fuzzy-testing
Version:
Javascript fuzz testing tools
955 lines (907 loc) • 38.3 kB
JavaScript
;
Object.defineProperty(exports, '__esModule', { value: true });
var assert = require('assert');
var PropTypes = require('prop-types');
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
var assert__default = /*#__PURE__*/_interopDefaultLegacy(assert);
var PropTypes__default = /*#__PURE__*/_interopDefaultLegacy(PropTypes);
/**
*
* Given two arrays a and b, where a is a 2d array,
* return a 2d array with all possible combinations of the two arrays.
*
* @param a
* @param b
* @returns []
*/
function combineToArray(a, b) {
// ensure that arrays were given
assert__default['default'](Array.isArray(a), 'a is not an array.');
assert__default['default'](Array.isArray(b), 'b is not an array.');
a.map((item) => assert__default['default'](Array.isArray(item), 'item in a is not an array.'));
const superSet = [];
a.forEach((aElem) => {
b.forEach((bElem) => {
superSet.push(aElem.concat([bElem]));
});
});
return superSet;
}
/**
*
* Combines one array multiple times
*
* @param a
* @param end
* @returns []
*/
function combineMultiple(a, end) {
// ensure that valid values were given
assert__default['default'](Array.isArray(a), 'a is not an array.');
assert__default['default'](typeof end === 'number', 'end is not an number.');
let collector = [[]];
for (let i = 0; i < end; i += 1) {
collector = combineToArray(collector, a);
}
return collector;
}
/**
*
* Combines one array multiple times, and saves combinations of all lengths
*
* @param a
* @param end
* @param start
* @returns []
*/
function combineMultipleLengths(a, end, start) {
// ensure that valid values were given
start = start || 0;
assert__default['default'](Array.isArray(a), 'a is not an array.');
assert__default['default'](typeof end === 'number', 'end is not an number.');
assert__default['default'](typeof start === 'number' || !(start), 'start is not an number.');
assert__default['default'](end >= start, 'start is greater than end.');
let collector = [[[]]];
if (start > 0) {
collector = [combineMultiple(a, start)];
}
let flattenedCollector = [];
for (let i = 0; i < end - start; i += 1) {
collector[i + 1] = combineToArray(collector[i], a);
}
for (let i = 0; i < collector.length; i += 1) {
flattenedCollector = flattenedCollector.concat(collector[i]);
}
return flattenedCollector;
}
/**
*
* objectMap applies function func to all items in the object
*
* @param object
* @param func
* @returns {{}}
*/
function objectMap(object, func) {
assert__default['default'](typeof object === 'object', 'typeof object is not an object.');
assert__default['default'](typeof func === 'function', 'typeof func is not an function.');
const objRet = {};
const keys = Object.keys(object);
for (let i = 0; i < keys.length; i += 1) {
if (object[keys[i]]
&& typeof object[keys[i]] === 'object'
&& !Array.isArray(object[keys[i]])) {
objRet[keys[i]] = objectMap(object[keys[i]], func);
} else {
objRet[keys[i]] = func(object[keys[i]]);
}
}
return objRet;
}
/* eslint-disable */
var badStrings = [
