{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Index" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## A - E" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### A\n", "\n", "* `A()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `A1_GRAMMAR` — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal)\n", "* `A2_GRAMMAR` — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `A3_GRAMMAR` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing)\n", "* Abstract Syntax Tree — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* actions — [Testing Graphical User Interfaces (Retrieving User Interface Actions)](GUIFuzzer.ipynb#Retrieving-User-Interface-Actions), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions)\n", "* `add()` — [Parsing Inputs (Columns)](Parser.ipynb#Columns)\n", "* `addDebug()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `addTo()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `add_call()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `add_calls()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_child()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `add_element()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `add_group()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_int_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_metavar_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_new_airport()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers), [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `add_parameter()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_parent()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_parents()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_result()` — [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results)\n", "* `add_str_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_transitive()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `add_tree()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `add_tree_coverage()` — [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `add_type_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `__add__()` — [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation)\n", "* `advance()` — [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (States)](Parser.ipynb#States)\n", "* AFL — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `airport_codes_repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* Alex framework — [Testing Graphical User Interfaces (Background)](GUIFuzzer.ipynb#Background)\n", "* `all_terminals()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `alternate_reductions()` — [Reducing Failure-Inducing Inputs (Alternate Expansions)](Reducer.ipynb#Alternate-Expansions)\n", "* `AlternatingSequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* alternatives — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* American fuzzy lop — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `annotate_edge()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `annotate_node()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* any — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `any_possible_expansions()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree)\n", "* `apply_new_definition()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `apply_result()` — [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion)\n", "* `apply_twice()` — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* arbitrary — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `arc()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `arc_8()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `arguments()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `ARGUMENTS_SYMBOL` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* arithmetic expressions — [Fuzzing with Grammars (Arithmetic Expressions)](Grammars.ipynb#Arithmetic-Expressions)\n", "* `AR` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ASCII_STRING_EBNF_GRAMMAR` — [Fuzzing APIs (Strings)](APIFuzzer.ipynb#Strings)\n", "* `ASCII_STRING_GRAMMAR` — [Fuzzing APIs (Strings)](APIFuzzer.ipynb#Strings)\n", "* `assertEquals()` — [Introduction to Software Testing (Automating Test Execution)](Intro_Testing.ipynb#Automating-Test-Execution)\n", "* assertion — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* assignment — [Fuzzing: Breaking Things with Random Inputs (A Testing Assignment)](Fuzzer.ipynb#A-Testing-Assignment)\n", "* `assignments()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `AssignmentTracker` class — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `AssignmentVars` class — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `at()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `ATTACKS` — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `ATTR_GRAMMAR` — [Fuzzing with Generators (Exercise 2: Attribute Grammars)](GeneratorGrammarFuzzer.ipynb#Exercise-2:-Attribute-Grammars)\n", "* `at_dot()` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* Automata theory — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `autopep8()` — [Testing Configurations (Autopep8 Setup)](ConfigurationFuzzer.ipynb#Autopep8-Setup)\n", "* `average_length_until_full_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### B\n", "\n", "* `B()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* Backus-Naur form — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* before — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `BetterHTTPRequestHandler` class — [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures), [Testing Web Applications (Part 2: Sanitized HTML)](WebFuzzer.ipynb#Part-2:-Sanitized-HTML), [Testing Web Applications (Part 3: Sanitized SQL)](WebFuzzer.ipynb#Part-3:-Sanitized-SQL), [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `BETTER_HTML_INTERNAL_SERVER_ERROR` — [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures)\n", "* `BinaryProgramRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `BIRD` — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* bitmap origins — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* black-box testing — [Getting Coverage (Black-Box Testing)](Coverage.ipynb#Black-Box-Testing)\n", "* blog post — [Mutation-Based Fuzzing (Exercise 3)](MutationFuzzer.ipynb#Exercise-3), [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* BNF — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `BODY` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* Branch coverage — [Getting Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* `BranchCoverage` class — [Getting Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage)\n", "* `branch_coverage()` — [Getting Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage)\n", "* `BROWSER` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### C\n", "\n", "* C preprocessor — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `C()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* C-Reduce — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* `CachingReducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* call — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* call stack — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n", "* `CallCarver` class — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `called_functions()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `CallGrammarMiner` class — [Carving Unit Tests (A Grammar Miner for Calls)](Carver.ipynb#A-Grammar-Miner-for-Calls), [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar), [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments), [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls), [Carving Unit Tests (A Grammar from all Calls)](Carver.ipynb#A-Grammar-from-all-Calls)\n", "* `calls()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `CallStack` class — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `call_string()` — [Carving Unit Tests (Serializing Objects)](Carver.ipynb#Serializing-Objects)\n", "* `CALL_SYMBOL` — [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar)\n", "* `call_value()` — [Carving Unit Tests (Serializing Objects)](Carver.ipynb#Serializing-Objects)\n", "* `cancel()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* `candidate()` — [Fuzzing with Input Fragments (Candidate)](LangFuzzer.ipynb#Candidate), [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer)\n", "* `canonical()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `canonical_expr()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `capitalize()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `Carver` class — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* CFG — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser), [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Background)](Parser.ipynb#Background), [Fuzzing with Input Fragments (Recombining Parsed Inputs)](LangFuzzer.ipynb#Recombining-Parsed-Inputs)\n", "* `CFGNode` class — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* CFGs — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* CFLs — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `cgi_decode()` — [Getting Coverage (A CGI Decoder)](Coverage.ipynb#A-CGI-Decoder), [Getting Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions), [Control Flow Graph (cgi_decode)](ControlFlow.ipynb#cgi_decode)\n", "* `cgi_decode_traced()` — [Getting Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* `cgi_encode()` — [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values)\n", "* `CGI_GRAMMAR` — [Fuzzing with Grammars (A CGI Grammar)](Grammars.ipynb#A-CGI-Grammar), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* chapter on parsers](Parser.ipynb) that coarse grammars do not work well for fuzzing when the input format includes details expressed only in code. That is, even though we have the formal specification of CSV files ([RFC 4180 — [Mining Input Grammars (A Grammar Challenge)](GrammarMiner.ipynb#A-Grammar-Challenge)\n", "* character level — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `CHARACTERS_WITHOUT_QUOTE` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `CHARGE_GRAMMAR` — [Fuzzing with Generators (Example: Test a Credit Card System)](GeneratorGrammarFuzzer.ipynb#Example:-Test-a-Credit-Card-System), [Fuzzing with Generators (Example: Numeric Ranges)](GeneratorGrammarFuzzer.ipynb#Example:-Numeric-Ranges)\n", "* `chart_parse()` — [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm)\n", "* `CHAR_WIDTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `check()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* checksum — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `check_diversity()` — [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer)\n", "* `check_grammar()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability)\n", "* `check_param()` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `check_time()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* `check_triangle()` — [Control Flow Graph (check_triangle)](ControlFlow.ipynb#check_triangle)\n", "* child nodes — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* children — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `CHILDREN` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees), [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* choice expressions — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `Choice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `choose_covered_node_expansion()` — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `choose_node_expansion()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (All Together)](GrammarCoverageFuzzer.ipynb#All-Together), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `choose_tree_expansion()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `choose_uncovered_node_expansion()` — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `clean_grammar()` — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `clear_httpd_messages()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `clear_origin()` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `clear_symbol_table()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `clear_taint()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `click()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `clock()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `coalesce()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* code coverage — [Getting Coverage](Coverage.ipynb#Getting-Coverage)\n", "* `code_repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `collapse_if_too_large()` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks)\n", "* colors — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `Column` class — [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* commas — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `comma_split()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `COMMENT_CHAR_WIDTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `Comment` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* comparison node — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* compiler testing — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background), [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* complement of the input samples — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `complete()` — [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `compute_dominator()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `compute_flow()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `compute_gcd()` — [Control Flow Graph (gcd)](ControlFlow.ipynb#gcd)\n", "* concolic exeuction — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* concrete syntax tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* conditional compilation — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `CONDITION` — [Getting Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage), [Getting Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage), [Getting Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage)\n", "* `CONSTRAINED_VAR_GRAMMAR` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* constraint — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* context-free grammars — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `Context` class — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `convert()` — [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `convert_ebnf_grammar()` — [Fuzzing with Grammars (All Together)](Grammars.ipynb#All-Together)\n", "* `convert_ebnf_operators()` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `convert_ebnf_parentheses()` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* `copy()` — [Parsing Inputs (States)](Parser.ipynb#States), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `counts()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `count_expansions()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* coverage criteria — [Getting Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* `coverage()` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Getting Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `Coverage` class — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `cpp_identifiers()` — [Testing Configurations (Part 1: Extract Preprocessor Variables)](ConfigurationFuzzer.ipynb#Part-1:-Extract-Preprocessor-Variables)\n", "* `crange()` — [Fuzzing with Grammars (Character Classes)](Grammars.ipynb#Character-Classes)\n", "* `crash_if_too_long()` — [Fuzzing: Breaking Things with Random Inputs (Buffer Overflows)](Fuzzer.ipynb#Buffer-Overflows)\n", "* `crawl()` — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* crawler — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `create()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Create)](InformationFlow.ipynb#Create), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions)\n", "* `create_candidate()` — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations)\n", "* `create_foo_py()` — [Testing Configurations (Creating Autopep8 Options)](ConfigurationFuzzer.ipynb#Creating-Autopep8-Options)\n", "* `create_table()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables)\n", "* cross-site scripting — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* CSmith — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* CSV — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `CSV_GRAMMAR` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* current — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `C_SAMPLE_GRAMMAR` — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* `C` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### D\n", "\n", "* data dictionary — [Testing Web Applications (Leaking Internal Information)](WebFuzzer.ipynb#Leaking-Internal-Information)\n", "* database — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `DB` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input), [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB)\n", "* `DB` class — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data), [Tracking Information Flow (Updating Data)](InformationFlow.ipynb#Updating-Data), [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* debugger — [Introduction to Software Testing (Debugging a Function)](Intro_Testing.ipynb#Debugging-a-Function)\n", "* `DEBUG` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `decrange()` — [Probabilistic Grammar Fuzzing (Probabilities in Context)](ProbabilisticGrammarFuzzer.ipynb#Probabilities-in-Context)\n", "* `default_edge_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `default_graph_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `default_node_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `DEFAULT_ORIGIN` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `DEFAULT_STYLE` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `defined_vars()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `DefineTracker` class — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `define_expr()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `define_ex_grammar()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `define_grammar()` — [Fuzzing with Grammars (Part 1 (a): One Single Function)](Grammars.ipynb#Part-1-(a):-One-Single-Function)\n", "* `define_id()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `define_name()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `def_used_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `DELAY_AFTER_CHECK` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_CLICK` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_FILL` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_SUBMIT` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `delete_element()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `delete_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs)\n", "* `DELETE` — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `DeltaDebuggingReducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* derivation tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `determineGaps()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `deterministic_reduction()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `DiagramItem` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `DIAGRAM_CLASS` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `Diagram` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* different — [Mining Input Grammars (Problems with the Grammar Miner with Reassignment)](GrammarMiner.ipynb#Problems-with-the-Grammar-Miner-with-Reassignment)\n", "* `DIGIT_GRAMMAR` — [Fuzzing with Grammars (Representing Grammars in Python)](Grammars.ipynb#Representing-Grammars-in-Python)\n", "* `display_annotated_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `display_httpd_message()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `display_stack()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `display_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* Domato — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `dot_escape()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `doubleenumerate()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `down()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `do_call()` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `do_check()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_click()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_delete()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* `do_fill()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_GET()` — [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests)\n", "* `do_HEAD()` — [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands)\n", "* `do_insert()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `do_select()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data)\n", "* `do_submit()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_update()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Updating Data)](InformationFlow.ipynb#Updating-Data)\n", "* Dragon Book — [Efficient Grammar Fuzzing (Background)](GrammarFuzzer.ipynb#Background)\n", "* `duplicate_context()` — [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically)\n", "* `_duplicate_context()` — [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically)\n", "* dynamic analysis — [Getting Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* dynamic taint — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* dynamic taint analysis — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* dynamic taints — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### E\n", "\n", "* `e()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* Earley parser — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `EarleyParser` class — [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (Predicting States)](Parser.ipynb#Predicting-States), [Parsing Inputs (Scanning Tokens)](Parser.ipynb#Scanning-Tokens), [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing), [Parsing Inputs (Filling the Chart)](Parser.ipynb#Filling-the-Chart), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths), [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests), [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `earley_complete()` — [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing)\n", "* EBNF — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `ebnf_grammar()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `elapsed_time()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* embed the finite state machine into a grammar — [Testing Graphical User Interfaces (State Machines as Grammars)](GUIFuzzer.ipynb#State-Machines-as-Grammars)\n", "* EMI Project — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `End` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `enter()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `__enter__()` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `EOF` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal)\n", "* epsilon expansion — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node)\n", "* `EPSILON` — [Introduction to Software Testing (Automating Test Execution)](Intro_Testing.ipynb#Automating-Test-Execution), [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix), [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal)\n", "* `__eq__()` — [Parsing Inputs (States)](Parser.ipynb#States), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `EvalMysteryRunner` class — [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules)\n", "* `eval_function()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `eval_with_exception()` — [Fuzzing with Generators (Example: Negative