Index¶
A - E¶
A¶
- A Probabilistic Analysis of the Efficiency of Automated Software Testing — Greybox Fuzzing (Background)
- a solution — Concolic Fuzzing (Solving Constraints)
A()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)A1_GRAMMAR
— Parsing Inputs (Excursion: Grammars and Derivation Trees), Parsing Inputs (Recursion), Parsing Inputs (Ambiguity), Parsing Inputs (Background), Parsing Inputs (Exercise 8: First Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)A2_GRAMMAR
— Parsing Inputs (Excursion: Grammars and Derivation Trees), Parsing Inputs (Background)A3_GRAMMAR
— Parsing Inputs (Ambiguous Parsing)- abstract AST grammar — Testing Compilers (A Grammar for ASTs), Testing Compilers (Excursion: Composites)
- Abstract Syntax Tree — Parsing Inputs (A Parser Class)
abs_max()
— Concolic Fuzzing (Example: Absolute Maximum), Symbolic Fuzzing (Get Names and Types of Variables Used)abs_value()
— Concolic Fuzzing (Example: Absolute Maximum), Symbolic Fuzzing (Function Summaries)- actions — Testing Graphical User Interfaces (Retrieving User Interface Actions), Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions)
ACTIONS
— Testing Graphical User Interfaces (Exploring Large Sites), Testing Graphical User Interfaces (Exploring Large Sites), Testing Graphical User Interfaces (Exploring Large Sites)add()
— Parsing Inputs (Columns)- add-operator — Greybox Fuzzing with Grammars (Fragment-Based Mutation)
addDebug()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)addTo()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)add_call()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)add_calls()
— Control Flow Graph (CFGNode)add_child()
— Concolic Fuzzing (Representing Decisions), Control Flow Graph (CFGNode)add_coverage()
— Grammar Coverage (Tracking Expansions while Fuzzing), Probabilistic Grammar Fuzzing (Counting Expansions)add_element()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_fragment()
— Greybox Fuzzing with Grammars (Building the Fragment Pool)add_group()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_int_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_metavar_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_new_airport()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_new_airport_2()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)add_parameter()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_parent()
— Control Flow Graph (CFGNode)add_parents()
— Control Flow Graph (CFGNode)add_result()
— Carving Unit Tests (Part 1: Store function results)add_str_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)add_to_fragment_pool()
— Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Region-Based Mutation)add_trace()
— Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (The SimpleConcolicFuzzer class)add_transitive()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)add_tree()
— Probabilistic Grammar Fuzzing (Counting Expansions), Mining Input Grammars (Recovering Grammars from Derivation Trees)add_tree_coverage()
— Fuzzing with Generators (Generators and Grammar Coverage)add_type_rule()
— Testing Configurations (A Grammar Miner for Options and Arguments)__add__()
— Tracking Information Flow (Concatenation), Concolic Fuzzing (Concatenation of Strings)advance()
— Parsing Inputs (Items), Parsing Inputs (States)AdvancedMutationFuzzer
class — Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing)AdvMutant
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)AdvMutator
class — Mutation Analysis (Mutator for Modules and Test Suites)AdvPMIterator
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)AdvStmtDeletionMutator
class — Mutation Analysis (Mutator for Modules and Test Suites)- AFL — Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Greybox Mutation-based Fuzzing)
AFLFastSchedule
class — Greybox Fuzzing (Boosted Greybox Fuzzing)AFLGoSchedule
class — Greybox Fuzzing (Improved Directed Power Schedule)- AFLSmart — Greybox Fuzzing with Grammars (Fuzzing with Input Regions), Greybox Fuzzing with Grammars (Background)
AFLSmartSchedule
class — Greybox Fuzzing with Grammars (Focusing on Valid Seeds)airport_codes_repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)- Alex framework — Testing Graphical User Interfaces (Background)
- all — Search-Based Fuzzing (Hillclimbing the Example), Mutation Analysis (Injecting Artificial Faults), Greybox Fuzzing with Grammars (Lessons Learned), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer), When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)
- all paths — Symbolic Fuzzing (Get Names and Types of Variables Used)
- all seeds — Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)
all_terminals()
— Efficient Grammar Fuzzing (End of Excursion)alternate_reductions()
— Reducing Failure-Inducing Inputs (Alternate Expansions)AlternatingSequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- alternatives — Fuzzing with Grammars (Rules and Expansions)
- American fuzzy lop — Mutation-Based Fuzzing (Guiding by Coverage)
- American Fuzzy Lop — Greybox Fuzzing (AFL: An Effective Greybox Fuzzer)
- American Fuzzy Lop](http://lcamtuf.coredump.cx/afl/) (AFL) was released. Since then, AFL has become one of the most successful fuzzing tools and comes in many flavors, e.g., AFLFast, AFLGo, and [AFLSmart — Mutation-Based Fuzzing (Fuzzing with Mutations)
- angr — Symbolic Fuzzing (Background)
annotate_arg()
— Mining Function Specifications (Annotating Functions with Given Types)annotate_edge()
— Efficient Grammar Fuzzing (Excursion: Source code and example fordisplay_annotated_tree()
)`)annotate_function_ast_with_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_function_ast_with_types()
— Mining Function Specifications (Annotating Functions with Mined Types)annotate_function_with_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_function_with_types()
— Mining Function Specifications (Annotating Functions with Mined Types)annotate_invariants()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)annotate_node()
— Efficient Grammar Fuzzing (Excursion: Source code and example fordisplay_annotated_tree()
)`)annotate_types()
— Mining Function Specifications (Annotating Functions with Mined Types)- any — Efficient Grammar Fuzzing (Excursion: Implementing
display_tree()
)`) ANYTHING_BUT_DOUBLE_QUOTES_AND_BACKSLASH
— Testing Compilers (Constants)ANYTHING_BUT_SINGLE_QUOTES_AND_BACKSLASH
— Testing Compilers (Constants)any_possible_expansions()
— Efficient Grammar Fuzzing (Expanding a Tree)any_sqrt()
— Mining Function Specifications (Specifications and Assertions)append_from_dictionary()
— Greybox Fuzzing (A First Attempt)apply_new_definition()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)apply_result()
— Fuzzing with Generators (Generating Elements before Expansion)apply_twice()
— Fuzzing with Generators (Functions Called Before Expansion)- arbitrary — Parsing Inputs (Excursion: Testing the Parsers)
arc()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ArcCoverage
class — Concolic Fuzzing (Tracking Constraints)arcs()
— Concolic Fuzzing (Tracking Constraints)arc_8()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)arguments()
— Carving Unit Tests (Recording Calls)ARGUMENTS_SYMBOL
— Testing Configurations (A Grammar Miner for Options and Arguments)- arithmetic expressions — Fuzzing with Grammars (Arithmetic Expressions)
arith_expr()
— Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)AR
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ascii_chr()
— Fuzzing in the Large (Excursion:escapelines()
implementatipn)`-implementatipn)ASCII_STRING_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Strings), Fuzzing APIs (Synopsis)assertEquals()
— Introduction to Software Testing (Automating Test Execution)- assertion — Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)
assignEnergy()
— Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Boosted Greybox Fuzzing), Greybox Fuzzing (Directed Power Schedule), Greybox Fuzzing (Improved Directed Power Schedule), Greybox Fuzzing with Grammars (Focusing on Valid Seeds)- assignment — Fuzzing: Breaking Things with Random Inputs (A Testing Assignment)
assignments()
— Mining Input Grammars (DefineTracker)AssignmentTracker
class — Mining Input Grammars (AssignmentTracker), Mining Input Grammars (AssignmentTracker), Mining Input Grammars (AssignmentTracker)AssignmentVars
class — Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars)ast_fitness()
— Testing Compilers (Fitness)at()
— Mining Input Grammars (CallStack)ATTR_GRAMMAR
— Fuzzing with Generators (Exercise 2: Attribute Grammars)at_dot()
— Parsing Inputs (Items)- Automata theory — Fuzzing with Grammars (Input Languages)
autopep8()
— Testing Configurations (Autopep8 Setup)average_length_until_full_coverage()
— Grammar Coverage (Putting Things Together)A_Class
class — Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)
B¶
B()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)back()
— Parsing Inputs (Exercise 5: Leo Parser)- Backus-Naur form — Fuzzing with Grammars (Grammar Shortcuts)
bad_fitness()
— Search-Based Fuzzing (Hillclimbing the Example)bar()
— Class Diagrams (Getting a Class Hierarchy)- before — Mining Input Grammars (AssignmentTracker)
BetterHTTPRequestHandler
class — Testing Web Applications (Part 1: Silent Failures), Testing Web Applications (Part 2: Sanitized HTML), Testing Web Applications (Part 3: Sanitized SQL), Testing Web Applications (Part 4: A Robust Server)BETTER_HTML_INTERNAL_SERVER_ERROR
— Testing Web Applications (Part 1: Silent Failures)- binary reduction of dependency graphs — Reducing Failure-Inducing Inputs (Background)
BinaryProgramRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)binomial()
— Concolic Fuzzing (Example: Binomial Coefficient)BinOpMutator
class — Mutation Analysis (Exercise 1: Arithmetic Expression Mutators), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)BIRD
— Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)bit()
— Concolic Fuzzing (Representing Decisions)- bitmap origins — Tracking Information Flow (Tracking Individual Characters)
BIT_OPS
— Concolic Fuzzing (Exercise 2: Bit Manipulation)- black-box testing — Code Coverage (Black-Box Testing)
BletchleyPark
class — When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations)- blog post — Mutation-Based Fuzzing (Exercise 3), Greybox Fuzzing (Solving the Maze), Reducing Failure-Inducing Inputs (Background), Control Flow Graph (Example: Maze)
- BNF — Fuzzing with Grammars (Grammar Shortcuts)
BODY
— Code Coverage (A Coverage Class), Code Coverage (A Coverage Class), Code Coverage (A Coverage Class)- Bomba — When To Stop Fuzzing (The Enigma Machine)
__bool__()
— Concolic Fuzzing (Registering Predicates on Conditionals), Concolic Fuzzing (Using an Integer in a Boolean Context), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)BoostedBletchleyPark
class — When To Stop Fuzzing (Turing's Observations)- Branch coverage — Code Coverage (White-Box Testing)
BranchCoverage
class — Code Coverage (Part 1: Compute branch coverage)BranchTransformer
class — Search-Based Fuzzing (Instrumenting Source Code Automatically)branch_coverage()
— Code Coverage (Part 1: Compute branch coverage)break_max_attempts()
— When To Stop Fuzzing (Turing's Observations)break_message()
— When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations)break_n_messages()
— When To Stop Fuzzing (Turing's Observations)- "Browser Fuzzing at Mozilla" — Fuzzing in the Large (Background)
BROWSER
— Testing Graphical User Interfaces (Remote Control with Selenium)buggy_my_sqrt_with_postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)B_Class
class — Class Diagrams (Getting a Class Hierarchy)
C¶
- C preprocessor — Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)
C()
— Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (AssignmentTracker)- C-Reduce — Reducing Failure-Inducing Inputs (Background)
CachingReducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)calculate_distance()
— Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)- call — Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations)
- call graph — Greybox Fuzzing (Solving the Maze)
- call stack — Introduction to Software Testing (System Input vs Function Input)
CallCarver
class — Carving Unit Tests (Recording Calls), Carving Unit Tests (Recording Calls)called_functions()
— Carving Unit Tests (Recording Calls)callers()
— Class Diagrams (Drawing Class Hierarchy with Method Names)CallGrammarMiner
class — Carving Unit Tests (A Grammar Miner for Calls), Carving Unit Tests (Initial Grammar), Carving Unit Tests (A Grammar from Arguments), Carving Unit Tests (A Grammar from Calls), Carving Unit Tests (A Grammar from all Calls)callgraph()
— Control Flow Graph (Call Graph Helpers)- calls — Greybox Fuzzing (Computing Function-Level Distance)
calls()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)CallStack
class — Mining Input Grammars (CallStack), Mining Input Grammars (CallStack)CallTracker
class — Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls)call_string()
— Carving Unit Tests (Serializing Objects)CALL_SYMBOL
— Carving Unit Tests (Initial Grammar)call_value()
— Carving Unit Tests (Serializing Objects)__call__()
— Concolic Fuzzing (Excursion: Implementing ConcolicTracer)cancel()
— Timeout (Variant 1: Unix (using signals, efficient))), Timeout (Variant 2: Generic / Windows (using trace, not very efficient)))canonical()
— Parsing Inputs (Excursion: Canonical Grammars)can_be_satisfied()
— Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further)capitalize()
— Tracking Information Flow (String methods that do not change origin)Carver
class — Carving Unit Tests (Recording Calls)cc()
— Concolic Fuzzing (Representing Decisions)- CFG — Parsing Inputs (Parsing Expression Grammars), Parsing Inputs (End of Excursion), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs (The Earley Parser), Parsing Inputs (Extracting Trees), Parsing Inputs (Background)
CFGNode
class — Control Flow Graph (CFGNode)- CFGs — Parsing Inputs (Excursion: Implementing
EarleyParser
), Parsing Inputs (Background) CFLAGS
— Fuzzing in the Large (Collecting Code Coverage)- CFLs — Parsing Inputs (Background), Parsing Inputs (Background), Parsing Inputs (Background)
cgi_decode()
— Code Coverage (A CGI Decoder), Search-Based Fuzzing (Testing a More Complex Program), Concolic Fuzzing (Example: Decoding CGI Strings), Control Flow Graph (cgi_decode)cgi_decode_instrumented()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)cgi_decode_traced()
— Code Coverage (Tracing Executions)cgi_encode()
— Testing Web Applications (Excursion: Implementing cgi_decode()))CGI_GRAMMAR
— Testing Web Applications (Mining Grammars for Web Pages)CG
— Greybox Fuzzing (Computing Function-Level Distance)- chapter on parsers](Parser.ipynb) that coarse grammars do not work well for fuzzing when the input format includes details expressed only in code. That is, even though we have the formal specification of CSV files ([RFC 4180 — Mining Input Grammars (A Grammar Challenge)
- character level — Tracking Information Flow (Tracking Individual Characters)
CHARACTERS_WITHOUT_QUOTE
— Fuzzing with Grammars (Exercise 1: A JSON Grammar)CHARGE_GRAMMAR
— Fuzzing with Generators (Example: Numeric Ranges)chart_parse()
— Parsing Inputs (The Parsing Algorithm)CHAR_WIDTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)check()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)checkpoint()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)- checksum — Tracking Information Flow (Tracking Individual Characters)
check_grammar()
— Efficient Grammar Fuzzing (Excursion:check_grammar()
implementation)`-implementation), Probabilistic Grammar Fuzzing (Expanding by Probability)check_param()
— Mining Input Grammars (Exercise 1: Flattening complex objects)check_time()
— Timeout (Variant 2: Generic / Windows (using trace, not very efficient)))check_triangle()
— Symbolic Fuzzing (Obtaining Path Conditions for Coverage), Control Flow Graph (check_triangle)- child nodes — Efficient Grammar Fuzzing (Derivation Trees)
- children — Efficient Grammar Fuzzing (Derivation Trees)
CHILDREN
— Efficient Grammar Fuzzing (Representing Derivation Trees), Efficient Grammar Fuzzing (Representing Derivation Trees)- choice expressions — Parsing Inputs (Parsing Expression Grammars)
ChoiceNode
class — Parsing Inputs (Tree Extractor)Choice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)choose()
— Greybox Fuzzing (Seeds and Power Schedules)choose_a_node_to_explore()
— Parsing Inputs (Exercise 7: Iterative Earley Parser)choose_covered_node_expansion()
— Grammar Coverage (Covering Grammar Expansions), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)choose_node_expansion()
— Efficient Grammar Fuzzing (Picking a Children Alternative to be Expanded), Grammar Coverage (Tracking Expansions while Fuzzing), Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (Excursion: Implementingchoose_node_expansion()
)`), Probabilistic Grammar Fuzzing (Expanding by Probability), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)choose_path()
— Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)choose_tree_expansion()
— Efficient Grammar Fuzzing (Excursion:expand_tree_once()
implementation)`-implementation), Fuzzing with Generators (Ordering Expansions)choose_uncovered_node_expansion()
— Grammar Coverage (Covering Grammar Expansions), Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)chosen()
— Parsing Inputs (Tree Extractor)- chromedriver program — Testing Graphical User Interfaces (Setting up Chrome)
- Class Diagrams — Academic Prototyping (Replicable Experiments)
CLASS_COLOR
— Class Diagrams (Drawing Class Hierarchy with Method Names), Class Diagrams (Drawing Class Hierarchy with Method Names)CLASS_FONT
— Class Diagrams (Drawing Class Hierarchy with Method Names), Class Diagrams (Drawing Class Hierarchy with Method Names)class_hierarchy()
— Class Diagrams (Getting a Class Hierarchy)class_items()
— Class Diagrams (Getting Methods and Variables)_class_items()
— Class Diagrams (Getting Methods and Variables)class_methods()
— Class Diagrams (Getting Methods and Variables)class_methods_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)class_set()
— Class Diagrams (Getting a Class Tree)class_tree()
— Class Diagrams (Getting a Class Tree)class_vars()
— Class Diagrams (Getting Methods and Variables)class_vars_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)clean_grammar()
— Mining Input Grammars (Grammar Mining)clear_httpd_messages()
— Testing Web Applications (Logging)clear_origin()
— Tracking Information Flow (A Class for Tracking Character Origins)clear_symbol_table()
— Fuzzing with Generators (Definitions and Uses)clear_taint()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins)click()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)clock()
