From 311198f7e76a4a70b2f152528daafe99eddb67a1 Mon Sep 17 00:00:00 2001 From: Ice3man Date: Wed, 13 Nov 2024 18:58:52 +0530 Subject: [PATCH] misc changes to implementation --- pkg/fuzz/analyzers/time/analyzer.go | 36 ++++------------------------- pkg/protocols/http/build_request.go | 3 +-- pkg/protocols/http/operators.go | 6 ++++- pkg/protocols/http/request.go | 2 +- 4 files changed, 12 insertions(+), 35 deletions(-) diff --git a/pkg/fuzz/analyzers/time/analyzer.go b/pkg/fuzz/analyzers/time/analyzer.go index 41f229bfa9..f61a3f9d6f 100644 --- a/pkg/fuzz/analyzers/time/analyzer.go +++ b/pkg/fuzz/analyzers/time/analyzer.go @@ -22,7 +22,6 @@ const ( DefaultRequestsLimit = int(4) DefaultTimeCorrelationErrorRange = float64(0.15) DefaultTimeSlopeErrorRange = float64(0.30) - DefaultTimeUnit = "seconds" defaultSleepTimeDuration = 5 * time.Second ) @@ -56,10 +55,6 @@ func (a *Analyzer) ApplyInitialTransformation(data string, params map[string]int gologger.Warning().Msgf("Invalid sleep_duration parameter type, using default value: %d", duration) } } - // Default unit is second. If we get passed milliseconds, multiply - if unit, ok := params["time_unit"]; ok { - duration = a.handleCustomTimeUnit(unit.(string), duration) - } } data = strings.ReplaceAll(data, "[SLEEPTIME]", strconv.Itoa(duration)) data = analyzers.ApplyPayloadTransformations(data) @@ -72,29 +67,18 @@ func (a *Analyzer) ApplyInitialTransformation(data string, params map[string]int return data } -func (a *Analyzer) handleCustomTimeUnit(unit string, duration int) int { - switch unit { - case "milliseconds": - return duration * 1000 - } - return duration -} - -func (a *Analyzer) parseAnalyzerParameters(params map[string]interface{}) (int, int, float64, float64, string, error) { +func (a *Analyzer) parseAnalyzerParameters(params map[string]interface{}) (int, int, float64, float64, error) { requestsLimit := DefaultRequestsLimit sleepDuration := DefaultSleepDuration timeCorrelationErrorRange := DefaultTimeCorrelationErrorRange timeSlopeErrorRange := DefaultTimeSlopeErrorRange - timeUnit := DefaultTimeUnit if len(params) == 0 { - return requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, timeUnit, nil + return requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, nil } var ok bool for k, v := range params { switch k { - case "time_unit": - timeUnit, ok = v.(string) case "sleep_duration": sleepDuration, ok = v.(int) case "requests_limit": @@ -105,10 +89,10 @@ func (a *Analyzer) parseAnalyzerParameters(params map[string]interface{}) (int, timeSlopeErrorRange, ok = v.(float64) } if !ok { - return 0, 0, 0, 0, "", errors.Errorf("invalid parameter type for %s", k) + return 0, 0, 0, 0, errors.Errorf("invalid parameter type for %s", k) } } - return requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, timeUnit, nil + return requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, nil } // Analyze is the main function for the analyzer @@ -118,23 +102,13 @@ func (a *Analyzer) Analyze(options *analyzers.Options) (bool, string, error) { } // Parse parameters for this analyzer if any or use default values - requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, customUnit, err := + requestsLimit, sleepDuration, timeCorrelationErrorRange, timeSlopeErrorRange, err := a.parseAnalyzerParameters(options.AnalyzerParameters) if err != nil { return false, "", err } - // If custom unit is passed, handle it - if customUnit != DefaultTimeUnit { - sleepDuration = a.handleCustomTimeUnit(customUnit, sleepDuration) - } - reqSender := func(delay int) (float64, error) { - // If custom unit is passed, handle it - if customUnit != DefaultTimeUnit { - delay = a.handleCustomTimeUnit(customUnit, delay) - } - gr := options.FuzzGenerated replaced := strings.ReplaceAll(gr.OriginalPayload, "[SLEEPTIME]", strconv.Itoa(delay)) replaced = a.ApplyInitialTransformation(replaced, options.AnalyzerParameters) diff --git a/pkg/protocols/http/build_request.go b/pkg/protocols/http/build_request.go index eef77ae391..48caf20a3c 100644 --- a/pkg/protocols/http/build_request.go +++ b/pkg/protocols/http/build_request.go @@ -57,8 +57,7 @@ type generatedRequest struct { // ex: {{BaseURL}}/api/exp?param={{randstr}} requestURLPattern string - fuzzGeneratedRequest fuzz.GeneratedRequest - analyzerPreReqResponse map[string]interface{} + fuzzGeneratedRequest fuzz.GeneratedRequest } // setReqURLPattern sets the url request pattern for the generated request diff --git a/pkg/protocols/http/operators.go b/pkg/protocols/http/operators.go index 2acd4db310..f9da8043bb 100644 --- a/pkg/protocols/http/operators.go +++ b/pkg/protocols/http/operators.go @@ -170,6 +170,10 @@ func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent if value, ok := wrapped.InternalEvent["global-matchers"]; ok { isGlobalMatchers = value.(bool) } + var analyzerDetails string + if value, ok := wrapped.InternalEvent["analyzer_details"]; ok { + analyzerDetails = value.(string) + } data := &output.ResultEvent{ TemplateID: types.ToString(wrapped.InternalEvent["template-id"]), TemplatePath: types.ToString(wrapped.InternalEvent["template-path"]), @@ -193,7 +197,7 @@ func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent CURLCommand: types.ToString(wrapped.InternalEvent["curl-command"]), TemplateEncoded: request.options.EncodeTemplate(), Error: types.ToString(wrapped.InternalEvent["error"]), - AnalyzerDetails: types.ToString(wrapped.InternalEvent["analyzer_details"]), + AnalyzerDetails: analyzerDetails, } return data } diff --git a/pkg/protocols/http/request.go b/pkg/protocols/http/request.go index 96e4f1d2bd..4ce9e57f55 100644 --- a/pkg/protocols/http/request.go +++ b/pkg/protocols/http/request.go @@ -944,7 +944,7 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ } if analysisMatched { finalEvent["analyzer_details"] = analysisDetails - finalEvent["analyzer_matched"] = true + finalEvent["analyzer"] = true } }