Coverage for /pythoncovmergedfiles/medio/medio/src/fuzz_flask_wtf.py: 51%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

43 statements  

1###### Coverage stub 

2import atexit 

3import coverage 

4cov = coverage.coverage(data_file='.coverage', cover_pylib=True) 

5cov.start() 

6# Register an exist handler that will print coverage 

7def exit_handler(): 

8 cov.stop() 

9 cov.save() 

10atexit.register(exit_handler) 

11####### End of coverage stub 

12#!/usr/bin/python3 

13# Copyright 2023 Google LLC 

14# 

15# Licensed under the Apache License, Version 2.0 (the "License"); 

16# you may not use this file except in compliance with the License. 

17# You may obtain a copy of the License at 

18# 

19# http://www.apache.org/licenses/LICENSE-2.0 

20# 

21# Unless required by applicable law or agreed to in writing, software 

22# distributed under the License is distributed on an "AS IS" BASIS, 

23# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

24# See the License for the specific language governing permissions and 

25# limitations under the License. 

26import sys 

27import atheris 

28 

29from flask import Flask 

30from flask_wtf.csrf import validate_csrf, generate_csrf 

31from flask_wtf.i18n import translations 

32from wtforms import ValidationError 

33 

34 

35def get_app(fdp): 

36 """Helper method to get a flask app.""" 

37 app = Flask(__name__) 

38 key1 = fdp.ConsumeUnicodeNoSurrogates(124) 

39 key2 = fdp.ConsumeUnicodeNoSurrogates(124) 

40 app.secret_key = key1 if key1 != "" else "random key" 

41 app.config["WTF_CSRF_SECRET_KEY"] = key2 if key2 != "" else "random key 2" 

42 return app 

43 

44 

45def fuzz_i18n(data): 

46 fdp = atheris.FuzzedDataProvider(data) 

47 translations.gettext(fdp.ConsumeUnicodeNoSurrogates(124)) 

48 translations.ngettext(fdp.ConsumeUnicodeNoSurrogates(124), 

49 fdp.ConsumeUnicodeNoSurrogates(124), 2) 

50 

51 

52def fuzz_csrf(data): 

53 fdp = atheris.FuzzedDataProvider(data) 

54 app = get_app(fdp) 

55 with app.test_request_context(): 

56 try: 

57 validate_csrf( 

58 generate_csrf(secret_key=fdp.ConsumeUnicodeNoSurrogates(fdp.ConsumeIntInRange(0, 1024)), 

59 token_key=fdp.ConsumeUnicodeNoSurrogates(fdp.ConsumeIntInRange(0, 1024)))) 

60 except ValidationError: 

61 pass 

62 

63 

64def TestOneInput(data): 

65 fuzz_i18n(data) 

66 fuzz_csrf(data) 

67 

68 

69def main(): 

70 atheris.instrument_all() 

71 atheris.Setup(sys.argv, TestOneInput) 

72 atheris.Fuzz() 

73 

74 

75if __name__ == "__main__": 

76 main()