'',
'undefined',
'undef',
'null',
'NULL',
'(null)',
'nil',
'NIL',
'true',
'false',
'True',
'False',
'TRUE',
'FALSE',
'None',
'hasOwnProperty',
'\\',
'\\\\',
'0',
'1',
'1.00',
'$1.00',
'1/2',
'1E2',
'1E02',
'1E+02',
'-1',
'-1.00',
'-$1.00',
'-1/2',
'-1E2',
'-1E02',
'-1E+02',
'1/0',
'0/0',
'-2147483648/-1',
'-9223372036854775808/-1',
'-0',
'-0.0',
'+0',
'+0.0',
'0.00',
'0..0',
'.',
'0.0.0',
'0,00',
'0,,0',
',',
'0,0,0',
'0.0/0',
'1.0/0.0',
'0.0/0.0',
'1,0/0,0',
'0,0/0,0',
'--1',
'-',
'-.',
'-,',
'999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999',
'NaN',
'Infinity',
'-Infinity',
'INF',
'1#INF',
'-1#IND',
'1#QNAN',
'1#SNAN',
'1#IND',
'0x0',
'0xffffffff',
'0xffffffffffffffff',
'0xabad1dea',
'123456789012345678901234567890123456789',
'1,000.00',
'1 000.00',
"1'000.00",
'1,000,000.00',
'1 000 000.00',
"1'000'000.00",
'1.000,00',
'1 000,00',
"1'000,00",
'1.000.000,00',
'1 000 000,00',
"1'000'000,00",
'01000',
'08',
'09',
'2.2250738585072011e-308',
",./;'[]\\-=",
'<>?:"{}|_+',
'!@#$%^&*()`~',
'\u0001\u0002\u0003\u0004\u0005\u0006\u0007\b\u000e\u000f\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001a\u001b\u001c\u001d\u001e\u001f',
'',
'\t\u000b\f
',
'',
'',
'',
'Ω≈ç√∫˜µ≤≥÷',
'åß∂ƒ©˙∆˚¬…æ',
'œ∑´®†¥¨ˆøπ“‘',
'¡™£¢∞§¶•ªº–≠',
'¸˛Ç◊ı˜Â¯˘¿',
'ÅÍÎÏ˝ÓÔÒÚÆ☃',
'Œ„´‰ˇÁ¨ˆØ∏”’',
'`⁄€‹›fifl‡°·‚—±',
'⅛⅜⅝⅞',
'ЁЂЃЄЅІЇЈЉЊЋЌЍЎЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя',
'٠١٢٣٤٥٦٧٨٩',
'⁰⁴⁵',
'₀₁₂',
'⁰⁴⁵₀₁₂',
'ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็',
"'",
'"',
"''",
'""',
"'\"'",
"\"''''\"'\"",
"\"'\"'\"''''\"",
'<foo val=“bar” />',
'<foo val=“bar” />',
'<foo val=”bar“ />',
"<foo val=`bar' />",
'田中さんにあげて下さい',
'パーティーへ行かないか',
'和製漢語',
'部落格',
'사회과학원 어학연구소',
'찦차를 타고 온 펲시맨과 쑛다리 똠방각하',
'社會科學院語學研究所',
'울란바토르',
'𠜎𠜱𠝹𠱓𠱸𠲖𠳏',
'ヽ༼ຈل͜ຈ༽ノ ヽ༼ຈل͜ຈ༽ノ',
'(。◕ ∀ ◕。)',
'`ィ(´∀`∩',
'__ロ(,_,*)',
'・( ̄∀ ̄)・:*:',
'゚・✿ヾ╲(。◕‿◕。)╱✿・゚',
',。・:*:・゜’( ☻ ω ☻ )。・:*:・゜’',
'(╯°□°)╯︵ ┻━┻)',
'(ノಥ益ಥ)ノ ┻━┻',
'┬─┬ノ( º _ ºノ)',
'( ͡° ͜ʖ ͡°)',
'😍',
'👩🏽',
'👾 🙇 💁 🙅 🙆 🙋 🙎 🙍',
'🐵 🙈 🙉 🙊',
'❤️ 💔 💌 💕 💞 💓 💗 💖 💘 💝 💟 💜 💛 💚 💙',
'✋🏿 💪🏿 👐🏿 🙌🏿 👏🏿 🙏🏿',
'🚾 🆒 🆓 🆕 🆖 🆗 🆙 🏧',
'0️⃣ 1️⃣ 2️⃣ 3️⃣ 4️⃣ 5️⃣ 6️⃣ 7️⃣ 8️⃣ 9️⃣ 🔟',
'🇺🇸🇷🇺🇸 🇦🇫🇦🇲🇸',
'🇺🇸🇷🇺🇸🇦🇫🇦🇲',
'🇺🇸🇷🇺🇸🇦',
'123',
'١٢٣',
'ثم نفس سقطت وبالتحديد،, جزيرتي باستخدام أن دنو. إذ هنا؟ الستار وتنصيب كان. أهّل ايطاليا، بريطانيا-فرنسا قد أخذ. سليمان، إتفاقية بين ما, يذكر الحدود أي بعد, معاملة بولندا، الإطلاق عل إيو.',
'בְּרֵאשִׁית, בָּרָא אֱלֹהִים, אֵת הַשָּׁמַיִם, וְאֵת הָאָרֶץ',
'הָיְתָהtestالصفحات التّحول',
'﷽',
'ﷺ',
'مُنَاقَشَةُ سُبُلِ اِسْتِخْدَامِ اللُّغَةِ فِي النُّظُمِ الْقَائِمَةِ وَفِيم يَخُصَّ التَّطْبِيقَاتُ الْحاسُوبِيَّةُ، ',
'test',
'test',
'test',
'testtest',
'test',
'Ṱ̺̺̕o͞ ̷i̲̬͇̪͙n̝̗͕v̟̜̘̦͟o̶̙̰̠kè͚̮̺̪̹̱̤ ̖t̝͕̳̣̻̪͞h̼͓̲̦̳̘̲e͇̣̰̦̬͎ ̢̼̻̱̘h͚͎͙̜̣̲ͅi̦̲̣̰̤v̻͍e̺̭̳̪̰-m̢iͅn̖̺̞̲̯̰d̵̼̟͙̩̼̘̳ ̞̥̱̳̭r̛̗̘e͙p͠r̼̞̻̭̗e̺̠̣͟s̘͇̳͍̝͉e͉̥̯̞̲͚̬͜ǹ̬͎͎̟̖͇̤t͍̬̤͓̼̭͘ͅi̪̱n͠g̴͉ ͏͉ͅc̬̟h͡a̫̻̯͘o̫̟̖͍̙̝͉s̗̦̲.̨̹͈̣',
'̡͓̞ͅI̗̘̦͝n͇͇͙v̮̫ok̲̫̙͈i̖͙̭̹̠̞n̡̻̮̣̺g̲͈͙̭͙̬͎ ̰t͔̦h̞̲e̢̤ ͍̬̲͖f̴̘͕̣è͖ẹ̥̩l͖͔͚i͓͚̦͠n͖͍̗͓̳̮g͍ ̨o͚̪͡f̘̣̬ ̖̘͖̟͙̮c҉͔̫͖͓͇͖ͅh̵̤̣͚͔á̗̼͕ͅo̼̣̥s̱͈̺̖̦̻͢.̛̖̞̠̫̰',
