evilchili/grooveondemand
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding fuzz testing of auth

Browse Source
This commit is contained in:
evilchili 2022-11-19 16:58:58 -08:00
parent 27b97f2bc4
commit 475ff78a1e
4 changed files with 27 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -127,3 +127,7 @@ dmypy.json
# Pyre type checker
.pyre/
# poetry local lock
poetry.lock

234
poetry.lock generated
View File

@ -1,234 +0,0 @@
[[package]]
name = "attrs"
version = "22.1.0"
description = "Classes Without Boilerplate"
category = "main"
optional = false
python-versions = ">=3.5"
[package.extras]
dev = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "mypy (>=0.900,!=0.940)", "pytest-mypy-plugins", "zope.interface", "furo", "sphinx", "sphinx-notfound-page", "pre-commit", "cloudpickle"]
docs = ["furo", "sphinx", "zope.interface", "sphinx-notfound-page"]
tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "mypy (>=0.900,!=0.940)", "pytest-mypy-plugins", "zope.interface", "cloudpickle"]
tests_no_zope = ["coverage[toml] (>=5.0.2)", "hypothesis", "pympler", "pytest (>=4.3.0)", "mypy (>=0.900,!=0.940)", "pytest-mypy-plugins", "cloudpickle"]
[[package]]
name = "boddle"
version = "0.2.9"
description = "A unit testing tool for Python's bottle library."
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
bottle = "*"
[[package]]
name = "bottle"
version = "0.12.23"
description = "Fast and simple WSGI-framework for small web-applications."
category = "main"
optional = false
python-versions = "*"
[[package]]
name = "click"
version = "8.1.3"
description = "Composable command line interface toolkit"
category = "main"
optional = false
python-versions = ">=3.7"
[package.dependencies]
colorama = {version = "*", markers = "platform_system == \"Windows\""}
[[package]]
name = "colorama"
version = "0.4.6"
description = "Cross-platform colored terminal text."
category = "main"
optional = false
python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
[[package]]
name = "exceptiongroup"
version = "1.0.4"
description = "Backport of PEP 654 (exception groups)"
category = "main"
optional = false
python-versions = ">=3.7"
[package.extras]
test = ["pytest (>=6)"]
[[package]]
name = "iniconfig"
version = "1.1.1"
description = "iniconfig: brain-dead simple config-ini parsing"
category = "main"
optional = false
python-versions = "*"
[[package]]
name = "packaging"
version = "21.3"
description = "Core utilities for Python packages"
category = "main"
optional = false
python-versions = ">=3.6"
[package.dependencies]
pyparsing = ">=2.0.2,<3.0.5 || >3.0.5"
[[package]]
name = "paste"
version = "3.5.2"
description = "Tools for using a Web Server Gateway Interface stack"
category = "main"
optional = false
python-versions = "*"
[package.dependencies]
six = ">=1.4.0"
[package.extras]
flup = ["flup"]
openid = ["python-openid"]
[[package]]
name = "pluggy"
version = "1.0.0"
description = "plugin and hook calling mechanisms for python"
category = "main"
optional = false
python-versions = ">=3.6"
[package.extras]
testing = ["pytest-benchmark", "pytest"]
dev = ["tox", "pre-commit"]
[[package]]
name = "pyparsing"
version = "3.0.9"
description = "pyparsing module - Classes and methods to define and execute parsing grammars"
category = "main"
optional = false
python-versions = ">=3.6.8"
[package.extras]
diagrams = ["railroad-diagrams", "jinja2"]
[[package]]
name = "pytest"
version = "7.2.0"
description = "pytest: simple powerful testing with Python"
category = "main"
optional = false
python-versions = ">=3.7"
[package.dependencies]
attrs = ">=19.2.0"
colorama = {version = "*", markers = "sys_platform == \"win32\""}
exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""}
iniconfig = "*"
packaging = "*"
pluggy = ">=0.12,<2.0"
tomli = {version = ">=1.0.0", markers = "python_version < \"3.11\""}
[package.extras]
testing = ["argcomplete", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "xmlschema"]
[[package]]
name = "pytest-asyncio"
version = "0.20.2"
description = "Pytest support for asyncio"
category = "dev"
optional = false
python-versions = ">=3.7"
[package.dependencies]
pytest = ">=6.1.0"
[package.extras]
testing = ["coverage (>=6.2)", "hypothesis (>=5.7.1)", "flaky (>=3.5.0)", "mypy (>=0.931)", "pytest-trio (>=0.7.0)"]
[[package]]
name = "pytest-dotenv"
version = "0.5.2"
description = "A py.test plugin that parses environment files before running tests"
category = "main"
optional = false
python-versions = "*"
[package.dependencies]
pytest = ">=5.0.0"
python-dotenv = ">=0.9.1"
[[package]]
name = "python-dotenv"
version = "0.21.0"
description = "Read key-value pairs from a .env file and set them as environment variables"
category = "main"
optional = false
python-versions = ">=3.7"
[package.extras]
cli = ["click (>=5.0)"]
[[package]]
name = "six"
version = "1.16.0"
description = "Python 2 and 3 compatibility utilities"
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
[[package]]
name = "tomli"
version = "2.0.1"
description = "A lil' TOML parser"
category = "main"
optional = false
python-versions = ">=3.7"
[[package]]
name = "typer"
version = "0.7.0"
description = "Typer, build great CLIs. Easy to code. Based on Python type hints."
category = "main"
optional = false
python-versions = ">=3.6"
[package.dependencies]
click = ">=7.1.1,<9.0.0"
[package.extras]
all = ["colorama (>=0.4.3,<0.5.0)", "shellingham (>=1.3.0,<2.0.0)", "rich (>=10.11.0,<13.0.0)"]
dev = ["autoflake (>=1.3.1,<2.0.0)", "flake8 (>=3.8.3,<4.0.0)", "pre-commit (>=2.17.0,<3.0.0)"]
doc = ["mkdocs (>=1.1.2,<2.0.0)", "mkdocs-material (>=8.1.4,<9.0.0)", "mdx-include (>=1.4.1,<2.0.0)", "pillow (>=9.3.0,<10.0.0)", "cairosvg (>=2.5.2,<3.0.0)"]
test = ["shellingham (>=1.3.0,<2.0.0)", "pytest (>=4.4.0,<8.0.0)", "pytest-cov (>=2.10.0,<5.0.0)", "coverage (>=6.2,<7.0)", "pytest-xdist (>=1.32.0,<4.0.0)", "pytest-sugar (>=0.9.4,<0.10.0)", "mypy (==0.910)", "black (>=22.3.0,<23.0.0)", "isort (>=5.0.6,<6.0.0)", "rich (>=10.11.0,<13.0.0)"]
[metadata]
lock-version = "1.1"
python-versions = "^3.10"
content-hash = "88c9ad77d7dc2477ea033e38852a188c7b6cfdf2b75a28f6e2553ae6652c9e9e"
[metadata.files]
attrs = []
boddle = []
bottle = []
click = []
colorama = []
exceptiongroup = []
iniconfig = []
packaging = []
paste = []
pluggy = []
pyparsing = []
pytest = []
pytest-asyncio = []
pytest-dotenv = []
python-dotenv = []
six = []
tomli = []
typer = []

1
pyproject.toml
View File

@ -20,6 +20,7 @@ pytest = "^7.2.0"
pytest-asyncio = "^0.20.2"
pytest-dotenv = "^0.5.2"
boddle = "^0.2.9"
atheris = "^2.1.1"
[build-system]
requires = ["poetry-core>=1.0.0"]

26
test/test_ondemand.py
View File

@ -1,13 +1,31 @@
from boddle import boddle
from groove import ondemand
import os
import sys
import atheris
from boddle import boddle
from groove import ondemand
def test_ondemand_server():
def test_server():
with boddle():
assert ondemand.index() == 'Groovy.'
def test_ondemand_auth():
def test_auth_with_valid_credentials():
with boddle(auth=(os.environ.get('USERNAME'), os.environ.get('PASSWORD'))):
assert ondemand.admin() == 'Authenticated. Groovy.'
def test_auth_random_input():
def auth(fuzzed_input):
with boddle(auth=(fuzzed_input, fuzzed_input)):
result = ondemand.admin()
assert result.body == 'Access denied'
atheris.Setup([sys.argv[0], "-atheris_runs=100000"], auth)
try:
atheris.Fuzz()
except SystemExit:
pass