— Timer (Measuring Time)coalesce()
— Parsing Inputs (A Parser Class), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)- code coverage — Code Coverage
- code snippet from StackOverflow — Mining Function Specifications (Annotating Functions with Pre- and Postconditions)
code_repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)collapse_if_too_large()
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)collect_conditions()
— Academic Prototyping (Static Analysis in Python: Still Easy), Prototyping with Python (Static Analysis in Python: Still Easy)collect_path_conditions()
— Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (A Symbolic Test Generator)- colors — Tracking Information Flow (Tracking Individual Characters)
column()
— Tracking Information Flow (Representing Tables), Concolic Fuzzing (Example: Database)Column
class — Parsing Inputs (Columns), Parsing Inputs (Columns), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)combination()
— Concolic Fuzzing (Example: Binomial Coefficient)- commas — Parsing Inputs (An Ad Hoc Parser)
comma_split()
— Parsing Inputs (An Ad Hoc Parser)COMMENT_CHAR_WIDTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)Comment
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- comparison node — Control Flow Graph (fib)
- Competent Programmer Hypothesis — Mutation Analysis (Injecting Artificial Faults)
- compiler testing — Fuzzing with Grammars (Background), Reducing Failure-Inducing Inputs (Background)
- complement of the input samples — Probabilistic Grammar Fuzzing (Testing Uncommon Features)
complete()
— Parsing Inputs (Completing Processing), Parsing Inputs (Exercise 5: Leo Parser)compute_dominator()
— Control Flow Graph (Supporting Functions)compute_flow()
— Control Flow Graph (Supporting Functions)compute_gcd()
— Control Flow Graph (gcd)- concolic — Symbolic Fuzzing (Check Before You Loop)
- concolic execution — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)
- Concolic Execution — Concolic Fuzzing (Solving Constraints)
concolic()
— Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names)ConcolicDB
class — Concolic Fuzzing (Example: Database)ConcolicGrammarFuzzer
class — Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer), Concolic Fuzzing (Pruning and Updating), Concolic Fuzzing (Pruning and Updating)ConcolicTracer
class — Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Translating to the SMT Expression Format), Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Evaluating the Concolic Expressions), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)- concrete syntax tree — Efficient Grammar Fuzzing (Derivation Trees)
condition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)- conditional compilation — Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)
CONDITION
— Code Coverage (Exercise 2: Branch Coverage), Code Coverage (Exercise 2: Branch Coverage), Code Coverage (Exercise 2: Branch Coverage)CONSTRAINED_VAR_GRAMMAR
— Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Ordering Expansions), Fuzzing with Generators (Ordering Expansions)- constraint — Fuzzing with Generators (Functions Called After Expansion)
CONSTRAINT
— Fuzzing with Constraints (Quantifiers)construct_callgraph()
— Control Flow Graph (Call Graph Helpers)- context-free grammars — Fuzzing with Grammars (Grammars)
CONTEXT
— Fuzzing with Constraints (Quantifiers)Context
class — Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)- contract — Mining Function Specifications (Why Generic Error Checking is Not Enough)
convert()
— Tracking Information Flow (Inserting Data)convert_ebnf_grammar()
— Fuzzing with Grammars (All Together)convert_ebnf_operators()
— Fuzzing with Grammars (Expanding Operators)convert_ebnf_parentheses()
— Fuzzing with Grammars (Expanding Parenthesized Expressions)copy()
— Parsing Inputs (States), Parsing Inputs (Exercise 5: Leo Parser), Symbolic Fuzzing (Tracking Assignments)COUNTER
— Concolic Fuzzing (Generating Fresh Names), Concolic Fuzzing (Generating Fresh Names)CountingGreyboxFuzzer
class — Greybox Fuzzing (Boosted Greybox Fuzzing)counts()
— Probabilistic Grammar Fuzzing (Counting Expansions)count_expansions()
— Probabilistic Grammar Fuzzing (Counting Expansions)count_nodes()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)- Coupling Effect — Mutation Analysis (Injecting Artificial Faults)
- coverage criteria — Code Coverage (White-Box Testing)
- Coverage module from the Fuzzing Book — Testing Compilers (Getting Coverage)
coverage()
— Code Coverage (A Coverage Class), Code Coverage (Part 1: Compute branch coverage), Mutation-Based Fuzzing (Guiding by Coverage)- Coverage-based Greybox Fuzzing as Markov Chain — Greybox Fuzzing (Boosted Greybox Fuzzing)
Coverage
class — Code Coverage (A Coverage Class)cpp_identifiers()
— Testing Configurations (Part 1: Extract Preprocessor Variables)crange()
— Fuzzing with Grammars (Character Classes)crashme()
— Greybox Fuzzing (Runners and a Sample Program)crash_if_too_long()
— Fuzzing: Breaking Things with Random Inputs (Buffer Overflows)crawl()
— Testing Web Applications (Excursion: Implementing a Crawler)- crawler — Testing Web Applications (Crawling User Interfaces)
create()
— Tracking Information Flow (String Operators), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Create), Tracking Information Flow (Part 2: Arithmetic expressions), Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)create_assignments()
— Mining Input Grammars (AssignmentTracker), Mining Input Grammars (Scope Tracker), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_call_stack()
— Mining Input Grammars (ScopedVars), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_candidate()
— Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing with Grammars (Fragment-Based Fuzzing), Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)create_context()
— Mining Input Grammars (Context)create_foo_py()
— Testing Configurations (Creating Autopep8 Options)create_instrumented_function()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)create_population()
— Search-Based Fuzzing (Genetic Algorithms)create_table()
— Tracking Information Flow (Representing Tables)create_tracker()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)create_tree_miner()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)- cross-site scripting — Testing Web Applications (Cross-Site Scripting Attacks)
- crossover — Search-Based Fuzzing (Genetic Algorithms)
crossover()
— Search-Based Fuzzing (Genetic Algorithms)- CSmith — Fuzzing with Grammars (Background)
- CSV — Parsing Inputs (An Ad Hoc Parser)
- current — Mining Input Grammars (AssignmentVars)
C_Class
class — Class Diagrams (Getting a Class Hierarchy)C_SAMPLE_GRAMMAR
— Parsing Inputs (Excursion: ImplementingEarleyParser
)C
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)
D¶
- DAIKON dynamic invariant detector](https://plse.cs.washington.edu/daikon/) can be considered the mother of function specification miners. Continuously maintained and extended for more than 20 years, it mines likely invariants in the style of this chapter for a variety of languages, including C, C++, C#, Eiffel, F#, Java, Perl, and Visual Basic. On top of the functionality discussed above, it holds a rich catalog of patterns for likely invariants, supports data invariants, can eliminate invariants that are implied by others, and determines statistical confidence to disregard unlikely invariants. The corresponding paper [Unresolved citation: Ernst2001.] is one of the seminal and most-cited papers of Software Engineering. A multitude of works have been published based on DAIKON and detecting invariants; see this [curated list — Mining Function Specifications (Background)
- data dictionary — Testing Web Applications (Leaking Internal Information)
- database — Testing Web Applications (Storing Orders)
db_select()
— Concolic Fuzzing (Example: Database)DB
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Tracking Untrusted Input), Tracking Information Flow (TaintedDB), Concolic Fuzzing (Example: Database)DB
class — Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (Representing Tables), Tracking Information Flow (Representing Tables), Tracking Information Flow (Representing Tables), Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Selecting Data), Tracking Information Flow (Selecting Data), Tracking Information Flow (Selecting Data), Tracking Information Flow (Inserting Data), Tracking Information Flow (Inserting Data), Tracking Information Flow (Updating Data), Tracking Information Flow (Deleting Data)- debugger — Introduction to Software Testing (Debugging a Function)
DEBUG
— Railroad Diagrams (Excursion: Railroad diagrams implementation)declarations()
— Symbolic Fuzzing (Get Names and Types of Variables Used)decorator()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)decrange()
— Probabilistic Grammar Fuzzing (Probabilities in Context)default_edge_attr()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)default_graph_attr()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)default_node_attr()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)DEFAULT_ORIGIN
— Tracking Information Flow (A Class for Tracking Character Origins)DEFAULT_STYLE
— Railroad Diagrams (Excursion: Railroad diagrams implementation)- deferred parsing — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)
defined_in()
— Class Diagrams (Getting Methods and Variables)defined_vars()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)DefineTracker
class — Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker)define_expr()
— Fuzzing with Grammars (Part 1 (b): Alternative representations):-Alternative-representations)define_ex_grammar()
— Fuzzing with Grammars (Part 1 (b): Alternative representations):-Alternative-representations)define_grammar()
— Fuzzing with Grammars (Part 1 (a): One Single Function):-One-Single-Function)define_id()
— Fuzzing with Generators (Definitions and Uses)define_name()
— Fuzzing with Grammars (Part 1 (b): Alternative representations):-Alternative-representations)define_symbolic_vars()
— Symbolic Fuzzing (Get Names and Types of Variables Used)def_used_nonterminals()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)- degree of validity — Greybox Fuzzing with Grammars (Determining Symbol Regions)
degree_of_validity()
— Greybox Fuzzing with Grammars (Focusing on Valid Seeds)DELAY_AFTER_CHECK
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)DELAY_AFTER_CLICK
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Fuzzing in the Large (Excursion: Starting the Server)DELAY_AFTER_FILL
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)DELAY_AFTER_START
— Fuzzing in the Large (Excursion: Starting the Server)DELAY_AFTER_SUBMIT
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)delete_element()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)delete_fragment()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)delete_last_character()
— Greybox Fuzzing (A First Attempt)delete_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators)DELETE
— Testing Web Applications (SQL Injection Attacks)- Delta Debugging — Testing Compilers (Evolution)
DeltaDebuggingReducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)- Dependencies — Academic Prototyping (Replicable Experiments)
- derivation tree — Efficient Grammar Fuzzing (Derivation Trees)
determineGaps()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)deterministic_reduction()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)DiagramItem
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)DIAGRAM_CLASS
— Railroad Diagrams (Excursion: Railroad diagrams implementation)Diagram
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)DictMutator
class — Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries)diff()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)- different — Mining Input Grammars (Problems with the Grammar Miner with Reassignment)
DIGIT_GRAMMAR
— Fuzzing with Grammars (Representing Grammars in Python)- Directed Greybox Fuzzing](https://mboehme.github.io/paper/CCS17.pdf)" [Unresolved citation: boehme2017greybox.] and check out the implementation into AFL at [http://github.com/aflgo/aflgo — Greybox Fuzzing (Improved Directed Power Schedule)
DirectedSchedule
class — Greybox Fuzzing (Directed Power Schedule)- discovery — When To Stop Fuzzing (Turing's Observations)
- discovery probability — When To Stop Fuzzing (Turing's Observations)
display_annotated_tree()
— Efficient Grammar Fuzzing (Excursion: Source code and example fordisplay_annotated_tree()
)`)display_class_hierarchy()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_class_node()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_class_trees()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_httpd_message()
— Testing Web Applications (Logging)display_legend()
— Class Diagrams (Drawing Class Hierarchy with Method Names)display_stack()
— Mining Input Grammars (CallStack)display_trace_tree()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)display_tree()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)distance_character()
— Search-Based Fuzzing (Branch Distances)docstring()
— Class Diagrams (Getting Docs)doc_class_methods()
— Class Diagrams (Getting Methods and Variables)DOC_INDENT
— Class Diagrams (Getting Docs)- Domato — Fuzzing with Grammars (Background)
dot_escape()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)doubleenumerate()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)down()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)do_call()
— Fuzzing APIs (Synthesizing Code)do_check()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_click()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_delete()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Deleting Data)do_fill()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_GET()
— Testing Web Applications (Handling HTTP Requests)do_HEAD()
— Testing Web Applications (Other HTTP commands)do_insert()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Inserting Data)do_select()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Selecting Data)do_submit()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)do_update()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Updating Data)- Dragon Book — Efficient Grammar Fuzzing (Background)
- Driller — Symbolic Fuzzing (Background)
duplicate_context()
— Grammar Coverage (Extending Grammars for Context Coverage Programmatically)_duplicate_context()
— Grammar Coverage (Excursion: Implementing_duplicate_context()
)`)- during — Greybox Fuzzing (Lessons Learned)
- dynamic analysis — Code Coverage (Tracing Executions)
- dynamic taint — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)
- dynamic taint analysis — Tracking Information Flow (The Evil of Eval)
- dynamic taints — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)
D_Class
class — Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)
E¶
e()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)- Earley parser — Parsing Inputs (Ambiguity)
EarleyParser
class — Parsing Inputs (The Parsing Algorithm), Parsing Inputs (Predicting States), Parsing Inputs (Scanning Tokens), Parsing Inputs (Completing Processing), Parsing Inputs (Filling the Chart), Parsing Inputs (The Parse Method), Parsing Inputs (The Parse Method), Parsing Inputs (Parsing Paths), Parsing Inputs (Parsing Forests), Parsing Inputs (Extracting Trees), Parsing Inputs (Ambiguous Parsing), Parsing Inputs (Nullable)earley_complete()
— Parsing Inputs (Completing Processing)- EBNF — Fuzzing with Grammars (Grammar Shortcuts)
ebnf_grammar()
— Testing Configurations (Classes for Fuzzing Configuration Options)- "Effective Software Testing: A Developer's Guide" — Introduction to Software Testing (Background)
elapsed_time()
— Timer (Measuring Time)- elements — When To Stop Fuzzing (The Kenngruppenbuch), When To Stop Fuzzing (The Kenngruppenbuch)
- ELSE — Symbolic Fuzzing (Get Names and Types of Variables Used)
- embed the finite state machine into a grammar — Testing Graphical User Interfaces (State Machines as Grammars)
EmbeddedInvariantAnnotator
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)EmbeddedInvariantTransformer
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)- EMI Project — Fuzzing with Grammars (Background)
End
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- energy — Greybox Fuzzing (Seeds and Power Schedules)
EnhancedExtractor
class — Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)- Enigma — When To Stop Fuzzing
- Enigma machines — When To Stop Fuzzing (The Enigma Machine)
EnigmaMachine
class — When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Fuzzing the Enigma)enter()
— Mining Input Grammars (CallStack), Mining Input Grammars (Input Stack)__enter__()
— Code Coverage (A Coverage Class), Mutation Analysis (Evaluating Mutations), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Error Handling (Catching Errors), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient))), Timeout (Variant 2: Generic / Windows (using trace, not very efficient)))EOF
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal), Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)- epsilon expansion — Fuzzing with Grammars (Excursion: Implementing
convert_ebnf_grammar()
)`), Efficient Grammar Fuzzing (End of Excursion) EPSILON
— Introduction to Software Testing (Automating Test Execution), Parsing Inputs (The Aycock Epsilon Fix), Parsing Inputs (Exercise 8: First Set of a Nonterminal), Mining Function Specifications (Annotating Functions with Pre- and Postconditions)- Equivalent mutants — Mutation Analysis (The Problem of Equivalent Mutants)
__eq__()
— Parsing Inputs (States), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Strings), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode)escape()
— Class Diagrams (Getting Docs)escapelines()
— Fuzzing in the Large (Excursion:escapelines()
implementatipn)`-implementatipn)escape_doc()
— Class Diagrams (Getting Docs)- Estimating the population size for capture-recapture data with unequal catchability — When To Stop Fuzzing (Background)
EvalMysteryRunner
class — Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)evaluate_condition()
— Search-Based Fuzzing (Instrumentation for Atomic Conditions), Search-Based Fuzzing (Instrumentation for Atomic Conditions)evaluate_population()
— Search-Based Fuzzing (Genetic Algorithms)eval_function()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)eval_with_exception()
— Fuzzing with Generators (Example: Negative Expressions)- even more — Search-Based Fuzzing (Hillclimbing the Example)
EvenFasterGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)evolve()