'̗̺͖̹̯͓Ṯ̤͍̥͇͈h̲́e͏͓̼̗̙̼̣͔ ͇̜̱̠͓͍ͅN͕͠e̗̱z̘̝̜̺͙p̤̺̹͍̯͚e̠̻̠͜r̨̤͍̺̖͔̖̖d̠̟̭̬̝͟i̦͖̩͓͔̤a̠̗̬͉̙n͚͜ ̻̞̰͚ͅh̵͉i̳̞v̢͇ḙ͎͟-҉̭̩̼͔m̤̭̫i͕͇̝̦n̗͙ḍ̟ ̯̲͕͞ǫ̟̯̰̲͙̻̝f ̪̰̰̗̖̭̘͘c̦͍̲̞͍̩̙ḥ͚a̮͎̟̙͜ơ̩̹͎s̤.̝̝ ҉Z̡̖̜͖̰̣͉̜a͖̰͙̬͡l̲̫̳͍̩g̡̟̼̱͚̞̬ͅo̗͜.̟',
'̦H̬̤̗̤͝e͜ ̜̥̝̻͍̟́w̕h̖̯͓o̝͙̖͎̱̮ ҉̺̙̞̟͈W̷̼̭a̺̪͍į͈͕̭͙̯̜t̶̼̮s̘͙͖̕ ̠̫̠B̻͍͙͉̳ͅe̵h̵̬͇̫͙i̹͓̳̳̮͎̫̕n͟d̴̪̜̖ ̰͉̩͇͙̲͞ͅT͖̼͓̪͢h͏͓̮̻e̬̝̟ͅ ̤̹̝W͙̞̝͔͇͝ͅa͏͓͔̹̼̣l̴͔̰̤̟͔ḽ̫.͕',
'Z̮̞̠͙͔ͅḀ̗̞͈̻̗Ḷ͙͎̯̹̞͓G̻O̭̗̮',
"˙ɐnbᴉlɐ ɐuƃɐɯ ǝɹolop ʇǝ ǝɹoqɐl ʇn ʇunpᴉpᴉɔuᴉ ɹodɯǝʇ poɯsnᴉǝ op pǝs 'ʇᴉlǝ ƃuᴉɔsᴉdᴉpɐ ɹnʇǝʇɔǝsuoɔ 'ʇǝɯɐ ʇᴉs ɹolop ɯnsdᴉ ɯǝɹo˥",
'00˙Ɩ$-',
'The quick brown fox jumps over the lazy dog',
'𝐓𝐡𝐞 𝐪𝐮𝐢𝐜𝐤 𝐛𝐫𝐨𝐰𝐧 𝐟𝐨𝐱 𝐣𝐮𝐦𝐩𝐬 𝐨𝐯𝐞𝐫 𝐭𝐡𝐞 𝐥𝐚𝐳𝐲 𝐝𝐨𝐠',
'𝕿𝖍𝖊 𝖖𝖚𝖎𝖈𝖐 𝖇𝖗𝖔𝖜𝖓 𝖋𝖔𝖝 𝖏𝖚𝖒𝖕𝖘 𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 𝖑𝖆𝖟𝖞 𝖉𝖔𝖌',
'𝑻𝒉𝒆 𝒒𝒖𝒊𝒄𝒌 𝒃𝒓𝒐𝒘𝒏 𝒇𝒐𝒙 𝒋𝒖𝒎𝒑𝒔 𝒐𝒗𝒆𝒓 𝒕𝒉𝒆 𝒍𝒂𝒛𝒚 𝒅𝒐𝒈',
'𝓣𝓱𝓮 𝓺𝓾𝓲𝓬𝓴 𝓫𝓻𝓸𝔀𝓷 𝓯𝓸𝔁 𝓳𝓾𝓶𝓹𝓼 𝓸𝓿𝓮𝓻 𝓽𝓱𝓮 𝓵𝓪𝔃𝔂 𝓭𝓸𝓰',
'𝕋𝕙𝕖 𝕢𝕦𝕚𝕔𝕜 𝕓𝕣𝕠𝕨𝕟 𝕗𝕠𝕩 𝕛𝕦𝕞𝕡𝕤 𝕠𝕧𝕖𝕣 𝕥𝕙𝕖 𝕝𝕒𝕫𝕪 𝕕𝕠𝕘',
'𝚃𝚑𝚎 𝚚𝚞𝚒𝚌𝚔 𝚋𝚛𝚘𝚠𝚗 𝚏𝚘𝚡 𝚓𝚞𝚖𝚙𝚜 𝚘𝚟𝚎𝚛 𝚝𝚑𝚎 𝚕𝚊𝚣𝚢 𝚍𝚘𝚐',
'⒯⒣⒠ ⒬⒰⒤⒞⒦ ⒝⒭⒪⒲⒩ ⒡⒪⒳ ⒥⒰⒨⒫⒮ ⒪⒱⒠⒭ ⒯⒣⒠ ⒧⒜⒵⒴ ⒟⒪⒢',
'<script>alert(123)</script>',
'<script>alert('123');</script>',
'<img src=x onerror=alert(123) />',
'<svg><script>123<1>alert(123)</script>',
'"><script>alert(123)</script>',
"'><script>alert(123)</script>",
'><script>alert(123)</script>',
'</script><script>alert(123)</script>',
'< / script >< script >alert(123)< / script >',
' onfocus=JaVaSCript:alert(123) autofocus',
'" onfocus=JaVaSCript:alert(123) autofocus',
"' onfocus=JaVaSCript:alert(123) autofocus",
'<script>alert(123)</script>',
'<sc<script>ript>alert(123)</sc</script>ript>',
'--><script>alert(123)</script>',
'";alert(123);t="',
"';alert(123);t='",
'JavaSCript:alert(123)',
';alert(123);',
'src=JaVaSCript:prompt(132)',
'"><script>alert(123);</script x="',
"'><script>alert(123);</script x='",
'><script>alert(123);</script x=',
'" autofocus onkeyup="javascript:alert(123)',
"' autofocus onkeyup='javascript:alert(123)",
'<script\\x20type="text/javascript">javascript:alert(1);</script>',
'<script\\x3Etype="text/javascript">javascript:alert(1);</script>',
'<script\\x0Dtype="text/javascript">javascript:alert(1);</script>',
'<script\\x09type="text/javascript">javascript:alert(1);</script>',
'<script\\x0Ctype="text/javascript">javascript:alert(1);</script>',
'<script\\x2Ftype="text/javascript">javascript:alert(1);</script>',
'<script\\x0Atype="text/javascript">javascript:alert(1);</script>',
"'`\"><\\x3Cscript>javascript:alert(1)</script>",
"'`\"><\\x00script>javascript:alert(1)</script>",
'ABC<div style="x\\x3Aexpression(javascript:alert(1)">DEF',
'ABC<div style="x:expression\\x5C(javascript:alert(1)">DEF',
'ABC<div style="x:expression\\x00(javascript:alert(1)">DEF',
'ABC<div style="x:exp\\x00ression(javascript:alert(1)">DEF',