Expressions)](GeneratorGrammarFuzzer.ipynb#Example:-Negative-Expressions)\n", "* `EvenFasterGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* excellent library from Tab Atkins jr. — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `executable()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `ExerciseGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)](GrammarFuzzer.ipynb#Exercise-4:-Alternate-Random-Expansions)\n", "* `__exit__()` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `expandtabs()` — [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs)\n", "* `expand_node()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation)\n", "* `expand_node_by_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `expand_node_max_cost()` — [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation)\n", "* `expand_node_min_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `expand_node_randomly()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)](GrammarFuzzer.ipynb#Exercise-4:-Alternate-Random-Expansions), [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `expand_tree()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* `expand_tree_once()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `expand_tree_with_strategy()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* expansion alternatives — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* expansion rules — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* `ExpansionCountMiner` class — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `ExpansionError` class — [Fuzzing with Grammars (A Simple Grammar Fuzzer)](Grammars.ipynb#A-Simple-Grammar-Fuzzer)\n", "* `expansion_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `expansion_key()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `expansion_to_children()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results)\n", "* `ExpectError` class — [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors)\n", "* `ExpectTimeout` class — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* `explore_all()` — [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States)\n", "* `expression_clause()` — [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data)\n", "* `expression_grammar_fn()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* `EXPR_EBNF_GRAMMAR` — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `EXPR_GRAMMAR_BNF` — [Efficient Grammar Fuzzing (An Insufficient Algorithm)](GrammarFuzzer.ipynb#An-Insufficient-Algorithm)\n", "* `EXPR_GRAMMAR` — [Fuzzing with Grammars (Representing Grammars in Python)](Grammars.ipynb#Representing-Grammars-in-Python), [Grammar Coverage (Covering Grammar Elements)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Elements), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Fuzzing with Generators (Example: More Numeric Ranges)](GeneratorGrammarFuzzer.ipynb#Example:-More-Numeric-Ranges), [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `exp_opt()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `exp_opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `exp_order()` — [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `exp_post_expansion_function()` — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints)\n", "* `exp_pre_expansion_function()` — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints)\n", "* `exp_prob()` — [Probabilistic Grammar Fuzzing (Specifying Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Specifying-Probabilities)\n", "* `exp_probabilities()` — [Probabilistic Grammar Fuzzing (Distributing Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Distributing-Probabilities)\n", "* `exp_string()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `extended_nonterminals()` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `extend_grammar()` — [Fuzzing with Grammars (Extending Grammars)](Grammars.ipynb#Extending-Grammars)\n", "* `extract_a_tree()` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees)\n", "* `extract_node()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `extract_trees()` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing)\n", "* `extract_vars()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `E_GRAMMAR_1` — [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix), [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix)\n", "* `E_GRAMMAR` — [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## F - J" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### F\n", "\n", "* `fail_test()` — [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors)\n", "* `FAIL` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `FasterGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results)\n", "* `fib()` — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* `FILE` — [Fuzzing: Breaking Things with Random Inputs (Creating Input Files)](Fuzzer.ipynb#Creating-Input-Files)\n", "* `fill()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `fill_chart()` — [Parsing Inputs (Filling the Chart)](Parser.ipynb#Filling-the-Chart)\n", "* `FINAL_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `find_comma()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `find_contents()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `find_element()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `find_executable()` — [Testing Configurations (Autopep8 Setup)](ConfigurationFuzzer.ipynb#Autopep8-Setup)\n", "* `find_expansion()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `find_grammar()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `_find_reachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `finished()` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* finite state machine — [Testing Graphical User Interfaces (User Interfaces as Finite State Machines)](GUIFuzzer.ipynb#User-Interfaces-as-Finite-State-Machines)\n", "* finite state machines — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `firstset()` — [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal)\n", "* `firstset_()` — [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal)\n", "* `first_digit_via_log()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `first_digit_via_string()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `first_expr()` — [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal)\n", "* `first` and `follow` — [Parsing Inputs (Exercise 6: First Set of a Nonterminal)](Parser.ipynb#Exercise-6:-First-Set-of-a-Nonterminal)\n", "* `fixed_cgi_decode()` — [Getting Coverage (Exercise 1: Fixing cgi_decode)](Coverage.ipynb#Exercise-1:-Fixing-cgi_decode)\n", "* `fixpoint()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* `fix_luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `flatten()` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `flip_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs)\n", "* `FLOAT_EBNF_GRAMMAR` — [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats)\n", "* `float_grammar_with_range()` — [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats)\n", "* `FLOAT_GRAMMAR` — [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats)\n", "* `fmt()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `followset()` — [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal)\n", "* `followset_()` — [Parsing Inputs (Exercise 7: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-7:-Follow-Set-of-a-Nonterminal)\n", "* `follow_link()` — [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions)\n", "* for-loop — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* `forest()` — [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests)\n", "* formal languages — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages), [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* `format()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `FormHTMLParser` class — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields)\n", "* `fragment()` — [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer)\n", "* `fragments()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `FRAGMENT_LEN` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `fsm_diagram()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `fsm_last_state_symbol()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `fsm_path()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `FunctionCoverageRunner` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `FunctionRunner` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `function_symbol()` — [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls)\n", "* `funct_parser()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* `fuzz()` — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together), [Fuzzing with Input Fragments (Fuzz)](LangFuzzer.ipynb#Fuzz), [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `fuzzed_url_element()` — [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles)\n", "* fuzzer — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `fuzzer()` — [Fuzzing: Breaking Things with Random Inputs (A Simple Fuzzer)](Fuzzer.ipynb#A-Simple-Fuzzer)\n", "* `Fuzzer` class — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* fuzzing — [Fuzzing: Breaking Things with Random Inputs](Fuzzer.ipynb#Fuzzing:-Breaking-Things-with Random Inputs), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* fuzzingbook.org — [Carving Unit Tests (System Tests vs Unit Tests)](Carver.ipynb#System-Tests-vs-Unit-Tests), [Testing Graphical User Interfaces (Exploring Large Sites)](GUIFuzzer.ipynb#Exploring-Large-Sites)\n", "* `FUZZINGBOOK_SWAG` — [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders), [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders), [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders)\n", "* `fuzz_tree()` — [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together), [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### G\n", "\n", "* `gcd()` — [Control Flow Graph (gcd)](ControlFlow.ipynb#gcd)\n", "* `generate_new_tree()` — [Fuzzing with Input Fragments (Generate New Tree)](LangFuzzer.ipynb#Generate-New-Tree), [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer)\n", "* generator function in Python — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `GeneratorGrammarFuzzer` class — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion), [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `gen_cfg()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `__getitem__()` — [Tracking Information Flow (Index)](InformationFlow.ipynb#Index), [Testing Configurations (Part 3: Mine a Configuration Grammar)](ConfigurationFuzzer.ipynb#Part-3:-Mine-a-Configuration-Grammar)\n", "* `get_alternatives()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* `get_arguments()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `get_cfg()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `get_defining_function()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `get_derivation_tree()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `get_field_values()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders)\n", "* `get_func()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `get_grammar()` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `get_html()` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `get_qualified_name()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `get_registry()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry)\n", "* `get_registry_idx()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `get_replacements()` — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `get_top()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `GET` — [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests), [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands), [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* GNU bc — [Mutation-Based Fuzzing (Part 2: Guided