farnking / Test-Dragon-Forum-of-TBots

a fuzzer lab
1 stars 1 forks source link

inconsistent data type #9

Closed zhuweilun closed 1 year ago

zhuweilun commented 1 year ago
getAllTBotCategories API return result ``` {'2-step verification': 'for testing authentication involving 2-step procedures involving emails or phones.', 'CPU time': 'A tester that report CPU time of the module under testing.', 'GUI': 'testing GUI (black-box)', 'SQLi': 'SQL injection', 'XSS': 'cross-site scripting', 'access control': '94% of applications were tested for some form of broken access control.\n The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control \n had more occurrences in applications than any other category.', 'android': 'testing Android apps', 'configuration': 'testing by setting the configuration page', 'connection check': 'for checking link/connection status', 'coverage': 'trying to gain some coverage', 'cryptography': 'broad symptom rather than a root cause.\n The renewed focus here is on failures related to cryptography\n which often leads to sensitive data exposure or system compromise.', 'csrf': 'client-side request fogery', 'database': '', 'download': 'Testing the download process', 'experimental kits': 'for experiment to explore what you can do with Test-Dragon', 'form': '', 'fuzzing': 'bombarding your AuT input space!', 'homework': '', 'iOS': 'testing iOS apps', 'identification & authentication': 'more related to identification failures,\n but the increased availability of standardized frameworks seems to be helping.', 'injection': '94% of the applications were tested for some form of injection,\n and the 33 CWEs mapped into this category have the second most occurrences in applications.\n Cross-site Scripting is now part of this category in this edition.', 'insecure design': 'a focus on risks related to design flaws.\n If we genuinely want to “move left” as an industry,\n it calls for more use of threat modeling,\n secure design patterns and principles, and reference arca integrity': 'focusing on making assumptions related to software updates,\n critical data, and CI/CD pipelines without verifying integrity.\n One of the highest weighted impacts from Common Vulnerability\n and Exposures/Common Vulnerability Scoring System (CVE/CVSS) data\n mapped to the 10 CWEs in this category.\n Insecure Deserialization from 2017 is now a part of this larger category.', 'ssrf': 'server-side request forgery: The data shows a relatively low incidence rate with above average testing coverage,\n along with above-average ratings for Exploit and Impact potential.\n This category represents the scenario where the security community members\n are telling us this is important, even though it’s not illustrated in the data at this time.', 'system time': 'checking system time', 'test': 'some test labs', 'upload': 'testing the upload process', 'user experience': 'testing for user experience', 'video': 'testing videos', 'vulnerability': 'testing for security vulnerabilities', 'vulnerable & outdated components': 'testing components with known vulnerabilities,\n a default exploit and impact weights of 5.0 are factored into their scores.', 'web': 'testing websites'} ```
bernie6401 commented 1 year ago

如果是API的問題,請把你寫的code貼上來,我們比較好掌握問題出在哪裡

zhuweilun commented 1 year ago
問題主要是在document中是說應該要return a list of category names of TBots,但最後return的結果是dict,以下附code ``` from __future__ import print_function # (at top of module) # ------------------------------------------------------------------------------- # fuzzer: a cross-platform and cross-app fuzzer based on Test-Dragon intelligent API # # Goal: Improving the oracle and fuzzer methods for bombarding the forms and urls with mal-formed input. # 1. The oracle function is initially for detecting 404 and 503 web errors. # The students need improve the oracle method. # 2. The fuzzer function is in three methods: fuzzForm, fuzzGets, fuzzUrls. # The students may improve these or develop other techniques for fuzz testing. # # Author: Farn Wang # # Created: 5/10/2023 # Copyright: (c) Farn Wang # Licence: # ------------------------------------------------------------------------------- import time import cv2 import random import sys import os.path import os import sys import copy import numpy as np ''' from skimage.measure import compare_ssim import pytesseract from pytesseract import Output import threading ''' if sys.version_info[0] < 3: # Python 2 and 3: # to execute the file, type in the following command in powershell: # % python CnTaaDPackage.py build_ext --inplace import future # pip install future import builtins # pip install future import past # pip install future import six # pip install six import json addIssueReportExpDict2 = { "recordType": 'verdict', "verdict": "failure!", "component": "network, web server, browser, url", "subject": "web server operational error {0}", "summary": "web browser {0} on {1}", "environment": ['windows'], "contents": ["Page not found!"], "features": ['404', 'page not found'], "diagnosis": "url not processed, could be a user authentication issue", "suggestions": "It is better to direct {0} page to the main page with an alert!", "severity": "low", "priority": 1 } # The students are expected to implement and improve oracle, fuzzForm, fuzzGets, fuzzUrls. class fuzzer: def __init__(self, curAPI, *args): self.API = curAPI self.countStep = 0 # After you click to execute fuzzer TBot, Test-Dragon will call this method after analyzing # each screen DOM. # The method is expected to return a test action suggestion, usually as an action index (with test data), # or as a special string for test command. def getTestInput(self): print('-------------------------------------------------------') getAllTBotCategories = self.API.TBotMan.getAllTBotCategories() print(f'{getAllTBotCategories}') print(type(getAllTBotCategories)) print('-------------------------------------------------------') return "exitAlgorithm", "enough!" def main(): pass if __name__ == '__main__': main() ```
farnking commented 1 year ago

改好了

bernie6401 commented 1 year ago

如果目前沒問題,我就先結案喔