'ABC<div style="x:exp\\x5Cression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x0Aexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x09expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE3\\x80\\x80expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x84expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xC2\\xA0expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x80expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x0Dexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x0Cexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x87expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x20expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x88expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x00expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x86expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x85expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x82expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\x0Bexpression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x81expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x83expression(javascript:alert(1)">DEF',
'ABC<div style="x:\\xE2\\x80\\x89expression(javascript:alert(1)">DEF',
'<a href="\\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xC2\\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE1\\x9A\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE3\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x80\\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\xE2\\x81\\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="\\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="javascript\\x00:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="javascript\\x3A:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="javascript\\x09:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="javascript\\x0D:javascript:alert(1)" id="fuzzelement1">test</a>',
'<a href="javascript\\x0A:javascript:alert(1)" id="fuzzelement1">test</a>',
"`\"'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x22onerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x0Donerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x09onerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x0Conerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x00onerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x27onerror=javascript:alert(1)>",
"`\"'><img src=xxx:x \\x20onerror=javascript:alert(1)>",
"\"`'><script>\\x3Bjavascript:alert(1)</script>",
"\"`'><script>\\x0Djavascript:alert(1)</script>",
"\"`'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x81javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x84javascript:alert(1)</script>",
"\"`'><script>\\xE3\\x80\\x80javascript:alert(1)</script>",
"\"`'><script>\\x09javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x89javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x85javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x88javascript:alert(1)</script>",
"\"`'><script>\\x00javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>",
"\"`'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>",
"\"`'><script>\\x0Cjavascript:alert(1)</script>",
"\"`'><script>\\x2Bjavascript:alert(1)</script>",
"\"`'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>",
"\"`'><script>-javascript:alert(1)</script>",
"\"`'><script>\\x0Ajavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>",
"\"`'><script>\\x7Ejavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x87javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>",