Mutations)](MutationFuzzer.ipynb#Part-2:-Guided-Mutations)\n", "* grammar fuzzing — [Fuzzing with Grammars (Arithmetic Expressions)](Grammars.ipynb#Arithmetic-Expressions)\n", "* `grammar()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `GrammarCoverageFuzzer` class — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children), [Grammar Coverage (Adaptive Lookahead)](GrammarCoverageFuzzer.ipynb#Adaptive-Lookahead), [Grammar Coverage (All Together)](GrammarCoverageFuzzer.ipynb#All-Together)\n", "* `GrammarFuzzer` class — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases), [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together)\n", "* Grammarinator — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `GrammarMiner` class — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar)\n", "* `GrammarReducer` class — [Reducing Failure-Inducing Inputs (A Class for Reducing with Grammars)](Reducer.ipynb#A-Class-for-Reducing-with-Grammars), [Reducing Failure-Inducing Inputs (Finding Subtrees)](Reducer.ipynb#Finding-Subtrees), [Reducing Failure-Inducing Inputs (Alternate Expansions)](Reducer.ipynb#Alternate-Expansions), [Reducing Failure-Inducing Inputs (Both Strategies Together)](Reducer.ipynb#Both-Strategies-Together), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)](Reducer.ipynb#A-Depth-Oriented-Strategy)\n", "* grammars — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `graph_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* GUI Ripping — [Testing Graphical User Interfaces (Background)](GUIFuzzer.ipynb#Background)\n", "* `GUICoverageFuzzer` class — [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States), [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States)\n", "* `GUIFuzzer` class — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `GUIGrammarMiner` class — [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Input Element Actions)](GUIFuzzer.ipynb#Input-Element-Actions), [Testing Graphical User Interfaces (Button Element Actions)](GUIFuzzer.ipynb#Button-Element-Actions), [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions), [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `GUIRunner` class — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `GUI_GRAMMAR` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### H\n", "\n", "* `h()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `handle_endtag()` — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields)\n", "* `handle_order()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `handle_starttag()` — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `hang_if_no_space()` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks)\n", "* `__hash__()` — [Parsing Inputs (States)](Parser.ipynb#States)\n", "* `has_origin()` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `has_taint()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* HDD — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* `HEADLESS` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium), [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium), [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `HEAD` — [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands)\n", "* heartbeat — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `heartbeat()` — [Fuzzing: Breaking Things with Random Inputs (Information Leaks)](Fuzzer.ipynb#Information-Leaks)\n", "* HeartBleed announcement page — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* HeartBleed bug — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `helper()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer)\n", "* Hierarchical Delta Debugging — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* `highlight_node()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `high_charge()` — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* `hl_node()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `hl_predicate()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (Candidate)](LangFuzzer.ipynb#Candidate), [Fuzzing with Input Fragments (Generate New Tree)](LangFuzzer.ipynb#Generate-New-Tree)\n", "* hook into `__new__()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings)\n", "* `HorizontalChoice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* HTML injection — [Testing Web Applications (HTML Injection Attacks)](WebFuzzer.ipynb#HTML-Injection-Attacks)\n", "* `HTMLGrammarMiner` class — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* `HTML_INTERNAL_SERVER_ERROR` — [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors)\n", "* `HTML_NOT_FOUND` — [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found)\n", "* `HTML_ORDER_FORM` — [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders)\n", "* `HTML_ORDER_RECEIVED` — [Testing Web Applications (Order Confirmation)](WebFuzzer.ipynb#Order-Confirmation)\n", "* `HTML_TERMS_AND_CONDITIONS` — [Testing Web Applications (Terms and Conditions)](WebFuzzer.ipynb#Terms-and-Conditions)\n", "* `HTTPD_MESSAGE_QUEUE` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `http_program()` — [Mutation-Based Fuzzing (Fuzzing a URL Parser)](MutationFuzzer.ipynb#Fuzzing-a-URL-Parser)\n", "* `hundred_inputs()` — [Getting Coverage ( Coverage of Basic Fuzzing)](Coverage.ipynb#-Coverage-of-Basic-Fuzzing)\n", "* hypothesis package — [Fuzzing APIs (Background)](APIFuzzer.ipynb#Background)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### I\n", "\n", "* `i()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `identifier_grammar_fn()` — [Fuzzing with Grammars (Part 2: Extended Grammars)](Grammars.ipynb#Part-2:-Extended-Grammars)\n", "* `idx()` — [Parsing Inputs (States)](Parser.ipynb#States)\n", "* `ignored()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* immutable — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings)\n", "* in order — [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key)\n", "* in the same method invocation — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* in this very popular XKCD comic — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* in-memory database — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database)\n", "* `indent()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* inherit — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `initial_grammar()` — [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar)\n", "* `init_db()` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `init_tainted_grammar()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `init_tree()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node)\n", "* `__init__()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff), [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results), [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (States)](Parser.ipynb#States), [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules), [Reducing Failure-Inducing Inputs (A Class for Reducing with Grammars)](Reducer.ipynb#A-Class-for-Reducing-with-Grammars), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects), [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Tracking Information Flow (Part 4: Passing taints from integers to strings)](InformationFlow.ipynb#Part-4:-Passing-taints-from-integers-to-strings), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (A Grammar Miner for Calls)](Carver.ipynb#A-Grammar-Miner-for-Calls), [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* input string — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `InputStack` class — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `insert_into_tree()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `insert_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs)\n", "* `INSERT` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders), [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `INTERNAL_ALIGNMENT` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `internal_server_error()` — [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors), [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures)\n", "* `INT_EBNF_GRAMMAR` — [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers)\n", "* `int_grammar_with_range()` — [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers)\n", "* `INT_GRAMMAR` — [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers)\n", "* `INVENTORY_GRAMMAR_F` — [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `INVENTORY_GRAMMAR` — [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `INVENTORY_METHODS` — [Mining Input Grammars (A Simple Grammar Miner)](GrammarMiner.ipynb#A-Simple-Grammar-Miner)\n", "* `INVENTORY` — [Mining Input Grammars (A Grammar Challenge)](GrammarMiner.ipynb#A-Grammar-Challenge), [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* `invert_expansion()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `invert_probs()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `invoker()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `in_current_record()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `in_scope()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `IP_ADDRESS_GRAMMAR` — [Probabilistic Grammar Fuzzing (Probabilities in Context)](ProbabilisticGrammarFuzzer.ipynb#Probabilities-in-Context)\n", "* `IP_ADDRESS_TOKENS` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `is_input_fragment()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker)\n", "* `is_nonterminal()` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `is_permutation()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `is_sorted()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `is_valid_grammar()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `is_valid_probabilistic_grammar()` — [Probabilistic Grammar Fuzzing (Checking Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Checking-Probabilities)\n", "* `is_valid_url()` — [Mutation-Based Fuzzing (Mutating URLs)](MutationFuzzer.ipynb#Mutating-URLs)\n", "* It is inefficient — [Efficient Grammar Fuzzing (An Insufficient Algorithm)](GrammarFuzzer.ipynb#An-Insufficient-Algorithm)\n", "* `Item` class — [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* `iterate()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* iterator object — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `__iter__()` — [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### J\n", "\n", "* JavaScript — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* JerryScript — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `join()` — [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs)\n", "* `js-vuln-db` — [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs)\n", "* JSON specification — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `JSON_EBNF_GRAMMAR` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `JSON_GRAMMAR` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## K - O" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### K\n", "\n", "* key — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* keylogger — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### L\n", "\n", "* lambda — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* LangFuzz — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `LangFuzzer2` class — [Fuzzing with Input Fragments (Exercise 1: A Different LangFuzzer)](LangFuzzer.ipynb#Exercise-1:-A-Different-LangFuzzer)\n", "* `LangFuzzer` class — [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (Candidate)](LangFuzzer.ipynb#Candidate), [Fuzzing with Input Fragments (Generate New Tree)](LangFuzzer.ipynb#Generate-New-Tree), [Fuzzing with Input Fragments (Fuzz)](LangFuzzer.ipynb#Fuzz)\n", "* language specifications — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `LD_LIBRARY_PATH` — [Testing Configurations (Part 1: Getopt Fuzzing)](ConfigurationFuzzer.ipynb#Part-1:-Getopt-Fuzzing)\n", "* leaf — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `leave()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* left to right — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `left()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `left_align()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `__len__()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `LeoParser` class — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `leo_complete()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* lexer — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* lexing — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* line — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* line numbers — [Mining Input Grammars (Grammar Miner with Reassignment)](GrammarMiner.ipynb#Grammar-Miner-with-Reassignment)\n", "* `linear_to_tree()` — [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* `lineno()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `LinkHTMLParser` class — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `link_functions()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `LIST_EBNF_GRAMMAR` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `list_grammar()` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `LIST_GRAMMAR` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `ljust()` — [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify)\n", "* LL — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `ll()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `LL1Parser` class — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* LLVM Address Sanitizer — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `loc()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* local host — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* `log_call()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* `log_event()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `log_message()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `log_tree()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* `LONG_FOO` — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `long_running_test()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* Loup Vaillant — [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method)\n", "* `lower()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `LOW` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators)\n", "* LR — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* LR parsing — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* LR(k) — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* `LR0` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* `LR_GRAMMAR` — [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `lr_graph()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `lstrip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip)\n", "* `LS_EBNF_GRAMMAR` — [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls), [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls)\n", "* `LS_GRAMMAR` — [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls)\n", "* Luhn algorithm — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `LUHN_ODD_LOOKUP` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### M\n", "\n", "* `m()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `make_grammar()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `make_int_wrapper()` — [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions)\n", "* `make_rule()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `make_split_wrapper()` — [Tracking Information Flow (Splits)](InformationFlow.ipynb#Splits)\n", "* `make_str_abort_wrapper()` — [Tracking Information Flow (Methods yet to be translated)](InformationFlow.ipynb#Methods-yet-to-be-translated)\n", "* `make_str_wrapper()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (General wrappers)](InformationFlow.ipynb#General-wrappers)\n", "* Marpa parser — [Parsing Inputs (More Earley Parsing)](Parser.ipynb#More-Earley-Parsing)\n", "* `_max_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `max_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `max_height()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `method_enter()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `method_exit()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `method_init()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `method_statement()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `mine_arguments_grammar()` — [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments)\n", "* `mine_a_element_actions()` — [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions)\n", "* `mine_button_element_actions()` — [Testing Graphical User Interfaces (Button Element Actions)](GUIFuzzer.ipynb#Button-Element-Actions)\n", "* `mine_call_grammar()` — [Carving Unit Tests (A Grammar from all Calls)](Carver.ipynb#A-Grammar-from-all-Calls)\n", "* `mine_ebnf_grammar()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `mine_function_grammar()` — [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls)\n", "* `mine_grammar()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* `mine_input_element_actions()` — [Testing Graphical User Interfaces (Input Element Actions)](GUIFuzzer.ipynb#Input-Element-Actions)\n", "* `mine_probabilistic_grammar()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `mine_state_actions()` — [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions)\n", "* `mine_state_grammar()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `missing_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `__mod__()` — [Tracking Information Flow (mod)](InformationFlow.ipynb#mod)\n", "* `mseq()` — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* multiple inheritance — [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage), [Fuzzing with Generators (All Together)](GeneratorGrammarFuzzer.ipynb#All-Together)\n", "* `MultipleChoice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `mutate()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations)\n", "* `mutate_tree()` — [Fuzzing with Input Fragments (Grammar-Based Mutation)](LangFuzzer.ipynb#Grammar-Based-Mutation)\n", "* mutational fuzzing — [Mutation-Based Fuzzing](MutationFuzzer.ipynb#Mutation-Based-Fuzzing), [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs)\n", "* `MutationCoverageFuzzer` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `MutationFuzzer` class — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations)\n", "* MyPy — [Fuzzing: Breaking Things with Random Inputs (Static Code Checkers)](Fuzzer.ipynb#Static-Code-Checkers)\n", "* `MysteryRunner` class — [Reducing Failure-Inducing Inputs (Why Reducing?)](Reducer.ipynb#Why-Reducing?)\n", "* `my_eval()` — [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB), [Tracking Information Flow (TrackingDB)](InformationFlow.ipynb#TrackingDB)\n", "* `my_sqrt()` — [Introduction to Software Testing (Simple Testing)](Intro_Testing.ipynb#Simple-Testing), [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* `_my_sqrt()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* `my_sqrt_checked()` — [Introduction to Software Testing (Run-Time Verification)](Intro_Testing.ipynb#Run-Time-Verification)\n", "* `my_sqrt_fixed()` — [Introduction to Software Testing (The Limits of Testing)](Intro_Testing.ipynb#The-Limits-of-Testing)\n", "* `my_sqrt_with_log()` — [Introduction to Software Testing (Debugging a Function)](Intro_Testing.ipynb#Debugging-a-Function)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### N\n", "\n", "* natural language — [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* `__neq__()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* Newton–Raphson method — [Introduction to Software Testing (Simple Testing)](Intro_Testing.ipynb#Simple-Testing)\n", "* `_new_child_coverage()` — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children)\n", "* `new_child_coverage()` — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children)\n", "* `new_coverages()` — [Grammar Coverage (Adaptive Lookahead)](GrammarCoverageFuzzer.ipynb#Adaptive-Lookahead)\n", "* `new_expansion_cost()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `new_state_symbol()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `new_symbol()` — [Fuzzing with Grammars (Creating New Symbols)](Grammars.ipynb#Creating-New-Symbols)\n", "* `new_symbol_cost()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `__new__()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `__next__()` — [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices)\n", "* `__ne__()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* nodes — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* nonterminal symbol — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `nonterminals()` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `NonTerminal` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* not — [Parsing Inputs (Exercise 3: PEG Predicates)](Parser.ipynb#Exercise-3:-PEG-Predicates)\n", "* `not_found()` — [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found)\n", "* `no_8bit()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `no_backslash_d()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `no_dot()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `nt_var()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `nullable()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `nullable_()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `nullable_expr()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `number_of_nodes()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### O\n", "\n", "* `OBJECT` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `OneOrMore` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `on_assign()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_binop()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_break()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_call()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_compare()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_continue()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_event()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `on_exception()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `on_expr()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_for()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_functiondef()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_if()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_line()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `on_module()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_pass()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_return()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_unaryop()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_while()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `Optional()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `OptionalSequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `OptionFuzzer` class — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `OptionGrammarMiner` class — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `OptionRunner` class — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `options()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `OPTION_SYMBOL` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `opts_used()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* oracle — [Getting Coverage (Finding Errors with Basic Fuzzing)](Coverage.ipynb#Finding-Errors-with-Basic-Fuzzing), [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles)\n", "* ordered choice — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* ordering of expansions — [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `orders_db_is_empty()` — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `ORDERS_DB` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `ORDER_GRAMMAR_WITH_HTML_INJECTION` — [Testing