— Testing Compilers (Evolving Inputs)- excellent library from Tab Atkins jr. — Railroad Diagrams
executable()
— Testing Configurations (Classes for Fuzzing Configuration Options)ExerciseGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)__exit__()
— Code Coverage (A Coverage Class), Mutation Analysis (Evaluating Mutations), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Generating Fresh Names), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Error Handling (Catching Errors), Error Handling (Catching Timeouts), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient))), Timeout (Variant 2: Generic / Windows (using trace, not very efficient)))expandtabs()
— Tracking Information Flow (Expand Tabs)expand_node()
— Efficient Grammar Fuzzing (Excursion:expand_node_randomly()
implementation)`-implementation), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Node Inflation)expand_node_by_cost()
— Efficient Grammar Fuzzing (Excursion:expand_node_by_cost()
implementation)`-implementation)expand_node_max_cost()
— Efficient Grammar Fuzzing (Node Inflation)expand_node_min_cost()
— Efficient Grammar Fuzzing (End of Excursion)expand_node_randomly()
— Efficient Grammar Fuzzing (Excursion:expand_node_randomly()
implementation)`-implementation), Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions), Parsing Inputs (Why Parsing for Fuzzing?)expand_tree()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phaseexpand_tree()
)`)expand_tree_once()
— Efficient Grammar Fuzzing (Excursion:expand_tree_once()
implementation)`-implementation), Fuzzing with Generators (Local Checking and Repairing)expand_tree_with_strategy()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phaseexpand_tree()
)`)expand_tstate()
— Parsing Inputs (Exercise 5: Leo Parser)- expansion alternatives — Fuzzing with Grammars (Rules and Expansions)
- expansion rules — Fuzzing with Grammars (Rules and Expansions)
ExpansionCountMiner
class — Probabilistic Grammar Fuzzing (Counting Expansions), Probabilistic Grammar Fuzzing (Counting Expansions), Probabilistic Grammar Fuzzing (Counting Expansions)ExpansionError
class — Fuzzing with Grammars (A Simple Grammar Fuzzer)expansion_cost()
— Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions), Tracking Information Flow (TaintedGrammarFuzzer)expansion_coverage()
— Grammar Coverage (Keeping Track of Expansions)expansion_key()
— Grammar Coverage (Keeping Track of Expansions)expansion_to_children()
— Efficient Grammar Fuzzing (Excursion: Implementingexpansion_to_children()
)`), Efficient Grammar Fuzzing (End of Excursion), Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)ExpectError
class — Error Handling (Catching Errors)ExpectTimeout
class — Error Handling (Catching Timeouts)- exploit — Greybox Fuzzing with Grammars (Parsing and Recombining JavaScript, or How to Make 50,000 USD in Four Weeks)
explore()
— Symbolic Fuzzing (Stepwise Exploration of Paths)explore_all()
— Testing Graphical User Interfaces (Covering States)expression_clause()
— Tracking Information Flow (Selecting Data)expression_grammar_fn()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced)))EXPR_GRAMMAR_BNF
— Efficient Grammar Fuzzing (An Insufficient Algorithm)EXPR_GRAMMAR
— Grammar Coverage (Covering Grammar Elements), Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (End of Excursion), Parsing Inputs (Excursion: Canonical Grammars), Fuzzing with Generators (Example: More Numeric Ranges)exp_opt()
— Fuzzing with Grammars (Excursion: Implementingopts()
)`)exp_opts()
— Fuzzing with Grammars (Excursion: Implementingopts()
)`)exp_order()
— Fuzzing with Generators (Ordering Expansions)exp_post_expansion_function()
— Fuzzing with Generators (A Class for Integrating Constraints)exp_pre_expansion_function()
— Fuzzing with Generators (A Class for Integrating Constraints)exp_prob()
— Probabilistic Grammar Fuzzing (Specifying Probabilities)exp_probabilities()
— Probabilistic Grammar Fuzzing (Distributing Probabilities)exp_string()
— Fuzzing with Grammars (Excursion: Implementingopts()
)`)extended_nonterminals()
— Fuzzing with Grammars (Expanding Operators)extend_grammar()
— Fuzzing with Grammars (Extending Grammars)extract_a_node()
— Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor)extract_a_tree()
— Parsing Inputs (Extracting Trees), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Exercise 7: Iterative Earley Parser)extract_constraints()
— Symbolic Fuzzing (Extracting All Constraints), Symbolic Fuzzing (Check Before You Loop)extract_node()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`)extract_trees()
— Parsing Inputs (Extracting Trees), Parsing Inputs (Ambiguous Parsing), Parsing Inputs (Exercise 7: Iterative Earley Parser)extract_vars()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)- extremely efficient — Greybox Fuzzing (Directed Power Schedule)
E_GRAMMAR_1
— Parsing Inputs (The Aycock Epsilon Fix)
F - J¶
F¶
f()
— Testing Compilers (Excursion: Function Definitions)- factorial value — Concolic Fuzzing (Tracking Constraints)
factorial()
— Concolic Fuzzing (Tracking Constraints), Concolic Fuzzing (Example: Binomial Coefficient)fail_test()
— Error Handling (Catching Errors)FAIL
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis), Reducing Failure-Inducing Inputs (Synopsis)FasterGrammarFuzzer
class — Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)fib()
— Control Flow Graph (fib)FILE
— Fuzzing: Breaking Things with Random Inputs (Creating Input Files)fill()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)fill_chart()
— Parsing Inputs (Filling the Chart)FilteredLeoParser
class — Parsing Inputs (Exercise 6: Filtered Earley Parser)FINAL_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)find()
— Concolic Fuzzing (Finding Substrings)find_alternatives()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)find_comma()
— Parsing Inputs (An Ad Hoc Parser)find_contents()
— Testing Configurations (Classes for Fuzzing Configuration Options)find_element()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)find_executable()
— Testing Configurations (Autopep8 Setup)find_expansion()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)find_grammar()
— Testing Configurations (Classes for Fuzzing Configuration Options)_find_reachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)finish()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations)finished()
— Parsing Inputs (Items), Parsing Inputs (Tree Extractor)- Finite Neighborhood Hypothesis — Mutation Analysis (Injecting Artificial Faults)
- finite state machine — Testing Graphical User Interfaces (User Interfaces as Finite State Machines)
- finite state machines — Fuzzing with Grammars (Input Languages)
- first — Mutation Analysis (Mutator for Modules and Test Suites)
firstset()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)firstset_()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)first_digit_via_log()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)first_digit_via_string()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)first_expr()
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)first
andfollow
— Parsing Inputs (Exercise 8: First Set of a Nonterminal)- fitness — Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)
- fitness function — Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)
fixed_cgi_decode()
— Code Coverage (Exercise 1: Fixingcgi_decode()
)`)FIXME
— Testing Compilers (End of Excursion)fixpoint()
— Parsing Inputs (Fixpoint)fix_luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)flatten()
— Mining Input Grammars (Exercise 1: Flattening complex objects)flip_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators), Search-Based Fuzzing (Global Search)FLOAT_BINARY_OPS
— Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)FLOAT_BOOL_OPS
— Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)float_grammar_with_range()
— Fuzzing APIs (Floats)FLOAT_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Floats), Fuzzing APIs (Synopsis)fmt()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars)followset()
— Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)followset_()
— Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)follow_link()
— Testing Graphical User Interfaces (Link Element Actions)foo()
— Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy), Class Diagrams (Getting a Class Hierarchy)- for-loop — Control Flow Graph (fib)
forest()
— Parsing Inputs (Parsing Forests), Parsing Inputs (Exercise 6: Filtered Earley Parser)- formal languages — Fuzzing with Grammars (Input Languages), Fuzzing with Grammars (A Natural Language Grammar)
format()
— Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)- FormatFuzzer — Greybox Fuzzing with Grammars (Background)
FormHTMLParser
class — Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Searching HTML for Input Fields)- fragment — Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Lessons Learned)
FragmentMutator
class — Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation)fragments()
— Mining Input Grammars (DefineTracker)FRAGMENT_LEN
— Mining Input Grammars (DefineTracker), Mining Input Grammars (DefineTracker), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)frame_module()
— Class Diagrams (Drawing Class Hierarchy with Method Names)fresh_name()
— Concolic Fuzzing (Generating Fresh Names)fsm_diagram()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)fsm_last_state_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)fsm_path()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)FunctionCoverageRunner
class — Mutation-Based Fuzzing (Guiding by Coverage)FunctionRunner
class — Mutation-Based Fuzzing (Guiding by Coverage)functions_with_invariants()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)functions_with_invariants_ast()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)function_names()
— Code Coverage (A Coverage Class)function_symbol()
— Carving Unit Tests (A Grammar from Calls)function_with_invariants()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)function_with_invariants_ast()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)funct_parser()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced)))- fuzz — Mutation Analysis (Seeding Artificial Faults with Mutation Analysis)
fuzz()
— Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Efficient Grammar Fuzzing (Putting it all Together), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (The fuzzing method), Concolic Fuzzing (Pruning and Updating), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Testing Compilers (A Class for Fuzzing Python)fuzzed_url_element()
— Fuzzing APIs (Synthesizing Oracles)- fuzzer — Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)
fuzzer()
— Fuzzing: Breaking Things with Random Inputs (A Simple Fuzzer)Fuzzer
class — Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)- fuzzing — Fuzzing: Breaking Things with Random Inputs, Parsing Inputs ( Problems with PEG)
- Fuzzingbook format for grammars — Testing Compilers (A Grammar for Concrete Code)
- fuzzingbook.org — Carving Unit Tests (System Tests vs Unit Tests), Testing Graphical User Interfaces (Exploring Large Sites)
FUZZINGBOOK_SWAG
— Testing Web Applications (Taking Orders), Testing Web Applications (Taking Orders), Testing Web Applications (Taking Orders)- FuzzManager — Fuzzing in the Large (Running a Crash Server), Fuzzing in the Large (Excursion: Setting up the Server)
- FuzzManager coverage page — Fuzzing in the Large (Collecting Code Coverage)
- FuzzManager crashes page — Fuzzing in the Large (End of Excursion)
- FuzzManager](https://github.com/MozillaSecurity/FuzzManager). Its [GitHub page — Fuzzing in the Large (Background)
fuzz_tree()
— Efficient Grammar Fuzzing (Putting it all Together), Fuzzing with Generators (Support for Python Generators), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Grammar Coverage), Tracking Information Flow (TaintedGrammarFuzzer)
G¶
- gcd — Symbolic Fuzzing (Fuzzing with Advanced Symbolic Fuzzer)
gcd()
— Mutation Analysis (Evaluating Mutations), Symbolic Fuzzing (Problems with the Simple Fuzzer), Control Flow Graph (gcd)- geckodriver program — Testing Graphical User Interfaces (Setting up Firefox)
generate_good_tile()
— Control Flow Graph (Example: Maze)generate_maze_code()
— Control Flow Graph (Example: Maze)generate_mutant()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)generate_print_maze()
— Control Flow Graph (Example: Maze)generate_target_tile()
— Control Flow Graph (Example: Maze)generate_trap_tile()
— Control Flow Graph (Example: Maze)- generation-based — Greybox Fuzzing (Greybox Mutation-based Fuzzing)
GENERATIONS
— Testing Compilers (Evolution), Testing Compilers (Evolution)- generator function in Python — Fuzzing with Generators (Support for Python Generators)
GeneratorGrammarFuzzer
class — Fuzzing with Generators (A Class for Integrating Constraints), Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Support for Python Generators), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Ordering Expansions)GenericTimeout
class — Timeout (Variant 2: Generic / Windows (using trace, not very efficient)))- Genetic Algorithm — Search-Based Fuzzing (Genetic Algorithms)
genetic_algorithm()
— Search-Based Fuzzing (Genetic Algorithms)gen_cfg()
— Control Flow Graph (PyCFG), Control Flow Graph (Supporting Functions)gen_fn_summary()
— Symbolic Fuzzing (Get Names and Types of Variables Used)- Geometric Mean — Greybox Fuzzing (Computing Function-Level Distance)
__getFunctions__()
— Greybox Fuzzing (Directed Power Schedule)__getitem__()
— Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Index), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (Producing Substrings), Testing Configurations (Part 3: Mine a Configuration Grammar)getPathID()
— Greybox Fuzzing (Boosted Greybox Fuzzing)getTraceHash()
— When To Stop Fuzzing (Trace Coverage)get_all_paths()
— Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)get_all_vars()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)get_alternatives()
— Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced)))get_annotations()
— Symbolic Fuzzing (The Control Flow Graph)get_arguments()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls)get_callgraph()
— Control Flow Graph (Call Graph Helpers)get_cfg()
— Control Flow Graph (Supporting Functions)get_children()
— Concolic Fuzzing (Representing Decisions)get_defining_function()
— Control Flow Graph (PyCFG)get_derivation_tree()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)get_expression()
— Symbolic Fuzzing (Function Summaries)get_field_values()
— Testing Web Applications (Processing Orders)get_fitness()
— Search-Based Fuzzing (Instrumentation), Testing Compilers (Survival of the Fittest)get_fitness_cgi()
— Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)get_func()
— Control Flow Graph (PyCFG)get_grammar()
— Testing Web Applications (A Fuzzer for Web Forms), Testing Web Applications (Fully Automatic Web Attacks)get_html()
— Testing Web Applications (A Fuzzer for Web Forms)get_mutation_count()
— Mutation Analysis (A Simple Mutator for Functions)get_newpath()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)get_next_path()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Generating All Paths)get_path_to_root()
— Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Stepwise Exploration of Paths)get_qualified_name()
— Carving Unit Tests (Recording Calls)get_registry()
— Control Flow Graph (Registry)get_registry_idx()
— Control Flow Graph (Registry)get_replacements()
— Mining Input Grammars (Grammar Mining)get_symbolicparams()
— Symbolic Fuzzing (The Control Flow Graph)get_top()
— Parsing Inputs (Exercise 5: Leo Parser)GET
— Testing Web Applications (Handling HTTP Requests), Testing Web Applications (Other HTTP commands), Testing Web Applications (A Fuzzer for Web Forms)__ge__()
— Concolic Fuzzing (Comparisons between Integers)- globally — Search-Based Fuzzing (Global Search)
- GNU bc — Mutation-Based Fuzzing (Part 2: Guided Mutations)
- grammar constructors — Fuzzing APIs (Synopsis), Fuzzing APIs (Synopsis)
- grammar fuzzing — Fuzzing with Grammars (Arithmetic Expressions)
grammar()
— Parsing Inputs (A Parser Class), Testing Configurations (Classes for Fuzzing Configuration Options)GrammarCoverageFuzzer
class — Grammar Coverage (Determining yet Uncovered Children), Grammar Coverage (Excursion: Implementingnew_coverage()
)), [Grammar Coverage (Excursion: Implementing
choose_node_expansion())](GrammarCoverageFuzzer.ipynb#Excursion:-Implementing-
choose_node_expansion()`)GrammarFuzzer
class — Efficient Grammar Fuzzing (Expanding a Node), Efficient Grammar Fuzzing (Excursion:check_grammar()
implementation)-implementation), [Efficient Grammar Fuzzing (End of Excursion)](GrammarFuzzer.ipynb#End-of-Excursion), [Efficient Grammar Fuzzing (Picking a Children Alternative to be Expanded)](GrammarFuzzer.ipynb#Picking-a-Children-Alternative-to-be-Expanded), [Efficient Grammar Fuzzing (End of Excursion)](GrammarFuzzer.ipynb#End-of-Excursion), [Efficient Grammar Fuzzing (Excursion:
expand_node_randomly()implementation)](GrammarFuzzer.ipynb#Excursion:-
expand_node_randomly()-implementation), [Efficient Grammar Fuzzing (Excursion:
expand_node_randomly()implementation)](GrammarFuzzer.ipynb#Excursion:-
expand_node_randomly()-implementation), [Efficient Grammar Fuzzing (Excursion:
expand_node_randomly()implementation)](GrammarFuzzer.ipynb#Excursion:-
expand_node_randomly()-implementation), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Excursion:
expand_tree_once()implementation)](GrammarFuzzer.ipynb#Excursion:-
expand_tree_once()-implementation), [Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions)](GrammarFuzzer.ipynb#Excursion:-Implementing-Cost-Functions), [Efficient Grammar Fuzzing (Excursion:
expand_node_by_cost()implementation)](GrammarFuzzer.ipynb#Excursion:-
expand_node_by_cost()-implementation), [Efficient Grammar Fuzzing (End of Excursion)](GrammarFuzzer.ipynb#End-of-Excursion), [Efficient Grammar Fuzzing (End of Excursion)](GrammarFuzzer.ipynb#End-of-Excursion), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Excursion: Implementation of three-phase
expand_tree())](GrammarFuzzer.ipynb#Excursion:-Implementation-of-three-phase-
expand_tree()`), Efficient Grammar Fuzzing (Putting it all Together)- Grammarinator — Fuzzing with Grammars (Background)
GrammarMiner
class — Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar)GrammarReducer
class — Reducing Failure-Inducing Inputs (Excursion: A Class for Reducing with Grammars), Reducing Failure-Inducing Inputs (Finding Subtrees), Reducing Failure-Inducing Inputs (Alternate Expansions), Reducing Failure-Inducing Inputs (Both Strategies Together), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)- grammars — Fuzzing with Grammars (Grammars)