"\"`'><script>\\xC2\\x85javascript:alert(1)</script>",
"\"`'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x83javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>",
"\"`'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x80javascript:alert(1)</script>",
"\"`'><script>\\x21javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x82javascript:alert(1)</script>",
"\"`'><script>\\xE2\\x80\\x86javascript:alert(1)</script>",
"\"`'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>",
"\"`'><script>\\x0Bjavascript:alert(1)</script>",
"\"`'><script>\\x20javascript:alert(1)</script>",
"\"`'><script>\\xC2\\xA0javascript:alert(1)</script>",
'<img \\x00src=x onerror="alert(1)">',
'<img \\x47src=x onerror="javascript:alert(1)">',
'<img \\x11src=x onerror="javascript:alert(1)">',
'<img \\x12src=x onerror="javascript:alert(1)">',
'<img\\x47src=x onerror="javascript:alert(1)">',
'<img\\x10src=x onerror="javascript:alert(1)">',
'<img\\x13src=x onerror="javascript:alert(1)">',
'<img\\x32src=x onerror="javascript:alert(1)">',
'<img\\x47src=x onerror="javascript:alert(1)">',
'<img\\x11src=x onerror="javascript:alert(1)">',
'<img \\x47src=x onerror="javascript:alert(1)">',
'<img \\x34src=x onerror="javascript:alert(1)">',
'<img \\x39src=x onerror="javascript:alert(1)">',
'<img \\x00src=x onerror="javascript:alert(1)">',
'<img src\\x09=x onerror="javascript:alert(1)">',
'<img src\\x10=x onerror="javascript:alert(1)">',
'<img src\\x13=x onerror="javascript:alert(1)">',
'<img src\\x32=x onerror="javascript:alert(1)">',
'<img src\\x12=x onerror="javascript:alert(1)">',
'<img src\\x11=x onerror="javascript:alert(1)">',
'<img src\\x00=x onerror="javascript:alert(1)">',
'<img src\\x47=x onerror="javascript:alert(1)">',
'<img src=x\\x09onerror="javascript:alert(1)">',
'<img src=x\\x10onerror="javascript:alert(1)">',
'<img src=x\\x11onerror="javascript:alert(1)">',
'<img src=x\\x12onerror="javascript:alert(1)">',
'<img src=x\\x13onerror="javascript:alert(1)">',
'<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">',
'<img src=x onerror=\\x09"javascript:alert(1)">',
'<img src=x onerror=\\x10"javascript:alert(1)">',
'<img src=x onerror=\\x11"javascript:alert(1)">',
'<img src=x onerror=\\x12"javascript:alert(1)">',
'<img src=x onerror=\\x32"javascript:alert(1)">',
'<img src=x onerror=\\x00"javascript:alert(1)">',
'<a href=javascript:javascript:alert(1)>XXX</a>',
'<img src="x` `<script>javascript:alert(1)</script>"` `>',
"<img src onerror /\" '\"= alt=javascript:alert(1)//\">",
'<title onpropertychange=javascript:alert(1)></title><title title=>',
'<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">',
'<!--[if]><script>javascript:alert(1)</script -->',
'<!--[if<img src=x onerror=javascript:alert(1)//]> -->',
'<script src="/\\%(jscript)s"></script>',
'<script src="\\\\%(jscript)s"></script>',
'<IMG """><SCRIPT>alert("XSS")</SCRIPT>">',
'<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>',
"<IMG SRC=# onmouseover=\"alert('xxs')\">",
