{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Index" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## A - E" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### A\n", "\n", "* A Probabilistic Analysis of the Efficiency of Automated Software Testing — [Greybox Fuzzing (Background)](GreyboxFuzzer.ipynb#Background)\n", "* a solution — [Concolic Fuzzing (SMT Solvers)](ConcolicFuzzer.ipynb#SMT-Solvers)\n", "* `A()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `A1_GRAMMAR` — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal)\n", "* `A2_GRAMMAR` — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Grammars)](Parser.ipynb#Grammars), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `A3_GRAMMAR` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing)\n", "* Abstract Syntax Tree — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `abs_max()` — [Concolic Fuzzing (Absolute Maximum)](ConcolicFuzzer.ipynb#Absolute-Maximum), [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `abs_value()` — [Concolic Fuzzing (Absolute Maximum)](ConcolicFuzzer.ipynb#Absolute-Maximum), [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* actions — [Testing Graphical User Interfaces (Retrieving User Interface Actions)](GUIFuzzer.ipynb#Retrieving-User-Interface-Actions), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions)\n", "* `ACTIONS` — [Testing Graphical User Interfaces (Exploring Large Sites)](GUIFuzzer.ipynb#Exploring-Large-Sites), [Testing Graphical User Interfaces (Exploring Large Sites)](GUIFuzzer.ipynb#Exploring-Large-Sites), [Testing Graphical User Interfaces (Exploring Large Sites)](GUIFuzzer.ipynb#Exploring-Large-Sites)\n", "* `add()` — [Parsing Inputs (Columns)](Parser.ipynb#Columns)\n", "* add-operator — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* `addDebug()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `addTo()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `add_call()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `add_calls()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_child()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `add_element()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `add_fragment()` — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool)\n", "* `add_group()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_int_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_metavar_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_new_airport()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers), [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `add_parameter()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_parent()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_parents()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `add_result()` — [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results)\n", "* `add_str_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `add_to_fragment_pool()` — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation)\n", "* `add_trace()` — [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints)\n", "* `add_transitive()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `add_tree()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `add_tree_coverage()` — [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `add_type_rule()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `__add__()` — [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Concolic Fuzzing (Concatenation of Strings)](ConcolicFuzzer.ipynb#Concatenation-of-Strings)\n", "* `advance()` — [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (States)](Parser.ipynb#States)\n", "* AdvancedSymbolicFuzzer — [Symbolic Fuzzing ( Roots - Eliminating the Zero Division Error)](SymbolicFuzzer.ipynb#-Roots---Eliminating-the-Zero-Division-Error)\n", "* `AdvancedSymbolicFuzzer` class — [Symbolic Fuzzing (Advanced Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Advanced-Symbolic-Fuzzer), [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop), [Symbolic Fuzzing (Solving Path Constraints)](SymbolicFuzzer.ipynb#Solving-Path-Constraints), [Symbolic Fuzzing (Generating All Paths)](SymbolicFuzzer.ipynb#Generating-All-Paths), [Symbolic Fuzzing (Generating All Paths)](SymbolicFuzzer.ipynb#Generating-All-Paths), [Symbolic Fuzzing (Exercise 2: _Statically checking if a loop should be unrolled further_)](SymbolicFuzzer.ipynb#Exercise-2:-_Statically-checking-if-a-loop-should-be-unrolled-further_), [Symbolic Fuzzing (Exercise 2: _Statically checking if a loop should be unrolled further_)](SymbolicFuzzer.ipynb#Exercise-2:-_Statically-checking-if-a-loop-should-be-unrolled-further_)\n", "* `AdvMutant` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `AdvMutator` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `AdvPMIterator` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `AdvStmtDeletionMutator` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* AFL — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Greybox Fuzzing (Greybox Mutation-based Fuzzer)](GreyboxFuzzer.ipynb#Greybox-Mutation-based-Fuzzer)\n", "* `AFLFastSchedule` class — [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer)\n", "* `AFLGoSchedule` class — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* AFLSmart — [Greybox Fuzzing with Grammars (Mutating Invalid Seeds)](GreyboxGrammarFuzzer.ipynb#Mutating-Invalid-Seeds), [Greybox Fuzzing with Grammars (Background)](GreyboxGrammarFuzzer.ipynb#Background)\n", "* `AFLSmartSchedule` class — [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds)\n", "* `airport_codes_repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* Alex framework — [Testing Graphical User Interfaces (Background)](GUIFuzzer.ipynb#Background)\n", "* all — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example), [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults), [Greybox Fuzzing with Grammars (Lessons Learned)](GreyboxGrammarFuzzer.ipynb#Lessons-Learned), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_), [When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)](WhenToStopFuzzing.ipynb#Discovery-Probability-Quantifies-Residual-Risk)\n", "* all paths — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* all seeds — [Greybox Fuzzing with Grammars (Region-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Region-Based-Fuzzing)\n", "* `all_terminals()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `alternate_reductions()` — [Reducing Failure-Inducing Inputs (Alternate Expansions)](Reducer.ipynb#Alternate-Expansions)\n", "* `AlternatingSequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* alternatives — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* American fuzzy lop — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* American Fuzzy Lop](http://lcamtuf.coredump.cx/afl/) (AFL) was released. Since then, AFL has become one of the most successful fuzzing tools and comes in many flavours, e.g., [AFLFast](https://github.com/mboehme/aflfast), [AFLGo](https://github.com/aflgo/aflgo), and [AFLSmart — [Mutation-Based Fuzzing (Fuzzing with Mutations)](MutationFuzzer.ipynb#Fuzzing-with-Mutations)\n", "* `annotate_arg()` — [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types)\n", "* `annotate_edge()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `annotate_function_ast_with_invariants()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `annotate_function_ast_with_types()` — [Mining Function Specifications (Annotating Functions with Mined Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Mined-Types)\n", "* `annotate_function_with_invariants()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `annotate_function_with_types()` — [Mining Function Specifications (Annotating Functions with Mined Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Mined-Types)\n", "* `annotate_invariants()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `annotate_node()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `annotate_types()` — [Mining Function Specifications (Annotating Functions with Mined Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Mined-Types)\n", "* any — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `any_possible_expansions()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree)\n", "* `append_from_dictionary()` — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt)\n", "* `apply_new_definition()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `apply_result()` — [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion)\n", "* `apply_twice()` — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* arbitrary — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `arc()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ArcCoverage` class — [Concolic Fuzzing (Tracking Constraints)](ConcolicFuzzer.ipynb#Tracking-Constraints), [Symbolic Fuzzing (Visualizing the Coverage)](SymbolicFuzzer.ipynb#Visualizing-the-Coverage), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* `arcs()` — [Concolic Fuzzing (Tracking Constraints)](ConcolicFuzzer.ipynb#Tracking-Constraints)\n", "* `arc_8()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `arguments()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `ARGUMENTS_SYMBOL` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* arithmetic expressions — [Fuzzing with Grammars (Arithmetic Expressions)](Grammars.ipynb#Arithmetic-Expressions)\n", "* `arith_expr()` — [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* `AR` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ascii_chr()` — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* `ASCII_STRING_EBNF_GRAMMAR` — [Fuzzing APIs (Strings)](APIFuzzer.ipynb#Strings)\n", "* `ASCII_STRING_GRAMMAR` — [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis), [Fuzzing APIs (Strings)](APIFuzzer.ipynb#Strings), [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis)\n", "* `assertEquals()` — [Introduction to Software Testing (Automating Test Execution)](Intro_Testing.ipynb#Automating-Test-Execution)\n", "* assertion — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `assignEnergy()` — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules), [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer), [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule), [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule), [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds)\n", "* assignment — [Fuzzing: Breaking Things with Random Inputs (A Testing Assignment)](Fuzzer.ipynb#A-Testing-Assignment)\n", "* `assignments()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `AssignmentTracker` class — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `AssignmentVars` class — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `at()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `ATTACKS` — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `ATTR_GRAMMAR` — [Fuzzing with Generators (Exercise 2: Attribute Grammars)](GeneratorGrammarFuzzer.ipynb#Exercise-2:-Attribute-Grammars)\n", "* `at_dot()` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* Automata theory — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `autopep8()` — [Testing Configurations (Autopep8 Setup)](ConfigurationFuzzer.ipynb#Autopep8-Setup)\n", "* `average_length_until_full_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### B\n", "\n", "* `B()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `back()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* Backus-Naur form — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `bad_fitness()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* before — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `BetterHTTPRequestHandler` class — [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures), [Testing Web Applications (Part 2: Sanitized HTML)](WebFuzzer.ipynb#Part-2:-Sanitized-HTML), [Testing Web Applications (Part 3: Sanitized SQL)](WebFuzzer.ipynb#Part-3:-Sanitized-SQL), [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `BETTER_HTML_INTERNAL_SERVER_ERROR` — [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures)\n", "* `BinaryProgramRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `binomial()` — [Concolic Fuzzing (Binomial Coefficient)](ConcolicFuzzer.ipynb#Binomial-Coefficient)\n", "* `BinOpMutator` class — [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators), [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* `BIRD` — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* bitmap origins — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `BIT_OPS` — [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* black-box testing — [Code Coverage (Black-Box Testing)](Coverage.ipynb#Black-Box-Testing)\n", "* `BletchleyPark` class — [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* blog post — [Mutation-Based Fuzzing (Exercise 3)](MutationFuzzer.ipynb#Exercise-3), [Greybox Fuzzing (Solving the Maze)](GreyboxFuzzer.ipynb#Solving-the-Maze), [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background), [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* BNF — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `BODY` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* Bomba — [When To Stop Fuzzing (The Enigma Machine)](WhenToStopFuzzing.ipynb#The-Enigma-Machine)\n", "* `__bool__()` — [Concolic Fuzzing (Registering Predicates on Conditionals)](ConcolicFuzzer.ipynb#Registering-Predicates-on-Conditionals), [Concolic Fuzzing (Using an Integer in a Boolean Context)](ConcolicFuzzer.ipynb#Using-an-Integer-in-a-Boolean-Context), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `BoostedBletchleyPark` class — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* Branch coverage — [Code Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* `BranchCoverage` class — [Code Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage)\n", "* `BranchTransformer` class — [Search-Based Fuzzing (Instrumenting Source Code Automatically)](SearchBasedFuzzer.ipynb#Instrumenting-Source-Code-Automatically)\n", "* `branch_coverage()` — [Code Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage)\n", "* `break_max_attempts()` — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `break_message()` — [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `break_n_messages()` — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `BROWSER` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium), [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `buggy_my_sqrt_with_postcondition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### C\n", "\n", "* C preprocessor — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `C()` — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* C-Reduce — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* `CachingReducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* `calculate_distance()` — [Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)](SearchBasedFuzzer.ipynb#Defining-a-Search-Landscape:-Fitness-functions)\n", "* call — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* call graph — [Greybox Fuzzing (Solving the Maze)](GreyboxFuzzer.ipynb#Solving-the-Maze)\n", "* call stack — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n", "* `CallCarver` class — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `called_functions()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `CallGrammarMiner` class — [Carving Unit Tests (A Grammar Miner for Calls)](Carver.ipynb#A-Grammar-Miner-for-Calls), [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar), [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments), [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls), [Carving Unit Tests (A Grammar from all Calls)](Carver.ipynb#A-Grammar-from-all-Calls)\n", "* `callgraph()` — [Control Flow Graph (Call Graph Helpers)](ControlFlow.ipynb#Call-Graph-Helpers)\n", "* calls — [Greybox Fuzzing (Computing Function-Level Distance)](GreyboxFuzzer.ipynb#Computing-Function-Level-Distance)\n", "* `calls()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `CallStack` class — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `CallTracker` class — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls)\n", "* `call_string()` — [Carving Unit Tests (Serializing Objects)](Carver.ipynb#Serializing-Objects)\n", "* `CALL_SYMBOL` — [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar)\n", "* `call_value()` — [Carving Unit Tests (Serializing Objects)](Carver.ipynb#Serializing-Objects)\n", "* `__call__()` — [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer)\n", "* `cancel()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* `canonical()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `canonical_expr()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `can_be_satisfied()` — [Symbolic Fuzzing (Exercise 2: _Statically checking if a loop should be unrolled further_)](SymbolicFuzzer.ipynb#Exercise-2:-_Statically-checking-if-a-loop-should-be-unrolled-further_)\n", "* `capitalize()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `Carver` class — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* CFG — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser), [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `CFGNode` class — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* CFGs — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `CFLAGS` — [Fuzzing in the Large (Collecting Code Coverage)](FuzzingInTheLarge.ipynb#Collecting-Code-Coverage)\n", "* CFLs — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `cgi_decode()` — [Code Coverage (A CGI Decoder)](Coverage.ipynb#A-CGI-Decoder), [Search-Based Fuzzing (Testing a More Complex Program)](SearchBasedFuzzer.ipynb#Testing-a-More-Complex-Program), [Control Flow Graph (cgi_decode)](ControlFlow.ipynb#cgi_decode)\n", "* `cgi_decode_traced()` — [Code Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* `cgi_encode()` — [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values)\n", "* `CGI_GRAMMAR` — [Fuzzing with Grammars (A CGI Grammar)](Grammars.ipynb#A-CGI-Grammar), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* `CG` — [Greybox Fuzzing (Computing Function-Level Distance)](GreyboxFuzzer.ipynb#Computing-Function-Level-Distance)\n", "* chapter on parsers](Parser.ipynb) that coarse grammars do not work well for fuzzing when the input format includes details expressed only in code. That is, even though we have the formal specification of CSV files ([RFC 4180 — [Mining Input Grammars (A Grammar Challenge)](GrammarMiner.ipynb#A-Grammar-Challenge)\n", "* character level — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `CHARACTERS_WITHOUT_QUOTE` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `CHARGE_GRAMMAR` — [Fuzzing with Generators (Example: Test a Credit Card System)](GeneratorGrammarFuzzer.ipynb#Example:-Test-a-Credit-Card-System), [Fuzzing with Generators (Example: Numeric Ranges)](GeneratorGrammarFuzzer.ipynb#Example:-Numeric-Ranges)\n", "* `chart_parse()` — [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm)\n", "* `CHAR_WIDTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `check()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `checkpoint()` — [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer)\n", "* checksum — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `check_grammar()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability)\n", "* `check_param()` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `check_time()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* `check_triangle()` — [Symbolic Fuzzing (Obtaining Path Conditions for Coverage)](SymbolicFuzzer.ipynb#Obtaining-Path-Conditions-for-Coverage), [Control Flow Graph (check_triangle)](ControlFlow.ipynb#check_triangle)\n", "* child nodes — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* children — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `CHILDREN` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees), [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* choice expressions — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `Choice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `choose()` — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules)\n", "* `choose_covered_node_expansion()` — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `choose_node_expansion()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (All Together)](GrammarCoverageFuzzer.ipynb#All-Together), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `choose_tree_expansion()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `choose_uncovered_node_expansion()` — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `clean_grammar()` — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `clear_httpd_messages()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `clear_origin()` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `clear_symbol_table()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `clear_taint()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `click()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `clock()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `coalesce()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* code coverage — [Code Coverage](Coverage.ipynb#Code-Coverage)\n", "* code snippet from StackOverflow — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n", "* `code_repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `collapse_if_too_large()` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks)\n", "* colors — [Tracking Information Flow (Tracking Individual Characters)](InformationFlow.ipynb#Tracking-Individual-Characters)\n", "* `column()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Concolic Fuzzing (Database)](ConcolicFuzzer.ipynb#Database)\n", "* `Column` class — [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `combination()` — [Concolic Fuzzing (Binomial Coefficient)](ConcolicFuzzer.ipynb#Binomial-Coefficient)\n", "* commas — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `comma_split()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `COMMENT_CHAR_WIDTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `Comment` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* comparison node — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* Competent Programmer Hypothesis — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* compiler testing — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background), [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* complement of the input samples — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `complete()` — [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `compute_dominator()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `compute_flow()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `compute_gcd()` — [Control Flow Graph (gcd)](ControlFlow.ipynb#gcd)\n", "* concolic — [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* concolic execution — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* Concolic Execution — [Concolic Fuzzing (SMT Solvers)](ConcolicFuzzer.ipynb#SMT-Solvers)\n", "* `concolic()` — [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (Generating Fresh Names)](ConcolicFuzzer.ipynb#Generating-Fresh-Names)\n", "* `ConcolicDB` class — [Concolic Fuzzing (Database)](ConcolicFuzzer.ipynb#Database)\n", "* `ConcolicGrammarFuzzer` class — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer), [Concolic Fuzzing (All together)](ConcolicFuzzer.ipynb#All-together), [Concolic Fuzzing (All together)](ConcolicFuzzer.ipynb#All-together)\n", "* `ConcolicTracer` class — [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format), [Concolic Fuzzing (Generating Fresh Names)](ConcolicFuzzer.ipynb#Generating-Fresh-Names), [Concolic Fuzzing (Evaluating the Concolic Expressions)](ConcolicFuzzer.ipynb#Evaluating-the-Concolic-Expressions), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* concrete syntax tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `condition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* conditional compilation — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `CONDITION` — [Code Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage), [Code Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage), [Code Coverage (Exercise 2: Branch Coverage)](Coverage.ipynb#Exercise-2:-Branch-Coverage)\n", "* `CONSTRAINED_VAR_GRAMMAR` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* constraint — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `construct_callgraph()` — [Control Flow Graph (Call Graph Helpers)](ControlFlow.ipynb#Call-Graph-Helpers)\n", "* context-free grammars — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `Context` class — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* contract — [Mining Function Specifications (Why Generic Error Checking is Not Enough)](DynamicInvariants.ipynb#Why-Generic-Error-Checking-is-Not-Enough)\n", "* `convert()` — [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `convert_ebnf_grammar()` — [Fuzzing with Grammars (All Together)](Grammars.ipynb#All-Together)\n", "* `convert_ebnf_operators()` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `convert_ebnf_parentheses()` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* `copy()` — [Parsing Inputs (States)](Parser.ipynb#States), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Symbolic Fuzzing (Tracking Assignments)](SymbolicFuzzer.ipynb#Tracking-Assignments)\n", "* `COUNTER` — [Concolic Fuzzing (Generating Fresh Names)](ConcolicFuzzer.ipynb#Generating-Fresh-Names)\n", "* `CountingGreyboxFuzzer` class — [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer)\n", "* `counts()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `count_expansions()` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `count_nodes()` — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* Coupling Effect — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* coverage criteria — [Code Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* `coverage()` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Code Coverage (Part 1: Compute branch coverage)](Coverage.ipynb#Part-1:-Compute-branch-coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* Coverage-based Greybox Fuzzing as Markov Chain — [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer)\n", "* `Coverage` class — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mutation Analysis (Structural Coverage Adequacy by Example)](MutationAnalysis.ipynb#Structural-Coverage-Adequacy-by-Example)\n", "* `cpp_identifiers()` — [Testing Configurations (Part 1: Extract Preprocessor Variables)](ConfigurationFuzzer.ipynb#Part-1:-Extract-Preprocessor-Variables)\n", "* `crange()` — [Fuzzing with Grammars (Character Classes)](Grammars.ipynb#Character-Classes)\n", "* `crashme()` — [Greybox Fuzzing (Runner and Sample Program)](GreyboxFuzzer.ipynb#Runner-and-Sample-Program)\n", "* `crash_if_too_long()` — [Fuzzing: Breaking Things with Random Inputs (Buffer Overflows)](Fuzzer.ipynb#Buffer-Overflows)\n", "* `crawl()` — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* crawler — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `create()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Create)](InformationFlow.ipynb#Create), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions), [Concolic Fuzzing (A Proxy Class for Booleans)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Booleans), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `create_assignments()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `create_call_stack()` — [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `create_candidate()` — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing), [Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)](GreyboxGrammarFuzzer.ipynb#Integration-with-Greybox-Fuzzing)\n", "* `create_foo_py()` — [Testing Configurations (Creating Autopep8 Options)](ConfigurationFuzzer.ipynb#Creating-Autopep8-Options)\n", "* `create_instrumented_function()` — [Search-Based Fuzzing (Instrumenting Source Code Automatically)](SearchBasedFuzzer.ipynb#Instrumenting-Source-Code-Automatically)\n", "* `create_population()` — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `create_table()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables)\n", "* `create_tracker()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `create_tree_miner()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* cross-site scripting — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* crossover — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `crossover()` — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* CSmith — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* CSV — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `CSV_GRAMMAR` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* current — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `C_SAMPLE_GRAMMAR` — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* `C` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### D\n", "\n", "* DAIKON dynamic invariant detector](https://plse.cs.washington.edu/daikon/) can be considered the mother of function specification miners. Continuously maintained and extended for more than 20 years, it mines likely invariants in the style of this chapter for a variety of languages, including C, C++, C#, Eiffel, F#, Java, Perl, and Visual Basic. On top of the functionality discussed above, it holds a rich catalog of patterns for likely invariants, supports data invariants, can eliminate invariants that are implied by others, and determines statistical confidence to disregard unlikely invariants. The corresponding paper \\cite{Ernst2001} is one of the seminal and most-cited papers of Software Engineering. A multitude of works have been published based on DAIKON and detecting invariants; see this [curated list — [Mining Function Specifications (Background)](DynamicInvariants.ipynb#Background)\n", "* data dictionary — [Testing Web Applications (Leaking Internal Information)](WebFuzzer.ipynb#Leaking-Internal-Information)\n", "* database — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `db_select()` — [Concolic Fuzzing (Database)](ConcolicFuzzer.ipynb#Database)\n", "* `DB` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input), [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB), [Concolic Fuzzing (Database)](ConcolicFuzzer.ipynb#Database)\n", "* `DB` class — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data), [Tracking Information Flow (Updating Data)](InformationFlow.ipynb#Updating-Data), [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* debugger — [Introduction to Software Testing (Debugging a Function)](Intro_Testing.ipynb#Debugging-a-Function)\n", "* `DEBUG` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `declarations()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `decorator()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* `decrange()` — [Probabilistic Grammar Fuzzing (Probabilities in Context)](ProbabilisticGrammarFuzzer.ipynb#Probabilities-in-Context)\n", "* `default_edge_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `default_graph_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `default_node_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `DEFAULT_ORIGIN` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `DEFAULT_STYLE` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* deferred parsing — [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* `defined_vars()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `DefineTracker` class — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `define_expr()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `define_ex_grammar()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `define_grammar()` — [Fuzzing with Grammars (Part 1 (a): One Single Function)](Grammars.ipynb#Part-1-(a):-One-Single-Function)\n", "* `define_id()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `define_name()` — [Fuzzing with Grammars (Part 1 (b): Alternative representations)](Grammars.ipynb#Part-1-(b):-Alternative-representations)\n", "* `define_symbolic_vars()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `def_used_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* degree of validity — [Greybox Fuzzing with Grammars (Determining Symbol Regions)](GreyboxGrammarFuzzer.ipynb#Determining-Symbol-Regions)\n", "* `degree_of_validity()` — [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds)\n", "* `DELAY_AFTER_CHECK` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_CLICK` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_FILL` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `DELAY_AFTER_SUBMIT` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `delete_element()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `delete_fragment()` — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation)\n", "* `delete_last_character()` — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt)\n", "* `delete_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed)\n", "* `DELETE` — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `DeltaDebuggingReducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* derivation tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `determineGaps()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `deterministic_reduction()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `DiagramItem` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `DIAGRAM_CLASS` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `Diagram` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `DictMutator` class — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt), [Greybox Fuzzing with Grammars (Building a Keyword Dictionary)](GreyboxGrammarFuzzer.ipynb#Building-a-Keyword-Dictionary)\n", "* `diff()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* different — [Mining Input Grammars (Problems with the Grammar Miner with Reassignment)](GrammarMiner.ipynb#Problems-with-the-Grammar-Miner-with-Reassignment)\n", "* `DIGIT_GRAMMAR` — [Fuzzing with Grammars (Representing Grammars in Python)](Grammars.ipynb#Representing-Grammars-in-Python)\n", "* Directed Greybox Fuzzing](https://mboehme.github.io/paper/CCS17.pdf)\" \\cite{boehme2017greybox} and check out the implementation into AFL at [http://github.com/aflgo/aflgo — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* `DirectedSchedule` class — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* `DIRECTLY_SELF_REFERRING` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* discovery — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* discovery probability — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `display_annotated_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `display_httpd_message()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `display_stack()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `display_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `distance_character()` — [Search-Based Fuzzing (Branch Distances)](SearchBasedFuzzer.ipynb#Branch-Distances)\n", "* Domato — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `dot_escape()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `doubleenumerate()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `down()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `do_call()` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `do_check()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_click()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_delete()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* `do_fill()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_GET()` — [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests)\n", "* `do_HEAD()` — [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands)\n", "* `do_insert()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `do_select()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data)\n", "* `do_submit()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `do_update()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Updating Data)](InformationFlow.ipynb#Updating-Data)\n", "* Dragon Book — [Efficient Grammar Fuzzing (Background)](GrammarFuzzer.ipynb#Background)\n", "* `duplicate_context()` — [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically)\n", "* `_duplicate_context()` — [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically)\n", "* during — [Greybox Fuzzing (Lessons Learned)](GreyboxFuzzer.ipynb#Lessons-Learned)\n", "* dynamic analysis — [Code Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* dynamic taint — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* dynamic taint analysis — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* dynamic taints — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### E\n", "\n", "* `e()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* Earley parser — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `EarleyParser` class — [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (Predicting States)](Parser.ipynb#Predicting-States), [Parsing Inputs (Scanning Tokens)](Parser.ipynb#Scanning-Tokens), [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing), [Parsing Inputs (Filling the Chart)](Parser.ipynb#Filling-the-Chart), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths), [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests), [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `earley_complete()` — [Parsing Inputs (Completing Processing)](Parser.ipynb#Completing-Processing)\n", "* EBNF — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `ebnf_grammar()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `elapsed_time()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* elements — [When To Stop Fuzzing (The Kenngruppenbuch)](WhenToStopFuzzing.ipynb#The-Kenngruppenbuch), [When To Stop Fuzzing (The Kenngruppenbuch)](WhenToStopFuzzing.ipynb#The-Kenngruppenbuch)\n", "* ELSE — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* embed the finite state machine into a grammar — [Testing Graphical User Interfaces (State Machines as Grammars)](GUIFuzzer.ipynb#State-Machines-as-Grammars)\n", "* `EmbeddedInvariantAnnotator` class — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `EmbeddedInvariantTransformer` class — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* EMI Project — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `End` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* energy — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules)\n", "* Enigma — [When To Stop Fuzzing](WhenToStopFuzzing.ipynb#When-To-Stop-Fuzzing)\n", "* Enigma machines — [When To Stop Fuzzing (The Enigma Machine)](WhenToStopFuzzing.ipynb#The-Enigma-Machine)\n", "* `EnigmaMachine` class — [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma), [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma)\n", "* `enter()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `__enter__()` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `EOF` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks), [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal), [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal)\n", "* epsilon expansion — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node)\n", "* `EPSILON` — [Introduction to Software Testing (Automating Test Execution)](Intro_Testing.ipynb#Automating-Test-Execution), [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix), [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal), [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n", "* Equivalent mutants — [Mutation Analysis (The Problem of Equivalent Mutants)](MutationAnalysis.ipynb#The-Problem-of--Equivalent-Mutants)\n", "* `__eq__()` — [Parsing Inputs (States)](Parser.ipynb#States), [Concolic Fuzzing (Equality between Integers)](ConcolicFuzzer.ipynb#Equality-between-Integers), [Concolic Fuzzing (Equality between Strings)](ConcolicFuzzer.ipynb#Equality-between-Strings), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `escapelines()` — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* Estimating the population size for capture-recapture data with unequal catchability — [When To Stop Fuzzing (Background)](WhenToStopFuzzing.ipynb#Background)\n", "* `EvalMysteryRunner` class — [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules)\n", "* `evaluate_condition()` — [Search-Based Fuzzing (Instrumentation for Atomic Conditions)](SearchBasedFuzzer.ipynb#Instrumentation-for-Atomic-Conditions), [Search-Based Fuzzing (Instrumentation for Atomic Conditions)](SearchBasedFuzzer.ipynb#Instrumentation-for-Atomic-Conditions)\n", "* `evaluate_path()` — [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* `evaluate_population()` — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `eval_function()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `eval_with_exception()` — [Fuzzing with Generators (Example: Negative Expressions)](GeneratorGrammarFuzzer.ipynb#Example:-Negative-Expressions)\n", "* even more — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `EvenFasterGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* excellent library from Tab Atkins jr. — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `executable()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `ExerciseGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)](GrammarFuzzer.ipynb#Exercise-4:-Alternate-Random-Expansions)\n", "* `__exit__()` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `expandtabs()` — [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs)\n", "* `expand_node()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation)\n", "* `expand_node_by_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `expand_node_max_cost()` — [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation)\n", "* `expand_node_min_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `expand_node_randomly()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 4: Alternate Random Expansions)](GrammarFuzzer.ipynb#Exercise-4:-Alternate-Random-Expansions), [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `expand_tree()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* `expand_tree_once()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `expand_tree_with_strategy()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* `expand_tstate()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* expansion alternatives — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* expansion rules — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* `ExpansionCountMiner` class — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `ExpansionError` class — [Fuzzing with Grammars (A Simple Grammar Fuzzer)](Grammars.ipynb#A-Simple-Grammar-Fuzzer)\n", "* `expansion_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `expansion_key()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `expansion_to_children()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results)\n", "* `ExpectError` class — [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors)\n", "* `ExpectTimeout` class — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* exploit — [Greybox Fuzzing with Grammars (Parsing and Recombining JavaScript, or How to Make 50,000 USD in Four Weeks)](GreyboxGrammarFuzzer.ipynb#Parsing-and-Recombining-JavaScript,-or-How-to-Make-50,000-USD-in-Four-Weeks)\n", "* `explore()` — [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths)\n", "* `explore_all()` — [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States)\n", "* `expression_clause()` — [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data)\n", "* `expression_grammar_fn()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* `EXPR_EBNF_GRAMMAR` — [Fuzzing with Grammars (Grammar Shortcuts)](Grammars.ipynb#Grammar-Shortcuts)\n", "* `EXPR_GRAMMAR_BNF` — [Efficient Grammar Fuzzing (An Insufficient Algorithm)](GrammarFuzzer.ipynb#An-Insufficient-Algorithm)\n", "* `EXPR_GRAMMAR` — [Fuzzing with Grammars (Representing Grammars in Python)](Grammars.ipynb#Representing-Grammars-in-Python), [Grammar