graph_attr()
— Efficient Grammar Fuzzing (Excursion: Source code and example fordisplay_annotated_tree()
)`)- greybox fuzzer — Greybox Fuzzing (AFL: An Effective Greybox Fuzzer), Greybox Fuzzing (Lessons Learned)
- greybox fuzzing with grammars — Testing Compilers (Mutating Inputs)
GreyboxFuzzer
class — Greybox Fuzzing (Greybox Mutation-based Fuzzing)GreyboxGrammarFuzzer
class — Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)__gt__()
— Concolic Fuzzing (Comparisons between Integers)- GUI Ripping — Testing Graphical User Interfaces (Background)
GUICoverageFuzzer
class — Testing Graphical User Interfaces (Covering States), Testing Graphical User Interfaces (Covering States)GUIFuzzer
class — Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)GUIGrammarMiner
class — Testing Graphical User Interfaces (Retrieving Actions), Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Input Element Actions), Testing Graphical User Interfaces (Button Element Actions), Testing Graphical User Interfaces (Link Element Actions), Testing Graphical User Interfaces (Link Element Actions), Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars), Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)GUIRunner
class — Testing Graphical User Interfaces (Executing User Interface Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)GUI_GRAMMAR
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)
H¶
h()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)handle_endtag()
— Testing Web Applications (Searching HTML for Input Fields)handle_order()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 4: A Robust Server)handle_starttag()
— Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Crawling User Interfaces)hang_if_no_space()
— Fuzzing: Breaking Things with Random Inputs (Missing Error Checks), Concolic Fuzzing (Excursion: Implementing SimpleConcolicFuzzer)__hash__()
— Parsing Inputs (States)has_distributive_law()
— Testing Compilers (How Effective is Mutation?)has_origin()
— Tracking Information Flow (A Class for Tracking Character Origins)has_taint()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins)- HDD — Reducing Failure-Inducing Inputs (Background)
HEADLESS
— Testing Graphical User Interfaces (Running a Headless Browser), Testing Graphical User Interfaces (Running a Headless Browser)HEAD
— Testing Web Applications (Other HTTP commands)- heartbeat — Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)
heartbeat()
— Fuzzing: Breaking Things with Random Inputs (Information Leaks)- HeartBleed announcement page — Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)
- HeartBleed bug — Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)
hello()
— Mining Function Specifications (Tracking Calls)helper()
— Parsing Inputs (Fixpoint)- heuristic — Search-Based Fuzzing
- Hierarchical Delta Debugging — Reducing Failure-Inducing Inputs (Background)
- higher coverage — Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)
highlight_node()
— Parsing Inputs (An Ad Hoc Parser)- highly accurate — When To Stop Fuzzing (Evaluating the Discovery Probability Estimate)
high_charge()
— Fuzzing with Generators (Functions Called Before Expansion)hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)hillclimb_cgi()
— Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)hillclimb_cgi_limited()
— Search-Based Fuzzing (Evolutionary Search)hl_node()
— Parsing Inputs (An Ad Hoc Parser)hl_predicate()
— Parsing Inputs (An Ad Hoc Parser)- hook into
__new__()
— Tracking Information Flow (A Class for Tainted Strings) HorizontalChoice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)how_many_mutations()
— Testing Compilers (How Effective is Mutation?)- HTML injection — Testing Web Applications (HTML Injection Attacks)
- HTML parser — Greybox Fuzzing (A Complex Example: HTMLParser)
HTMLGrammarMiner
class — Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Mining Grammars for Web Pages), Testing Web Applications (Mining Grammars for Web Pages)- HTMLParser — When To Stop Fuzzing (Measuring Trace Coverage over Time)
HTML_INTERNAL_SERVER_ERROR
— Testing Web Applications (Internal Errors)HTML_NOT_FOUND
— Testing Web Applications (Page Not Found)HTML_ORDER_FORM
— Testing Web Applications (Taking Orders)HTML_ORDER_RECEIVED
— Testing Web Applications (Order Confirmation)html_parser()
— When To Stop Fuzzing (Part 2: Population)HTML_TERMS_AND_CONDITIONS
— Testing Web Applications (Terms and Conditions)HTTPD_MESSAGE_QUEUE
— Testing Web Applications (Logging)http_program()
— Mutation-Based Fuzzing (Fuzzing a URL Parser)hundred_inputs()
— Code Coverage ( Coverage of Basic Fuzzing)- hypothesis package — Fuzzing APIs (Background)
- Hypothesis](https://hypothesis.works) fuzzer has a number of type-specific shrinking strategies; this [blog article — Reducing Failure-Inducing Inputs (Background)
I¶
i()
— Control Flow Graph (CFGNode)identifiers_with_types()
— Symbolic Fuzzing (Check Before You Loop)identifier_grammar_fn()
— Fuzzing with Grammars (Part 2: Extended Grammars)idx()
— Parsing Inputs (States)ID_CONTINUE
— Testing Compilers (Excursion: Names and Function Calls)ID_START
— Testing Compilers (Excursion: Names and Function Calls)ID
— Fuzzing with Constraints (Matching Expansion Elements)- IF — Symbolic Fuzzing (Get Names and Types of Variables Used)
ignored()
— Mining Input Grammars (Input Stack), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)- immediate — Fuzzing with Constraints (Accessing Elements)
- immutable — Tracking Information Flow (A Class for Tainted Strings)
import_code()
— Mutation Analysis (Mutator for Modules and Test Suites)- in order — Parsing Inputs (Unify Key)
- in the same method invocation — Mining Input Grammars (Tracking variable assignment locations)
- in this very popular XKCD comic — Testing Web Applications (SQL Injection Attacks)
- in-memory database — Tracking Information Flow (A Vulnerable Database)
- incidence frequency — When To Stop Fuzzing (Exercises)
increment()
— Parsing Inputs (Tree Extractor)indent()
— Mining Input Grammars (CallStack)ineffective_test_1()
— Mutation Analysis (Why Structural Coverage is Not Enough)ineffective_test_2()
— Mutation Analysis (Why Structural Coverage is Not Enough)- inferring loop invariants — Symbolic Fuzzing (Function Summaries)
informationflow_init_1()
— Tracking Information Flow (String Operators)informationflow_init_2()
— Tracking Information Flow (General wrappers)informationflow_init_3()
— Tracking Information Flow (Methods yet to be translated)- inherit — Fuzzing: Breaking Things with Random Inputs (Runner Classes)
initialize()
— Tracking Information Flow (String Operators), Concolic Fuzzing (Binary Operators for Integers)INITIALIZER_LIST
— Tracking Information Flow (String Operators)initial_grammar()
— Carving Unit Tests (Initial Grammar)initial_population()
— Testing Compilers (Evolving Inputs)init_concolic_1()
— Concolic Fuzzing (Binary Operators for Integers)init_concolic_2()
— Concolic Fuzzing (Integer Unary Operators)init_concolic_3()
— Concolic Fuzzing (Trip Wire)init_concolic_4()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)init_db()
— Testing Web Applications (Storing Orders)init_tainted_grammar()
— Tracking Information Flow (TaintedGrammarFuzzer)init_tree()
— Efficient Grammar Fuzzing (End of Excursion)__init__()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff), Code Coverage (A Coverage Class), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Mutators), Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Greybox Fuzzing (A First Attempt), Greybox Fuzzing (A First Attempt), Greybox Fuzzing (Directed Power Schedule), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Efficient Grammar Fuzzing (Expanding a Node), Efficient Grammar Fuzzing (Exercise 1: Caching Method Results), Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation), Grammar Coverage (Tracking Grammar Coverage), Parsing Inputs (Why Parsing for Fuzzing?), Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Parsing Inputs (Columns), Parsing Inputs (Items), Parsing Inputs (States), Parsing Inputs (The Parsing Algorithm), Parsing Inputs (Nullable), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Tree Extractor), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Probabilistic Grammar Fuzzing (Counting Expansions), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Probabilistic Fuzzing), Fuzzing with Generators (Generators and Grammar Coverage), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Building the Fragment Pool), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing), Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Focusing on Valid Seeds), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules), Reducing Failure-Inducing Inputs (Excursion: A Class for Reducing with Grammars), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (DefineTracker), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (CallStack), Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (AssignmentTracker), Mining Input Grammars (Input Stack), Mining Input Grammars (Scope Tracker), Mining Input Grammars (Exercise 1: Flattening complex objects), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (Taint Aware Fuzzing), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Slices), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (Part 1: Creation), Tracking Information Flow (Part 4: Passing taints from strings to integers), Concolic Fuzzing (Excursion: Implementing ConcolicTracer), Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (An Iterator Class for Strings), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Extracting Invariants), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Carving Unit Tests (Recording Calls), Carving Unit Tests (A Grammar Miner for Calls), Testing Compilers (A Class for Fuzzing Python), Testing Web Applications (Fuzzing with Unexpected Values), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (A Fuzzer for Web Forms), Testing Web Applications (Fully Automatic Web Attacks), Testing Web Applications (Fully Automatic Web Attacks), Testing Graphical User Interfaces (Retrieving Actions), Testing Graphical User Interfaces (Executing User Interface Actions), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Covering States), When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Fuzzing the Enigma), When To Stop Fuzzing (Turing's Observations), When To Stop Fuzzing (Turing's Observations), Error Handling (Catching Errors), Error Handling (Catching Timeouts), Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient))), Timeout (Variant 2: Generic / Windows (using trace, not very efficient))), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode), Control Flow Graph (PyCFG)- "Input Invariants" — Fuzzing with Constraints (Background)
- input string — Mining Input Grammars (Context)
InputStack
class — Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack), Mining Input Grammars (Input Stack)insert_assertions()
— Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)insert_from_dictionary()
— Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fuzzing with Dictionaries)insert_into_tree()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)insert_random_character()
— Mutation-Based Fuzzing (Mutating Inputs), Greybox Fuzzing (Mutators)INSERT
— Testing Web Applications (Storing Orders), Testing Web Applications (SQL Injection Attacks)instantiate_prop()
— Mining Function Specifications (Instantiating Properties)instantiate_prop_ast()
— Mining Function Specifications (Instantiating Properties)- instrumentation — Search-Based Fuzzing (Instrumentation)
INTERNAL_ALIGNMENT
— Railroad Diagrams (Excursion: Railroad diagrams implementation)internal_msg2key()
— When To Stop Fuzzing (Fuzzing the Enigma)internal_server_error()
— Testing Web Applications (Internal Errors), Testing Web Applications (Part 1: Silent Failures)INT_BINARY_OPS
— Concolic Fuzzing (Binary Operators for Integers)int_grammar_with_range()
— Fuzzing APIs (Integers)INT_GRAMMAR
— Fuzzing APIs (Synopsis), Fuzzing APIs (Integers), Fuzzing APIs (Synopsis)INT_UNARY_OPS
— Concolic Fuzzing (Integer Unary Operators)__int__()
— Concolic Fuzzing (A Proxy Class for Integers)- invalid — Greybox Fuzzing with Grammars (Fuzzing with Input Regions)
InvariantAnnotator
class — Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)- invariants — Mining Function Specifications (Specifying and Checking Invariants)
invariants()
— Mining Function Specifications (Extracting Invariants)InvariantTracker
class — Mining Function Specifications (Extracting Invariants), Mining Function Specifications (Extracting Invariants)INVARIANT_PROPERTIES
— Mining Function Specifications (Defining Properties)INVENTORY_GRAMMAR_F
— Tracking Information Flow (Excursion: Defining a SQL grammar)INVENTORY_GRAMMAR_NEW
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)INVENTORY_GRAMMAR
— Tracking Information Flow (Excursion: Defining a SQL grammar)INVENTORY_METHODS
— Mining Input Grammars (A Simple Grammar Miner)INVENTORY
— Mining Input Grammars (A Grammar Challenge), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (End of Excursion)- inverse — When To Stop Fuzzing (Turing's Observations)
invert_expansion()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)invert_probs()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)__invert__()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)invoker()
— Testing Configurations (Classes for Fuzzing Configuration Options)in_current_record()
— Mining Input Grammars (Input Stack), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)in_scope()
— Mining Input Grammars (Input Stack)IP_ADDRESS_TOKENS
— Probabilistic Grammar Fuzzing (Counting Expansions)isascii()
— Fuzzing in the Large (Excursion:escapelines()
implementatipn)`-implementatipn)- ISLa — Fuzzing with Constraints, Fuzzing with Constraints (Specifying Constraints), Fuzzing with Constraints (Synopsis)
- ISLa project — Fuzzing with Constraints (Background)
is_abstract()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_excluded()
— Greybox Fuzzing with Grammars (Building the Fragment Pool)is_fragment()
— Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)is_input_fragment()
— Mining Input Grammars (DefineTracker), Mining Input Grammars (Scope Tracker)is_local_class()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_nonterminal()
— Fuzzing with Grammars (Some Definitions)is_overloaded()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_permutation()
— Introduction to Software Testing (Part 2: Random Inputs)is_public()
— Class Diagrams (Drawing Class Hierarchy with Method Names)is_sorted()
— Introduction to Software Testing (Part 2: Random Inputs)is_valid_grammar()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)is_valid_probabilistic_grammar()
— Probabilistic Grammar Fuzzing (Checking Probabilities)is_valid_url()
— Mutation-Based Fuzzing (Mutating URLs)is_var()
— Class Diagrams (Getting Methods and Variables)is_z3_var()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)- It is inefficient — Efficient Grammar Fuzzing (An Insufficient Algorithm)
Item
class — Parsing Inputs (Items), Parsing Inputs (Items)- iterable — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)
iterate()
— Fuzzing with Generators (Support for Python Generators)IterativeEarleyParser
class — Parsing Inputs (Exercise 7: Iterative Earley Parser), Parsing Inputs (Exercise 7: Iterative Earley Parser), Parsing Inputs (Exercise 7: Iterative Earley Parser)- iterator — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)
- iterator object — Fuzzing with Generators (Support for Python Generators)
iter_paths()
— Parsing Inputs (Exercise 7: Iterative Earley Parser)__iter__()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Slices), Concolic Fuzzing (Producing Substrings)
J¶
- J-Reduce — Reducing Failure-Inducing Inputs (Background)
- JavaScript — Testing Web Applications (Cross-Site Scripting Attacks)
- JerryScript — Fuzzing with Grammars (Background)
join()
— Tracking Information Flow (Expand Tabs)js-vuln-db
— Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)- JSON specification — Fuzzing with Grammars (Exercise 1: A JSON Grammar)
JSON_GRAMMAR
— Fuzzing with Grammars (Exercise 1: A JSON Grammar)
K - O¶
K¶
- Kenngruppenbuch — When To Stop Fuzzing (The Enigma Machine)
- keylogger — Testing Web Applications (Cross-Site Scripting Attacks)
- killed — Mutation Analysis (Injecting Artificial Faults)
- KLEE — Symbolic Fuzzing (Background)
L¶
- lambda — Fuzzing with Generators (Functions Called Before Expansion)
- LangFuzz — Fuzzing with Grammars (Background)
LangFuzzer
class — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)- language specifications — Fuzzing with Grammars (Input Languages)
LD_LIBRARY_PATH
— Testing Configurations (Part 1: Getopt Fuzzing)- leaf — Efficient Grammar Fuzzing (Derivation Trees)
leave()
— Mining Input Grammars (CallStack), Mining Input Grammars (Input Stack)- left to right — Parsing Inputs (An Ad Hoc Parser)
left()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)left_align()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)length()
— Concolic Fuzzing (Length of Strings)__len__()
— Mining Input Grammars (CallStack), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (An Iterator Class for Strings)LeoParser
class — Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)leo_complete()
— Parsing Inputs (Exercise 5: Leo Parser)- less code coverage — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)
- lexer — Parsing Inputs (A Parser Class)
- lexing — Parsing Inputs (A Parser Class)
__le__()
— Concolic Fuzzing (Comparisons between Integers)- line — Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations)
- line numbers — Mining Input Grammars (Grammar Miner with Reassignment)
linear_to_tree()
— Parsing Inputs (Part 2: The Parser)lineno()
— Control Flow Graph (CFGNode)LinkHTMLParser
class — Testing Web Applications (Crawling User Interfaces)link_functions()
— Control Flow Graph (PyCFG)- list of all theories defined in SMT-LIB — Fuzzing with Constraints (End of Excursion)
list_grammar()
— Fuzzing APIs (Lists)LIST_GRAMMAR
— Fuzzing APIs (Lists)list_length()
— Mining Function Specifications (Some Examples)ljust()
— Tracking Information Flow (Justify)- LL — Parsing Inputs (Background), Parsing Inputs (Background), Parsing Inputs (Background), Parsing Inputs (Background), Parsing Inputs (Background), Parsing Inputs (Background)
ll()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)LL1Parser
class — Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table), Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table), Parsing Inputs (Part 2: The Parser)- LLVM Address Sanitizer — Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)