"<IMG SRC= onmouseover=\"alert('xxs')\">",
"<IMG onmouseover=\"alert('xxs')\">",
'<IMG SRC=javascript:alert('XSS')>',
'<IMG SRC=javascript:alert('XSS')>',
'<IMG SRC=javascript:alert('XSS')>',
"<IMG SRC=\"jav ascript:alert('XSS');\">",
"<IMG SRC=\"jav	ascript:alert('XSS');\">",
"<IMG SRC=\"jav
ascript:alert('XSS');\">",
"<IMG SRC=\"jav
ascript:alert('XSS');\">",
"perl -e 'print \"<IMG SRC=java\\0script:alert(\\\"XSS\\\")>\";' > out",
"<IMG SRC=\"  javascript:alert('XSS');\">",
'<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
'<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>',
'<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>',
'<<SCRIPT>alert("XSS");//<</SCRIPT>',
'<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >',
'<SCRIPT SRC=//ha.ckers.org/.j>',
"<IMG SRC=\"javascript:alert('XSS')\"",
'<iframe src=http://ha.ckers.org/scriptlet.html <',
"\\\";alert('XSS');//",
'<u oncopy=alert()> Copy me</u>',
'<i onwheel=alert(1)> Scroll over me </i>',
'<plaintext>',
'http://a/%%30%30',
'</textarea><script>alert(123)</script>',
'1;DROP TABLE users',
"1'; DROP TABLE users-- 1",
"' OR 1=1 -- 1",
"' OR '1'='1",
' ',
'%',
'_',
'-',
'--',
'--version',
'--help',
'$USER',
'/dev/null; touch /tmp/blns.fail ; echo',
'`touch /tmp/blns.fail`',
'$(touch /tmp/blns.fail)',
'@{[system "touch /tmp/blns.fail"]}',
"eval(\"puts 'hello world'\")",
'System("ls -al /")',
'`ls -al /`',
'Kernel.exec("ls -al /")',
'Kernel.exit(1)',
"%x('ls -al /')",
'<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>',
'$HOME',
"$ENV{'HOME'}",
'%d',
'%s',
'{0}',
'%*.*s',
'../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/hosts',
'() { 0; }; touch /tmp/blns.shellshock1.fail;',
'() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }',
"<<< %s(un='%s') = %u",
'+++ATH0',
'CON',
'PRN',
'AUX',
'CLOCK$',
'NUL',
'A:',
'ZZ:',
'COM1',
'LPT1',
'LPT2',
'LPT3',
'COM2',
'COM3',
'COM4',
'DCC SEND STARTKEYLOGGER 0 0 0',
'Scunthorpe General Hospital',
'Penistone Community Church',
'Lightwater Country Park',
'Jimmy Clitheroe',
'Horniman Museum',
'shitake mushrooms',
'RomansInSussex.co.uk',
'http://www.cum.qc.ca/',
'Craig Cockburn, Software Specialist',
'Linda Callahan',
'Dr. Herman I. Libshitz',
'magna cum laude',
'Super Bowl XXX',
'medieval erection of parapets',
'evaluate',
'mocha',
'expression',
'Arsenal canal',
'classic',
'Tyson Gay',
'Dick Van Dyke',
'basement',
"If you're reading this, you've been in a coma for almost 20 years now. We're trying a new technique. We don't know where this message will end up in your dream, but we hope it works. Please wake up, we miss you.",
'Roses are \u001b[0;31mred\u001b[0m, violets are \u001b[0;34mblue. Hope you enjoy terminal hue',
'But now...\u001b[20Cfor my greatest trick...\u001b[8m',
'The quic\b\b\b\b\b\bk brown fo\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007\u0007x... [Beeeep]',
'Powerلُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ冗',
];
// eslint-disable-next-line import/no-extraneous-dependencies
/**
* Types
*
* Random value generators for fuzzing.