Coverage (Covering Grammar Elements)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Elements), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (Extending Grammars for Context Coverage Programmatically)](GrammarCoverageFuzzer.ipynb#Extending-Grammars-for-Context-Coverage-Programmatically), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Fuzzing with Generators (Example: More Numeric Ranges)](GeneratorGrammarFuzzer.ipynb#Example:-More-Numeric-Ranges), [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `exp_opt()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `exp_opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `exp_order()` — [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `exp_post_expansion_function()` — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints)\n", "* `exp_pre_expansion_function()` — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints)\n", "* `exp_prob()` — [Probabilistic Grammar Fuzzing (Specifying Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Specifying-Probabilities)\n", "* `exp_probabilities()` — [Probabilistic Grammar Fuzzing (Distributing Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Distributing-Probabilities)\n", "* `exp_string()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `extended_nonterminals()` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `extend_grammar()` — [Fuzzing with Grammars (Extending Grammars)](Grammars.ipynb#Extending-Grammars)\n", "* `extract_a_tree()` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* `extract_constraints()` — [Symbolic Fuzzing (Extracting All Constraints)](SymbolicFuzzer.ipynb#Extracting-All-Constraints), [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* `extract_node()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `extract_trees()` — [Parsing Inputs (Extracting Trees)](Parser.ipynb#Extracting-Trees), [Parsing Inputs (Ambiguous Parsing)](Parser.ipynb#Ambiguous-Parsing), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* `extract_vars()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* extremely efficient — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* `E_GRAMMAR_1` — [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix), [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix)\n", "* `E_GRAMMAR` — [Parsing Inputs (The Aycock Epsilon Fix)](Parser.ipynb#The-Aycock-Epsilon-Fix)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## F - J" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### F\n", "\n", "* factorial value — [Concolic Fuzzing (Tracking Constraints)](ConcolicFuzzer.ipynb#Tracking-Constraints)\n", "* `factorial()` — [Concolic Fuzzing (Tracking Constraints)](ConcolicFuzzer.ipynb#Tracking-Constraints), [Concolic Fuzzing (Binomial Coefficient)](ConcolicFuzzer.ipynb#Binomial-Coefficient)\n", "* `fail_test()` — [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors)\n", "* `FAIL` — [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis)\n", "* `FasterGrammarFuzzer` class — [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results)\n", "* `fib()` — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* `FILE` — [Fuzzing: Breaking Things with Random Inputs (Creating Input Files)](Fuzzer.ipynb#Creating-Input-Files)\n", "* `fill()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `fill_chart()` — [Parsing Inputs (Filling the Chart)](Parser.ipynb#Filling-the-Chart)\n", "* `FilteredLeoParser` class — [Parsing Inputs (Exercise 6: Filtered Earley Parser)](Parser.ipynb#Exercise-6:-Filtered-Earley-Parser)\n", "* `FINAL_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `find()` — [Concolic Fuzzing (Finding Substrings)](ConcolicFuzzer.ipynb#Finding-Substrings)\n", "* `find_alternatives()` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `find_comma()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `find_contents()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `find_element()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `find_executable()` — [Testing Configurations (Autopep8 Setup)](ConfigurationFuzzer.ipynb#Autopep8-Setup)\n", "* `find_expansion()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `find_grammar()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `_find_reachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `finish()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations)\n", "* `finished()` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* Finite Neighborhood Hypothesis — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* finite state machine — [Testing Graphical User Interfaces (User Interfaces as Finite State Machines)](GUIFuzzer.ipynb#User-Interfaces-as-Finite-State-Machines)\n", "* finite state machines — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* first — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `firstset()` — [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal)\n", "* `firstset_()` — [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal)\n", "* `first_digit_via_log()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `first_digit_via_string()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `first_expr()` — [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal)\n", "* `first` and `follow` — [Parsing Inputs (Exercise 8: First Set of a Nonterminal)](Parser.ipynb#Exercise-8:-First-Set-of-a-Nonterminal)\n", "* fitness — [Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)](SearchBasedFuzzer.ipynb#Defining-a-Search-Landscape:-Fitness-functions)\n", "* fitness function — [Search-Based Fuzzing (Defining a Search Landscape: Fitness functions)](SearchBasedFuzzer.ipynb#Defining-a-Search-Landscape:-Fitness-functions)\n", "* `fixed_cgi_decode()` — [Code Coverage (Exercise 1: Fixing cgi_decode)](Coverage.ipynb#Exercise-1:-Fixing-cgi_decode)\n", "* `fixpoint()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* `fix_luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `flatten()` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `flip_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Search-Based Fuzzing (Global Search)](SearchBasedFuzzer.ipynb#Global-Search)\n", "* `FLOAT_BINARY_OPS` — [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `FLOAT_BOOL_OPS` — [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `FLOAT_EBNF_GRAMMAR` — [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats)\n", "* `float_grammar_with_range()` — [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats)\n", "* `FLOAT_GRAMMAR` — [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis), [Fuzzing APIs (Floats)](APIFuzzer.ipynb#Floats), [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis)\n", "* `fmt()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `followset()` — [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal)\n", "* `followset_()` — [Parsing Inputs (Exercise 9: Follow Set of a Nonterminal)](Parser.ipynb#Exercise-9:-Follow-Set-of-a-Nonterminal)\n", "* `follow_link()` — [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions)\n", "* for-loop — [Control Flow Graph (fib)](ControlFlow.ipynb#fib)\n", "* `forest()` — [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests), [Parsing Inputs (Exercise 6: Filtered Earley Parser)](Parser.ipynb#Exercise-6:-Filtered-Earley-Parser)\n", "* formal languages — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages), [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* `format()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `FormHTMLParser` class — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields)\n", "* fragment — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Lessons Learned)](GreyboxGrammarFuzzer.ipynb#Lessons-Learned)\n", "* `FragmentMutator` class — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* `fragments()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker)\n", "* `FRAGMENT_LEN` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `fresh_name()` — [Concolic Fuzzing (Generating Fresh Names)](ConcolicFuzzer.ipynb#Generating-Fresh-Names)\n", "* `fsm_diagram()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `fsm_last_state_symbol()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `fsm_path()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `FunctionCoverageRunner` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `FunctionRunner` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `functions_with_invariants()` — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `functions_with_invariants_ast()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `function_symbol()` — [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls)\n", "* `function_with_invariants()` — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `function_with_invariants_ast()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `funct_parser()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* fuzz — [Mutation Analysis (Seeding Artificial Faults with Mutation Analysis)](MutationAnalysis.ipynb#Seeding-Artificial-Faults-with-Mutation-Analysis)\n", "* `fuzz()` — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (All together)](ConcolicFuzzer.ipynb#All-together), [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer)\n", "* `fuzzed_url_element()` — [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles)\n", "* fuzzer — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `fuzzer()` — [Fuzzing: Breaking Things with Random Inputs (A Simple Fuzzer)](Fuzzer.ipynb#A-Simple-Fuzzer)\n", "* `Fuzzer` class — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* fuzzing — [Fuzzing: Breaking Things with Random Inputs](Fuzzer.ipynb#Fuzzing:-Breaking-Things-with Random Inputs), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* fuzzingbook.org — [Carving Unit Tests (System Tests vs Unit Tests)](Carver.ipynb#System-Tests-vs-Unit-Tests), [Testing Graphical User Interfaces (Exploring Large Sites)](GUIFuzzer.ipynb#Exploring-Large-Sites)\n", "* `FUZZINGBOOK_SWAG` — [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders), [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders), [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders)\n", "* FuzzManager — [Fuzzing in the Large (Running a Crash Server)](FuzzingInTheLarge.ipynb#Running-a-Crash-Server), [Fuzzing in the Large (Setting up the Server)](FuzzingInTheLarge.ipynb#Setting-up-the-Server)\n", "* FuzzManager coverage page — [Fuzzing in the Large (Collecting Code Coverage)](FuzzingInTheLarge.ipynb#Collecting-Code-Coverage)\n", "* FuzzManager crashes page — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* FuzzManager](https://github.com/MozillaSecurity/FuzzManager). Its [Github page — [Fuzzing in the Large (Background)](FuzzingInTheLarge.ipynb#Background)\n", "* `fuzz_tree()` — [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together), [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### G\n", "\n", "* gcd — [Symbolic Fuzzing (Fuzzing with Advanced Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Advanced-Symbolic-Fuzzer)\n", "* `gcd()` — [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Mutation Analysis (The Problem of Equivalent Mutants)](MutationAnalysis.ipynb#The-Problem-of--Equivalent-Mutants), [Symbolic Fuzzing (Problems with the Simple Fuzzer)](SymbolicFuzzer.ipynb#Problems-with-the-Simple-Fuzzer), [Control Flow Graph (gcd)](ControlFlow.ipynb#gcd)\n", "* `generate_good_tile()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `generate_maze_code()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `generate_mutant()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `generate_print_maze()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `generate_target_tile()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `generate_trap_tile()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* generation-based — [Greybox Fuzzing (Greybox Mutation-based Fuzzer)](GreyboxFuzzer.ipynb#Greybox-Mutation-based-Fuzzer)\n", "* generator function in Python — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `GeneratorGrammarFuzzer` class — [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion), [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* Genetic Algorithm — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `genetic_algorithm()` — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `gen_cfg()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `gen_fn_summary()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* Geometric Mean — [Greybox Fuzzing (Computing Function-Level Distance)](GreyboxFuzzer.ipynb#Computing-Function-Level-Distance)\n", "* `__getFunctions__()` — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* `__getitem__()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Tracking Information Flow (Index)](InformationFlow.ipynb#Index), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (Producing Substrings)](ConcolicFuzzer.ipynb#Producing-Substrings), [Testing Configurations (Part 3: Mine a Configuration Grammar)](ConfigurationFuzzer.ipynb#Part-3:-Mine-a-Configuration-Grammar)\n", "* `getPathID()` — [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer)\n", "* `getTraceHash()` — [When To Stop Fuzzing (Trace Coverage)](WhenToStopFuzzing.ipynb#Trace-Coverage)\n", "* `get_all_paths()` — [Symbolic Fuzzing (Generating All Possible Paths)](SymbolicFuzzer.ipynb#Generating-All-Possible-Paths), [Symbolic Fuzzing (Generating All Paths)](SymbolicFuzzer.ipynb#Generating-All-Paths), [Symbolic Fuzzing (Exercise 2: _Statically checking if a loop should be unrolled further_)](SymbolicFuzzer.ipynb#Exercise-2:-_Statically-checking-if-a-loop-should-be-unrolled-further_), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* `get_alternatives()` — [Fuzzing with Grammars (Exercise 4: Defining Grammars as Functions (Advanced))](Grammars.ipynb#Exercise-4:-Defining-Grammars-as-Functions-(Advanced))\n", "* `get_annotations()` — [Symbolic Fuzzing (The Control Flow Graph)](SymbolicFuzzer.ipynb#The-Control-Flow-Graph)\n", "* `get_arguments()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `get_callgraph()` — [Control Flow Graph (Call Graph Helpers)](ControlFlow.ipynb#Call-Graph-Helpers)\n", "* `get_cfg()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `get_defining_function()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `get_derivation_tree()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `get_expression()` — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* `get_field_values()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders)\n", "* `get_fitness()` — [Search-Based Fuzzing (Instrumentation)](SearchBasedFuzzer.ipynb#Instrumentation), [Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)](SearchBasedFuzzer.ipynb#Fitness-Function-to-Create-Valid-Hexadecimal-Inputs)\n", "* `get_func()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `get_grammar()` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `get_html()` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `get_mutation_count()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `get_newpath()` — [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints)\n", "* `get_next_path()` — [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer), [Symbolic Fuzzing (Generating All Paths)](SymbolicFuzzer.ipynb#Generating-All-Paths)\n", "* `get_path_to_root()` — [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths)\n", "* `get_qualified_name()` — [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls)\n", "* `get_registry()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry)\n", "* `get_registry_idx()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `get_replacements()` — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `get_symbolicparams()` — [Symbolic Fuzzing (The Control Flow Graph)](SymbolicFuzzer.ipynb#The-Control-Flow-Graph)\n", "* `get_top()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `GET` — [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests), [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands), [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `__ge__()` — [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers)\n", "* globally — [Search-Based Fuzzing (Global Search)](SearchBasedFuzzer.ipynb#Global-Search)\n", "* GNU bc — [Mutation-Based Fuzzing (Part 2: Guided Mutations)](MutationFuzzer.ipynb#Part-2:-Guided-Mutations)\n", "* grammar fuzzing — [Fuzzing with Grammars (Arithmetic Expressions)](Grammars.ipynb#Arithmetic-Expressions)\n", "* `grammar()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `GrammarCoverageFuzzer` class — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children), [Grammar Coverage (Adaptive Lookahead)](GrammarCoverageFuzzer.ipynb#Adaptive-Lookahead), [Grammar Coverage (All Together)](GrammarCoverageFuzzer.ipynb#All-Together)\n", "* `GrammarFuzzer` class — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Node Inflation)](GrammarFuzzer.ipynb#Node-Inflation), [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases), [Efficient Grammar Fuzzing (Putting it all Together)](GrammarFuzzer.ipynb#Putting-it-all-Together)\n", "* Grammarinator — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `GrammarMiner` class — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar)\n", "* `GrammarReducer` class — [Reducing Failure-Inducing Inputs (A Class for Reducing with Grammars)](Reducer.ipynb#A-Class-for-Reducing-with-Grammars), [Reducing Failure-Inducing Inputs (Finding Subtrees)](Reducer.ipynb#Finding-Subtrees), [Reducing Failure-Inducing Inputs (Alternate Expansions)](Reducer.ipynb#Alternate-Expansions), [Reducing Failure-Inducing Inputs (Both Strategies Together)](Reducer.ipynb#Both-Strategies-Together), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)](Reducer.ipynb#A-Depth-Oriented-Strategy)\n", "* grammars — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `graph_attr()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* greybox fuzzer — [Greybox Fuzzing (Background)](GreyboxFuzzer.ipynb#Background), [Greybox Fuzzing (Lessons Learned)](GreyboxFuzzer.ipynb#Lessons-Learned)\n", "* `GreyboxFuzzer` class — [Greybox Fuzzing (Greybox Mutation-based Fuzzer)](GreyboxFuzzer.ipynb#Greybox-Mutation-based-Fuzzer)\n", "* `GreyboxGrammarFuzzer` class — [Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)](GreyboxGrammarFuzzer.ipynb#Integration-with-Greybox-Fuzzing)\n", "* `__gt__()` — [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers)\n", "* GUI Ripping — [Testing Graphical User Interfaces (Background)](GUIFuzzer.ipynb#Background)\n", "* `GUICoverageFuzzer` class — [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States), [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States)\n", "* `GUIFuzzer` class — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `GUIGrammarMiner` class — [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Input Element Actions)](GUIFuzzer.ipynb#Input-Element-Actions), [Testing Graphical User Interfaces (Button Element Actions)](GUIFuzzer.ipynb#Button-Element-Actions), [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions), [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `GUIRunner` class — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `GUI_GRAMMAR` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars), [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### H\n", "\n", "* `h()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `handle_endtag()` — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields)\n", "* `handle_order()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `handle_starttag()` — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `hang_if_no_space()` — [Fuzzing: Breaking Things with Random Inputs (Missing Error Checks)](Fuzzer.ipynb#Missing-Error-Checks)\n", "* `__hash__()` — [Parsing Inputs (States)](Parser.ipynb#States)\n", "* `has_origin()` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* `has_taint()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins)\n", "* HDD — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* `HEADLESS` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium), [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `HEAD` — [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands)\n", "* heartbeat — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `heartbeat()` — [Fuzzing: Breaking Things with Random Inputs (Information Leaks)](Fuzzer.ipynb#Information-Leaks)\n", "* HeartBleed announcement page — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* HeartBleed bug — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `hello()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls)\n", "* `helper()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* heuristic — [Search-Based Fuzzing](SearchBasedFuzzer.ipynb#Search-Based-Fuzzing)\n", "* Hierarchical Delta Debugging — [Reducing Failure-Inducing Inputs (Background)](Reducer.ipynb#Background)\n", "* higher coverage — [Greybox Fuzzing with Grammars (Region-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Region-Based-Fuzzing)\n", "* `highlight_node()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* highly accurate — [When To Stop Fuzzing (Evaluating the Discovery Probability Estimate)](WhenToStopFuzzing.ipynb#Evaluating-the-Discovery-Probability-Estimate)\n", "* `high_charge()` — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* `hillclimber()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `hillclimb_cgi()` — [Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)](SearchBasedFuzzer.ipynb#Hillclimbing-Valid-Hexadecimal-Inputs)\n", "* `hillclimb_cgi_limited()` — [Search-Based Fuzzing (Evolutionary Search)](SearchBasedFuzzer.ipynb#Evolutionary-Search)\n", "* `hl_node()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `hl_predicate()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* hook into `__new__()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings)\n", "* `HorizontalChoice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* HTML injection — [Testing Web Applications (HTML Injection Attacks)](WebFuzzer.ipynb#HTML-Injection-Attacks)\n", "* HTML