loc()
— Mining Input Grammars (AssignmentVars)- local host — Testing Web Applications (Running the Server)
- local optimum — Search-Based Fuzzing (Hillclimbing the Example)
log_call()
— Mining Input Grammars (Assembling a Derivation Tree)log_event()
— Mining Input Grammars (Context)log_message()
— Testing Web Applications (Logging)log_tree()
— Efficient Grammar Fuzzing (Excursion: Implementation of three-phaseexpand_tree()
)`)LOG_VALUES
— Search-Based Fuzzing (Hillclimbing the Example)LONG_FOO
— Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)long_running_test()
— Error Handling (Catching Timeouts)- Loup Vaillant — Parsing Inputs (The Parse Method)
lower()
— Tracking Information Flow (String methods that do not change origin), Concolic Fuzzing (Translating to Upper and Lower Equivalents)LOW
— Tracking Information Flow (String Operators)- LR — Parsing Inputs (Background), Parsing Inputs (Background)
- LR parsing — Parsing Inputs (Items)
- LR(k) — Parsing Inputs (The Earley Parser)
LR0
— Parsing Inputs (Items)LR_GRAMMAR
— Parsing Inputs (Recursion), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)lr_graph()
— Parsing Inputs (An Ad Hoc Parser)lstrip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)__lt__()
— Concolic Fuzzing (Comparisons between Integers)- Luhn algorithm — Fuzzing with Generators (Functions Called After Expansion)
luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)LUHN_ODD_LOOKUP
— Fuzzing with Generators (Functions Called After Expansion)
M¶
m()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)- macros — Symbolic Fuzzing (Function Summaries)
main()
— Testing Compilers (Abstract Syntax Trees)- majority of trigrams — When To Stop Fuzzing (Turing's Observations)
make_basic_str_wrapper()
— Tracking Information Flow (General wrappers)make_float_binary_wrapper()
— Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)make_float_bool_wrapper()
— Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)make_grammar()
— Parsing Inputs (Excursion: Testing the Parsers)make_int_binary_wrapper()
— Concolic Fuzzing (Binary Operators for Integers), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)make_int_bit_wrapper()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)make_int_unary_wrapper()
— Concolic Fuzzing (Integer Unary Operators)make_int_wrapper()
— Tracking Information Flow (Part 2: Arithmetic expressions)make_rule()
— Parsing Inputs (Excursion: Testing the Parsers)make_split_wrapper()
— Tracking Information Flow (Splits)make_str_abort_wrapper()
— Tracking Information Flow (Methods yet to be translated), Concolic Fuzzing (Trip Wire)make_str_wrapper()
— Tracking Information Flow (String Operators)- making up grammars with a dictionary in hand](https://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html) and [pulling JPEGs out of thin air — Greybox Fuzzing with Grammars (Fuzzing with Dictionaries)
- Marpa parser — Parsing Inputs (More Earley Parsing)
math.isclose()
— Introduction to Software Testing (Automating Test Execution)MAX_DEPTH
— Mining Input Grammars (Exercise 1: Flattening complex objects), Mining Input Grammars (Exercise 1: Flattening complex objects), Mining Input Grammars (Exercise 1: Flattening complex objects), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Check Before You Loop), Symbolic Fuzzing (Check Before You Loop)_max_expansion_coverage()
— Grammar Coverage (Computing Possible Expansions)max_expansion_coverage()
— Grammar Coverage (Computing Possible Expansions)max_height()
— Reducing Failure-Inducing Inputs (A Few Helpers)MAX_ITER
— Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing)MAX_TRIES
— Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing)MAX
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example)maze()
— Greybox Fuzzing (Solving the Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)MazeMutator
class — Greybox Fuzzing (A First Attempt)- measure of progress — When To Stop Fuzzing (Measuring Trace Coverage over Time)
- meta-heuristic — Search-Based Fuzzing
metavars()
— Mining Function Specifications (Extracting Meta-Variables)METHOD_COLOR
— Class Diagrams (Drawing Class Hierarchy with Method Names)method_enter()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)method_exit()
— Mining Input Grammars (AssignmentVars)METHOD_FONT
— Class Diagrams (Drawing Class Hierarchy with Method Names)method_init()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)method_statement()
— Mining Input Grammars (AssignmentVars)method_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)mine_arguments_grammar()
— Carving Unit Tests (A Grammar from Arguments)mine_a_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Link Element Actions)mine_button_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Button Element Actions)mine_call_grammar()
— Carving Unit Tests (A Grammar from all Calls)mine_ebnf_grammar()
— Testing Configurations (A Grammar Miner for Options and Arguments)mine_function_grammar()
— Carving Unit Tests (A Grammar from Calls)mine_grammar()
— Testing Configurations (A Grammar Miner for Options and Arguments), Testing Web Applications (Mining Grammars for Web Pages)mine_input_element_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions), Testing Graphical User Interfaces (Input Element Actions)mine_probabilistic_grammar()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)mine_state_actions()
— Testing Graphical User Interfaces (Excursion: Implementing Retrieving Actions)mine_state_grammar()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)MIN
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Representing Program Inputs as a Search Problem), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example), Search-Based Fuzzing (Hillclimbing the Example)missing_expansion_coverage()
— Grammar Coverage (Tracking Expansions while Fuzzing)- modern reimplementation](https://git.gavinhoward.com/gavin/bc) whose author is a [staunch believer in fuzzing — Fuzzing: Breaking Things with Random Inputs (Bugs Fuzzers Find)
__mod__()
— Tracking Information Flow (mod)- MonkeyType — Mining Function Specifications (Background)
- more energy to seeds with a lower average distance — Greybox Fuzzing (Directed Power Schedule)
- more valid inputs — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)
- most — Search-Based Fuzzing (Hillclimbing the Example)
- Mozilla's
grcov
tool — Fuzzing in the Large (Collecting Code Coverage) mseq()
— Mining Input Grammars (Recovering a Derivation Tree)MuBinOpAnalyzer
class — Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)MuFunctionAnalyzer
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations), Mutation Analysis (Evaluating Mutations)- multiple inheritance — Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage), Fuzzing with Generators (All Together)
MultipleChoice
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)MuProgramAnalyzer
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)mutable_visit()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)- mutants — Mutation Analysis (Injecting Artificial Faults)
MutantTestRunner
class — Mutation Analysis (Mutator for Modules and Test Suites)Mutant
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Evaluating Mutations), Mutation Analysis (Evaluating Mutations)mutate()
— Mutation-Based Fuzzing (Mutating Inputs), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Mutators), Search-Based Fuzzing (Genetic Algorithms), Greybox Fuzzing with Grammars (Fragment-Based Mutation)- mutated — Search-Based Fuzzing (Global Search)
mutated_gcd()
— Mutation Analysis (The Problem of Equivalent Mutants)- mutation — Search-Based Fuzzing (Global Search)
- mutation analysis — Mutation Analysis (Synopsis), Mutation Analysis (Synopsis)
- mutation-based fuzzer — Greybox Fuzzing (AFL: An Effective Greybox Fuzzer)
- mutational fuzzing — Mutation-Based Fuzzing, Mutation-Based Fuzzing (Mutating Inputs)
MutationCoverageFuzzer
class — Mutation-Based Fuzzing (Guiding by Coverage)MutationFuzzer
class — Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Multiple Mutations), Greybox Fuzzing (Compatibility)- mutations — Mutation Analysis, Mutation Analysis (Seeding Artificial Faults with Mutation Analysis)
mutation_visit()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)- mutator — Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Lessons Learned)
mutator_object()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)Mutator
class — Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Greybox Fuzzing (Mutators), Mutation Analysis (A Simple Mutator for Functions)- MyPy — Fuzzing: Breaking Things with Random Inputs (Static Code Checkers)
- Mypy — Mining Function Specifications (Static Type Checking)
MysteryRunner
class — Reducing Failure-Inducing Inputs (Why Reducing?)my_edge_attr()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)my_eval()
— Tracking Information Flow (Selecting Data), Tracking Information Flow (TaintedDB), Tracking Information Flow (TrackingDB)my_extract_node()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)my_fn()
— Concolic Fuzzing (Exercise 2: Bit Manipulation)my_parser()
— Greybox Fuzzing (A Complex Example: HTMLParser), Greybox Fuzzing with Grammars (Background), When To Stop Fuzzing (Measuring Trace Coverage over Time)my_sqrt()
— Introduction to Software Testing (Simple Testing), Parsing Inputs (Fixpoint), Mining Function Specifications (Why Generic Error Checking is Not Enough)_my_sqrt()
— Parsing Inputs (Fixpoint)my_sqrt_annotated()
— Mining Function Specifications (Getting Types)my_sqrt_checked()
— Introduction to Software Testing (Run-Time Verification)my_sqrt_fixed()
— Introduction to Software Testing (The Limits of Testing), Introduction to Software Testing (Exercise 4: To Infinity and Beyond)my_sqrt_with_invariants()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_local_types()
— Mining Function Specifications (Exercise 2: Types for Local Variables)my_sqrt_with_log()
— Introduction to Software Testing (Debugging a Function)my_sqrt_with_postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_precondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)my_sqrt_with_type_annotations()
— Mining Function Specifications (Specifying and Checking Data Types)my_sqrt_with_union_type()
— Mining Function Specifications (Exercise 1: Union Types)
N¶
- $n$]
syntax to access the $n$-th child of type
`. To access the first child, $n$ is equal to one, not zero, as in the [XPath abbreviated syntax — Fuzzing with Constraints (Accessing Elements) names()
— Symbolic Fuzzing (Get Names and Types of Variables Used)- natural language — Fuzzing with Grammars (A Natural Language Grammar)
naval_enigma()
— When To Stop Fuzzing (Fuzzing the Enigma)- neighbors — Search-Based Fuzzing (Representing Program Inputs as a Search Problem)
neighbors()
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem)neighbor_strings()
— Search-Based Fuzzing (CGI Decoder as a Search Problem)__neq__()
— Control Flow Graph (CFGNode)- networkx — Greybox Fuzzing (Computing Function-Level Distance)
- Newton–Raphson method — Introduction to Software Testing (Simple Testing)
new_child_coverage()
— Grammar Coverage (Determining yet Uncovered Children)_new_child_coverage()
— Grammar Coverage (Determining yet Uncovered Children)new_coverages()
— Grammar Coverage (Excursion: Implementingnew_coverage()
)`)new_expansion_cost()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)new_gcd()
— Mutation Analysis (The Problem of Equivalent Mutants)new_state_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)new_symbol()
— Fuzzing with Grammars (Creating New Symbols)new_symbol_cost()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)__new__()
— Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 1: Creation), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)next_choice()
— Concolic Fuzzing (The SimpleConcolicFuzzer class)__next__()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites), Tracking Information Flow (Slices), Concolic Fuzzing (An Iterator Class for Strings)__ne__()
— Concolic Fuzzing (Equality between Integers), Railroad Diagrams (Excursion: Railroad diagrams implementation)no()
— Concolic Fuzzing (Representing Decisions)- nodes — Efficient Grammar Fuzzing (Derivation Trees)
- NodeTransformer — Symbolic Fuzzing (Dealing with Reassignments)
- Nonparametric estimation of the number of classes in a population — When To Stop Fuzzing (Background)
- nonterminal symbol — Efficient Grammar Fuzzing (Representing Derivation Trees)
nonterminals()
— Fuzzing with Grammars (Some Definitions)NonTerminal
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)non_canonical()
— Parsing Inputs (Excursion: Canonical Grammars)- normalize — Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)
normalize()
— Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)normalizedEnergy()
— Greybox Fuzzing (Seeds and Power Schedules)- not — Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Parsing Inputs (Exercise 3: PEG Predicates)
not_found()
— Testing Web Applications (Page Not Found)__not__()
— Concolic Fuzzing (Negation of Encoded formula)no_8bit()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)no_backslash_d()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)no_dot()
— Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)nt_var()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)nullable()
— Parsing Inputs (Nullable)nullable_()
— Parsing Inputs (Nullable)nullable_expr()
— Parsing Inputs (Nullable)number_of_nodes()
— Reducing Failure-Inducing Inputs (A Few Helpers)
O¶
OBJECT
— Code Coverage (A Coverage Class)- observed — When To Stop Fuzzing (Turing's Observations)
offsets_from_entry()
— Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)OFFSPRING
— Testing Compilers (Evolving Inputs)OneOrMore
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)on_annassign()
— Control Flow Graph (PyCFG)on_assign()
— Control Flow Graph (PyCFG)on_augassign()
— Control Flow Graph (PyCFG)on_binop()
— Control Flow Graph (PyCFG)on_break()
— Control Flow Graph (PyCFG)on_call()
— Mining Input Grammars (AssignmentTracker), Control Flow Graph (PyCFG)on_compare()
— Control Flow Graph (PyCFG)on_continue()
— Control Flow Graph (PyCFG)on_event()
— Mining Input Grammars (Context)on_exception()
— Mining Input Grammars (AssignmentTracker)on_expr()
— Control Flow Graph (PyCFG)on_for()
— Control Flow Graph (PyCFG)on_functiondef()
— Control Flow Graph (PyCFG)on_if()
— Control Flow Graph (PyCFG)on_line()
— Mining Input Grammars (AssignmentTracker)on_module()
— Control Flow Graph (PyCFG)on_pass()
— Control Flow Graph (PyCFG)on_return()
— Mining Input Grammars (AssignmentTracker), Control Flow Graph (PyCFG)on_unaryop()
— Control Flow Graph (PyCFG)on_while()
— Control Flow Graph (PyCFG)- Optimize — Fuzzing in the Large (End of Excursion)
Optional()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)OptionalSequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)OptionFuzzer
class — Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options)OptionGrammarMiner
class — Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments), Testing Configurations (A Grammar Miner for Options and Arguments)OptionRunner
class — Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Configurations (Classes for Fuzzing Configuration Options)options()
— Mining Input Grammars (Context), Mining Input Grammars (DefineTracker), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (CallStack), Mining Input Grammars (AssignmentTracker), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Advanced Symbolic Fuzzing)OPTION_SYMBOL
— Testing Configurations (A Grammar Miner for Options and Arguments)opts()
— Fuzzing with Grammars (Excursion: Implementingopts()
)`)opts_used()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)- or more — When To Stop Fuzzing (Exercises)
- oracle — Code Coverage (Finding Errors with Basic Fuzzing), Fuzzing APIs (Synthesizing Oracles)
oracle()
— Mutation Analysis (Evaluating Mutations)- oracles — Mining Function Specifications (Checking Specifications)
- ordered choice — Parsing Inputs (Synopsis), Parsing Inputs (Parsing Expression Grammars), Parsing Inputs (Synopsis)
- ordering of expansions — Fuzzing with Generators (Ordering Expansions)
orders_db_is_empty()
— Testing Web Applications (Fully Automatic Web Attacks)ORDERS_DB
— Testing Web Applications (Storing Orders)ORDER_GRAMMAR_WITH_SQL_INJECTION
— Testing Web Applications (SQL Injection Attacks)ORDER_GRAMMAR
— Testing Web Applications (Fuzzing with Expected Values)ostr_iterator
class — Tracking Information Flow (Slices)ostr
class — Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Create), Tracking Information Flow (Index), Tracking Information Flow (Slices), Tracking Information Flow (Concatenation), Tracking Information Flow (Concatenation), Tracking Information Flow (Extract Origin String), Tracking Information Flow (Replace), Tracking Information Flow (Split), Tracking Information Flow (Strip), Tracking Information Flow (Expand Tabs), Tracking Information Flow (Expand Tabs), Tracking Information Flow (Partitions), Tracking Information Flow (Justify), Tracking Information Flow (Justify), Tracking Information Flow (mod), Tracking Information Flow (mod), Tracking Information Flow (String methods that do not change origin)overloaded_class_methods()
— Class Diagrams (Getting Methods and Variables)- OWASP Zed Attack Proxy Project — Testing Web Applications (Background)
P - T¶
P¶
P1
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree)- packrat — Parsing Inputs ( Problems with PEG)
PackratParser
class — Parsing Inputs (Exercise 1: An Alternative Packrat)- page — Testing Graphical User Interfaces (User Interface Actions)
pairwise()
— Testing Configurations (Combinatorial Testing)parameters()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)params()
— Mining Function Specifications (Converting Mined Invariants to Annotations)parenthesized_expressions()
— Fuzzing with Grammars (Expanding Parenthesized Expressions)parsable()
— Greybox Fuzzing with Grammars (Focusing on Valid Seeds)- parse tree — Efficient Grammar Fuzzing (Derivation Trees), Greybox Fuzzing with Grammars (Parsing and Recombining HTML)
parse()
— Parsing Inputs (A Parser Class), Parsing Inputs (The Parse Method), Parsing Inputs (Exercise 1: An Alternative Packrat), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Part 2: The Parser), Reducing Failure-Inducing Inputs (The Reduction Strategy), Control Flow Graph (PyCFG)parseCSSGrammar()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)ParseInterrupt
class — Testing Configurations (A Grammar Miner for Options and Arguments)- parser — Parsing Inputs (Why Parsing for Fuzzing?)