*/
/* eslint-disable no-use-before-define */
// A map of types to functions that will generate random values of said type.
const typesMap = {
boolean: randomBool,
null: randomNull,
undefined: randomUndefined,
number: randomNumber,
int: randomInt,
string: randomString,
object: randomObject,
array: randomArray,
function: randomFunc,
};
const primitiveTypesMap = {
string: randomString,
boolean: randomBool,
number: randomNumber,
int: randomInt,
undefined: randomUndefined,
null: randomNull,
};
/* eslint-enable no-use-before-define */
/**
* Generates a random primitive value.
*
* @returns {*}
*/
function randomPrimitive() {
return Object.values(primitiveTypesMap)[Math.floor(Math.random()
* Object.values(primitiveTypesMap).length)]();
}
/**
* Pulls a random string from the provided list of bad strings.
*
* @returns {string}
*/
function randomString() {
return badStrings[Math.floor(Math.random() * badStrings.length)];
}
/**
* Generates a random object.
*
* @returns {{}}
*/
function randomObject() {
const obj = {};
for (let i = 0; i < Math.floor(Math.random() * 50); i += 1) {
obj[randomString()] = randomPrimitive();
}
return obj;
}
/**
* Generates a random array
*
* @returns {Array}
*/
function randomArray() {
return (new Array(Math.floor(Math.random() * 50))).map(() => randomPrimitive());
}
/**
* Generates a random boolean
*
* @returns {boolean}
*/
function randomBool() {
return Math.random() > 0.5;
}
/**
* Generates a random floating point number.
*
* @returns {number}
*/
function randomNumber() {
return (Math.random() * Number.MAX_VALUE);
}
/**
* Generates a random integer
*
* @returns {number}
*/
function randomInt() {
return Math.floor(Math.random() * Number.MAX_SAFE_INTEGER);
}
/**
* Generates undefined.
*
* @returns {undefined}
*/
function randomUndefined() {
return undefined;
}
/**
* Generates null.
*
* @returns {null}
*/
function randomNull() {
return null;
}
/**
* generates a random function that returns a random primitive.
*
* @returns {function(): *}
*/
function randomFunc() {
return () => randomPrimitive();
}
function propTypesMap(type) {
switch (type) {
case PropTypes__default['default'].string:
return typesMap.string;
case PropTypes__default['default'].number:
return typesMap.number;
case PropTypes__default['default'].shape:
return {};
default:
return typesMap.undefined;
}
}
/*
* _____ _ _ ____________ __
* | ___| | | |__ /__ /\ \ / /
* | |_ | | | | / / / / \ V /
* | _| | |_| |/ /_ / /_ | |
* |_| \___//____/____| |_|
*
* Functions for fuzz testing in Javascript.
*
* Author: Daniel Kao (dkao@diplateevo.com)
*
*/
/**
*
* fuzzFunction
*
* fuzzFunction takes a function and an object of options and fuzzes the function.
* It returns the results of the fuzz in an array.
*
* options:
* returnTypes: can be an array of types represented by strings, or a function that validates.
* returnFirstError: boolean that does short circuit evaluation if true.
* maxArgs: the maximum number of arguments to send to the function.
* minArgs: the minimum number of arguments to send to the function.
* argumentTypes: an array of argument types.
* argumentValues: an array of values that will be tested.
* iterations: the number of times that a function will be run per argument combination.
* canThrowError: whether or not the function can throw an error or not.
*
* @param func
* @param options
* @returns {Array}
*/
function fuzzFunction(func, options) {
// Process options
options = {
returnTypes: Object.keys(typesMap),
returnFirstError: true,
maxArgs: 5,
minArgs: 0,
argumentTypes: Object.keys(typesMap),
argumentValues: [],
iterations: 3,
canThrowError: false,
...options,
};
// validate options
assert__default['default'](typeof options.returnTypes === 'function' || Array.isArray(options.returnTypes),
'returnTypes is not a function or an array');
assert__default['default'].equal(typeof options.returnFirstError, 'boolean', 'returnFirstError is not a boolean');
assert__default['default'](Number.isInteger(options.maxArgs), 'maxArgs is not an integer');
assert__default['default'](Number.isInteger(options.minArgs), 'minArgs is not an integer');
assert__default['default'](Array.isArray(options.argumentTypes), 'argumentTypes is not an array');
assert__default['default'](Array.isArray(options.argumentValues), 'argumentValues is not an array');
assert__default['default'].equal(typeof options.iterations, 'number', 'Iterations is not a number');
assert__default['default'].equal(typeof options.canThrowError, 'boolean', 'canThrowError is not a boolean');
// Generates an array of all the functions to generate the argument types and values
// that we want to fuzz with. If argument type does not exist, filter it out.