parser — [Greybox Fuzzing (Complex Example: XMLParser)](GreyboxFuzzer.ipynb#Complex-Example:-XMLParser)\n", "* `HTMLGrammarMiner` class — [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* HTMLParser — [When To Stop Fuzzing (Measuring Trace Coverage over Time)](WhenToStopFuzzing.ipynb#Measuring-Trace-Coverage-over-Time)\n", "* `HTML_INTERNAL_SERVER_ERROR` — [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors)\n", "* `HTML_NOT_FOUND` — [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found)\n", "* `HTML_ORDER_FORM` — [Testing Web Applications (Taking Orders)](WebFuzzer.ipynb#Taking-Orders)\n", "* `HTML_ORDER_RECEIVED` — [Testing Web Applications (Order Confirmation)](WebFuzzer.ipynb#Order-Confirmation)\n", "* `HTML_TERMS_AND_CONDITIONS` — [Testing Web Applications (Terms and Conditions)](WebFuzzer.ipynb#Terms-and-Conditions)\n", "* `HTTPD_MESSAGE_QUEUE` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `http_program()` — [Mutation-Based Fuzzing (Fuzzing a URL Parser)](MutationFuzzer.ipynb#Fuzzing-a-URL-Parser)\n", "* `hundred_inputs()` — [Code Coverage ( Coverage of Basic Fuzzing)](Coverage.ipynb#-Coverage-of-Basic-Fuzzing)\n", "* hypothesis package — [Fuzzing APIs (Background)](APIFuzzer.ipynb#Background)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### I\n", "\n", "* `i()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `identifiers_with_types()` — [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* `identifier_grammar_fn()` — [Fuzzing with Grammars (Part 2: Extended Grammars)](Grammars.ipynb#Part-2:-Extended-Grammars)\n", "* `idx()` — [Parsing Inputs (States)](Parser.ipynb#States)\n", "* IF — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `ignored()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* immutable — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings)\n", "* `import_code()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* in order — [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key)\n", "* in the same method invocation — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* in this very popular XKCD comic — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* in-memory database — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database)\n", "* incidence frequency — [When To Stop Fuzzing (Exercises)](WhenToStopFuzzing.ipynb#Exercises)\n", "* `indent()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `INDIRECTLY_SELF_REFERRING` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `ineffective_test()` — [Mutation Analysis (Why Structural Coverage is Not Enough)](MutationAnalysis.ipynb#Why-Structural-Coverage-is-Not-Enough), [Mutation Analysis (Why Structural Coverage is Not Enough)](MutationAnalysis.ipynb#Why-Structural-Coverage-is-Not-Enough)\n", "* inferring loop invariants — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* inherit — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `initial_grammar()` — [Carving Unit Tests (Initial Grammar)](Carver.ipynb#Initial-Grammar)\n", "* `init_db()` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `init_tainted_grammar()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `init_tree()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node)\n", "* `__init__()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff), [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer), [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt), [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt), [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Efficient Grammar Fuzzing (Exercise 1: Caching Method Results)](GrammarFuzzer.ipynb#Exercise-1:-Caching-Method-Results), [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (States)](Parser.ipynb#States), [Parsing Inputs (The Parsing Algorithm)](Parser.ipynb#The-Parsing-Algorithm), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Greybox Fuzzing with Grammars (Building a Keyword Dictionary)](GreyboxGrammarFuzzer.ipynb#Building-a-Keyword-Dictionary), [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Integration with Greybox Fuzzing)](GreyboxGrammarFuzzer.ipynb#Integration-with-Greybox-Fuzzing), [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules), [Reducing Failure-Inducing Inputs (A Class for Reducing with Grammars)](Reducer.ipynb#A-Class-for-Reducing-with-Grammars), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects), [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Tracking Information Flow (Part 4: Passing taints from integers to strings)](InformationFlow.ipynb#Part-4:-Passing-taints-from-integers-to-strings), [Concolic Fuzzing (A Concolic Tracer)](ConcolicFuzzer.ipynb#A-Concolic-Tracer), [Concolic Fuzzing (A Proxy Class for Booleans)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Booleans), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (An Iterator Class for Strings)](ConcolicFuzzer.ipynb#An-Iterator-Class-for-Strings), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (Tracking Assignments)](SymbolicFuzzer.ipynb#Tracking-Assignments), [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types), [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (A Grammar Miner for Calls)](Carver.ipynb#A-Grammar-Miner-for-Calls), [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks), [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks), [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [Testing Graphical User Interfaces (Covering States)](GUIFuzzer.ipynb#Covering-States), [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma), [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma), [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations), [Error Handling (Catching Errors)](ExpectError.ipynb#Catching-Errors), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* input string — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `InputStack` class — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `insert_assertions()` — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `insert_from_dictionary()` — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt), [Greybox Fuzzing with Grammars (Building a Keyword Dictionary)](GreyboxGrammarFuzzer.ipynb#Building-a-Keyword-Dictionary)\n", "* `insert_into_tree()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `insert_random_character()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed)\n", "* `INSERT` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders), [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `instantiate_prop()` — [Mining Function Specifications (Instantiating Properties)](DynamicInvariants.ipynb#Instantiating-Properties)\n", "* `instantiate_prop_ast()` — [Mining Function Specifications (Instantiating Properties)](DynamicInvariants.ipynb#Instantiating-Properties)\n", "* instrumentation — [Search-Based Fuzzing (Instrumentation)](SearchBasedFuzzer.ipynb#Instrumentation)\n", "* `INTERNAL_ALIGNMENT` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `internal_msg2key()` — [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma)\n", "* `internal_server_error()` — [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors), [Testing Web Applications (Part 1: Silent Failures)](WebFuzzer.ipynb#Part-1:-Silent-Failures)\n", "* `INT_BINARY_OPS` — [Concolic Fuzzing (Binary Operators for Integers)](ConcolicFuzzer.ipynb#Binary-Operators-for-Integers)\n", "* `INT_EBNF_GRAMMAR` — [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers)\n", "* `int_grammar_with_range()` — [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers)\n", "* `INT_GRAMMAR` — [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis), [Fuzzing APIs (Integers)](APIFuzzer.ipynb#Integers), [Fuzzing APIs (Synopsis)](APIFuzzer.ipynb#Synopsis)\n", "* `INT_UNARY_OPS` — [Concolic Fuzzing (Integer Unary Operators)](ConcolicFuzzer.ipynb#Integer-Unary-Operators)\n", "* `__int__()` — [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers)\n", "* invalid — [Greybox Fuzzing with Grammars (Mutating Invalid Seeds)](GreyboxGrammarFuzzer.ipynb#Mutating-Invalid-Seeds)\n", "* `InvariantAnnotator` class — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* invariants — [Mining Function Specifications (Specifying and Checking Invariants)](DynamicInvariants.ipynb#Specifying-and-Checking-Invariants)\n", "* `invariants()` — [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants)\n", "* `InvariantTracker` class — [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants), [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants)\n", "* `INVARIANT_PROPERTIES` — [Mining Function Specifications (Defining Properties)](DynamicInvariants.ipynb#Defining-Properties)\n", "* `INVENTORY_GRAMMAR_F` — [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `INVENTORY_GRAMMAR_NEW` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `INVENTORY_GRAMMAR` — [Tracking Information Flow (Fuzzing SQL)](InformationFlow.ipynb#Fuzzing-SQL)\n", "* `INVENTORY_METHODS` — [Mining Input Grammars (A Simple Grammar Miner)](GrammarMiner.ipynb#A-Simple-Grammar-Miner)\n", "* `INVENTORY` — [Mining Input Grammars (A Grammar Challenge)](GrammarMiner.ipynb#A-Grammar-Challenge), [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* inverse — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `invert_expansion()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `invert_probs()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `__invert__()` — [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* `invoker()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `in_current_record()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `in_scope()` — [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* `IP_ADDRESS_GRAMMAR` — [Probabilistic Grammar Fuzzing (Probabilities in Context)](ProbabilisticGrammarFuzzer.ipynb#Probabilities-in-Context)\n", "* `IP_ADDRESS_TOKENS` — [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions)\n", "* `isascii()` — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* `is_excluded()` — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool)\n", "* `is_fragment()` — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `is_input_fragment()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker)\n", "* `is_nonterminal()` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `is_permutation()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `is_sorted()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `is_valid_grammar()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `is_valid_probabilistic_grammar()` — [Probabilistic Grammar Fuzzing (Checking Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Checking-Probabilities)\n", "* `is_valid_url()` — [Mutation-Based Fuzzing (Mutating URLs)](MutationFuzzer.ipynb#Mutating-URLs)\n", "* It is inefficient — [Efficient Grammar Fuzzing (An Insufficient Algorithm)](GrammarFuzzer.ipynb#An-Insufficient-Algorithm)\n", "* `Item` class — [Parsing Inputs (Items)](Parser.ipynb#Items), [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* iterable — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `iterate()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `IterativeEarleyParser` class — [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* iterator — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* iterator object — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `__iter__()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Concolic Fuzzing (Producing Substrings)](ConcolicFuzzer.ipynb#Producing-Substrings)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### J\n", "\n", "* JavaScript — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* JerryScript — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `join()` — [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs)\n", "* `js-vuln-db` — [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs)\n", "* JSON specification — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `JSON_EBNF_GRAMMAR` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n", "* `JSON_GRAMMAR` — [Fuzzing with Grammars (Exercise 1: A JSON Grammar)](Grammars.ipynb#Exercise-1:-A-JSON-Grammar)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## K - O" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### K\n", "\n", "* Kenngruppenbuch — [When To Stop Fuzzing (The Enigma Machine)](WhenToStopFuzzing.ipynb#The-Enigma-Machine)\n", "* key — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* keylogger — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* killed — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### L\n", "\n", "* lambda — [Fuzzing with Generators (Functions Called Before Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-Before-Expansion)\n", "* LangFuzz — [Fuzzing with Grammars (Background)](Grammars.ipynb#Background)\n", "* `LangFuzzer` class — [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* language specifications — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `LD_LIBRARY_PATH` — [Testing Configurations (Part 1: Getopt Fuzzing)](ConfigurationFuzzer.ipynb#Part-1:-Getopt-Fuzzing)\n", "* leaf — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `leave()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (Input Stack)](GrammarMiner.ipynb#Input-Stack)\n", "* left to right — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `left()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `left_align()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `__len__()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Concolic Fuzzing (An Iterator Class for Strings)](ConcolicFuzzer.ipynb#An-Iterator-Class-for-Strings)\n", "* `LeoParser` class — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `leo_complete()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* less code coverage — [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* lexer — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* lexing — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `__le__()` — [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers)\n", "* line — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* line numbers — [Mining Input Grammars (Grammar Miner with Reassignment)](GrammarMiner.ipynb#Grammar-Miner-with-Reassignment)\n", "* `linear_to_tree()` — [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* `lineno()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `LinkHTMLParser` class — [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces)\n", "* `link_functions()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `LIST_EBNF_GRAMMAR` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `list_grammar()` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `LIST_GRAMMAR` — [Fuzzing APIs (Lists)](APIFuzzer.ipynb#Lists)\n", "* `list_length()` — [Mining Function Specifications (Some Examples)](DynamicInvariants.ipynb#Some-Examples)\n", "* `ljust()` — [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify)\n", "* LL — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `ll()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `LL1Parser` class — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* LLVM Address Sanitizer — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* `loc()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* local host — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* local optimum — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `log_call()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* `log_event()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `log_message()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `log_tree()` — [Efficient Grammar Fuzzing (Three Expansion Phases)](GrammarFuzzer.ipynb#Three-Expansion-Phases)\n", "* `LOG_VALUES` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `LONG_FOO` — [Testing Configurations (Exercise 1: #ifdef Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-1:-#ifdef-Configuration-Fuzzing)\n", "* `long_running_test()` — [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts)\n", "* Loup Vaillant — [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method)\n", "* `lower()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin), [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents)\n", "* `LOW` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators)\n", "* LR — [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* LR parsing — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* LR(k) — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* `LR0` — [Parsing Inputs (Items)](Parser.ipynb#Items)\n", "* `LR_GRAMMAR` — [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `lr_graph()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `lstrip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* `LS_EBNF_GRAMMAR` — [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls), [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls)\n", "* `LS_GRAMMAR` — [Grammar Coverage (Exercise 1: Testing ls)](GrammarCoverageFuzzer.ipynb#Exercise-1:-Testing-ls)\n", "* `__lt__()` — [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers)\n", "* Luhn algorithm — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `LUHN_ODD_LOOKUP` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### M\n", "\n", "* `m()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* majority of trigrams — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `make_float_binary_wrapper()` — [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `make_float_bool_wrapper()` — [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `make_grammar()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `make_int_binary_wrapper()` — [Concolic Fuzzing (Binary Operators for Integers)](ConcolicFuzzer.ipynb#Binary-Operators-for-Integers), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `make_int_bit_wrapper()` — [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* `make_int_unary_wrapper()` — [Concolic Fuzzing (Integer Unary Operators)](ConcolicFuzzer.ipynb#Integer-Unary-Operators)\n", "* `make_int_wrapper()` — [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions)\n", "* `make_rule()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `make_split_wrapper()` — [Tracking Information Flow (Splits)](InformationFlow.ipynb#Splits)\n", "* `make_str_abort_wrapper()` — [Tracking Information Flow (Methods yet to be translated)](InformationFlow.ipynb#Methods-yet-to-be-translated), [Concolic Fuzzing (Trip Wire)](ConcolicFuzzer.ipynb#Trip-Wire)\n", "* `make_str_wrapper()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (General wrappers)](InformationFlow.ipynb#General-wrappers)\n", "* making up grammars with a dictionary in hand](https://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html) and [pulling JPEGs out of thin air — [Greybox Fuzzing with Grammars (Building a Keyword Dictionary)](GreyboxGrammarFuzzer.ipynb#Building-a-Keyword-Dictionary)\n", "* Marpa parser — [Parsing Inputs (More Earley Parsing)](Parser.ipynb#More-Earley-Parsing)\n", "* `MAX_DEPTH` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop), [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* `_max_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `max_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `max_height()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `MAX_ITER` — [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer)\n", "* `MAX_TRIES` — [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer)\n", "* `MAX` — [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem), [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `maze()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `MazeMutator` class — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt)\n", "* measure of progress — [When To Stop Fuzzing (Measuring Trace Coverage over Time)](WhenToStopFuzzing.ipynb#Measuring-Trace-Coverage-over-Time)\n", "* meta-heuristic — [Search-Based Fuzzing](SearchBasedFuzzer.ipynb#Search-Based-Fuzzing)\n", "* `metavars()` — [Mining Function Specifications (Extracting Meta-Variables)](DynamicInvariants.ipynb#Extracting-Meta-Variables)\n", "* `method_enter()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `method_exit()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `method_init()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `method_statement()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `mine_arguments_grammar()` — [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments)\n", "* `mine_a_element_actions()` — [Testing Graphical User Interfaces (Link Element Actions)](GUIFuzzer.ipynb#Link-Element-Actions)\n", "* `mine_button_element_actions()` — [Testing Graphical User Interfaces (Button Element Actions)](GUIFuzzer.ipynb#Button-Element-Actions)\n", "* `mine_call_grammar()` — [Carving Unit Tests (A Grammar from all Calls)](Carver.ipynb#A-Grammar-from-all-Calls)\n", "* `mine_ebnf_grammar()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `mine_function_grammar()` — [Carving Unit Tests (A Grammar from Calls)](Carver.ipynb#A-Grammar-from-Calls)\n", "* `mine_grammar()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n", "* `mine_input_element_actions()` — [Testing Graphical User Interfaces (Input Element Actions)](GUIFuzzer.ipynb#Input-Element-Actions)\n", "* `mine_probabilistic_grammar()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `mine_state_actions()` — [Testing Graphical User Interfaces (Retrieving Actions)](GUIFuzzer.ipynb#Retrieving-Actions)\n", "* `mine_state_grammar()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `MIN` — [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem), [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example), [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `missing_expansion_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `__mod__()` — [Tracking Information Flow (mod)](InformationFlow.ipynb#mod)\n", "* MonkeyType — [Mining Function Specifications (Background)](DynamicInvariants.ipynb#Background)\n", "* more energy to seeds with a lower average distance — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* more valid inputs — [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* most — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `mseq()` — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `MuBinOpAnalyzer` class — [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* `MuFunctionAnalyzer` class — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations)\n", "* multiple inheritance — [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage), [Fuzzing with Generators (All Together)](GeneratorGrammarFuzzer.ipynb#All-Together)\n", "* `MultipleChoice` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `MuProgramAnalyzer` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `mutable_visit()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* mutants — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* `MutantTestRunner` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `Mutant` class — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations)\n", "* `mutate()` — [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms), [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* mutated — [Search-Based Fuzzing (Global Search)](SearchBasedFuzzer.ipynb#Global-Search)\n", "* mutation — [Search-Based Fuzzing (Global Search)](SearchBasedFuzzer.ipynb#Global-Search)\n", "* mutation analysis — [Mutation Analysis (Synopsis)](MutationAnalysis.ipynb#Synopsis), [Mutation Analysis (Synopsis)](MutationAnalysis.ipynb#Synopsis)\n", "* mutation-based fuzzer — [Greybox Fuzzing (Background)](GreyboxFuzzer.ipynb#Background)\n", "* mutational fuzzing — [Mutation-Based Fuzzing](MutationFuzzer.ipynb#Mutation-Based-Fuzzing), [Mutation-Based Fuzzing (Mutating Inputs)](MutationFuzzer.ipynb#Mutating-Inputs)\n", "* `MutationCoverageFuzzer` class — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `MutationFuzzer` class — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing)\n", "* mutations — [Mutation Analysis](MutationAnalysis.ipynb#Mutation-Analysis), [Mutation Analysis (Seeding Artificial Faults with Mutation Analysis)](MutationAnalysis.ipynb#Seeding-Artificial-Faults-with-Mutation-Analysis)\n", "* `mutation_visit()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* mutator — [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Greybox Fuzzing (Lessons Learned)](GreyboxFuzzer.ipynb#Lessons-Learned)\n", "* `mutator_object()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* `Mutator` class — [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Greybox Fuzzing (Mutator and Seed)](GreyboxFuzzer.ipynb#Mutator-and-Seed), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* MyPy — [Fuzzing: Breaking Things with Random Inputs (Static Code Checkers)](Fuzzer.ipynb#Static-Code-Checkers)\n", "* Mypy — [Mining Function Specifications (Static Type Checking)](DynamicInvariants.ipynb#Static-Type-Checking)\n", "* `MysteryRunner` class — [Reducing Failure-Inducing Inputs (Why Reducing?)](Reducer.ipynb#Why-Reducing?)