Web Applications (HTML Injection Attacks)](WebFuzzer.ipynb#HTML-Injection-Attacks)\n", "* `ORDER_GRAMMAR_WITH_SQL_INJECTION` — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `ORDER_GRAMMAR_WITH_XSS_INJECTION` — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* `ORDER_GRAMMAR` — [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values), [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values)\n", "* `ostr_iterator` class — [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices)\n", "* `ostr` class — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Create)](InformationFlow.ipynb#Create), [Tracking Information Flow (Index)](InformationFlow.ipynb#Index), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Tracking Information Flow (Extract Origin String)](InformationFlow.ipynb#Extract-Origin-String), [Tracking Information Flow (Replace)](InformationFlow.ipynb#Replace), [Tracking Information Flow (Split)](InformationFlow.ipynb#Split), [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip), [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs), [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs), [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions), [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify), [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify), [Tracking Information Flow (mod)](InformationFlow.ipynb#mod), [Tracking Information Flow (mod)](InformationFlow.ipynb#mod), [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* OWASP Zed Attack Proxy Project — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## P - T" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### P\n", "\n", "* `P1` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* packrat — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* `PackratParser` class — [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* page — [Testing Graphical User Interfaces (User Interface Actions)](GUIFuzzer.ipynb#User-Interface-Actions)\n", "* `pairwise()` — [Testing Configurations (Combinatorial Testing)](ConfigurationFuzzer.ipynb#Combinatorial-Testing)\n", "* `parameters()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `parenthesized_expressions()` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* parse tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `parse()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `parseCSSGrammar()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ParseInterrupt` class — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* parser — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* Parser — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* parsers — [Efficient Grammar Fuzzing (Background)](GrammarFuzzer.ipynb#Background)\n", "* `Parser` class — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `parse_csv()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser), [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `parse_forest()` — [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `parse_helper()` — [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* `parse_paths()` — [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths)\n", "* `parse_prefix()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Parser)](Parser.ipynb#The-Parser), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `parse_quote()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `parse_table()` — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* parsing — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* Parsing Expression Grammar — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* Parsing Expression Grammars — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `partition()` — [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions)\n", "* `PASS` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* path to insanity — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `paths()` — [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths)\n", "* `Path` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* PEG — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `PEG1` — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `PEG2` — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `PEGParser` class — [Parsing Inputs (The Parser)](Parser.ipynb#The-Parser), [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule)\n", "* PEGs — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `PEG_SURPRISE` — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* PEP 8 Style Guide for Python Code — [Testing Configurations (Testing Autopep8)](ConfigurationFuzzer.ipynb#Testing-Autopep8)\n", "* `PooledGrammarFuzzer` class — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `population_branch_coverage()` — [Getting Coverage (Part 2: Comparing statement coverage and branch coverage)](Coverage.ipynb#Part-2:-Comparing-statement-coverage-and-branch-coverage)\n", "* `population_coverage()` — [Getting Coverage ( Coverage of Basic Fuzzing)](Coverage.ipynb#-Coverage-of-Basic-Fuzzing)\n", "* `possible_combinations()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `possible_expansions()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree)\n", "* post-order — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `POST` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `power()` — [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars)\n", "* `POWER_GRAMMAR` — [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars), [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars)\n", "* pre-order — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `precompute_costs()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `predict()` — [Parsing Inputs (Predicting States)](Parser.ipynb#Predicting-States), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* `PrintRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `print_httpd_messages()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `print_url()` — [Testing Web Applications (Direct Browser Access)](WebFuzzer.ipynb#Direct-Browser-Access)\n", "* `ProbabilisticGeneratorGrammarCoverageFuzzer` class — [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `ProbabilisticGeneratorGrammarFuzzer` class — [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing)\n", "* `ProbabilisticGrammarCoverageFuzzer` class — [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `ProbabilisticGrammarFuzzer` class — [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability)\n", "* `ProbabilisticGrammarMiner` class — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities), [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `PROBABILISTIC_EXPR_GRAMMAR` — [Probabilistic Grammar Fuzzing (Specifying Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Specifying-Probabilities)\n", "* `prob_distribution()` — [Probabilistic Grammar Fuzzing (Distributing Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Distributing-Probabilities)\n", "* `prob_leading_digit()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `process()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `process_arg()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `process_argument()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `process_car()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_chosen_children()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion)\n", "* `process_inventory()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_numbers()` — [Testing Configurations (Options in Python)](ConfigurationFuzzer.ipynb#Options-in-Python)\n", "* `PROCESS_NUMBERS_EBNF_GRAMMAR` — [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations), [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations)\n", "* `PROCESS_NUMBERS_GRAMMAR` — [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations)\n", "* `process_van()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_vehicle()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `prod_line_grammar()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `ProgramRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `proxy()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (Splits)](InformationFlow.ipynb#Splits), [Tracking Information Flow (General wrappers)](InformationFlow.ipynb#General-wrappers), [Tracking Information Flow (Methods yet to be translated)](InformationFlow.ipynb#Methods-yet-to-be-translated), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions)\n", "* `prune_tree()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `PUBLIC` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* `PyCFG` class — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* Python — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* Python tutorial — [Introduction to Software Testing (Understanding Python Programs)](Intro_Testing.ipynb#Understanding-Python-Programs), [Fuzzing: Breaking Things with Random Inputs](Fuzzer.ipynb#Fuzzing:-Breaking-Things-with Random Inputs)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Q\n", "\n", "* `quadratic_solver()` — [Introduction to Software Testing (Exercise 2: Quadratic Solver)](Intro_Testing.ipynb#Exercise-2:-Quadratic-Solver)\n", "* `quadratic_solver_fixed()` — [Introduction to Software Testing (Part 2: Fix the problem)](Intro_Testing.ipynb#Part-2:-Fix-the-problem)\n", "* `quad_solver()` — [Control Flow Graph (quad_solver)](ControlFlow.ipynb#quad_solver)\n", "* `qualified()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `QUERY_GRAMMAR` — [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### R\n", "\n", "* `__radd__()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation)\n", "* `RandomFuzzer` class — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `random_list()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `reachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `readable()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `readable_rule()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `read_gcov_coverage()` — [Getting Coverage (Getting Coverage from External Programs)](Coverage.ipynb#Getting-Coverage-from-External-Programs)\n", "* `rearrange()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `recover_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* recursion — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars)\n", "* recursive — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* red — [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Input Fragments (Candidate)](LangFuzzer.ipynb#Candidate)\n", "* red-black tree — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `RedBlackTree` class — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `reduce()` — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* `Reducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* `reduce_subtree()` — [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* `reduce_tree()` — [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)](Reducer.ipynb#A-Depth-Oriented-Strategy)\n", "* `register_event()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `register_node()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `REGISTRY_IDX` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `REGISTRY` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* Regular Expression — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* Regular expressions — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* regular expressions — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* regular language — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* repair — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `replace()` — [Tracking Information Flow (Replace)](InformationFlow.ipynb#Replace)\n", "* `replace_symbol()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* representation invariant — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `__repr__()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `REQUIRED_FIELDS` — [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `reset()` — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `reset_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `reset_generators()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `reset_registry()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `restart()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `RestartExpansionException` class — [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `restart_expansion()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `result()` — [Carving Unit Tests (Part 2: Access results)](Carver.ipynb#Part-2:-Access-results)\n", "* `ResultCarver` class — [Carving Unit Tests (Exercises)](Carver.ipynb#Exercises), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results), [Carving Unit Tests (Part 2: Access results)](Carver.ipynb#Part-2:-Access-results)\n", "* results checker — [Getting Coverage (Finding Errors with Basic Fuzzing)](Coverage.ipynb#Finding-Errors-with-Basic-Fuzzing)\n", "* return — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* `RE_EXTENDED_NONTERMINAL` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `RE_NONTERMINAL` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `RE_PARENTHESIZED_EXPR` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* RFC 4180 — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `right()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `RISKY_NUMBERS` — [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs), [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs)\n", "* `rjust()` — [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify)\n", "* `__rmod__()` — [Tracking Information Flow (mod)](InformationFlow.ipynb#mod)\n", "* root node — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `rootIsBlack()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `rpartition()` — [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions)\n", "* `RR_GRAMMAR2` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR3` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR4` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR5` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR6` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR7` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR` — [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `rsplit()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* `rstrip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip)\n", "* rules — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* `rules()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* `run()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Reducing Failure-Inducing Inputs (Why Reducing?)](Reducer.ipynb#Why-Reducing?), [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `Runner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `runs()` — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `run_function()` — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `run_generator()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `run_httpd_forever()` — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* `run_post_functions()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `run_post_functions_locally()` — [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `run_process()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### S\n", "\n", "* `sample_db()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables)\n", "* `SAMPLE_GRAMMAR` — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* sanitization — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `sanitize()` — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `scan()` — [Parsing Inputs (Scanning Tokens)](Parser.ipynb#Scanning-Tokens)\n", "* scanner — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* scope — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `ScopedGrammarMiner` class — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `ScopedVars` class — [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `ScopeTracker` class — [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker)\n", "* `ScopeTreeMiner` class — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `SECRET_ORIGIN` — [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited)\n", "* `SECRET` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* seeds — [Fuzzing with Grammars (Grammars as Mutation Seeds)](Grammars.ipynb#Grammars-as-Mutation-Seeds)\n", "* Selenium — [Testing Graphical User Interfaces (Automated GUI Interaction)](GUIFuzzer.ipynb#Automated-GUI-Interaction)\n", "* Selenium tests — [Testing Graphical User Interfaces (Writing Test Cases)](GUIFuzzer.ipynb#Writing-Test-Cases)\n", "* Selenium](https://www.seleniumhq.org) is a framework for testing Web applications by _automating interaction in the browser_. Selenium provides an API that allows one to launch a Web browser, query the state of the user interface, and interact with individual user interface elements. The Selenium API is available in a number of languages; we use the [Selenium API for Python — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `send_back()` — [Tracking Information Flow (Preventing Privacy Leaks)](InformationFlow.ipynb#Preventing-Privacy-Leaks)\n", "* `send_order_form()` — [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form)\n", "* `send_order_received()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 2: Sanitized HTML)](WebFuzzer.ipynb#Part-2:-Sanitized-HTML)\n", "* `send_terms_and_conditions()` — [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form)\n", "* `Sequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `seq_vars()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* session cookie — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* `__setitem__()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars)\n", "* `set_arguments()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `set_expansion_probabilities()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `set_grammar()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `set_invocation()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `_set_kv()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `set_opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `set_parents()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `set_prob()` — [Probabilistic Grammar Fuzzing (Directed Fuzzing)](ProbabilisticGrammarFuzzer.ipynb#Directed-Fuzzing)\n", "* `set_probabilities()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* Shellsort — [Introduction to Software Testing (Exercise 1: Testing Shellsort)](Intro_Testing.ipynb#Exercise-1:-Testing-Shellsort)\n", "* `shellsort()` — [Introduction to Software Testing (Exercise 1: Testing Shellsort)](Intro_Testing.ipynb#Exercise-1:-Testing-Shellsort)\n", "* `show_diagram()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `show_table()` — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* `SimpleGrammarCoverageFuzzer` class — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions)\n", "* `SimpleHTTPRequestHandler` class — [Testing Web Applications (A Web User Interface)](WebFuzzer.ipynb#A-Web-User-Interface), [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests), [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form), [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands), [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found), [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors), [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `simple_call_string()` — [Carving Unit Tests (Recording my_sqrt())](Carver.ipynb#Recording-my_sqrt())\n", "* `simple_grammar_fuzzer()` — [Fuzzing with Grammars (A Simple Grammar Fuzzer)](Grammars.ipynb#A-Simple-Grammar-Fuzzer)\n", "* single — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* single-alternative — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* sinks — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `Skip` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `some_long_running_function()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `sort_by_prob()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `source()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* sources — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `split()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* `_split_helper()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* `_split_space()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* SQL commands — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* SQL injection — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `sql()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `SQLException` class — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database)\n", "* `SQLInjectionFuzzer` class — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `SQLInjectionGrammarMiner` class — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `sqrt_program()` — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input), [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input), [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n", "* `srange()` — [Fuzzing with Grammars (Character Classes)](Grammars.ipynb#Character-Classes)\n", "* `stack_to_tree()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `Stack` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* start symbol — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions), [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `start_httpd()` — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* `START_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `start_symbol()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `START_SYMBOL` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `Start` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* state — [Testing Graphical User Interfaces (All Together)](GUIFuzzer.ipynb#All-Together)\n", "* Statement coverage — [Getting Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* states — [Testing Graphical User Interfaces (User Interfaces as Finite State Machines)](GUIFuzzer.ipynb#User-Interfaces-as-Finite-State-Machines)\n", "* `State` class — [Parsing Inputs (States)](Parser.ipynb#States)\n", "* `store_order()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 3: Sanitized SQL)](WebFuzzer.ipynb#Part-3:-Sanitized-SQL)\n", "* String — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* string inclusion — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `strip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip)\n", "* `strip_all_info()` — [Tracking Information Flow (Conversions)](InformationFlow.ipynb#Conversions)\n", "* `strip_all_info_again()` — [Tracking Information Flow (Implicit Information Flow)](InformationFlow.ipynb#Implicit-Information-Flow)\n", "* `STROKE_ODD_PIXEL_LENGTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `__str__()` — [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (States)](Parser.ipynb#States), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `Style` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* subclasses — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `submit()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `subtrees_with_symbol()` — [Reducing Failure-Inducing Inputs (Finding Subtrees)](Reducer.ipynb#Finding-Subtrees)\n", "* `supported_opts()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints), [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `swapcase()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* symbol table — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `symbol_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `SYMBOL_NAME` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `symbol_reductions()` — [Reducing