Develop a simple fuzzer to test an existing implementation of a simple calculator.
Software Quality Assurance (Auburn University, Spring 2023, Fall 2023)
Pre-lab Content Dissemination
In chaos engineering, finding corner cases in the software is important. To that end, we will use white-box fuzzing to understand how to find these corner cases. White-box fuzzing is a fuzzing technique where software's source code is leveraged to generate test cases. These test cases aim to find bugs in the source code so that these bugs are found and fixed early in the development stage. As part of this workshop, we will develop a simple fuzzer that fuzzes an existing implementation of a simple calculator.
In-class Hands-on Experience
Implement the `checkNonPermissiveOerations()` method in the 'fuzzer.py' file available here: https://github.com/paser-group/ALAMOSE-PASER/blob/ALAMOSE/workshops/fuzzer
First of all, copy the python program along with the simpleCalculator function.
def simpleCalculator(v1, v2, operation):
res=0
if(operation == '+'):
res=v1+v2
elif operation == '-':
res = v1-v2
elif operation == '*':
res = v1*v2
elif operation == '/':
res = v1/v2
elif operation == '%':
res = v1%v2
return res
if __name__ == '__main__':
val1, val2, op = 100, 1, '+'
data = simpleCalculator(val1, val1, op)
print('Operation {}\nResult: {}'.format(op, data))
Now add a function called simpleFuzzer.
def simpleFuzzer():
#complete the following methods
#fuzzValue()
# checkNonPermissiveOperations()
Here, you can see there are two commented functions called 'fuzzValue' and 'checkNonPermissiveOperations'. We will implement the 'checkNonPermissiveOperations' function to check random operations and try to crash the calculator program.
So the whole code snippet should look like the code below:
def simpleCalculator(v1, v2, operation):
res=0
if(operation == '+'):
res=v1+v2
elif operation == '-':
res = v1-v2
elif operation == '*':
res = v1*v2
elif operation == '/':
res = v1/v2
elif operation == '%':
res = v1%v2
return res
def checkNonPermissiveOperations():
operation_ = '='
simpleCalculator(100, 1, operation_)
def simpleFuzzer():
#complete the following methods
#fuzzValues()
checkNonPermissiveOperations()
if __name__ == '__main__':
val1, val2, op = 100, 1, '+'
# data = simpleCalculator(val1, val1, op)
# print('Operation {}\nResult: {}'.format(op, data))
simpleFuzzer()
We will write a code snippet to test all types of corner cases with respect to how valid operations are handled.
We will use a loop to generate alphanumeric values and pass them into `simpleCalculator`
The whole in-class hands-on experience is available as a video recording.
Post Lab Experience
Open 'fuzzer.py'
Implement the `fuzzValues` method so that it can generate alphanumeric values, and these values are plugged into the `simpleCalculator` method. Feel free to use the strings here: https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.json
Record the error messages. You should be recording seven (7) errors as part of your implementation.
Complete the survey: https://auburn.qualtrics.com/jfe/form/SV_e3Bxdy5U3uOPtSC