'origin/HEAD' into fuzzing/generators
d381e86
Delete Mutator
1aedcc0 
- Deleted mutator and shiftet mutation method to GreyBoxRunner ->
  Mutator class unnecessary with one method in it
- Adjusted uml diagram
Change in GreyBoxFuzzer
9fb7310 
- Deleted unnecessary functionality
Updated type annotation and UML, defined first testcase but does not …
106cb4b 
…work yet
@ThorbenCarl
update readme
55e4483
@ThorbenCarl
Merge pull request #19 from ThorbenCarl/fuzzing/add_grammar_testcase
87e1729 
Fuzzing/add grammar testcase
Merged master branch to feature branch
0cc7d2c
@ThorbenCarl
update readme
0e957c1
@jonathanheitzmann
Dict update as JSON Dict
ad424d3
@jonathanheitzmann
JSON Dict Update
5fb4aa0
Updated: code with types, UML
6e74859 
Found test on PyLoxone for generators which runs (but is trivial)
Merge remote-tracking branch 'origin/master' into fuzzing/generators
0b329e1
updated uml
e2724d7
@JKortmann
Merge pull request #23 from ThorbenCarl/fuzzing/mutational_grey_box
0aba679 
Fuzzing/mutational grey box
@ThorbenCarl
fix bug in dict pool
d58ea1f
@ThorbenCarl
Merge pull request #24 from ThorbenCarl/ValuePool
7569ac0 
ValuePool Dict as JSON Dict
@ThorbenCarl
Merge remote-tracking branch 'origin/master' into fuzzing/add_grammar…
e061207 
…_testcase
@ThorbenCarl
Merge remote-tracking branch 'origin/master' into fuzzing/add_grammar…
e545da0 
…_testcase
@ThorbenCarl
update UML and Readme
985f84d
removed code for debugging according to change request
db1b37b
Merge remote-tracking branch 'origin/master' into fuzzing/generators
133130f
updated uml to match the changes according to the changerequest
9926ad5
@ThorbenCarl
uml update
629131f
@ThorbenCarl
Merge remote-tracking branch 'origin/fuzzing/generators' into fuzzing…
e92b594 
…/add_grammar_testcase
@ThorbenCarl
update UML and readme
6e942cb
@ThorbenCarl
Merge pull request #16 from ThorbenCarl/fuzzing/generators
d029f35 
Fuzzing/generators
@ThorbenCarl
Merge remote-tracking branch 'origin/master' into fuzzing/add_grammar…
ec52ba1 
…_testcase
@ThorbenCarl
UML Update
9d4a072
@ThorbenCarl
Merge pull request #25 from ThorbenCarl/fuzzing/add_grammar_testcase
b89d10d 
Fuzzing/add grammar testcase
@ThorbenCarl
Merge pull request #26 from JoDehli/master
403dfdd 
Update fork from master project
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ThorbenCarl @jonathanheitzmann @hoegma @dsiev @JKortmann