- Parser — Parsing Inputs (A Parser Class)
- parsers — Efficient Grammar Fuzzing (Background)
Parser
class — Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Parsing Inputs (Excursion: Canonical Grammars)parse_csv()
— Parsing Inputs (An Ad Hoc Parser)parse_forest()
— Parsing Inputs (Parsing Forests), Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 6: Filtered Earley Parser)parse_helper()
— Parsing Inputs (Part 2: The Parser)parse_on()
— Parsing Inputs (A Parser Class)parse_paths()
— Parsing Inputs (Parsing Paths), Parsing Inputs (Exercise 7: Iterative Earley Parser)parse_prefix()
— Parsing Inputs (A Parser Class), Parsing Inputs (The Packrat Parser for Predicate Expression Grammars), Parsing Inputs (The Parse Method), Parsing Inputs (Exercise 1: An Alternative Packrat)parse_quote()
— Parsing Inputs (An Ad Hoc Parser)parse_sexp()
— Concolic Fuzzing (Using the Command Line)parse_table()
— Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table), Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table)parse_type()
— Mining Function Specifications (Annotating Functions with Given Types)- parsing — Parsing Inputs (A Parser Class)
- Parsing Expression Grammar — Parsing Inputs (Parsing Expression Grammars)
- Parsing Expression Grammars — Parsing Inputs (Ambiguity)
partition()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Tracking Information Flow (Partitions)partition_by_part()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)PASS
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners)- path to insanity — Parsing Inputs (An Ad Hoc Parser)
paths()
— Parsing Inputs (Parsing Paths)path_expression()
— Concolic Fuzzing (Representing Decisions)Path
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)pattern()
— Concolic Fuzzing (Representing Decisions)- PEG — Parsing Inputs (Parsing Expression Grammars), Parsing Inputs (End of Excursion), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs (Background)
PEG1
— Parsing Inputs (Parsing Expression Grammars)PEG2
— Parsing Inputs (Parsing Expression Grammars)PEGParser
class — Parsing Inputs (The Packrat Parser for Predicate Expression Grammars), Parsing Inputs (Unify Key), Parsing Inputs (Unify Rule), Parsing Inputs (Unify Rule)- PEGs — Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs ( Problems with PEG), Parsing Inputs (Background), Parsing Inputs (Background)
- PEP 8 Style Guide for Python Code — Testing Configurations (Testing Autopep8)
permutation()
— Concolic Fuzzing (Example: Binomial Coefficient)PGGCFuzzer
class — Fuzzing with Generators (Generators and Grammar Coverage)PICKED_US_PHONE_GRAMMAR
— Fuzzing with Generators (Synopsis)pick_area_code()
— Fuzzing with Generators (Synopsis)PlausibleChild
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)- Plots — Academic Prototyping (Replicable Experiments)
plotting_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)PMIterator
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions)PNode
class — Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Tracking Assignments), Symbolic Fuzzing (Stepwise Exploration of Paths), Symbolic Fuzzing (Stepwise Exploration of Paths), Symbolic Fuzzing (Stepwise Exploration of Paths)PooledGrammarFuzzer
class — Parsing Inputs (Why Parsing for Fuzzing?)population_branch_coverage()
— Code Coverage (Part 2: Comparing statement coverage and branch coverage)population_coverage()
— Code Coverage ( Coverage of Basic Fuzzing)POPULATION_SIZE
— Testing Compilers (Survival of the Fittest), Testing Compilers (Survival of the Fittest), Testing Compilers (Survival of the Fittest)population_stmt_coverage()
— When To Stop Fuzzing (Part 1: Population Coverage)population_trace_coverage()
— When To Stop Fuzzing (Measuring Trace Coverage over Time)possible_combinations()
— Reducing Failure-Inducing Inputs (A Few Helpers)possible_expansions()
— Efficient Grammar Fuzzing (Expanding a Tree)- post-order — Parsing Inputs (Background)
postcondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)postconditions()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)POST
— Testing Web Applications (A Fuzzer for Web Forms)__pos__()
— Concolic Fuzzing (A Proxy Class for Integers)- power operator — When To Stop Fuzzing (The Kenngruppenbuch)
- power schedule — Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Seeds and Power Schedules), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Lessons Learned)
power()
— Carving Unit Tests (From Calls to Grammars)PowerSchedule
class — Greybox Fuzzing (Seeds and Power Schedules)POWER_GRAMMAR
— Carving Unit Tests (From Calls to Grammars)- pre-computed — Greybox Fuzzing (Directed Power Schedule)
- pre-order — Parsing Inputs (Background)
precompute_costs()
— Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)precondition()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions)preconditions()
— Mining Function Specifications (Converting Mined Invariants to Annotations), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)PreconditionTransformer
class — Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)- predict — When To Stop Fuzzing (Extrapolating Fuzzing Success)
predict()
— Parsing Inputs (Predicting States), Parsing Inputs (Nullable), Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table)- Predicting the Number of New Species in Further Taxonomic Sampling — When To Stop Fuzzing (Background)
- prefix — Symbolic Fuzzing (Function Summaries)
prefix_vars()
— Symbolic Fuzzing (Function Summaries)pretty_invariants()
— Mining Function Specifications (Extracting Invariants)- previous chapter](MutationFuzzer.ipynb), we have introduced mutation-based fuzzing, a technique that generates fuzz inputs by applying small mutations to given inputs. In this chapter, we show how to guide these mutations towards specific goals such as coverage. The algorithms in this chapter stem from the popular American Fuzzy Lop (AFL) fuzzer, in particular from its AFLFast and [AFLGo — Greybox Fuzzing
PrintRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)print_httpd_messages()
— Testing Web Applications (Logging)print_maze()
— Control Flow Graph (Example: Maze)print_more_stats()
— Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)print_stats()
— Greybox Fuzzing (A First Attempt), Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)print_sum()
— Mining Function Specifications (Some Examples)print_url()
— Testing Web Applications (Direct Browser Access)ProbabilisticGeneratorGrammarCoverageFuzzer
class — Fuzzing with Generators (Generators and Grammar Coverage), Fuzzing with Generators (Generators and Grammar Coverage), Fuzzing with Generators (Generators and Grammar Coverage)ProbabilisticGeneratorGrammarFuzzer
class — Fuzzing with Generators (Generators and Probabilistic Fuzzing)ProbabilisticGrammarCoverageFuzzer
class — Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)ProbabilisticGrammarFuzzer
class — Probabilistic Grammar Fuzzing (Expanding by Probability), Probabilistic Grammar Fuzzing (Expanding by Probability)ProbabilisticGrammarMiner
class — Probabilistic Grammar Fuzzing (Assigning Probabilities), Probabilistic Grammar Fuzzing (Assigning Probabilities)prob_distribution()
— Probabilistic Grammar Fuzzing (Distributing Probabilities)prob_leading_digit()
— Probabilistic Grammar Fuzzing (The Law of Leading Digits)process()
— Mining Input Grammars (DefineTracker), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Generating All Possible Paths)process_arg()
— Testing Configurations (A Grammar Miner for Options and Arguments)process_argument()
— Testing Configurations (A Grammar Miner for Options and Arguments)process_car()
— Parsing Inputs (Why Parsing for Fuzzing?)process_car_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_chosen_children()
— Efficient Grammar Fuzzing (Excursion:expand_node_randomly()
implementation)`-implementation), Fuzzing with Generators (Generating Elements before Expansion)process_inventory()
— Parsing Inputs (Why Parsing for Fuzzing?)process_inventory_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_numbers()
— Testing Configurations (Options in Python)PROCESS_NUMBERS_EBNF_GRAMMAR
— Testing Configurations (A Grammar for Configurations)PROCESS_NUMBERS_GRAMMAR
— Testing Configurations (A Grammar for Configurations)process_van()
— Parsing Inputs (Why Parsing for Fuzzing?)process_van_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)process_vehicle()
— Parsing Inputs (Why Parsing for Fuzzing?)process_vehicle_with_obj()
— Mining Input Grammars (Exercise 1: Flattening complex objects)prod_line_grammar()
— Parsing Inputs (Excursion: Testing the Parsers)- Program Spectra — Academic Prototyping (Replicable Experiments)
ProgramRunner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)- progress of the fuzzing campaign towards completion — When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)
prop_function()
— Mining Function Specifications (Evaluating Properties)prop_function_text()
— Mining Function Specifications (Evaluating Properties)proxy()
— Tracking Information Flow (String Operators), Tracking Information Flow (Splits), Tracking Information Flow (General wrappers), Tracking Information Flow (Methods yet to be translated), Tracking Information Flow (Part 2: Arithmetic expressions), Concolic Fuzzing (Binary Operators for Integers), Concolic Fuzzing (Integer Unary Operators), Concolic Fuzzing (Trip Wire), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 2: Bit Manipulation)prune_tokens()
— Concolic Fuzzing (Pruning and Updating)prune_tree()
— Parsing Inputs (A Parser Class), Parsing Inputs (Excursion: Canonical Grammars), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)public_class_methods()
— Class Diagrams (Getting Methods and Variables)PUBLIC
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)- PyAnnotate — Mining Function Specifications (Background)
PYAN
— Control Flow Graph (Call Graph Helpers), Control Flow Graph (Call Graph Helpers)PyCFG
class — Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG), Control Flow Graph (PyCFG)- Python — Mining Input Grammars (Grammar Mining)
- Python ast documentation — Testing Compilers (Abstract Syntax Trees)
- Python AST module — Testing Compilers (Abstract Syntax Trees)
- Python documentation — Concolic Fuzzing (Binary Operators for Integers)
- Python tutorial — Introduction to Software Testing (Understanding Python Programs), Fuzzing: Breaking Things with Random Inputs
- Python type to Z3 type — Symbolic Fuzzing (Get Names and Types of Variables Used)
- Python
ast
module documentation — Testing Compilers (Synopsis), Testing Compilers (Synopsis) PythonFuzzer
class — Testing Compilers (A Class for Fuzzing Python)PYTHON_AST_COMPOSITES_GRAMMAR
— Testing Compilers (Excursion: Composites)PYTHON_AST_GRAMMAR
— Testing Compilers (Synopsis), Testing Compilers (End of Excursion), Testing Compilers (End of Excursion), Testing Compilers (Adjusting the Grammar), Testing Compilers (Synopsis)
Q¶
Q0
— When To Stop Fuzzing (Part 3: Compute and Evaluate Extrapolator)Q1
— When To Stop Fuzzing (Part 2: Compute Estimate)Q2
— When To Stop Fuzzing (Part 2: Compute Estimate)- QEMU](https://github.com/mirrorer/afl/blob/master/qemu_mode)) or a dynamic instrumentation tool (e.g., [Intel PinTool — Greybox Fuzzing (AFL: An Effective Greybox Fuzzer)
quadratic_solver()
— Introduction to Software Testing (Exercise 3: Quadratic Solver)quadratic_solver_fixed()
— Introduction to Software Testing (Part 2: Fix the problem)quad_solver()
— Control Flow Graph (quad_solver)qualified()
— Mining Input Grammars (Context), Mining Input Grammars (Exercise 1: Flattening complex objects)quux()
— Class Diagrams (Getting a Class Hierarchy)qux()
— Class Diagrams (Getting a Class Hierarchy)
R¶
__radd__()
— Tracking Information Flow (String Operators), Tracking Information Flow (Concatenation), Concolic Fuzzing (Concatenation of Strings)- Railroad diagrams — Academic Prototyping (Replicable Experiments)
- random restarts — Search-Based Fuzzing (Hillclimbing the Example)
RandomFuzzer
class — Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)randomized_hillclimb()
— Search-Based Fuzzing (Global Search)random_list()
— Introduction to Software Testing (Part 2: Random Inputs)random_string()
— Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)random_unicode_string()
— Search-Based Fuzzing (Evolutionary Search)reachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)readable()
— Mining Input Grammars (Recovering Grammars from Derivation Trees)readable_rule()
— Mining Input Grammars (Recovering Grammars from Derivation Trees)read_gcov_coverage()
— Code Coverage (Getting Coverage from External Programs)rearrange()
— Parsing Inputs (Exercise 5: Leo Parser)recover_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Grammar Mining)recover_grammar_with_taints()
— Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)recurse_grammar()
— Parsing Inputs (Excursion: Canonical Grammars)- recursion — Parsing Inputs (Excursion: Recursion)
- recursive — Fuzzing with Grammars (Rules and Expansions)
recursive_delete()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)recursive_swap()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation)- red-black tree — Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)
RedBlackTree
class — Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)reduce()
— Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (The Reduction Strategy)Reducer
class — Reducing Failure-Inducing Inputs (Delta Debugging)reduce_subtree()
— Reducing Failure-Inducing Inputs (The Reduction Strategy)reduce_tree()
— Reducing Failure-Inducing Inputs (The Reduction Strategy), Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)- "Reducing Failure-Inducing Inputs" in the Debugging Book — Reducing Failure-Inducing Inputs (Background)
- region — Greybox Fuzzing with Grammars (Fuzzing with Input Regions), Greybox Fuzzing with Grammars (Determining Symbol Regions)
- region-based mutators — Greybox Fuzzing with Grammars (Fuzzing with Input Regions)
RegionMutator
class — Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)register()
— Mutation Analysis (A Simple Mutator for Functions)register_event()
— Mining Input Grammars (AssignmentVars)register_node()
— Control Flow Graph (Registry)REGISTRY_IDX
— Control Flow Graph (Registry), Control Flow Graph (Registry)REGISTRY
— Control Flow Graph (Registry), Control Flow Graph (Registry)- Regular Expression — Parsing Inputs (Background)
- Regular expressions — Fuzzing with Grammars (Input Languages)
- regular expressions — Parsing Inputs (An Ad Hoc Parser)
- regular language — Parsing Inputs (A Parser Class)
- remove — Greybox Fuzzing with Grammars (Fragment-Based Mutation)
remove_first_char()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)rename_variables()
— Symbolic Fuzzing (Dealing with Reassignments)- repair — Fuzzing with Generators (Functions Called After Expansion)
replace()
— Tracking Information Flow (Replace)replace_symbol()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)repOK()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)- represent — Search-Based Fuzzing (Test Generation as a Search Problem)
- representation invariant — Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)
- representative path — Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)
__repr__()
— Code Coverage (A Coverage Class), Parsing Inputs (Tree Extractor), Mining Input Grammars (Context), Mining Input Grammars (CallStack), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 3: Passing taints from integers to strings), Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Tracking Assignments), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Control Flow Graph (CFGNode)REQUIRED_FIELDS
— Testing Web Applications (Part 4: A Robust Server)__req__()
— Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Strings)reset()
— Mutation-Based Fuzzing (Multiple Mutations), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Advanced Blackbox Mutation-based Fuzzing), Greybox Fuzzing (Greybox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Probabilistic Grammar Fuzzing (Counting Expansions), Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging), Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording Calls), Carving Unit Tests (Part 1: Store function results), Testing Web Applications (Searching HTML for Input Fields), Testing Web Applications (Crawling User Interfaces), When To Stop Fuzzing (Fuzzing the Enigma)reset_counter()
— Concolic Fuzzing (Generating Fresh Names)reset_coverage()
— Grammar Coverage (Keeping Track of Expansions)reset_generators()
— Fuzzing with Generators (Support for Python Generators)reset_registry()
— Control Flow Graph (Registry)- residual risk — When To Stop Fuzzing, When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)
restart()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)RestartExpansionException
class — Fuzzing with Generators (Local Checking and Repairing)restarting_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)restart_expansion()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion), Fuzzing with Generators (Local Checking and Repairing), Fuzzing with Generators (Generators and Grammar Coverage)result()
— Carving Unit Tests (Part 2: Access results)ResultCarver
class — Carving Unit Tests (Exercises), Carving Unit Tests (Part 1: Store function results), Carving Unit Tests (Part 2: Access results)- results checker — Code Coverage (Finding Errors with Basic Fuzzing)
- return — Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations), Mining Input Grammars (Tracking variable assignment locations)
RETURN_VALUE
— Mining Function Specifications (Extracting Invariants)RE_EXTENDED_NONTERMINAL
— Fuzzing with Grammars (Expanding Operators)RE_NONTERMINAL
— Fuzzing with Grammars (Some Definitions)RE_PARENTHESIZED_EXPR
— Fuzzing with Grammars (Expanding Parenthesized Expressions)- RFC 4180 — Parsing Inputs (An Ad Hoc Parser)
right()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)RISKY_NUMBERS
— Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs), Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)rjust()
— Tracking Information Flow (Justify)__rmod__()
— Tracking Information Flow (mod)- root node — Efficient Grammar Fuzzing (Derivation Trees)
rootIsBlack()
— Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)roots()
— Symbolic Fuzzing (Example: Roots of a Quadratic Equation)roots2()
— Symbolic Fuzzing ( Roots - Check Before Divide)roots3()
— Symbolic Fuzzing ( Roots - Eliminating the Zero Division Error)round10()
— Concolic Fuzzing (Example: Round)rpartition()
— Tracking Information Flow (Partitions)RR_GRAMMAR2
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR3
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR4
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR5
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR6
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR7
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR8
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR9
— Parsing Inputs (Exercise 5: Leo Parser)RR_GRAMMAR
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)rsplit()
— Tracking Information Flow (Split)rstrip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)- rules — Fuzzing with Grammars (Rules and Expansions)
rules()