Failure-Inducing Inputs (Both Strategies Together)](Reducer.ipynb#Both-Strategies-Together)\n", "* `SYMBOL_TABLE` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* syntactical structure — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `syntax_diagram()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_alt()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_expr()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_symbol()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* system input — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### T\n", "\n", "* `_t()` — [Parsing Inputs (States)](Parser.ipynb#States), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `table()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables)\n", "* taint — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* taint sanitizers — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `TaintedDB` class — [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB)\n", "* `TaintedGrammarFuzzer` class — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `Tainted` class — [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing)\n", "* terminal symbol — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `terminals()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `Terminal` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* test — [Introduction to Software Testing (Running a Function)](Intro_Testing.ipynb#Running-a-Function)\n", "* `test()` — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* `test_successful_order()` — [Testing Graphical User Interfaces (Writing Test Cases)](GUIFuzzer.ipynb#Writing-Test-Cases)\n", "* the ConfigParser documentation — [Testing Configurations (Exercise 2: .ini Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-2:-.ini-Configuration-Fuzzing)\n", "* this — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* this article — [Probabilistic Grammar Fuzzing (Background)](ProbabilisticGrammarFuzzer.ipynb#Background)\n", "* throw away the result — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `Timer` class — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `tint` class — [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Tracking Information Flow (Part 4: Passing taints from integers to strings)](InformationFlow.ipynb#Part-4:-Passing-taints-from-integers-to-strings)\n", "* `title()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `TITLE_GRAMMAR` — [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* `tokenize()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* tokenizer — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* top to bottom — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* topmost — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `to_graph()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `to_json()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `to_nonterminal()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* `trace()` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `traceit()` — [Getting Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions), [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mining Input Grammars (Tracer)](GrammarMiner.ipynb#Tracer), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Testing Configurations (Tracking Arguments)](ConfigurationFuzzer.ipynb#Tracking-Arguments), [Testing Configurations (Tracking Arguments)](ConfigurationFuzzer.ipynb#Tracking-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Exercises)](Carver.ipynb#Exercises), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results)\n", "* `Tracer` class — [Mining Input Grammars (Tracer)](GrammarMiner.ipynb#Tracer), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* tracing function — [Getting Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* `tracing_context()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `tracing_var()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `TrackingConfigParser` class — [Testing Configurations (Part 3: Mine a Configuration Grammar)](ConfigurationFuzzer.ipynb#Part-3:-Mine-a-Configuration-Grammar)\n", "* `TrackingDB` class — [Tracking Information Flow (TrackingDB)](InformationFlow.ipynb#TrackingDB)\n", "* `TrackingGrammarCoverageFuzzer` class — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `track_event()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* transitive — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `traverse_constraints()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `traverse_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees), [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer)\n", "* tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `TreeMiner` class — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `tree_list_to_string()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `tree_to_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `tree_to_string()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `tree_type()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `TroffRunner` class — [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff)\n", "* `TrustedDB` class — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `TRUSTED` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* `TState` class — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `tstr` class — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators)\n", "* Turing machines — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `twice()` — [Testing Configurations (Creating Autopep8 Options)](ConfigurationFuzzer.ipynb#Creating-Autopep8-Options)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## U - Z" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### U\n", "\n", "* `UNEXPLORED_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `unhack()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `unify_key()` — [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `unify_rule()` — [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `uniq_postdot()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* universal grammars — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `UNKNOWN_ORIGIN` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited)\n", "* `unreachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `UNRESOLVED` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* `UNTRUSTED` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* `up()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `update()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `update_cache()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `update_children()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `update_existing_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_functions()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `update_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `update_inventory()` — [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* `update_new_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_tree()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `upper()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* urllib/parse.py — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `URLPARSE_C_GRAMMAR` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `URLPARSE_GRAMMAR` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `URLPARSE_ORACLE_GRAMMAR` — [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles), [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles), [Fuzzing APIs (Exercise 1: Deep Arguments)](APIFuzzer.ipynb#Exercise-1:-Deep-Arguments)\n", "* `URLS_X` — [Mining Input Grammars (Problems with the Simple Miner)](GrammarMiner.ipynb#Problems-with-the-Simple-Miner)\n", "* `URLS` — [Mining Input Grammars (Example 2. Recovering URL Grammar)](GrammarMiner.ipynb#Example-2.-Recovering-URL-Grammar)\n", "* `URL_GRAMMAR` — [Fuzzing with Grammars (A URL Grammar)](Grammars.ipynb#A-URL-Grammar)\n", "* `url_parse()` — [Mining Input Grammars (Example 2. Recovering URL Grammar)](GrammarMiner.ipynb#Example-2.-Recovering-URL-Grammar)\n", "* `URL_SAMPLE` — [Probabilistic Grammar Fuzzing (Testing Common Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Common-Features)\n", "* `URL_TOKENS` — [Probabilistic Grammar Fuzzing (Testing Common Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Common-Features)\n", "* user interface elements — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `use_id()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### V\n", "\n", "* `v()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `V1` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* `valid_luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `VALUES` — [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `VARIABLE` — [Getting Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `Vars` class — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars)\n", "* `var_access()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `var_assign()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `VAR_GRAMMAR` — [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `var_location_register()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `var_name()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `var_symbol()` — [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments)\n", "* `VAR_TOKENS` — [Fuzzing with Input Fragments (A Grammar-based Mutational Fuzzer)](LangFuzzer.ipynb#A-Grammar-based-Mutational-Fuzzer)\n", "* `VEHICLES` — [Mining Input Grammars (A Simple Grammar Miner)](GrammarMiner.ipynb#A-Simple-Grammar-Miner), [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* `Vehicle` class — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* virtual variable — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `VS` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### W\n", "\n", "* `walk()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* web driver — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `webbrowser()` — [Carving Unit Tests (System Tests vs Unit Tests)](Carver.ipynb#System-Tests-vs-Unit-Tests), [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `WebFormFuzzer` class — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `WebRunner` class — [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values)\n", "* `WHERE` — [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* white-box testing — [Getting Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* Wikipedia page on file formats — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* Wikipedia page on penetration testing — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n", "* Wikipedia pages on Web application security — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n", "* within this method — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `wrapString()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `writeSvg()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### X\n", "\n", "* `x()` — [Tracking Information Flow (Extract Origin String)](InformationFlow.ipynb#Extract-Origin-String)\n", "* XKCD comic — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* XML documents — [Fuzzing with Generators (Example: Matching XML Tags)](GeneratorGrammarFuzzer.ipynb#Example:-Matching-XML-Tags)\n", "* `XML_GRAMMAR` — [Fuzzing with Generators (Example: Matching XML Tags)](GeneratorGrammarFuzzer.ipynb#Example:-Matching-XML-Tags)\n", "* `XML_UNICODE_WCHAR_T` — [Testing Configurations (Part 3: C Preprocessor Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Part-3:-C-Preprocessor-Configuration-Fuzzing)\n", "* XSS — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Z\n", "\n", "* `ZeroOrMore()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ZOOM` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.6.6" }, "toc-autonumbering": false }, "nbformat": 4, "nbformat_minor": 2 }