\n", "* `my_eval()` — [Tracking Information Flow (Selecting Data)](InformationFlow.ipynb#Selecting-Data), [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB), [Tracking Information Flow (TrackingDB)](InformationFlow.ipynb#TrackingDB)\n", "* `my_fn()` — [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* `my_parser()` — [Greybox Fuzzing (Complex Example: XMLParser)](GreyboxFuzzer.ipynb#Complex-Example:-XMLParser), [Greybox Fuzzing with Grammars (Background)](GreyboxGrammarFuzzer.ipynb#Background), [When To Stop Fuzzing (Measuring Trace Coverage over Time)](WhenToStopFuzzing.ipynb#Measuring-Trace-Coverage-over-Time), [When To Stop Fuzzing (Part 2: Population)](WhenToStopFuzzing.ipynb#Part-2:-Population)\n", "* `my_sqrt()` — [Introduction to Software Testing (Simple Testing)](Intro_Testing.ipynb#Simple-Testing), [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint), [Mining Function Specifications (Specifications and Assertions)](DynamicInvariants.ipynb#Specifications-and-Assertions), [Mining Function Specifications (Why Generic Error Checking is Not Enough)](DynamicInvariants.ipynb#Why-Generic-Error-Checking-is-Not-Enough)\n", "* `_my_sqrt()` — [Parsing Inputs (Fixpoint)](Parser.ipynb#Fixpoint)\n", "* `my_sqrt_annotated()` — [Mining Function Specifications (Getting Types)](DynamicInvariants.ipynb#Getting-Types)\n", "* `my_sqrt_checked()` — [Introduction to Software Testing (Run-Time Verification)](Intro_Testing.ipynb#Run-Time-Verification)\n", "* `my_sqrt_fixed()` — [Introduction to Software Testing (The Limits of Testing)](Intro_Testing.ipynb#The-Limits-of-Testing)\n", "* `my_sqrt_with_checked_type_annotations()` — [Mining Function Specifications (Runtime Type Checking)](DynamicInvariants.ipynb#Runtime-Type-Checking)\n", "* `my_sqrt_with_invariants()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n", "* `my_sqrt_with_local_types()` — [Mining Function Specifications (Exercise 2: Types for Local Variables)](DynamicInvariants.ipynb#Exercise-2:-Types-for-Local-Variables)\n", "* `my_sqrt_with_log()` — [Introduction to Software Testing (Debugging a Function)](Intro_Testing.ipynb#Debugging-a-Function)\n", "* `my_sqrt_with_postcondition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n", "* `my_sqrt_with_precondition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions)\n", "* `my_sqrt_with_type_annotations()` — [Mining Function Specifications (Specifying and Checking Data Types)](DynamicInvariants.ipynb#Specifying-and-Checking-Data-Types)\n", "* `my_sqrt_with_union_type()` — [Mining Function Specifications (Exercise 1: Union Types)](DynamicInvariants.ipynb#Exercise-1:-Union-Types)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### N\n", "\n", "* `names()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* natural language — [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* `naval_enigma()` — [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma)\n", "* neighbours — [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem)\n", "* `neighbours()` — [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem)\n", "* `neighbour_strings()` — [Search-Based Fuzzing (CGI Decoder as a Search Problem)](SearchBasedFuzzer.ipynb#CGI-Decoder-as-a-Search-Problem)\n", "* `__neq__()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* networkx — [Greybox Fuzzing (Computing Function-Level Distance)](GreyboxFuzzer.ipynb#Computing-Function-Level-Distance)\n", "* Newton–Raphson method — [Introduction to Software Testing (Simple Testing)](Intro_Testing.ipynb#Simple-Testing)\n", "* `_new_child_coverage()` — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children)\n", "* `new_child_coverage()` — [Grammar Coverage (Determining yet Uncovered Children)](GrammarCoverageFuzzer.ipynb#Determining-yet-Uncovered-Children)\n", "* `new_coverages()` — [Grammar Coverage (Adaptive Lookahead)](GrammarCoverageFuzzer.ipynb#Adaptive-Lookahead)\n", "* `new_expansion_cost()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `new_gcd()` — [Mutation Analysis (The Problem of Equivalent Mutants)](MutationAnalysis.ipynb#The-Problem-of--Equivalent-Mutants)\n", "* `new_state_symbol()` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `new_symbol()` — [Fuzzing with Grammars (Creating New Symbols)](Grammars.ipynb#Creating-New-Symbols)\n", "* `new_symbol_cost()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `__new__()` — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `__next__()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Concolic Fuzzing (An Iterator Class for Strings)](ConcolicFuzzer.ipynb#An-Iterator-Class-for-Strings)\n", "* `__ne__()` — [Concolic Fuzzing (Equality between Integers)](ConcolicFuzzer.ipynb#Equality-between-Integers), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* nodes — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* NodeTransformer — [Symbolic Fuzzing (Dealing with Reassingments)](SymbolicFuzzer.ipynb#Dealing-with-Reassingments)\n", "* Nonparametric estimation of the number of classes in a population — [When To Stop Fuzzing (Background)](WhenToStopFuzzing.ipynb#Background)\n", "* nonterminal symbol — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `nonterminals()` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `NonTerminal` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* normalize — [Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)](SearchBasedFuzzer.ipynb#Fitness-Function-to-Create-Valid-Hexadecimal-Inputs)\n", "* `normalize()` — [Search-Based Fuzzing (Fitness Function to Create Valid Hexadecimal Inputs)](SearchBasedFuzzer.ipynb#Fitness-Function-to-Create-Valid-Hexadecimal-Inputs)\n", "* `normalizedEnergy()` — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules)\n", "* not — [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Parsing Inputs (Exercise 3: PEG Predicates)](Parser.ipynb#Exercise-3:-PEG-Predicates)\n", "* `not_found()` — [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found)\n", "* `__not__()` — [Concolic Fuzzing (Negation of Encoded formula)](ConcolicFuzzer.ipynb#Negation-of-Encoded-formula)\n", "* `no_8bit()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `no_backslash_d()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `no_dot()` — [Fuzzing: Breaking Things with Random Inputs (Exercise 1: Simulate Troff)](Fuzzer.ipynb#Exercise-1:-Simulate-Troff)\n", "* `nt_var()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `nullable()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `nullable_()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `nullable_expr()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `number_of_nodes()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### O\n", "\n", "* `OBJECT` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* observed — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `offsets_from_entry()` — [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* `OneOrMore` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `on_annassign()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_assign()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_augassign()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_binop()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_break()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_call()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_compare()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_continue()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_event()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `on_exception()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `on_expr()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_for()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_functiondef()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_if()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_line()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `on_module()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_pass()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_return()` — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_unaryop()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `on_while()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* Optimize — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* `Optional()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `OptionalSequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `OptionFuzzer` class — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `OptionGrammarMiner` class — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `OptionRunner` class — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `options()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (Advanced Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Advanced-Symbolic-Fuzzer)\n", "* `OPTION_SYMBOL` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `opts_used()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* or more — [When To Stop Fuzzing (Exercises)](WhenToStopFuzzing.ipynb#Exercises)\n", "* oracle — [Code Coverage (Finding Errors with Basic Fuzzing)](Coverage.ipynb#Finding-Errors-with-Basic-Fuzzing), [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles)\n", "* `oracle()` — [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations)\n", "* oracles — [Mining Function Specifications (Checking Specifications)](DynamicInvariants.ipynb#Checking-Specifications)\n", "* ordered choice — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* ordering of expansions — [Fuzzing with Generators (Ordering Expansions)](GeneratorGrammarFuzzer.ipynb#Ordering-Expansions)\n", "* `orders_db_is_empty()` — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `ORDERS_DB` — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* `ORDER_GRAMMAR_WITH_HTML_INJECTION` — [Testing Web Applications (HTML Injection Attacks)](WebFuzzer.ipynb#HTML-Injection-Attacks)\n", "* `ORDER_GRAMMAR_WITH_SQL_INJECTION` — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `ORDER_GRAMMAR_WITH_XSS_INJECTION` — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* `ORDER_GRAMMAR` — [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values), [Testing Web Applications (Fuzzing with Expected Values)](WebFuzzer.ipynb#Fuzzing-with-Expected-Values)\n", "* `ostr_iterator` class — [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices)\n", "* `ostr` class — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Create)](InformationFlow.ipynb#Create), [Tracking Information Flow (Index)](InformationFlow.ipynb#Index), [Tracking Information Flow (Slices)](InformationFlow.ipynb#Slices), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Tracking Information Flow (Extract Origin String)](InformationFlow.ipynb#Extract-Origin-String), [Tracking Information Flow (Replace)](InformationFlow.ipynb#Replace), [Tracking Information Flow (Split)](InformationFlow.ipynb#Split), [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip), [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs), [Tracking Information Flow (Expand Tabs)](InformationFlow.ipynb#Expand-Tabs), [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions), [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify), [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify), [Tracking Information Flow (mod)](InformationFlow.ipynb#mod), [Tracking Information Flow (mod)](InformationFlow.ipynb#mod), [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* OWASP Zed Attack Proxy Project — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## P - T" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### P\n", "\n", "* `P1` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* packrat — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* `PackratParser` class — [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* page — [Testing Graphical User Interfaces (User Interface Actions)](GUIFuzzer.ipynb#User-Interface-Actions)\n", "* `pairwise()` — [Testing Configurations (Combinatorial Testing)](ConfigurationFuzzer.ipynb#Combinatorial-Testing)\n", "* `parameters()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `params()` — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations)\n", "* `parenthesized_expressions()` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* `parsable()` — [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds)\n", "* parse tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees), [Greybox Fuzzing with Grammars (Parsing and Recombining HTML)](GreyboxGrammarFuzzer.ipynb#Parsing-and-Recombining-HTML)\n", "* `parse()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `parseCSSGrammar()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `ParseInterrupt` class — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* parser — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* Parser — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* parsers — [Efficient Grammar Fuzzing (Background)](GrammarFuzzer.ipynb#Background)\n", "* `Parser` class — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* `parse_csv()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser), [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `parse_forest()` — [Parsing Inputs (Parsing Forests)](Parser.ipynb#Parsing-Forests), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 6: Filtered Earley Parser)](Parser.ipynb#Exercise-6:-Filtered-Earley-Parser), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* `parse_helper()` — [Parsing Inputs (Part 2: The Parser)](Parser.ipynb#Part-2:-The-Parser)\n", "* `parse_paths()` — [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths), [Parsing Inputs (Exercise 7: Iterative Earley Parser)](Parser.ipynb#Exercise-7:-Iterative-Earley-Parser)\n", "* `parse_prefix()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Parsing Inputs (The Parser)](Parser.ipynb#The-Parser), [Parsing Inputs (The Parse Method)](Parser.ipynb#The-Parse-Method), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `parse_quote()` — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `parse_sexp()` — [Concolic Fuzzing (Using the Command Line)](ConcolicFuzzer.ipynb#Using-the-Command-Line)\n", "* `parse_table()` — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* `parse_type()` — [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types)\n", "* parsing — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* Parsing Expression Grammar — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* Parsing Expression Grammars — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `partition()` — [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions)\n", "* `PASS` — [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners)\n", "* path to insanity — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `paths()` — [Parsing Inputs (Parsing Paths)](Parser.ipynb#Parsing-Paths)\n", "* `Path` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* PEG — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `PEG1` — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `PEG2` — [Parsing Inputs (Parsing Expression Grammars)](Parser.ipynb#Parsing-Expression-Grammars)\n", "* `PEGParser` class — [Parsing Inputs (The Parser)](Parser.ipynb#The-Parser), [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule)\n", "* PEGs — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG), [Parsing Inputs (Background)](Parser.ipynb#Background), [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `PEG_SURPRISE` — [Parsing Inputs ( Problems with PEG)](Parser.ipynb#-Problems-with-PEG)\n", "* PEP 8 Style Guide for Python Code — [Testing Configurations (Testing Autopep8)](ConfigurationFuzzer.ipynb#Testing-Autopep8)\n", "* `permutation()` — [Concolic Fuzzing (Binomial Coefficient)](ConcolicFuzzer.ipynb#Binomial-Coefficient)\n", "* `PICKED_US_PHONE_GRAMMAR` — [Fuzzing with Generators (Synopsis)](GeneratorGrammarFuzzer.ipynb#Synopsis)\n", "* `pick_area_code()` — [Fuzzing with Generators (Synopsis)](GeneratorGrammarFuzzer.ipynb#Synopsis)\n", "* `plotting_hillclimber()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `PMIterator` class — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `PNode` class — [Symbolic Fuzzing (Tracking Assignments)](SymbolicFuzzer.ipynb#Tracking-Assignments), [Symbolic Fuzzing (Tracking Assignments)](SymbolicFuzzer.ipynb#Tracking-Assignments), [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths), [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths), [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths)\n", "* `PooledGrammarFuzzer` class — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `population_branch_coverage()` — [Code Coverage (Part 2: Comparing statement coverage and branch coverage)](Coverage.ipynb#Part-2:-Comparing-statement-coverage-and-branch-coverage)\n", "* `population_coverage()` — [Code Coverage ( Coverage of Basic Fuzzing)](Coverage.ipynb#-Coverage-of-Basic-Fuzzing)\n", "* `population_stmt_coverage()` — [When To Stop Fuzzing (Part 1: Population Coverage)](WhenToStopFuzzing.ipynb#Part-1:-Population-Coverage)\n", "* `population_trace_coverage()` — [When To Stop Fuzzing (Measuring Trace Coverage over Time)](WhenToStopFuzzing.ipynb#Measuring-Trace-Coverage-over-Time)\n", "* `possible_combinations()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `possible_expansions()` — [Efficient Grammar Fuzzing (Expanding a Tree)](GrammarFuzzer.ipynb#Expanding-a-Tree)\n", "* post-order — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `postcondition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* `postconditions()` — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `POST` — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `__pos__()` — [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers)\n", "* power operator — [When To Stop Fuzzing (The Kenngruppenbuch)](WhenToStopFuzzing.ipynb#The-Kenngruppenbuch)\n", "* power schedule — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules), [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Greybox Fuzzing (Lessons Learned)](GreyboxFuzzer.ipynb#Lessons-Learned)\n", "* `power()` — [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars)\n", "* `PowerSchedule` class — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules)\n", "* `POWER_GRAMMAR` — [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars), [Carving Unit Tests (From Calls to Grammars)](Carver.ipynb#From-Calls-to-Grammars)\n", "* pre-computed — [Greybox Fuzzing (Directed Power Schedule)](GreyboxFuzzer.ipynb#Directed-Power-Schedule)\n", "* pre-order — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* `precompute_costs()` — [Efficient Grammar Fuzzing (Exercise 2: Grammar Pre-Compilation)](GrammarFuzzer.ipynb#Exercise-2:-Grammar-Pre-Compilation)\n", "* `precondition()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* `preconditions()` — [Mining Function Specifications (Converting Mined Invariants to Annotations)](DynamicInvariants.ipynb#Converting-Mined-Invariants-to-Annotations), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `PreconditionTransformer` class — [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* predict — [When To Stop Fuzzing (Extrapolating Fuzzing