— Parsing Inputs (Nullable), Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table)run()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes), Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff), Mutation-Based Fuzzing (Guiding by Coverage), Mutation-Based Fuzzing (Guiding by Coverage), Greybox Fuzzing (Greybox Mutation-based Fuzzing), Greybox Fuzzing (Boosted Greybox Fuzzing), Reducing Failure-Inducing Inputs (Why Reducing?), Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules), Reducing Failure-Inducing Inputs (Synopsis), Testing Configurations (Classes for Fuzzing Configuration Options), Testing Web Applications (Fuzzing with Unexpected Values), Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), When To Stop Fuzzing (Fuzzing the Enigma)Runner
class — Fuzzing: Breaking Things with Random Inputs (Runner Classes)runs()
— Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)runTest()
— Mutation Analysis (Mutator for Modules and Test Suites)run_function()
— Mutation-Based Fuzzing (Guiding by Coverage), Mutation-Based Fuzzing (Guiding by Coverage)run_fuzzmanager()
— Fuzzing in the Large (Excursion: Starting the Server)run_fuzzmanager_forever()
— Fuzzing in the Large (Excursion: Starting the Server)run_generator()
— Fuzzing with Generators (Generating Elements before Expansion), Fuzzing with Generators (Support for Python Generators)run_httpd_forever()
— Testing Web Applications (Running the Server)run_post_functions()
— Fuzzing with Generators (Checking and Repairing Elements after Expansion)run_post_functions_locally()
— Fuzzing with Generators (Local Checking and Repairing)run_process()
— Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runner Classes)
S¶
- S-EXP — Concolic Fuzzing (Translating to the SMT Expression Format), Concolic Fuzzing (Translating to the SMT Expression Format)
- SAGE — Symbolic Fuzzing (Background)
- sample coverage — When To Stop Fuzzing (Turing's Observations)
sample_db()
— Tracking Information Flow (Representing Tables)- sanitization — Tracking Information Flow (Tracking Untrusted Input)
sanitize()
— Tracking Information Flow (Tracking Untrusted Input)- Save — Fuzzing in the Large (Crash Buckets)
- Scalene — Symbolic Fuzzing (The CFG with Path Taken)
scan()
— Parsing Inputs (Scanning Tokens)- scanner — Parsing Inputs (A Parser Class)
- scope — Mining Input Grammars (Recovering a Derivation Tree)
ScopedGrammarMiner
class — Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining), Mining Input Grammars (Grammar Mining)ScopedVars
class — Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars), Mining Input Grammars (ScopedVars)ScopeTracker
class — Mining Input Grammars (Scope Tracker), Mining Input Grammars (Scope Tracker)ScopeTreeMiner
class — Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)score()
— Mutation Analysis (Evaluating Mutations), Mutation Analysis (Mutator for Modules and Test Suites)- search — Search-Based Fuzzing
- search space — Search-Based Fuzzing (Test Generation as a Search Problem)
- Search-based Fuzzing](SearchBasedFuzzer.ipynb). If you are interested, how to solve the problems above, you can have a look at our paper on "[Directed Greybox Fuzzing — Greybox Fuzzing (Computing Function-Level Distance)
search_superclasses()
— Class Diagrams (Getting Methods and Variables)second()
— Class Diagrams (Getting a Class Hierarchy)SECRET_ORIGIN
— Tracking Information Flow (Privacy Leaks Revisited), Tracking Information Flow (Privacy Leaks Revisited), Tracking Information Flow (Privacy Leaks Revisited)SECRET
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)- seeds — Fuzzing with Grammars (Grammars as Mutation Seeds)
SeedWithRegions
class — Greybox Fuzzing with Grammars (Region-Based Mutation)SeedWithStructure
class — Greybox Fuzzing with Grammars (Building the Fragment Pool)Seed
class — Greybox Fuzzing (Seeds and Power Schedules)select()
— Testing Compilers (Survival of the Fittest)selection()
— Search-Based Fuzzing (Genetic Algorithms)- selective pressure — Search-Based Fuzzing (Genetic Algorithms)
- Selenium — Testing Graphical User Interfaces (Automated GUI Interaction)
- Selenium tests — Testing Graphical User Interfaces (Writing Test Cases)
- Selenium](https://www.seleniumhq.org) is a framework for testing Web applications by automating interaction in the browser. Selenium provides an API that allows one to launch a Web browser, query the state of the user interface, and interact with individual user interface elements. The Selenium API is available in a number of languages; we use the [Selenium API for Python — Testing Graphical User Interfaces (Remote Control with Selenium)
send_back()
— Tracking Information Flow (Preventing Privacy Leaks)send_order_form()
— Testing Web Applications (Order Form)send_order_received()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 2: Sanitized HTML)send_terms_and_conditions()
— Testing Web Applications (Order Form)Sequence
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)seq_vars()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)- session cookie — Testing Web Applications (Cross-Site Scripting Attacks)
__setitem__()
— Mining Input Grammars (Vars)set_arguments()
— Testing Configurations (Classes for Fuzzing Configuration Options)set_expansion_probabilities()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)set_flatten_depth()
— Mining Input Grammars (Exercise 1: Flattening complex objects)set_grammar()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)set_invocation()
— Testing Configurations (Classes for Fuzzing Configuration Options)_set_kv()
— Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars)set_opts()
— Fuzzing with Grammars (Excursion: Implementingopts()
)`)set_parents()
— Control Flow Graph (CFGNode)set_prob()
— Probabilistic Grammar Fuzzing (Directed Fuzzing)set_probabilities()
— Probabilistic Grammar Fuzzing (Assigning Probabilities)SEXPR_TOKEN
— Concolic Fuzzing (Using the Command Line)- Shellsort — Introduction to Software Testing (Exercise 2: Testing Shellsort)
shellsort()
— Introduction to Software Testing (Exercise 2: Testing Shellsort)- short-circuit evaluation — Search-Based Fuzzing (Dealing with Complex Conditions)
- showast — Mutation Analysis (Mutating Python Code), Mining Function Specifications (Accessing Function Structure)
show_ast()
— Symbolic Fuzzing (Function Summaries), Academic Prototyping (Static Analysis in Python: Still Easy), Prototyping with Python (Static Analysis in Python: Still Easy)show_cfg()
— Symbolic Fuzzing (The Control Flow Graph)show_coverage()
— Mutation Analysis (Structural Coverage Adequacy by Example), Symbolic Fuzzing (Visualizing the Coverage), Testing Compilers (Getting Coverage)show_diagram()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)show_grammar()
— Parsing Inputs (Excursion: Canonical Grammars)show_table()
— Parsing Inputs (Part 1: A LL(1) Parsing Table)-Parsing-Table)SIGALRM
— Timeout (Synopsis), Timeout (Synopsis)SIGALRM
signals](https://docs.python.org/3.10/library/signal.html) (interrupts) to implement timeouts; this has no effect on performance of the tracked code. On other systems (notably Windows),Timeout
uses the [sys.settrace()
— Timeout (Synopsis), Timeout (Synopsis)SignalTimeout
class — Timeout (Variant 1: Unix (using signals, efficient)))- Signatures — Fuzzing in the Large (Crash Signatures)
- simple-crash — Fuzzing in the Large (Collecting Crashes)
SimpleConcolicFuzzer
class — Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The SimpleConcolicFuzzer class), Concolic Fuzzing (The fuzzing method)SimpleExtractor
class — Parsing Inputs (Tree Extractor)SimpleGrammarCoverageFuzzer
class — Grammar Coverage (Covering Grammar Expansions), Grammar Coverage (Covering Grammar Expansions)SimpleHTTPRequestHandler
class — Testing Web Applications (Excursion: Implementing a Web Server), Testing Web Applications (Handling HTTP Requests), Testing Web Applications (Order Form), Testing Web Applications (Order Form), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Processing Orders), Testing Web Applications (Other HTTP commands), Testing Web Applications (Page Not Found), Testing Web Applications (Internal Errors), Testing Web Applications (Logging)- SimpleSymbolicFuzzer — Symbolic Fuzzing (Problems with the Simple Fuzzer)
SimpleSymbolicFuzzer
class — Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Simple Symbolic Fuzzing), Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Generating All Possible Paths), Symbolic Fuzzing (Extracting All Constraints), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)simple_call_string()
— Mining Function Specifications (Tracking Calls), Carving Unit Tests (Recording my_sqrt()))simple_grammar_fuzzer()
— Fuzzing with Grammars (A Simple Grammar Fuzzer)simple_parse_csv()
— Parsing Inputs (An Ad Hoc Parser)- single — Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)
- single-alternative — Parsing Inputs (The Earley Parser)
- singleton species — When To Stop Fuzzing (Exercises)
single_char_tokens()
— Parsing Inputs (Excursion: Canonical Grammars)- sinks — Tracking Information Flow (The Evil of Eval)
Skip
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- smaller number of valid inputs — Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)
- Smart Greybox Fuzzing](https://arxiv.org/abs/1811.09447)" by Pham and co-authors. Download and improve AFLSmart: [https://github.com/aflsmart/aflsmart — Greybox Fuzzing with Grammars (Focusing on Valid Seeds)
- SMT Solver — Concolic Fuzzing (Concolic Execution)
- SMT solvers — Concolic Fuzzing
- SMT solvers](https://en.wikipedia.org/wiki/Satisfiability_modulo_theories), especially [Z3 — Symbolic Fuzzing
- SMT-LIB — Concolic Fuzzing (Translating to the SMT Expression Format)
- SMT-LIB string library — Fuzzing with Constraints (Part 2: Semantics)
smt_expr()
— Concolic Fuzzing (Translating to the SMT Expression Format)smt_val()
— Concolic Fuzzing (Representing Decisions)solve_path_constraint()
— Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer), Symbolic Fuzzing (Solving Path Constraints)- some — Greybox Fuzzing (AFL: An Effective Greybox Fuzzer), Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)
some_long_running_function()
— Timer (Measuring Time), Timeout (Variant 1: Unix (using signals, efficient)))- sooo very slow — Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)
sort_by_prob()
— Probabilistic Grammar Fuzzing (Testing Uncommon Features)source()
— Control Flow Graph (CFGNode)- sources — Tracking Information Flow (The Evil of Eval)
span()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)- specific — Search-Based Fuzzing
split()
— Parsing Inputs (Excursion: Canonical Grammars), Tracking Information Flow (Split), Concolic Fuzzing (Splitting Strings)_split_helper()
— Tracking Information Flow (Split)_split_space()
— Tracking Information Flow (Split)- SQL commands — Testing Web Applications (Storing Orders)
- SQL injection — Testing Web Applications (SQL Injection Attacks)
sql()
— Tracking Information Flow (Executing SQL Statements), Tracking Information Flow (Tracking Untrusted Input)SQLException
class — Tracking Information Flow (A Vulnerable Database)SQLInjectionFuzzer
class — Testing Web Applications (Fully Automatic Web Attacks)SQLInjectionGrammarMiner
class — Testing Web Applications (Fully Automatic Web Attacks)sqrt_program()
— Introduction to Software Testing (System Input vs Function Input), Introduction to Software Testing (System Input vs Function Input), Introduction to Software Testing (System Input vs Function Input)srange()
— Fuzzing with Grammars (Character Classes)src()
— Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (Mutator for Modules and Test Suites)stack_to_tree()
— Mining Input Grammars (CallStack)Stack
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- STADS: Software Testing as Species Discovery — When To Stop Fuzzing (Background)
- start symbol — Fuzzing with Grammars (Rules and Expansions), Efficient Grammar Fuzzing (Derivation Trees)
startswith()
— Concolic Fuzzing (Checking for String Prefixes)start_httpd()
— Testing Web Applications (Running the Server)START_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)start_symbol()
— Parsing Inputs (A Parser Class)START_SYMBOL
— Fuzzing with Grammars (Some Definitions)start_webdriver()
— Testing Graphical User Interfaces (Starting the Web driver)Start
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- state — Testing Graphical User Interfaces (End of Excursion)
- State Machines — Academic Prototyping (Replicable Experiments)
- Statement coverage — Code Coverage (White-Box Testing)
- states — Testing Graphical User Interfaces (User Interfaces as Finite State Machines)
State
class — Parsing Inputs (States), Parsing Inputs (Exercise 5: Leo Parser)- steepest ascent hillclimbing — Search-Based Fuzzing (Hillclimbing the Example)
steepest_ascent_hillclimber()
— Search-Based Fuzzing (Hillclimbing the Example)StmtDeletionMutator
class — Mutation Analysis (A Simple Mutator for Functions), Mutation Analysis (A Simple Mutator for Functions)store_order()
— Testing Web Applications (Processing Orders), Testing Web Applications (Part 3: Sanitized SQL)- String — Mining Input Grammars (Grammar Mining)
- string inclusion — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)
string_part_of_value()
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)strip()
— Tracking Information Flow (Strip), Concolic Fuzzing (Remove Space from Ends)strip_all_info()
— Tracking Information Flow (Conversions)strip_all_info_again()
— Tracking Information Flow (Implicit Information Flow)STROKE_ODD_PIXEL_LENGTH
— Railroad Diagrams (Excursion: Railroad diagrams implementation)StrongShapeTest
class — Mutation Analysis (Mutator for Modules and Test Suites)strong_oracle()
— Mutation Analysis (Structural Coverage Adequacy by Example)__str__()
— Greybox Fuzzing (Seeds and Power Schedules), Parsing Inputs (Columns), Parsing Inputs (States), Parsing Inputs (Tree Extractor), Mining Input Grammars (CallStack), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (Taint Aware Fuzzing), Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Part 3: Passing taints from integers to strings), Concolic Fuzzing (Representing Decisions), Symbolic Fuzzing (Stepwise Exploration of Paths), Control Flow Graph (CFGNode)Style
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- subclasses — Fuzzing: Breaking Things with Random Inputs (Runner Classes)
submit()
— Testing Graphical User Interfaces (Excursion: Implementing Executing UI Actions)subtrees_with_symbol()
— Reducing Failure-Inducing Inputs (Finding Subtrees)suite()
— Mutation Analysis (Mutator for Modules and Test Suites)sum()
— Mining Function Specifications (Synopsis), Testing Compilers (Parsing Inputs)sum2()
— Mining Function Specifications (Some Examples)sum3()
— Mining Function Specifications (Multiple Types)supported_opts()
— Efficient Grammar Fuzzing (Excursion:check_grammar()
implementation)`-implementation), Probabilistic Grammar Fuzzing (Expanding by Probability), Fuzzing with Generators (A Class for Integrating Constraints), Fuzzing with Generators (Generators and Probabilistic Fuzzing), Fuzzing with Generators (Generators and Grammar Coverage)swapcase()
— Tracking Information Flow (String methods that do not change origin)swap_fragment()
— Greybox Fuzzing with Grammars (Fragment-Based Mutation), Greybox Fuzzing with Grammars (Region-Based Mutation)- symbol table — Fuzzing with Generators (Definitions and Uses)
- symbolic — Symbolic Fuzzing (Check Before You Loop)
- symbolic fuzzer — Symbolic Fuzzing (Simple Symbolic Fuzzing)
- symbolic shadow variables — Concolic Fuzzing (Solving Constraints)
- symbolically — Symbolic Fuzzing (Simple Symbolic Fuzzing)
- SymbolicFuzzer — Symbolic Fuzzing ( Roots - Eliminating the Zero Division Error)
SymbolicFuzzer
class — Symbolic Fuzzing (Advanced Symbolic Fuzzing), Symbolic Fuzzing (Check Before You Loop), Symbolic Fuzzing (Solving Path Constraints), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Generating All Paths), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further), Symbolic Fuzzing (Exercise 2: Statically checking if a loop should be unrolled further)symbol_cost()
— Efficient Grammar Fuzzing (Excursion: Implementing Cost Functions)SYMBOL_NAME
— Efficient Grammar Fuzzing (Representing Derivation Trees)symbol_reductions()
— Reducing Failure-Inducing Inputs (Both Strategies Together)SYMBOL_TABLE
— Fuzzing with Generators (Definitions and Uses)sym_to_float()
— Symbolic Fuzzing (Example: Roots of a Quadratic Equation)SYM_VARS_STR
— Symbolic Fuzzing (Get Names and Types of Variables Used)SYM_VARS
— Symbolic Fuzzing (The Control Flow Graph)- syntactical structure — Fuzzing with Grammars (Grammars)
syntax_diagram()
— Fuzzing with Grammars (Excursion: Implementingsyntax_diagram()
)`)syntax_diagram_alt()
— Fuzzing with Grammars (Excursion: Implementingsyntax_diagram()
)`)syntax_diagram_expr()
— Fuzzing with Grammars (Excursion: Implementingsyntax_diagram()
)`)syntax_diagram_symbol()
— Fuzzing with Grammars (Excursion: Implementingsyntax_diagram()
)`)- system input — Introduction to Software Testing (System Input vs Function Input)
T¶
_t()
— Parsing Inputs (States), Mining Input Grammars (Context)table()
— Tracking Information Flow (Representing Tables), Concolic Fuzzing (Example: Database)- taint — Tracking Information Flow (The Evil of Eval)
- taint sanitizers — Tracking Information Flow (The Evil of Eval)
TaintedDB
class — Tracking Information Flow (TaintedDB)TaintedGrammarFuzzer
class — Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer), Tracking Information Flow (TaintedGrammarFuzzer)TaintedInputStack
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow), Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopedGrammarMiner
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopedVars
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopeTracker
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)TaintedScopeTreeMiner
class — Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)Tainted
class — Tracking Information Flow (Taint Aware Fuzzing)target_tile()
— Greybox Fuzzing (Solving the Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)- terminal symbol — Efficient Grammar Fuzzing (Representing Derivation Trees)
terminals()
— Parsing Inputs (Nullable)terminal_repr()
— Search-Based Fuzzing (Evolutionary Search)Terminal
class — Railroad Diagrams (Excursion: Railroad diagrams implementation)- test — Introduction to Software Testing (Running a Function)
test()
— Reducing Failure-Inducing Inputs (Delta Debugging), Reducing Failure-Inducing Inputs (Delta Debugging)TestGCD
class — Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_equilateral()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_isosceles()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_me()
— Search-Based Fuzzing (Representing Program Inputs as a Search Problem)test_me2()
— Search-Based Fuzzing (Hillclimbing the Example)test_me2_instrumented()
— Search-Based Fuzzing (Hillclimbing the Example)test_me_instrumented()
— Search-Based Fuzzing (Instrumentation), Search-Based Fuzzing (Instrumentation)test_mirror()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_samples()
— Testing Compilers (Constants)test_scalene()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Mutator for Modules and Test Suites)test_simple()
— Mutation Analysis (Mutator for Modules and Test Suites), Mutation Analysis (Synopsis)test_successful_order()
— Testing Graphical User Interfaces (Writing Test Cases)- the ConfigParser documentation — Testing Configurations (Exercise 2: .ini Configuration Fuzzing)
- "The state of type hints in Python" — Mining Function Specifications (Background)
- this — Mining Input Grammars (AssignmentVars)
- this article — Probabilistic Grammar Fuzzing (Background)
- this commit — Concolic Fuzzing (Hack to use the ASCII value of a character.)