const argsFunc = options.argumentTypes.filter((argType) => typeof typesMap[argType] === 'function')
.map((argType) => typesMap[argType])
.concat(options.argumentValues.map((value) => (() => value)));
// Generates all combinations of arguments
const randomArgs = combineMultipleLengths(argsFunc, options.maxArgs, options.minArgs);
// An array for keeping track of errors
const errors = [];
// Loop through all arguments, execute the functions to generate the values, and run the
// fuzzer on the function.
for (let index = 0; index < randomArgs.length; index += 1) {
// Run the fuzzer on the function multiple times.
for (let iteration = 0; iteration < options.iterations; iteration += 1) {
// Instantiate all the arguments.
const args = randomArgs[index].map((arg) => arg());
// Try the fuzzer, and compare the result to returnTypes.
try {
// If returnTypes is an array, look for the type inside the array.
if (Array.isArray(options.returnTypes)
&& options.returnTypes.indexOf(typeof func(...args)) < 0
) {
errors.push(`arguments ${args} did not return one of ${options.returnTypes}`);
if (options.returnFirstError) {
return errors;
}
}
// If returnTypes is a function, execute the validation function on the result.
if (
(typeof options.returnTypes === 'function' && !options.returnTypes(func(...args)))
) {
errors.push(`arguments ${args} did not satisfy ${options.returnTypes}`);
if (options.returnFirstError) {
return errors;
}
}
} catch (e) {
if (!options.canThrowError) {
errors.push(`arguments ${args} threw error ${e}`);
if (options.returnFirstError) {
return errors;
}
}
}
}
}
// Return the errors
return errors;
}
/**
*
* fuzzReactComponent
*
* fuzzReactComponent takes a function and an object of options and fuzzes the component.
* It returns the results of the fuzz in an array.
*
* options:
* returnTypes: can be an array of types represented by strings, or a function that validates.
* returnFirstError: boolean that does short circuit evaluation if true.
* argumentValues: an array of values that will be tested.
* iterations: the number of times that a function will be run per argument combination.
* canThrowError: whether or not the function can throw an error or not.
*
* @param Component
* @param options
* @returns {Array}
*/
function fuzzReactComponent(Component, options) {
// Ensure that component is a react component
assert__default['default']((Component.prototype && Component.prototype.isReactComponent)
|| typeof Component === 'function', 'Component is not a React Component');
// Process options
options = {
returnFirstError: true,
iterations: 3,
argumentValues: [],
canThrowError: false,
returnTypes: ['string'],
...options,
};
// Process props and generate values
// eslint-disable-next-line react/forbid-foreign-prop-types
if (!Component.propTypes) {
// Component has no props, no need to fuzz.
return [];
}
// eslint-disable-next-line react/forbid-foreign-prop-types
const randomProps = objectMap(Component.propTypes, propTypesMap);
// An array for keeping track of errors
const errors = [];
// Run the fuzzer on the function multiple times.
for (let iteration = 0; iteration < options.iterations; iteration += 1) {
const randomPropsInst = objectMap(randomProps, (prop) => prop());
// eslint-disable-next-line no-unused-vars
const comp = new Component(randomPropsInst);
try {
// If returnTypes is an array, look for the type inside the array.
if (Array.isArray(options.returnTypes)
&& options.returnTypes.indexOf(typeof comp.render()) < 0
) {
errors.push(`arguments ${randomPropsInst} did not return one of ${options.returnTypes}`);
if (options.returnFirstError) {
return errors;
}
}
// If returnTypes is a function, execute the validation function on the result.
if (
(typeof options.returnTypes === 'function' && !options.returnTypes(comp.render()))
) {
errors.push(`arguments ${randomPropsInst} did not satisfy ${options.returnTypes}`);
if (options.returnFirstError) {
return errors;
}
}
} catch (e) {
if (!options.canThrowError) {
errors.push(`arguments ${randomPropsInst} threw error ${e}`);
if (options.returnFirstError) {
return errors;
}
}
}
}
return [];
}
exports.fuzzFunction = fuzzFunction;
exports.fuzzReactComponent = fuzzReactComponent;