Success)](WhenToStopFuzzing.ipynb#Extrapolating-Fuzzing-Success)\n", "* `predict()` — [Parsing Inputs (Predicting States)](Parser.ipynb#Predicting-States), [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* Predicting the Number of New Species in Further Taxonomic Sampling — [When To Stop Fuzzing (Background)](WhenToStopFuzzing.ipynb#Background)\n", "* prefix — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* `prefix_vars()` — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* `pretty_invariants()` — [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants)\n", "* previous chapter](MutationFuzzer.ipynb), we have introduced _mutation-based fuzzing_, a technique that generates fuzz inputs by applying small mutations to given inputs. In this chapter, we show how to _guide_ these mutations towards specific goals such as coverage. The algorithms in this book stem from the popular [American Fuzzy Lop](http://lcamtuf.coredump.cx/afl/) (AFL) fuzzer, in particular from its [AFLFast](https://github.com/mboehme/aflfast) and [AFLGo — [Greybox Fuzzing](GreyboxFuzzer.ipynb#Greybox-Fuzzing)\n", "* `PrintRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `print_httpd_messages()` — [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `print_maze()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `print_more_stats()` — [Greybox Fuzzing with Grammars (Region-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Region-Based-Fuzzing)\n", "* `print_stats()` — [Greybox Fuzzing (A First Attempt)](GreyboxFuzzer.ipynb#A-First-Attempt), [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* `print_sum()` — [Mining Function Specifications (Some Examples)](DynamicInvariants.ipynb#Some-Examples)\n", "* `print_url()` — [Testing Web Applications (Direct Browser Access)](WebFuzzer.ipynb#Direct-Browser-Access)\n", "* `ProbabilisticGeneratorGrammarCoverageFuzzer` class — [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `ProbabilisticGeneratorGrammarFuzzer` class — [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing)\n", "* `ProbabilisticGrammarCoverageFuzzer` class — [Probabilistic Grammar Fuzzing (Exercise 1: Probabilistic Fuzzing with Coverage)](ProbabilisticGrammarFuzzer.ipynb#Exercise-1:-Probabilistic-Fuzzing-with-Coverage)\n", "* `ProbabilisticGrammarFuzzer` class — [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability)\n", "* `ProbabilisticGrammarMiner` class — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities), [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `PROBABILISTIC_EXPR_GRAMMAR` — [Probabilistic Grammar Fuzzing (Specifying Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Specifying-Probabilities)\n", "* `PROBABILISTIC_US_PHONE_GRAMMAR` — [Probabilistic Grammar Fuzzing (Synopsis)](ProbabilisticGrammarFuzzer.ipynb#Synopsis)\n", "* `prob_distribution()` — [Probabilistic Grammar Fuzzing (Distributing Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Distributing-Probabilities)\n", "* `prob_leading_digit()` — [Probabilistic Grammar Fuzzing (The Law of Leading Digits)](ProbabilisticGrammarFuzzer.ipynb#The-Law-of-Leading-Digits)\n", "* `process()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (Generating All Possible Paths)](SymbolicFuzzer.ipynb#Generating-All-Possible-Paths)\n", "* `process_arg()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `process_argument()` — [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments)\n", "* `process_car()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_chosen_children()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Fuzzing with Generators (Generating Elements before Expansion)](GeneratorGrammarFuzzer.ipynb#Generating-Elements-before-Expansion)\n", "* `process_inventory()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_numbers()` — [Testing Configurations (Options in Python)](ConfigurationFuzzer.ipynb#Options-in-Python)\n", "* `PROCESS_NUMBERS_EBNF_GRAMMAR` — [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations), [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations)\n", "* `PROCESS_NUMBERS_GRAMMAR` — [Testing Configurations (A Grammar for Configurations)](ConfigurationFuzzer.ipynb#A-Grammar-for-Configurations)\n", "* `process_van()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `process_vehicle()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `prod_line_grammar()` — [Parsing Inputs (Testing the Parsers)](Parser.ipynb#Testing-the-Parsers)\n", "* `ProgramRunner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* progress of the fuzzing campaign towards completion — [When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)](WhenToStopFuzzing.ipynb#Discovery-Probability-Quantifies-Residual-Risk)\n", "* `prop_function()` — [Mining Function Specifications (Evaluating Properties)](DynamicInvariants.ipynb#Evaluating-Properties)\n", "* `prop_function_text()` — [Mining Function Specifications (Evaluating Properties)](DynamicInvariants.ipynb#Evaluating-Properties)\n", "* `proxy()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (Splits)](InformationFlow.ipynb#Splits), [Tracking Information Flow (General wrappers)](InformationFlow.ipynb#General-wrappers), [Tracking Information Flow (Methods yet to be translated)](InformationFlow.ipynb#Methods-yet-to-be-translated), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions), [Concolic Fuzzing (Binary Operators for Integers)](ConcolicFuzzer.ipynb#Binary-Operators-for-Integers), [Concolic Fuzzing (Integer Unary Operators)](ConcolicFuzzer.ipynb#Integer-Unary-Operators), [Concolic Fuzzing (Trip Wire)](ConcolicFuzzer.ipynb#Trip-Wire), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* `prune_tokens()` — [Concolic Fuzzing (All together)](ConcolicFuzzer.ipynb#All-together)\n", "* `prune_tree()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity), [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `PUBLIC` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* PyAnnotate — [Mining Function Specifications (Background)](DynamicInvariants.ipynb#Background)\n", "* `PyCFG` class — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* Python — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* Python documentation — [Concolic Fuzzing (Binary Operators for Integers)](ConcolicFuzzer.ipynb#Binary-Operators-for-Integers)\n", "* Python tutorial — [Introduction to Software Testing (Understanding Python Programs)](Intro_Testing.ipynb#Understanding-Python-Programs), [Fuzzing: Breaking Things with Random Inputs](Fuzzer.ipynb#Fuzzing:-Breaking-Things-with Random Inputs)\n", "* Python type to Z3 type — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Q\n", "\n", "* `Q0` — [When To Stop Fuzzing (Part 3: Compute and Evaluate Extrapolator)](WhenToStopFuzzing.ipynb#Part-3:-Compute-and-Evaluate-Extrapolator)\n", "* `Q1` — [When To Stop Fuzzing (Part 2: Compute Estimate)](WhenToStopFuzzing.ipynb#Part-2:-Compute-Estimate)\n", "* `Q2` — [When To Stop Fuzzing (Part 2: Compute Estimate)](WhenToStopFuzzing.ipynb#Part-2:-Compute-Estimate)\n", "* QEMU](https://github.com/mirrorer/afl/blob/master/qemu_mode)) or a dynamic instrumentation tool (e.g., [Intel PinTool — [Greybox Fuzzing (Background)](GreyboxFuzzer.ipynb#Background)\n", "* `quadratic_solver()` — [Introduction to Software Testing (Exercise 2: Quadratic Solver)](Intro_Testing.ipynb#Exercise-2:-Quadratic-Solver)\n", "* `quadratic_solver_fixed()` — [Introduction to Software Testing (Part 2: Fix the problem)](Intro_Testing.ipynb#Part-2:-Fix-the-problem)\n", "* `quad_solver()` — [Control Flow Graph (quad_solver)](ControlFlow.ipynb#quad_solver)\n", "* `qualified()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `QUERY_GRAMMAR` — [Testing Web Applications (Mining Grammars for Web Pages)](WebFuzzer.ipynb#Mining-Grammars-for-Web-Pages)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### R\n", "\n", "* `__radd__()` — [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (Concatenation)](InformationFlow.ipynb#Concatenation), [Concolic Fuzzing (Concatenation of Strings)](ConcolicFuzzer.ipynb#Concatenation-of-Strings)\n", "* random restarts — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `RandomFuzzer` class — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `randomized_hillclimb()` — [Search-Based Fuzzing (Global Search)](SearchBasedFuzzer.ipynb#Global-Search)\n", "* `random_list()` — [Introduction to Software Testing (Part 2: Random Inputs)](Intro_Testing.ipynb#Part-2:-Random-Inputs)\n", "* `random_string()` — [Search-Based Fuzzing (Hillclimbing Valid Hexadecimal Inputs)](SearchBasedFuzzer.ipynb#Hillclimbing-Valid-Hexadecimal-Inputs)\n", "* `random_unicode_string()` — [Search-Based Fuzzing (Evolutionary Search)](SearchBasedFuzzer.ipynb#Evolutionary-Search)\n", "* `reachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `readable()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `readable_rule()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees)\n", "* `read_gcov_coverage()` — [Code Coverage (Getting Coverage from External Programs)](Coverage.ipynb#Getting-Coverage-from-External-Programs)\n", "* `rearrange()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `recover_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `recover_grammar_with_taints()` — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* recursion — [Parsing Inputs (Grammars)](Parser.ipynb#Grammars)\n", "* `RECURSION_GRAMMAR` — [Parsing Inputs (Exercise 6: Filtered Earley Parser)](Parser.ipynb#Exercise-6:-Filtered-Earley-Parser)\n", "* recursive — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* `recursive_delete()` — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* `recursive_swap()` — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* red-black tree — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `RedBlackTree` class — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `reduce()` — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* `Reducer` class — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* `reduce_subtree()` — [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* `reduce_tree()` — [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy), [Reducing Failure-Inducing Inputs (A Depth-Oriented Strategy)](Reducer.ipynb#A-Depth-Oriented-Strategy)\n", "* region — [Greybox Fuzzing with Grammars (Mutating Invalid Seeds)](GreyboxGrammarFuzzer.ipynb#Mutating-Invalid-Seeds), [Greybox Fuzzing with Grammars (Determining Symbol Regions)](GreyboxGrammarFuzzer.ipynb#Determining-Symbol-Regions)\n", "* region-based mutators — [Greybox Fuzzing with Grammars (Mutating Invalid Seeds)](GreyboxGrammarFuzzer.ipynb#Mutating-Invalid-Seeds)\n", "* `RegionMutator` class — [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation), [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation), [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation)\n", "* `register()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `register_event()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `register_node()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `REGISTRY_IDX` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `REGISTRY` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* Regular Expression — [Parsing Inputs (Background)](Parser.ipynb#Background)\n", "* Regular expressions — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* regular expressions — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* regular language — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* remove — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation)\n", "* `remove_first_char()` — [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* `rename_variables()` — [Symbolic Fuzzing (Dealing with Reassingments)](SymbolicFuzzer.ipynb#Dealing-with-Reassingments)\n", "* repair — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `replace()` — [Tracking Information Flow (Replace)](InformationFlow.ipynb#Replace)\n", "* `replace_symbol()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `repOK()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* represent — [Search-Based Fuzzing (Test Generation as a Search Problem)](SearchBasedFuzzer.ipynb#Test-Generation-as-a-Search-Problem)\n", "* representation invariant — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* representative path — [Symbolic Fuzzing (Exercise 3: _Implementing a Concolic Fuzzer_)](SymbolicFuzzer.ipynb#Exercise-3:-_Implementing-a-Concolic-Fuzzer_)\n", "* `__repr__()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Symbolic Fuzzing (Tracking Assignments)](SymbolicFuzzer.ipynb#Tracking-Assignments), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `REQUIRED_FIELDS` — [Testing Web Applications (Part 4: A Robust Server)](WebFuzzer.ipynb#Part-4:-A-Robust-Server)\n", "* `__req__()` — [Concolic Fuzzing (Equality between Integers)](ConcolicFuzzer.ipynb#Equality-between-Integers), [Concolic Fuzzing (Equality between Strings)](ConcolicFuzzer.ipynb#Equality-between-Strings)\n", "* `reset()` — [Mutation-Based Fuzzing (Multiple Mutations)](MutationFuzzer.ipynb#Multiple-Mutations), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Greybox Fuzzing (Blackbox, Greybox, and Boosted Greybox Fuzzing)](GreyboxFuzzer.ipynb#Blackbox,-Greybox,-and-Boosted-Greybox-Fuzzing), [Greybox Fuzzing (Greybox Mutation-based Fuzzer)](GreyboxFuzzer.ipynb#Greybox-Mutation-based-Fuzzer), [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer), [Probabilistic Grammar Fuzzing (Counting Expansions)](ProbabilisticGrammarFuzzer.ipynb#Counting-Expansions), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results), [Testing Web Applications (Searching HTML for Input Fields)](WebFuzzer.ipynb#Searching-HTML-for-Input-Fields), [Testing Web Applications (Crawling User Interfaces)](WebFuzzer.ipynb#Crawling-User-Interfaces), [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma)\n", "* `reset_coverage()` — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `reset_generators()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `reset_registry()` — [Control Flow Graph (Registry)](ControlFlow.ipynb#Registry), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* residual risk — [When To Stop Fuzzing](WhenToStopFuzzing.ipynb#When-To-Stop-Fuzzing), [When To Stop Fuzzing (Discovery Probability Quantifies Residual Risk)](WhenToStopFuzzing.ipynb#Discovery-Probability-Quantifies-Residual-Risk)\n", "* `restart()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `RestartExpansionException` class — [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `restarting_hillclimber()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `restart_expansion()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion), [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `result()` — [Carving Unit Tests (Part 2: Access results)](Carver.ipynb#Part-2:-Access-results)\n", "* `ResultCarver` class — [Carving Unit Tests (Exercises)](Carver.ipynb#Exercises), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results), [Carving Unit Tests (Part 2: Access results)](Carver.ipynb#Part-2:-Access-results)\n", "* results checker — [Code Coverage (Finding Errors with Basic Fuzzing)](Coverage.ipynb#Finding-Errors-with-Basic-Fuzzing)\n", "* return — [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations), [Mining Input Grammars (Tracking variable assignment locations)](GrammarMiner.ipynb#Tracking-variable-assignment-locations)\n", "* `RETURN_VALUE` — [Mining Function Specifications (Extracting Invariants)](DynamicInvariants.ipynb#Extracting-Invariants)\n", "* `RE_EXTENDED_NONTERMINAL` — [Fuzzing with Grammars (Expanding Operators)](Grammars.ipynb#Expanding-Operators)\n", "* `RE_NONTERMINAL` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `RE_PARENTHESIZED_EXPR` — [Fuzzing with Grammars (Expanding Parenthesized Expressions)](Grammars.ipynb#Expanding-Parenthesized-Expressions)\n", "* RFC 4180 — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* `right()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `RISKY_NUMBERS` — [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs), [Probabilistic Grammar Fuzzing (Exercise 2: Learning from Past Bugs)](ProbabilisticGrammarFuzzer.ipynb#Exercise-2:-Learning-from-Past-Bugs)\n", "* `rjust()` — [Tracking Information Flow (Justify)](InformationFlow.ipynb#Justify)\n", "* `__rmod__()` — [Tracking Information Flow (mod)](InformationFlow.ipynb#mod)\n", "* root node — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `rootIsBlack()` — [Fuzzing: Breaking Things with Random Inputs (Program-Specific Checkers)](Fuzzer.ipynb#Program-Specific-Checkers)\n", "* `roots()` — [Symbolic Fuzzing (Example: Roots of a Quadratic Equation)](SymbolicFuzzer.ipynb#Example:-Roots-of-a-Quadratic-Equation)\n", "* `roots2()` — [Symbolic Fuzzing ( Roots - Check Before Divide)](SymbolicFuzzer.ipynb#-Roots---Check-Before-Divide)\n", "* `roots3()` — [Symbolic Fuzzing ( Roots - Eliminating the Zero Division Error)](SymbolicFuzzer.ipynb#-Roots---Eliminating-the-Zero-Division-Error)\n", "* `round10()` — [Concolic Fuzzing (Round)](ConcolicFuzzer.ipynb#Round)\n", "* `rpartition()` — [Tracking Information Flow (Partitions)](InformationFlow.ipynb#Partitions)\n", "* `RR_GRAMMAR2` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR3` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR4` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR5` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR6` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR7` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR8` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR9` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `RR_GRAMMAR` — [Parsing Inputs (Recursion)](Parser.ipynb#Recursion), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `rsplit()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* `rstrip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* rules — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions)\n", "* `rules()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable), [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* `run()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes), [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Greybox Fuzzing (Greybox Mutation-based Fuzzer)](GreyboxFuzzer.ipynb#Greybox-Mutation-based-Fuzzer), [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer), [Reducing Failure-Inducing Inputs (Why Reducing?)](Reducer.ipynb#Why-Reducing?), [Reducing Failure-Inducing Inputs (Lexical Reduction vs. Syntactic Rules)](Reducer.ipynb#Lexical-Reduction-vs.-Syntactic-Rules), [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis), [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options), [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values), [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions), [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces), [When To Stop Fuzzing (Fuzzing the Enigma)](WhenToStopFuzzing.ipynb#Fuzzing-the-Enigma)\n", "* `Runner` class — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `runs()` — [Fuzzing: Breaking Things with Random Inputs (Fuzzer Classes)](Fuzzer.ipynb#Fuzzer-Classes)\n", "* `runTest()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `run_function()` — [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage), [Mutation-Based Fuzzing (Guiding by Coverage)](MutationFuzzer.ipynb#Guiding-by-Coverage)\n", "* `run_fuzzmanager()` — [Fuzzing in the Large (Starting the Server)](FuzzingInTheLarge.ipynb#Starting-the-Server)\n", "* `run_fuzzmanager_forever()` — [Fuzzing in the Large (Starting the Server)](FuzzingInTheLarge.ipynb#Starting-the-Server)\n", "* `run_generator()` — [Fuzzing with Generators (Support for Python Generators)](GeneratorGrammarFuzzer.ipynb#Support-for-Python-Generators)\n", "* `run_httpd_forever()` — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* `run_post_functions()` — [Fuzzing with Generators (Checking and Repairing Elements after Expansion)](GeneratorGrammarFuzzer.ipynb#Checking-and-Repairing-Elements-after-Expansion)\n", "* `run_post_functions_locally()` — [Fuzzing with Generators (Local Checking and Repairing)](GeneratorGrammarFuzzer.ipynb#Local-Checking-and-Repairing)\n", "* `run_process()` — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### S\n", "\n", "* S-EXP — [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format), [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format)\n", "* sample coverage — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* `sample_db()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables)\n", "* `SAMPLE_GRAMMAR` — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* sanitization — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `sanitize()` — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* Save — [Fuzzing in the Large (Crash Buckets)](FuzzingInTheLarge.ipynb#Crash-Buckets)\n", "* Scalene — [Symbolic Fuzzing (The CFG with Path Taken)](SymbolicFuzzer.ipynb#The-CFG-with-Path-Taken)\n", "* `scan()` — [Parsing Inputs (Scanning Tokens)](Parser.ipynb#Scanning-Tokens)\n", "* scanner — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* scope — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `ScopedGrammarMiner` class — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `ScopedVars` class — [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `ScopeTracker` class — [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker), [Mining Input Grammars (Scope Tracker)](GrammarMiner.ipynb#Scope-Tracker)\n", "* `ScopeTreeMiner` class — [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `score()` — [Mutation Analysis (Evaluating Mutations)](MutationAnalysis.ipynb#Evaluating-Mutations), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* search — [Search-Based Fuzzing](SearchBasedFuzzer.ipynb#Search-Based-Fuzzing)\n", "* search space — [Search-Based Fuzzing (Test Generation as a Search Problem)](SearchBasedFuzzer.ipynb#Test-Generation-as-a-Search-Problem)\n", "* Search-based Fuzzing](SearchBasedFuzzer.ipynb). If you are interested, how to solve the problems above, you can have a look at our paper on \"[Directed Greybox Fuzzing — [Greybox Fuzzing (Computing Function-Level Distance)](GreyboxFuzzer.ipynb#Computing-Function-Level-Distance)\n", "* `SECRET_ORIGIN` — [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited)\n", "* `SECRET` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* seeds — [Fuzzing with Grammars (Grammars as Mutation Seeds)](Grammars.ipynb#Grammars-as-Mutation-Seeds)\n", "* `Seed` class — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules)\n", "* `selection()` — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* selective pressure — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* Selenium — [Testing Graphical User Interfaces (Automated GUI Interaction)](GUIFuzzer.ipynb#Automated-GUI-Interaction)\n", "* Selenium tests — [Testing Graphical User Interfaces (Writing Test Cases)](GUIFuzzer.ipynb#Writing-Test-Cases)\n", "* Selenium](https://www.seleniumhq.org) is a framework for testing Web applications by _automating interaction in the browser_. Selenium provides an API that allows one to launch a Web browser, query the state of the user interface, and interact with individual user interface elements. The Selenium API is available in a number of languages; we use the [Selenium API for Python — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `send_back()` — [Tracking Information Flow (Preventing Privacy Leaks)](InformationFlow.ipynb#Preventing-Privacy-Leaks)\n", "* `send_order_form()` — [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form)\n", "* `send_order_received()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 2: Sanitized HTML)](WebFuzzer.ipynb#Part-2:-Sanitized-HTML)\n", "* `send_terms_and_conditions()` — [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form)\n", "* `Sequence` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `seq_vars()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* session cookie — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n", "* `__setitem__()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars)\n", "* `set_arguments()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `set_expansion_probabilities()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `set_flatten_depth()` — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* `set_grammar()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `set_invocation()` — [Testing Configurations (Classes for Fuzzing Configuration Options)](ConfigurationFuzzer.ipynb#Classes-for-Fuzzing-Configuration-Options)\n", "* `_set_kv()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `set_opts()` — [Fuzzing with Grammars (Grammar Extensions)](Grammars.ipynb#Grammar-Extensions)\n", "* `set_parents()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `set_prob()` — [Probabilistic Grammar Fuzzing (Directed Fuzzing)](ProbabilisticGrammarFuzzer.ipynb#Directed-Fuzzing)\n", "* `set_probabilities()` — [Probabilistic Grammar Fuzzing (Assigning Probabilities)](ProbabilisticGrammarFuzzer.ipynb#Assigning-Probabilities)\n", "* `SEXPR_TOKEN` — [Concolic Fuzzing (Using the Command Line)](ConcolicFuzzer.ipynb#Using-the-Command-Line)\n", "* Shellsort — [Introduction to Software Testing (Exercise 1: Testing Shellsort)](Intro_Testing.ipynb#Exercise-1:-Testing-Shellsort)\n", "* `shellsort()` — [Introduction to Software Testing (Exercise 1: Testing Shellsort)](Intro_Testing.ipynb#Exercise-1:-Testing-Shellsort)\n", "* short-circuit evaluation — [Search-Based Fuzzing (Dealing with Complex Conditions)](SearchBasedFuzzer.ipynb#Dealing-with-Complex-Conditions)\n", "* showast — [Mutation Analysis (Mutating Python Code)](MutationAnalysis.ipynb#Mutating-Python-Code), [Mining Function Specifications (Accessing Function Structure)](DynamicInvariants.ipynb#Accessing-Function-Structure)\n", "* `show_cfg()` — [Symbolic Fuzzing (The Control Flow Graph)](SymbolicFuzzer.ipynb#The-Control-Flow-Graph)\n", "* `show_coverage()` — [Mutation Analysis (Structural Coverage Adequacy by Example)](MutationAnalysis.ipynb#Structural-Coverage-Adequacy-by-Example), [Symbolic Fuzzing (Visualizing the Coverage)](SymbolicFuzzer.ipynb#Visualizing-the-Coverage)\n", "* `show_diagram()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `show_table()` — [Parsing Inputs (Part 1: A LL(1) Parsing Table)](Parser.ipynb#Part-1:-A-LL(1)-Parsing-Table)\n", "* Signatures — [Fuzzing in the Large (Crash Signatures)](FuzzingInTheLarge.ipynb#Crash-Signatures)\n", "* simple-crash — [Fuzzing in the Large (Collecting Crashes)](FuzzingInTheLarge.ipynb#Collecting-Crashes)\n", "* `SimpleConcolicFuzzer` class — [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints), [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints)\n", "* `SimpleGrammarCoverageFuzzer` class — [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions), [Grammar Coverage (Covering Grammar Expansions)](GrammarCoverageFuzzer.ipynb#Covering-Grammar-Expansions)\n", "* `SimpleHTTPRequestHandler` class — [Testing Web Applications (A Web User Interface)](WebFuzzer.ipynb#A-Web-User-Interface), [Testing Web Applications (Handling HTTP Requests)](WebFuzzer.ipynb#Handling-HTTP-Requests), [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form), [Testing Web Applications (Order Form)](WebFuzzer.ipynb#Order-Form), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Other HTTP commands)](WebFuzzer.ipynb#Other-HTTP-commands), [Testing Web Applications (Page Not Found)](WebFuzzer.ipynb#Page-Not-Found), [Testing Web Applications (Internal Errors)](WebFuzzer.ipynb#Internal-Errors), [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* SimpleSymbolicFuzzer — [Symbolic Fuzzing (Problems with the Simple Fuzzer)](SymbolicFuzzer.ipynb#Problems-with-the-Simple-Fuzzer)\n", "* `SimpleSymbolicFuzzer` class — [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer), [Symbolic Fuzzing (Generating All Possible Paths)](SymbolicFuzzer.ipynb#Generating-All-Possible-Paths), [Symbolic Fuzzing (Generating All Possible Paths)](SymbolicFuzzer.ipynb#Generating-All-Possible-Paths), [Symbolic Fuzzing (Extracting All Constraints)](SymbolicFuzzer.ipynb#Extracting-All-Constraints), [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer), [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer), [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer)\n", "* `simple_call_string()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Carving Unit Tests (Recording my_sqrt())](Carver.ipynb#Recording-my_sqrt())\n", "* `simple_grammar_fuzzer()` — [Fuzzing with Grammars (A Simple Grammar Fuzzer)](Grammars.ipynb#A-Simple-Grammar-Fuzzer)\n", "* single — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* single-alternative — [Parsing Inputs (The Earley Parser)](Parser.ipynb#The-Earley-Parser)\n", "* singleton species — [When To Stop Fuzzing (Exercises)](WhenToStopFuzzing.ipynb#Exercises)\n", "* sinks — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `Skip` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* smaller number of valid inputs — [Greybox Fuzzing with Grammars (Region-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Region-Based-Fuzzing)\n", "* Smart Greybox Fuzzing](https://arxiv.org/abs/1811.09447)\" by Pham et al.. Download and improve AFLSmart: [https://github.com/aflsmart/aflsmart — [Greybox Fuzzing with Grammars (Focusing on Valid Seeds)](GreyboxGrammarFuzzer.ipynb#Focusing-on-Valid-Seeds)\n", "* SMT Solver — [Concolic Fuzzing (Concolic Execution)](ConcolicFuzzer.ipynb#Concolic-Execution)\n", "* SMT solvers — [Concolic Fuzzing](ConcolicFuzzer.ipynb#Concolic-Fuzzing)\n", "* SMT solvers](https://en.wikipedia.org/wiki/Satisfiability_modulo_theories), especially [Z3 — [Symbolic Fuzzing](SymbolicFuzzer.ipynb#Symbolic-Fuzzing)\n", "* SMT-LIB — [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format)\n", "* `smt_expr()` — [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format)\n", "* `solve_path_constraint()` — [Symbolic Fuzzing (Fuzzing with Simple Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Fuzzing-with-Simple-Symbolic-Fuzzer), [Symbolic Fuzzing (Solving Path Constraints)](SymbolicFuzzer.ipynb#Solving-Path-Constraints)\n", "* some — [Greybox Fuzzing (Background)](GreyboxFuzzer.ipynb#Background), [Greybox Fuzzing with Grammars (Region-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Region-Based-Fuzzing)\n", "* `some_long_running_function()` — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* sooo very slow — [Greybox Fuzzing with Grammars (Fragment-Based Fuzzing)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Fuzzing)\n", "* `sort_by_prob()` — [Probabilistic Grammar Fuzzing (Testing Uncommon Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Uncommon-Features)\n", "* `source()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* sources — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `span()` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* specific — [Search-Based Fuzzing](SearchBasedFuzzer.ipynb#Search-Based-Fuzzing)\n", "* `split()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars), [Tracking Information Flow (Split)](InformationFlow.ipynb#Split), [Concolic Fuzzing (Splitting Strings)](ConcolicFuzzer.ipynb#Splitting-Strings)\n", "* `_split_helper()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* `_split_space()` — [Tracking Information Flow (Split)](InformationFlow.ipynb#Split)\n", "* SQL commands — [Testing Web Applications (Storing Orders)](WebFuzzer.ipynb#Storing-Orders)\n", "* SQL injection — [Testing Web Applications (SQL Injection Attacks)](WebFuzzer.ipynb#SQL-Injection-Attacks)\n", "* `sql()` — [Tracking Information Flow (Executing SQL Statements)](InformationFlow.ipynb#Executing-SQL-Statements), [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `SQLException` class — [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database)\n", "* `SQLInjectionFuzzer` class — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `SQLInjectionGrammarMiner` class — [Testing Web Applications (Fully Automatic Web Attacks)](WebFuzzer.ipynb#Fully-Automatic-Web-Attacks)\n", "* `sqrt_program()` — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input), [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input), [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n", "* `srange()` — [Fuzzing with Grammars (Character Classes)](Grammars.ipynb#Character-Classes)\n", "* `src()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `stack_to_tree()` — [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack)\n", "* `Stack` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* STADS: Software Testing as Species Discovery — [When To Stop Fuzzing (Background)](WhenToStopFuzzing.ipynb#Background)\n", "* start symbol — [Fuzzing with Grammars (Rules and Expansions)](Grammars.ipynb#Rules-and-Expansions), [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `startswith()` — [Concolic Fuzzing (Checking for String Prefixes)](ConcolicFuzzer.ipynb#Checking-for-String-Prefixes)\n", "* `start_httpd()` — [Testing Web Applications (Running the Server)](WebFuzzer.ipynb#Running-the-Server)\n", "* `START_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `start_symbol()` — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* `START_SYMBOL` — [Fuzzing with Grammars (Some Definitions)](Grammars.ipynb#Some-Definitions)\n", "* `start_webdriver()` — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `Start` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* state — [Testing Graphical User Interfaces (All Together)](GUIFuzzer.ipynb#All-Together)\n", "* Statement coverage — [Code Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* states — [Testing Graphical User Interfaces (User Interfaces as Finite State Machines)](GUIFuzzer.ipynb#User-Interfaces-as-Finite-State-Machines)\n", "* `State` class — [Parsing Inputs (States)](Parser.ipynb#States), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* steepest ascent hillclimbing — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `steepest_ascent_hillclimber()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `StmtDeletionMutator` class — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `store_order()` — [Testing Web Applications (Processing Orders)](WebFuzzer.ipynb#Processing-Orders), [Testing Web Applications (Part 3: Sanitized SQL)](WebFuzzer.ipynb#Part-3:-Sanitized-SQL)\n", "* String — [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* string inclusion — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `strip()` — [Tracking Information Flow (Strip)](InformationFlow.ipynb#Strip), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* `strip_all_info()` — [Tracking Information Flow (Conversions)](InformationFlow.ipynb#Conversions)\n", "* `strip_all_info_again()` — [Tracking Information Flow (Implicit Information Flow)](InformationFlow.ipynb#Implicit-Information-Flow)\n", "* `STROKE_ODD_PIXEL_LENGTH` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `StrongShapeTest` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `strong_oracle()` — [Mutation Analysis (Structural Coverage Adequacy by Example)](MutationAnalysis.ipynb#Structural-Coverage-Adequacy-by-Example)\n", "* `__str__()` — [Greybox Fuzzing (Power Schedules)](GreyboxFuzzer.ipynb#Power-Schedules), [Parsing Inputs (Columns)](Parser.ipynb#Columns), [Parsing Inputs (States)](Parser.ipynb#States), [Mining Input Grammars (CallStack)](GrammarMiner.ipynb#CallStack), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing), [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Symbolic Fuzzing (Stepwise Exploration of Paths)](SymbolicFuzzer.ipynb#Stepwise-Exploration-of-Paths), [Error Handling (Catching Timeouts)](ExpectError.ipynb#Catching-Timeouts), [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `Style` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* subclasses — [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes)\n", "* `submit()` — [Testing Graphical User Interfaces (Executing User Interface Actions)](GUIFuzzer.ipynb#Executing-User-Interface-Actions)\n", "* `subtrees_with_symbol()` — [Reducing Failure-Inducing Inputs (Finding Subtrees)](Reducer.ipynb#Finding-Subtrees)\n", "* `suite()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `sum2()` — [Mining Function Specifications (Some Examples)](DynamicInvariants.ipynb#Some-Examples), [Mining Function Specifications (Mining Specifications from Generated Tests)](DynamicInvariants.ipynb#Mining-Specifications-from-Generated-Tests), [Mining Function Specifications (Synopsis)](DynamicInvariants.ipynb#Synopsis)\n", "* `SUM2_EBNF_GRAMMAR` — [Mining Function Specifications (Mining Specifications from Generated Tests)](DynamicInvariants.ipynb#Mining-Specifications-from-Generated-Tests)\n", "* `sum3()` — [Mining Function Specifications (Multiple Types)](DynamicInvariants.ipynb#Multiple-Types)\n", "* `supported_opts()` — [Efficient Grammar Fuzzing (Expanding a Node)](GrammarFuzzer.ipynb#Expanding-a-Node), [Probabilistic Grammar Fuzzing (Expanding by Probability)](ProbabilisticGrammarFuzzer.ipynb#Expanding-by-Probability), [Fuzzing with Generators (A Class for Integrating Constraints)](GeneratorGrammarFuzzer.ipynb#A-Class-for-Integrating-Constraints), [Fuzzing with Generators (Generators and Probabilistic Fuzzing)](GeneratorGrammarFuzzer.ipynb#Generators-and-Probabilistic-Fuzzing), [Fuzzing with Generators (Generators and Grammar Coverage)](GeneratorGrammarFuzzer.ipynb#Generators-and-Grammar-Coverage)\n", "* `swapcase()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `swap_fragment()` — [Greybox Fuzzing with Grammars (Fragment-Based Mutation)](GreyboxGrammarFuzzer.ipynb#Fragment-Based-Mutation), [Greybox Fuzzing with Grammars (Region-based Mutation)](GreyboxGrammarFuzzer.ipynb#Region-based-Mutation)\n", "* symbol table — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* symbolic — [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* symbolic fuzzer — [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer)\n", "* symbolic shadow variables — [Concolic Fuzzing (SMT Solvers)](ConcolicFuzzer.ipynb#SMT-Solvers)\n", "* symbolically — [Symbolic Fuzzing (SimpleSymbolicFuzzer)](SymbolicFuzzer.ipynb#SimpleSymbolicFuzzer)\n", "* `symbol_cost()` — [Efficient Grammar Fuzzing (Closing the Expansion)](GrammarFuzzer.ipynb#Closing-the-Expansion)\n", "* `SYMBOL_NAME` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `symbol_reductions()` — [Reducing Failure-Inducing Inputs (Both Strategies Together)](Reducer.ipynb#Both-Strategies-Together)\n", "* `SYMBOL_TABLE` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `sym_to_float()` — [Symbolic Fuzzing (Example: Roots of a Quadratic Equation)](SymbolicFuzzer.ipynb#Example:-Roots-of-a-Quadratic-Equation)\n", "* syntactical structure — [Fuzzing with Grammars (Grammars)](Grammars.ipynb#Grammars)\n", "* `syntax_diagram()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_alt()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_expr()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* `syntax_diagram_symbol()` — [Fuzzing with Grammars (Visualizing Grammars as Railroad Diagrams)](Grammars.ipynb#Visualizing-Grammars-as-Railroad-Diagrams)\n", "* system input — [Introduction to Software Testing (System Input vs Function Input)](Intro_Testing.ipynb#System-Input-vs-Function-Input)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### T\n", "\n", "* `_t()` — [Parsing Inputs (States)](Parser.ipynb#States), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `table()` — [Tracking Information Flow (Representing Tables)](InformationFlow.ipynb#Representing-Tables), [Concolic Fuzzing (Database)](ConcolicFuzzer.ipynb#Database)\n", "* taint — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* taint sanitizers — [Tracking Information Flow (The Evil of Eval)](InformationFlow.ipynb#The-Evil-of-Eval)\n", "* `TaintedDB` class — [Tracking Information Flow (TaintedDB)](InformationFlow.ipynb#TaintedDB)\n", "* `TaintedGrammarFuzzer` class — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `TaintedInputStack` class — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow), [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `TaintedScopedGrammarMiner` class — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `TaintedScopedVars` class — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `TaintedScopeTracker` class — [Mining Input Grammars (Exercise 2: Incorporating Taints from InformationFlow)](GrammarMiner.ipynb#Exercise-2:-Incorporating-Taints-from-InformationFlow)\n", "* `Tainted` class — [Tracking Information Flow (Taint Aware Fuzzing)](InformationFlow.ipynb#Taint-Aware-Fuzzing)\n", "* `target_tile()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* terminal symbol — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `terminals()` — [Parsing Inputs (Nullable)](Parser.ipynb#Nullable)\n", "* `terminal_repr()` — [Search-Based Fuzzing (Evolutionary Search)](SearchBasedFuzzer.ipynb#Evolutionary-Search)\n", "* `Terminal` class — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* test — [Introduction to Software Testing (Running a Function)](Intro_Testing.ipynb#Running-a-Function)\n", "* `test()` — [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging), [Reducing Failure-Inducing Inputs (Delta Debugging)](Reducer.ipynb#Delta-Debugging)\n", "* `TestGCD` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Synopsis)](MutationAnalysis.ipynb#Synopsis)\n", "* `test_equilateral()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `test_isosceles()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `test_me()` — [Search-Based Fuzzing (Representing Program Inputs as a Search Problem)](SearchBasedFuzzer.ipynb#Representing-Program-Inputs-as-a-Search-Problem)\n", "* `test_me2()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `test_me2_instrumented()` — [Search-Based Fuzzing (Hillclimbing the Example)](SearchBasedFuzzer.ipynb#Hillclimbing-the-Example)\n", "* `test_me_instrumented()` — [Search-Based Fuzzing (Instrumentation)](SearchBasedFuzzer.ipynb#Instrumentation), [Search-Based Fuzzing (Instrumentation)](SearchBasedFuzzer.ipynb#Instrumentation)\n", "* `test_mirror()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Synopsis)](MutationAnalysis.ipynb#Synopsis)\n", "* `test_scalene()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `test_simple()` — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites), [Mutation Analysis (Synopsis)](MutationAnalysis.ipynb#Synopsis)\n", "* `test_successful_order()` — [Testing Graphical User Interfaces (Writing Test Cases)](GUIFuzzer.ipynb#Writing-Test-Cases)\n", "* the ConfigParser documentation — [Testing Configurations (Exercise 2: .ini Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Exercise-2:-.ini-Configuration-Fuzzing)\n", "* \"The state of type hints in Python\" — [Mining Function Specifications (Background)](DynamicInvariants.ipynb#Background)\n", "* this — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* this article — [Probabilistic Grammar Fuzzing (Background)](ProbabilisticGrammarFuzzer.ipynb#Background)\n", "* this handy trick — [Fuzzing in the Large (Setting up the Server)](FuzzingInTheLarge.ipynb#Setting-up-the-Server)\n", "* throw away the result — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `tile_()` — [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze), [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze), [Control Flow Graph (Example: Maze)](ControlFlow.ipynb#Example:-Maze)\n", "* `timeout()` — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool)\n", "* `Timeout` class — [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool)\n", "* `Timer` class — [Timer (Measuring Time)](Timer.ipynb#Measuring-Time)\n", "* `tint` class — [Tracking Information Flow (Part 1: Creation)](InformationFlow.ipynb#Part-1:-Creation), [Tracking Information Flow (Part 2: Arithmetic expressions)](InformationFlow.ipynb#Part-2:-Arithmetic-expressions), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Tracking Information Flow (Part 3: Passing taints from integers to strings)](InformationFlow.ipynb#Part-3:-Passing-taints-from-integers-to-strings), [Tracking Information Flow (Part 4: Passing taints from integers to