- this handy trick — Fuzzing in the Large (Excursion: Setting up the Server)
- throw away the result — Parsing Inputs (Exercise 5: Leo Parser)
tile_()
— Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze), Control Flow Graph (Example: Maze)timeout_handler()
— Timeout (Variant 1: Unix (using signals, efficient)))Timer
class — Timer (Measuring Time)tint
class — Tracking Information Flow (Part 1: Creation), Tracking Information Flow (Part 2: Arithmetic expressions), Tracking Information Flow (Part 3: Passing taints from integers to strings), Tracking Information Flow (Part 3: Passing taints from integers to strings), Tracking Information Flow (Part 4: Passing taints from strings to integers)title()
— Tracking Information Flow (String methods that do not change origin)- together — Mutation Analysis (Exercise 4: Estimating Residual Defect Density)
- tokenizer — Parsing Inputs (A Parser Class)
- top to bottom — Parsing Inputs (An Ad Hoc Parser)
- topmost — Parsing Inputs (Exercise 5: Leo Parser)
- tournament selection — Search-Based Fuzzing (Genetic Algorithms)
to_graph()
— Control Flow Graph (Supporting Functions)to_json()
— Control Flow Graph (CFGNode)to_nonterminal()
— Mining Input Grammars (Assembling a Derivation Tree)to_single_assignment_predicates()
— Symbolic Fuzzing (Renaming Used Variables)to_src()
— Symbolic Fuzzing (Function Summaries)trace()
— Code Coverage (A Coverage Class)traceit()
— Code Coverage (Tracing Executions), Code Coverage (A Coverage Class), Mining Input Grammars (Tracer), Mining Input Grammars (Context), Mining Input Grammars (Context), Concolic Fuzzing (Tracking Constraints), Mining Function Specifications (Tracking Calls), Mining Function Specifications (Tracking Calls), Testing Configurations (A Grammar Miner for Options and Arguments), Carving Unit Tests (Recording Calls), Carving Unit Tests (Exercises), Carving Unit Tests (Part 1: Store function results), Academic Prototyping (Dynamic Analysis in Python: So Easy it Hurts), Prototyping with Python (Dynamic Analysis in Python: So Easy it Hurts)TraceNode
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)Tracer
class — Mining Input Grammars (Tracer), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context), Mining Input Grammars (Context)TraceTree
class — Concolic Fuzzing (Representing Decisions), Concolic Fuzzing (Representing Decisions)trace_call()
— Mining Function Specifications (Tracking Calls)trace_locals()
— Testing Configurations (Tracking Arguments)trace_options()
— Testing Configurations (Tracking Arguments)trace_return()
— Mining Function Specifications (Tracking Calls)- tracing function — Code Coverage (Tracing Executions)
tracing_context()
— Mining Input Grammars (Context)tracing_var()
— Mining Input Grammars (Context)Tracker
class — Mining Function Specifications (Tracking Calls)TrackingArcCoverage
class — Symbolic Fuzzing (Exercise 3: Implementing a Concolic Fuzzer)TrackingConfigParser
class — Testing Configurations (Part 3: Mine a Configuration Grammar)TrackingDB
class — Tracking Information Flow (TrackingDB)TrackingGrammarCoverageFuzzer
class — Grammar Coverage (Tracking Grammar Coverage), Grammar Coverage (Keeping Track of Expansions), Grammar Coverage (Computing Possible Expansions), Grammar Coverage (Tracking Expansions while Fuzzing), Grammar Coverage (Tracking Expansions while Fuzzing)track_event()
— Mining Input Grammars (DefineTracker), Mining Input Grammars (AssignmentTracker)- transitive — Parsing Inputs (Exercise 5: Leo Parser)
translate_to_z3_name()
— Symbolic Fuzzing (Get Names and Types of Variables Used)traverse()
— Academic Prototyping (Static Analysis in Python: Still Easy), Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (Static Analysis in Python: Still Easy), Prototyping with Python (A Symbolic Test Generator)traverse_if_children()
— Academic Prototyping (A Symbolic Test Generator), Prototyping with Python (A Symbolic Test Generator)traverse_tree()
— Efficient Grammar Fuzzing (Excursion: Implementingdisplay_tree()
)`), Class Diagrams (Getting a Class Tree)traverse_z3()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)- tree — Efficient Grammar Fuzzing (Derivation Trees)
- Tree Maps — Academic Prototyping (Replicable Experiments)
TreeMiner
class — Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Recovering a Derivation Tree)tree_fitness()
— Testing Compilers (Fitness)tree_list_to_string()
— Reducing Failure-Inducing Inputs (A Few Helpers)TREE_NODES
— Concolic Fuzzing (The SimpleConcolicFuzzer class)tree_to_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Grammar Mining)tree_to_string()
— Efficient Grammar Fuzzing (End of Excursion), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)tree_type()
— Tracking Information Flow (TaintedGrammarFuzzer)TRIALS
— Fuzzing in the Large (End of Excursion), Fuzzing in the Large (Collecting Code Coverage)triangle()
— Mutation Analysis (Structural Coverage Adequacy by Example), Concolic Fuzzing (Translating to the SMT Expression Format), Academic Prototyping (Python is Easy), Prototyping with Python (Python is Easy)triangle_m1()
— Mutation Analysis (Injecting Artificial Faults)triangle_traced()
— Academic Prototyping (Dynamic Analysis in Python: So Easy it Hurts), Prototyping with Python (Dynamic Analysis in Python: So Easy it Hurts)- trigram — When To Stop Fuzzing (The Enigma Machine)
trim_grammar()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)TroffRunner
class — Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)true_property_instantiations()
— Mining Function Specifications (Checking Invariants)TrustedDB
class — Tracking Information Flow (Tracking Untrusted Input)TRUSTED
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)TState
class — Parsing Inputs (Exercise 5: Leo Parser)tstr1()
— Concolic Fuzzing (Equality between Strings), Concolic Fuzzing (Equality between Strings)tstr10()
— Concolic Fuzzing (Remove Space from Ends)tstr11()
— Concolic Fuzzing (Splitting Strings)tstr2()
— Concolic Fuzzing (Length of Strings)tstr3()
— Concolic Fuzzing (An Iterator Class for Strings)tstr4()
— Concolic Fuzzing (Translating to Upper and Lower Equivalents)tstr5()
— Concolic Fuzzing (Translating to Upper and Lower Equivalents)tstr6()
— Concolic Fuzzing (Checking for String Prefixes)tstr7()
— Concolic Fuzzing (Finding Substrings)tstr8()
— Concolic Fuzzing (Remove Space from Ends)tstr9()
— Concolic Fuzzing (Remove Space from Ends)tstr
class — Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (A Class for Tainted Strings), Tracking Information Flow (String Operators), Tracking Information Flow (String Operators), Tracking Information Flow (String Operators)- Turing machines — Fuzzing with Grammars (Input Languages)
- twice — Search-Based Fuzzing (Dealing with Complex Conditions)
twice()
— Testing Configurations (Creating Autopep8 Options)- two — Symbolic Fuzzing (Function Summaries), When To Stop Fuzzing (Measuring Trace Coverage over Time)
- type annotations — Symbolic Fuzzing
TypeAnnotator
class — Mining Function Specifications (All-in-one Annotation)typed_functions()
— Mining Function Specifications (All-in-one Annotation)typed_functions_ast()
— Mining Function Specifications (All-in-one Annotation)typed_triangle()
— Academic Prototyping ((No) Type Checking)-Type-Checking), Prototyping with Python ((No) Type Checking)-Type-Checking)- types — Mining Function Specifications (Specifying and Checking Data Types)
TypeTracker
class — Mining Function Specifications (All-in-one Annotation)TypeTransformer
class — Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Annotating Functions with Given Types)type_string()
— Mining Function Specifications (Annotating Functions with Mined Types)TYPE
— Fuzzing with Constraints (Quantifiers)
U - Y¶
U¶
UNEXPLORED_STATE
— Testing Graphical User Interfaces (Excursion: Implementing Extracting State Grammars)unhack()
— Control Flow Graph (Supporting Functions)unicode_escape()
— Fuzzing in the Large (Excursion:escapelines()
implementatipn)`-implementatipn)unicode_string_neighbors()
— Search-Based Fuzzing (Evolutionary Search)unify_key()
— Parsing Inputs (Unify Key), Parsing Inputs (Unify Rule), Parsing Inputs (Exercise 1: An Alternative Packrat)unify_rule()
— Parsing Inputs (Unify Rule), Parsing Inputs (Exercise 1: An Alternative Packrat)uniq_postdot()
— Parsing Inputs (Exercise 5: Leo Parser), Parsing Inputs (Exercise 5: Leo Parser)- universal grammars — Fuzzing with Grammars (Input Languages)
unknown()
— Class Diagrams (Getting Docs)UNKNOWN_ORIGIN
— Tracking Information Flow (A Class for Tracking Character Origins), Tracking Information Flow (Privacy Leaks Revisited)- unobserved — When To Stop Fuzzing (Turing's Observations)
- unparse — Symbolic Fuzzing (Function Summaries)
unreachable_nonterminals()
— Fuzzing with Grammars (Excursion: Implementingis_valid_grammar()
)`)UNRESOLVED
— Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Synopsis), Fuzzing: Breaking Things with Random Inputs (Runner Classes), Fuzzing: Breaking Things with Random Inputs (Runners), Fuzzing: Breaking Things with Random Inputs (Runners), Reducing Failure-Inducing Inputs (End of Excursion)- unrolling of loops — Symbolic Fuzzing (Advanced Symbolic Fuzzing)
UNTRUSTED
— Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks), Tracking Information Flow (Preventing Privacy Leaks)- unusual paths — Greybox Fuzzing (Boosted Greybox Fuzzing)
unwrap_substrings()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)up()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)update()
— Mining Input Grammars (Vars), Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)update_cache()
— Parsing Inputs (Why Parsing for Fuzzing?)update_children()
— Control Flow Graph (CFGNode), Control Flow Graph (PyCFG)update_existing_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer), Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_functions()
— Control Flow Graph (PyCFG)update_grammar()
— Mining Input Grammars (Recovering Grammars from Derivation Trees), Mining Input Grammars (Recover Grammar), Mining Input Grammars (Grammar Mining), Tracking Information Flow (TaintedGrammarFuzzer), Concolic Fuzzing (Pruning and Updating)update_inventory()
— Tracking Information Flow (End of Excursion)update_maps()
— Search-Based Fuzzing (Instrumentation for Atomic Conditions)update_new_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_state()
— Testing Graphical User Interfaces (Excursion: Implementing GUIFuzzer)update_tree()
— Tracking Information Flow (TaintedGrammarFuzzer)upper()
— Tracking Information Flow (String methods that do not change origin), Concolic Fuzzing (Translating to Upper and Lower Equivalents)- urllib/parse.py — Mining Input Grammars (AssignmentTracker)
URLPARSE_ORACLE_GRAMMAR
— Fuzzing APIs (Exercise 1: Deep Arguments)URLS_X
— Mining Input Grammars (Problems with the Simple Miner)URLS
— Mining Input Grammars (Example 2. Recovering URL Grammar)url_parse()
— Mining Input Grammars (Example 2. Recovering URL Grammar)used_identifiers()
— Symbolic Fuzzing (Get Names and Types of Variables Used)used_vars()
— Symbolic Fuzzing (Get Names and Types of Variables Used)- user interface elements — Testing Graphical User Interfaces (Remote Control with Selenium)
use_id()
— Fuzzing with Generators (Definitions and Uses)
V¶
v()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)V1
— Mining Input Grammars (Assembling a Derivation Tree), Mining Input Grammars (Assembling a Derivation Tree)- valid — Mutation Analysis (Injecting Artificial Faults)
valid_luhn_checksum()
— Fuzzing with Generators (Functions Called After Expansion)VALUES
— Tracking Information Flow (Inserting Data)VARIABLE
— Code Coverage (A Coverage Class), Fuzzing with Constraints (Quantifiers), Fuzzing with Constraints (Quantifiers), Fuzzing with Constraints (Matching Expansion Elements), Fuzzing with Constraints (Matching Expansion Elements)Vars
class — Mining Input Grammars (Vars), Mining Input Grammars (Vars)var_access()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)var_assign()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)VAR_GRAMMAR
— Fuzzing with Generators (Definitions and Uses), Fuzzing with Generators (Definitions and Uses)var_location_register()
— Mining Input Grammars (AssignmentVars)var_name()
— Mining Input Grammars (AssignmentVars), Mining Input Grammars (ScopedVars)var_string()
— Class Diagrams (Drawing Class Hierarchy with Method Names)var_symbol()
— Carving Unit Tests (A Grammar from Arguments)VAR
— Class Diagrams (Getting a Class Hierarchy)VEHICLES
— Mining Input Grammars (A Simple Grammar Miner), Tracking Information Flow (A Vulnerable Database), Tracking Information Flow (End of Excursion)Vehicle
class — Mining Input Grammars (Exercise 1: Flattening complex objects)verbose_condition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)verbose_postcondition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)verbose_precondition()
— Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)- virtual variable — Mining Input Grammars (AssignmentTracker)
visit_AnnAssign()
— Mutation Analysis (A Simple Mutator for Functions)visit_Assert()
— Mutation Analysis (A Simple Mutator for Functions)visit_Assign()
— Mutation Analysis (A Simple Mutator for Functions)visit_AugAssign()
— Mutation Analysis (A Simple Mutator for Functions)visit_BinOp()
— Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)visit_Break()
— Mutation Analysis (A Simple Mutator for Functions)visit_Compare()
— Search-Based Fuzzing (Instrumenting Source Code Automatically)visit_Continue()
— Mutation Analysis (A Simple Mutator for Functions)visit_Delete()
— Mutation Analysis (A Simple Mutator for Functions)visit_Expr()
— Mutation Analysis (A Simple Mutator for Functions), Mining Function Specifications (Annotating Functions with Given Types)visit_FunctionDef()
— Search-Based Fuzzing (Instrumenting Source Code Automatically), Mining Function Specifications (Annotating Functions with Given Types), Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)visit_Global()
— Mutation Analysis (A Simple Mutator for Functions)visit_Name()
— Mining Function Specifications (Extracting Meta-Variables), Mining Function Specifications (Instantiating Properties)visit_Nonlocal()
— Mutation Analysis (A Simple Mutator for Functions)visit_Pass()
— Mutation Analysis (A Simple Mutator for Functions)visit_Raise()
— Mutation Analysis (A Simple Mutator for Functions)visit_Return()
— Mutation Analysis (A Simple Mutator for Functions)visit_z3_expr()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)VisualCoverage
class — Mutation Analysis (Structural Coverage Adequacy by Example)VisualizedArcCoverage
class — Symbolic Fuzzing (Visualizing the Coverage)VS
— Railroad Diagrams (Excursion: Railroad diagrams implementation)
W¶
walk()
— Control Flow Graph (PyCFG)was_seen()
— Parsing Inputs (Exercise 6: Filtered Earley Parser)WeakShapeTest
class — Mutation Analysis (Mutator for Modules and Test Suites)weak_oracle()
— Mutation Analysis (Structural Coverage Adequacy by Example)- web driver — Testing Graphical User Interfaces (Remote Control with Selenium)
webbrowser()
— Carving Unit Tests (System Tests vs Unit Tests), Testing Web Applications (Logging)WebFormFuzzer
class — Testing Web Applications (A Fuzzer for Web Forms)WebRunner
class — Testing Web Applications (Fuzzing with Unexpected Values)- weight — When To Stop Fuzzing (The Kenngruppenbuch)
WHERE
— Tracking Information Flow (Deleting Data)- white-box testing — Code Coverage (White-Box Testing)
- Wikipedia page on file formats — Fuzzing with Grammars (Input Languages)
- Wikipedia page on penetration testing — Testing Web Applications (Background)
- Wikipedia pages on Web application security — Testing Web Applications (Background)
- within this method — Mining Input Grammars (AssignmentVars)
wrapper()
— Mining Function Specifications (Annotating Functions with Pre- and Postconditions), Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)wrapString()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)writeSvg()
— Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation), Railroad Diagrams (Excursion: Railroad diagrams implementation)
X¶
x()
— Tracking Information Flow (Extract Origin String)- XKCD comic — Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)
- XML documents — Fuzzing with Generators (Example: Matching XML Tags)
XML_GRAMMAR
— Greybox Fuzzing with Grammars (Building the Fragment Pool)XML_UNICODE_WCHAR_T
— Testing Configurations (Part 3: C Preprocessor Configuration Fuzzing)- XSS — Testing Web Applications (Cross-Site Scripting Attacks)
Z - Z¶
Z¶
- Z3 solver — Academic Prototyping (Symbolic Reasoning in Python: There's a Package for That), Prototyping with Python (Symbolic Reasoning in Python: There's a Package for That)
z3_as_string()
— Concolic Fuzzing (Excursion: Implementing ConcolicGrammarFuzzer)Z3_BINARY
— Concolic Fuzzing (Using the Command Line)z3_chr()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)z3_names_and_types()
— Symbolic Fuzzing (Get Names and Types of Variables Used)Z3_OPTIONS
— Concolic Fuzzing (Using the Command Line)z3_ord()
— Concolic Fuzzing (Hack to use the ASCII value of a character.)zbool
class — Concolic Fuzzing (A Proxy Class for Booleans), Concolic Fuzzing (Negation of Encoded formula), Concolic Fuzzing (Registering Predicates on Conditionals)zchr()
— Concolic Fuzzing (Translating an Ordinal Value to ASCII)ZeroDivisionRunner
class — Reducing Failure-Inducing Inputs (Synopsis)ZeroOrMore()
— Railroad Diagrams (Excursion: Railroad diagrams implementation)zeval()
— Concolic Fuzzing (Evaluating the Concolic Expressions)zeval_py()
— Concolic Fuzzing (Using the Python API)zeval_smt()
— Concolic Fuzzing (Using the Command Line)zfloat
class — Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)zint
class — Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Equality between Integers), Concolic Fuzzing (Comparisons between Integers), Concolic Fuzzing (Comparisons between Integers), Concolic Fuzzing (Using an Integer in a Boolean Context), Concolic Fuzzing (Exercise 2: Bit Manipulation)zord()
— Concolic Fuzzing (Retrieving Ordinal Value)zproxy_create()
— Concolic Fuzzing (Concolic Proxy Objects)zstr_iterator
class — Concolic Fuzzing (An Iterator Class for Strings)zstr
class — Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Equality between Strings), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (Length of Strings), Concolic Fuzzing (Concatenation of Strings), Concolic Fuzzing (Producing Substrings), Concolic Fuzzing (Translating to Upper and Lower Equivalents), Concolic Fuzzing (Translating to Upper and Lower Equivalents), Concolic Fuzzing (Checking for String Prefixes), Concolic Fuzzing (Finding Substrings), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Remove Space from Ends), Concolic Fuzzing (Splitting Strings)_zv()
— Concolic Fuzzing (A Proxy Class for Integers), Concolic Fuzzing (A Proxy Class for Strings), Concolic Fuzzing (Exercise 1: Implement a Concolic Float Proxy Class)
The content of this project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. The source code that is part of the content, as well as the source code used to format and display that content is licensed under the MIT License. Last change: 2020-09-27 19:14:05+02:00 • Cite • Imprint