strings)](InformationFlow.ipynb#Part-4:-Passing-taints-from-integers-to-strings)\n", "* `title()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin)\n", "* `TITLE_GRAMMAR` — [Fuzzing with Grammars (A Natural Language Grammar)](Grammars.ipynb#A-Natural-Language-Grammar)\n", "* together — [Mutation Analysis (Exercise 4: Estimating Residual Defect Density)](MutationAnalysis.ipynb#Exercise-4:-Estimating-Residual-Defect-Density)\n", "* `tokenize()` — [Parsing Inputs (The Packrat Parser for Predicate Expression Grammars)](Parser.ipynb#The-Packrat-Parser-for-Predicate-Expression-Grammars)\n", "* tokenizer — [Parsing Inputs (Ambiguity)](Parser.ipynb#Ambiguity)\n", "* top to bottom — [Parsing Inputs (An Ad Hoc Parser)](Parser.ipynb#An-Ad-Hoc-Parser)\n", "* topmost — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* tournament selection — [Search-Based Fuzzing (Genetic Algorithms)](SearchBasedFuzzer.ipynb#Genetic-Algorithms)\n", "* `to_graph()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `to_json()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode)\n", "* `to_nonterminal()` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* `to_num()` — [Concolic Fuzzing (Fuzzing with Constraints)](ConcolicFuzzer.ipynb#Fuzzing-with-Constraints)\n", "* `to_single_assignment_predicates()` — [Symbolic Fuzzing (Renaming Used Variables)](SymbolicFuzzer.ipynb#Renaming-Used-Variables)\n", "* `to_src()` — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* `trace()` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `traceit()` — [Code Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions), [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class), [Mining Input Grammars (Tracer)](GrammarMiner.ipynb#Tracer), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Concolic Fuzzing (Tracking Constraints)](ConcolicFuzzer.ipynb#Tracking-Constraints), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls), [Testing Configurations (Tracking Arguments)](ConfigurationFuzzer.ipynb#Tracking-Arguments), [Testing Configurations (Tracking Arguments)](ConfigurationFuzzer.ipynb#Tracking-Arguments), [Testing Configurations (A Grammar Miner for Options and Arguments)](ConfigurationFuzzer.ipynb#A-Grammar-Miner-for-Options-and-Arguments), [Carving Unit Tests (Recording Calls)](Carver.ipynb#Recording-Calls), [Carving Unit Tests (Exercises)](Carver.ipynb#Exercises), [Carving Unit Tests (Part 1: Store function results)](Carver.ipynb#Part-1:-Store-function-results)\n", "* `Tracer` class — [Mining Input Grammars (Tracer)](GrammarMiner.ipynb#Tracer), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context), [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `trace_call()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls)\n", "* `trace_return()` — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls)\n", "* tracing function — [Code Coverage (Tracing Executions)](Coverage.ipynb#Tracing-Executions)\n", "* `tracing_context()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `tracing_var()` — [Mining Input Grammars (Context)](GrammarMiner.ipynb#Context)\n", "* `Tracker` class — [Mining Function Specifications (Tracking Calls)](DynamicInvariants.ipynb#Tracking-Calls)\n", "* `TrackingConfigParser` class — [Testing Configurations (Part 3: Mine a Configuration Grammar)](ConfigurationFuzzer.ipynb#Part-3:-Mine-a-Configuration-Grammar)\n", "* `TrackingDB` class — [Tracking Information Flow (TrackingDB)](InformationFlow.ipynb#TrackingDB)\n", "* `TrackingGrammarCoverageFuzzer` class — [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage), [Grammar Coverage (Tracking Grammar Coverage)](GrammarCoverageFuzzer.ipynb#Tracking-Grammar-Coverage)\n", "* `track_event()` — [Mining Input Grammars (DefineTracker)](GrammarMiner.ipynb#DefineTracker), [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* transitive — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `translate_to_z3_name()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `traverse_tree()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees)\n", "* `traverse_z3()` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* tree — [Efficient Grammar Fuzzing (Derivation Trees)](GrammarFuzzer.ipynb#Derivation-Trees)\n", "* `TreeMiner` class — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Recovering a Derivation Tree)](GrammarMiner.ipynb#Recovering-a-Derivation-Tree)\n", "* `tree_list_to_string()` — [Reducing Failure-Inducing Inputs (A Few Helpers)](Reducer.ipynb#A-Few-Helpers)\n", "* `tree_to_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining)\n", "* `tree_to_string()` — [Efficient Grammar Fuzzing (Representing Derivation Trees)](GrammarFuzzer.ipynb#Representing-Derivation-Trees), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `tree_type()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `TRIALS` — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures), [Fuzzing in the Large (Collecting Code Coverage)](FuzzingInTheLarge.ipynb#Collecting-Code-Coverage)\n", "* `triangle()` — [Mutation Analysis (Structural Coverage Adequacy by Example)](MutationAnalysis.ipynb#Structural-Coverage-Adequacy-by-Example), [Concolic Fuzzing (Translating to the SMT Expression Format)](ConcolicFuzzer.ipynb#Translating-to-the-SMT-Expression-Format)\n", "* `triangle_m1()` — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* trigram — [When To Stop Fuzzing (The Enigma Machine)](WhenToStopFuzzing.ipynb#The-Enigma-Machine)\n", "* `TroffRunner` class — [Fuzzing: Breaking Things with Random Inputs (Exercise 2: Run Simulated Troff)](Fuzzer.ipynb#Exercise-2:-Run-Simulated-Troff)\n", "* `true_property_instantiations()` — [Mining Function Specifications (Checking Invariants)](DynamicInvariants.ipynb#Checking-Invariants)\n", "* `TrustedDB` class — [Tracking Information Flow (Tracking Untrusted Input)](InformationFlow.ipynb#Tracking-Untrusted-Input)\n", "* `TRUSTED` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* `TState` class — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* `tstr1()` — [Concolic Fuzzing (Equality between Strings)](ConcolicFuzzer.ipynb#Equality-between-Strings), [Concolic Fuzzing (Equality between Strings)](ConcolicFuzzer.ipynb#Equality-between-Strings)\n", "* `tstr10()` — [Concolic Fuzzing (Splitting Strings)](ConcolicFuzzer.ipynb#Splitting-Strings)\n", "* `tstr2()` — [Concolic Fuzzing (An Iterator Class for Strings)](ConcolicFuzzer.ipynb#An-Iterator-Class-for-Strings)\n", "* `tstr3()` — [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents)\n", "* `tstr4()` — [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents)\n", "* `tstr5()` — [Concolic Fuzzing (Checking for String Prefixes)](ConcolicFuzzer.ipynb#Checking-for-String-Prefixes)\n", "* `tstr6()` — [Concolic Fuzzing (Finding Substrings)](ConcolicFuzzer.ipynb#Finding-Substrings)\n", "* `tstr7()` — [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* `tstr8()` — [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* `tstr9()` — [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends)\n", "* `tstr` class — [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (A Class for Tainted Strings)](InformationFlow.ipynb#A-Class-for-Tainted-Strings), [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators), [Tracking Information Flow (String Operators)](InformationFlow.ipynb#String-Operators)\n", "* Turing machines — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* twice — [Search-Based Fuzzing (Dealing with Complex Conditions)](SearchBasedFuzzer.ipynb#Dealing-with-Complex-Conditions)\n", "* `twice()` — [Testing Configurations (Creating Autopep8 Options)](ConfigurationFuzzer.ipynb#Creating-Autopep8-Options)\n", "* two — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries), [When To Stop Fuzzing (Measuring Trace Coverage over Time)](WhenToStopFuzzing.ipynb#Measuring-Trace-Coverage-over-Time)\n", "* type annotations — [Symbolic Fuzzing](SymbolicFuzzer.ipynb#Symbolic-Fuzzing)\n", "* `TypeAnnotator` class — [Mining Function Specifications (All-in-one Annotation)](DynamicInvariants.ipynb#All-in-one-Annotation)\n", "* `typed_functions()` — [Mining Function Specifications (All-in-one Annotation)](DynamicInvariants.ipynb#All-in-one-Annotation)\n", "* `typed_functions_ast()` — [Mining Function Specifications (All-in-one Annotation)](DynamicInvariants.ipynb#All-in-one-Annotation)\n", "* types — [Mining Function Specifications (Specifying and Checking Data Types)](DynamicInvariants.ipynb#Specifying-and-Checking-Data-Types)\n", "* `TypeTracker` class — [Mining Function Specifications (All-in-one Annotation)](DynamicInvariants.ipynb#All-in-one-Annotation)\n", "* `TypeTransformer` class — [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types), [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types), [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types)\n", "* `type_string()` — [Mining Function Specifications (Annotating Functions with Mined Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Mined-Types)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## U - Z" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### U\n", "\n", "* `UNEXPLORED_STATE` — [Testing Graphical User Interfaces (Retrieving State Grammars)](GUIFuzzer.ipynb#Retrieving-State-Grammars)\n", "* `unhack()` — [Control Flow Graph (Supporting Functions)](ControlFlow.ipynb#Supporting-Functions)\n", "* `unicode_escape()` — [Fuzzing in the Large (Coarse-Grained Signatures)](FuzzingInTheLarge.ipynb#Coarse-Grained-Signatures)\n", "* `unicode_string_neighbours()` — [Search-Based Fuzzing (Evolutionary Search)](SearchBasedFuzzer.ipynb#Evolutionary-Search)\n", "* `unify_key()` — [Parsing Inputs (Unify Key)](Parser.ipynb#Unify-Key), [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `unify_rule()` — [Parsing Inputs (Unify Rule)](Parser.ipynb#Unify-Rule), [Parsing Inputs (Exercise 1: An Alternative Packrat)](Parser.ipynb#Exercise-1:-An-Alternative-Packrat)\n", "* `uniq_postdot()` — [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser), [Parsing Inputs (Exercise 5: Leo Parser)](Parser.ipynb#Exercise-5:-Leo-Parser)\n", "* universal grammars — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* `UNKNOWN_ORIGIN` — [Tracking Information Flow (A Class for Tracking Character Origins)](InformationFlow.ipynb#A-Class-for-Tracking-Character-Origins), [Tracking Information Flow (Privacy Leaks Revisited)](InformationFlow.ipynb#Privacy-Leaks-Revisited)\n", "* unobserved — [When To Stop Fuzzing (Turing's Observations)](WhenToStopFuzzing.ipynb#Turing's-Observations)\n", "* unparse — [Symbolic Fuzzing (Function Summaries)](SymbolicFuzzer.ipynb#Function-Summaries)\n", "* `unreachable_nonterminals()` — [Fuzzing with Grammars (Checking Grammars)](Grammars.ipynb#Checking-Grammars)\n", "* `UNRESOLVED` — [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Synopsis)](Fuzzer.ipynb#Synopsis), [Fuzzing: Breaking Things with Random Inputs (Runner Classes)](Fuzzer.ipynb#Runner-Classes), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Fuzzing: Breaking Things with Random Inputs (Runners)](Fuzzer.ipynb#Runners), [Reducing Failure-Inducing Inputs (The Reduction Strategy)](Reducer.ipynb#The-Reduction-Strategy)\n", "* unroll — [Symbolic Fuzzing (Check Before You Loop)](SymbolicFuzzer.ipynb#Check-Before-You-Loop)\n", "* unrolling of loops — [Symbolic Fuzzing (Advanced Symbolic Fuzzer)](SymbolicFuzzer.ipynb#Advanced-Symbolic-Fuzzer)\n", "* `UNTRUSTED` — [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins), [Tracking Information Flow (Tracking Character Origins)](InformationFlow.ipynb#Tracking-Character-Origins)\n", "* unusual paths — [Greybox Fuzzing (Boosted Greybox Fuzzer)](GreyboxFuzzer.ipynb#Boosted-Greybox-Fuzzer)\n", "* `unwrap_substrings()` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `up()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `update()` — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `update_cache()` — [Parsing Inputs (Fuzzing a Simple Program)](Parser.ipynb#Fuzzing-a-Simple-Program)\n", "* `update_children()` — [Control Flow Graph (CFGNode)](ControlFlow.ipynb#CFGNode), [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `update_existing_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_functions()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `update_grammar()` — [Mining Input Grammars (Recovering Grammars from Derivation Trees)](GrammarMiner.ipynb#Recovering-Grammars-from-Derivation-Trees), [Mining Input Grammars (Recover Grammar)](GrammarMiner.ipynb#Recover-Grammar), [Mining Input Grammars (Grammar Mining)](GrammarMiner.ipynb#Grammar-Mining), [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer), [Concolic Fuzzing (All together)](ConcolicFuzzer.ipynb#All-together)\n", "* `update_inventory()` — [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* `update_maps()` — [Search-Based Fuzzing (Instrumentation for Atomic Conditions)](SearchBasedFuzzer.ipynb#Instrumentation-for-Atomic-Conditions)\n", "* `update_new_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_state()` — [Testing Graphical User Interfaces (Exploring User Interfaces)](GUIFuzzer.ipynb#Exploring-User-Interfaces)\n", "* `update_tree()` — [Tracking Information Flow (TaintedGrammarFuzzer)](InformationFlow.ipynb#TaintedGrammarFuzzer)\n", "* `upper()` — [Tracking Information Flow (String methods that do not change origin)](InformationFlow.ipynb#String-methods-that-do-not-change-origin), [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents)\n", "* urllib/parse.py — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `URLPARSE_C_GRAMMAR` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `URLPARSE_GRAMMAR` — [Fuzzing APIs (Synthesizing Code)](APIFuzzer.ipynb#Synthesizing-Code)\n", "* `URLPARSE_ORACLE_GRAMMAR` — [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles), [Fuzzing APIs (Synthesizing Oracles)](APIFuzzer.ipynb#Synthesizing-Oracles), [Fuzzing APIs (Exercise 1: Deep Arguments)](APIFuzzer.ipynb#Exercise-1:-Deep-Arguments)\n", "* `URLS_X` — [Mining Input Grammars (Problems with the Simple Miner)](GrammarMiner.ipynb#Problems-with-the-Simple-Miner)\n", "* `URLS` — [Mining Input Grammars (Example 2. Recovering URL Grammar)](GrammarMiner.ipynb#Example-2.-Recovering-URL-Grammar)\n", "* `URL_GRAMMAR` — [Fuzzing with Grammars (A URL Grammar)](Grammars.ipynb#A-URL-Grammar)\n", "* `url_parse()` — [Mining Input Grammars (Example 2. Recovering URL Grammar)](GrammarMiner.ipynb#Example-2.-Recovering-URL-Grammar)\n", "* `URL_SAMPLE` — [Probabilistic Grammar Fuzzing (Testing Common Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Common-Features)\n", "* `URL_TOKENS` — [Probabilistic Grammar Fuzzing (Testing Common Features)](ProbabilisticGrammarFuzzer.ipynb#Testing-Common-Features)\n", "* `used_identifiers()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `used_vars()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* user interface elements — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `use_id()` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `US_PHONE_GRAMMAR` — [Fuzzing with Grammars (Synopsis)](Grammars.ipynb#Synopsis)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### V\n", "\n", "* `v()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `V1` — [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree), [Mining Input Grammars (Assembling a Derivation Tree)](GrammarMiner.ipynb#Assembling-a-Derivation-Tree)\n", "* valid — [Mutation Analysis (Injecting Artificial Faults)](MutationAnalysis.ipynb#Injecting-Artificial-Faults)\n", "* `valid_luhn_checksum()` — [Fuzzing with Generators (Functions Called After Expansion)](GeneratorGrammarFuzzer.ipynb#Functions-Called-After-Expansion)\n", "* `VALUES` — [Tracking Information Flow (Inserting Data)](InformationFlow.ipynb#Inserting-Data)\n", "* `VARIABLE` — [Code Coverage (A Coverage Class)](Coverage.ipynb#A-Coverage-Class)\n", "* `Vars` class — [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars), [Mining Input Grammars (Vars)](GrammarMiner.ipynb#Vars)\n", "* `var_access()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `var_assign()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `VAR_GRAMMAR` — [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses), [Fuzzing with Generators (Definitions and Uses)](GeneratorGrammarFuzzer.ipynb#Definitions-and-Uses)\n", "* `var_location_register()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `var_name()` — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars), [Mining Input Grammars (ScopedVars)](GrammarMiner.ipynb#ScopedVars)\n", "* `var_symbol()` — [Carving Unit Tests (A Grammar from Arguments)](Carver.ipynb#A-Grammar-from-Arguments)\n", "* `VEHICLES` — [Mining Input Grammars (A Simple Grammar Miner)](GrammarMiner.ipynb#A-Simple-Grammar-Miner), [Tracking Information Flow (A Vulnerable Database)](InformationFlow.ipynb#A-Vulnerable-Database), [Tracking Information Flow (All Methods Together)](InformationFlow.ipynb#All-Methods-Together)\n", "* `Vehicle` class — [Mining Input Grammars (Exercise 1: Flattening complex objects)](GrammarMiner.ipynb#Exercise-1:-Flattening-complex-objects)\n", "* virtual variable — [Mining Input Grammars (AssignmentTracker)](GrammarMiner.ipynb#AssignmentTracker)\n", "* `visit_AnnAssign()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Assert()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Assign()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_AugAssign()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_BinOp()` — [Mutation Analysis (Exercise 1: Arithmetic Expression Mutators)](MutationAnalysis.ipynb#Exercise-1:--Arithmetic-Expression-Mutators)\n", "* `visit_Break()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Compare()` — [Search-Based Fuzzing (Instrumenting Source Code Automatically)](SearchBasedFuzzer.ipynb#Instrumenting-Source-Code-Automatically)\n", "* `visit_Continue()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Delete()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Expr()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions), [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types)\n", "* `visit_FunctionDef()` — [Search-Based Fuzzing (Instrumenting Source Code Automatically)](SearchBasedFuzzer.ipynb#Instrumenting-Source-Code-Automatically), [Mining Function Specifications (Annotating Functions with Given Types)](DynamicInvariants.ipynb#Annotating-Functions-with-Given-Types), [Mining Function Specifications (Exercise 9: Embedding Invariants as Assertions)](DynamicInvariants.ipynb#Exercise-9:-Embedding-Invariants-as-Assertions)\n", "* `visit_Global()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Name()` — [Mining Function Specifications (Extracting Meta-Variables)](DynamicInvariants.ipynb#Extracting-Meta-Variables), [Mining Function Specifications (Instantiating Properties)](DynamicInvariants.ipynb#Instantiating-Properties)\n", "* `visit_Nonlocal()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Pass()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Raise()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `visit_Return()` — [Mutation Analysis (A Simple Mutator for Functions)](MutationAnalysis.ipynb#A-Simple-Mutator-for-Functions)\n", "* `VS` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### W\n", "\n", "* `walk()` — [Control Flow Graph (PyCFG)](ControlFlow.ipynb#PyCFG)\n", "* `was_seen()` — [Parsing Inputs (Exercise 6: Filtered Earley Parser)](Parser.ipynb#Exercise-6:-Filtered-Earley-Parser)\n", "* `WeakShapeTest` class — [Mutation Analysis (Mutator for Modules and Test Suites)](MutationAnalysis.ipynb#Mutator-for-Modules-and-Test-Suites)\n", "* `weak_oracle()` — [Mutation Analysis (Structural Coverage Adequacy by Example)](MutationAnalysis.ipynb#Structural-Coverage-Adequacy-by-Example)\n", "* web driver — [Testing Graphical User Interfaces (Remote Control with Selenium)](GUIFuzzer.ipynb#Remote-Control-with-Selenium)\n", "* `webbrowser()` — [Carving Unit Tests (System Tests vs Unit Tests)](Carver.ipynb#System-Tests-vs-Unit-Tests), [Testing Web Applications (Logging)](WebFuzzer.ipynb#Logging)\n", "* `WebFormFuzzer` class — [Testing Web Applications (A Fuzzer for Web Forms)](WebFuzzer.ipynb#A-Fuzzer-for-Web-Forms)\n", "* `WebRunner` class — [Testing Web Applications (Fuzzing with Unexpected Values)](WebFuzzer.ipynb#Fuzzing-with-Unexpected-Values)\n", "* weight — [When To Stop Fuzzing (The Kenngruppenbuch)](WhenToStopFuzzing.ipynb#The-Kenngruppenbuch)\n", "* `WHERE` — [Tracking Information Flow (Deleting Data)](InformationFlow.ipynb#Deleting-Data)\n", "* white-box testing — [Code Coverage (White-Box Testing)](Coverage.ipynb#White-Box-Testing)\n", "* Wikipedia page on file formats — [Fuzzing with Grammars (Input Languages)](Grammars.ipynb#Input-Languages)\n", "* Wikipedia page on penetration testing — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n", "* Wikipedia pages on Web application security — [Testing Web Applications (Background)](WebFuzzer.ipynb#Background)\n", "* within this method — [Mining Input Grammars (AssignmentVars)](GrammarMiner.ipynb#AssignmentVars)\n", "* `wrapper()` — [Mining Function Specifications (Annotating Functions with Pre- and Postconditions)](DynamicInvariants.ipynb#Annotating-Functions-with-Pre--and-Postconditions), [Mining Function Specifications (Exercise 3: Verbose Invariant Checkers)](DynamicInvariants.ipynb#Exercise-3:-Verbose-Invariant-Checkers)\n", "* `wrapString()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `writeSvg()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams), [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### X\n", "\n", "* `x()` — [Tracking Information Flow (Extract Origin String)](InformationFlow.ipynb#Extract-Origin-String)\n", "* XKCD comic — [Fuzzing: Breaking Things with Random Inputs (Checking Memory Accesses)](Fuzzer.ipynb#Checking-Memory-Accesses)\n", "* XML documents — [Fuzzing with Generators (Example: Matching XML Tags)](GeneratorGrammarFuzzer.ipynb#Example:-Matching-XML-Tags)\n", "* `XML_GRAMMAR` — [Fuzzing with Generators (Example: Matching XML Tags)](GeneratorGrammarFuzzer.ipynb#Example:-Matching-XML-Tags), [Greybox Fuzzing with Grammars (Parsing and Recombining HTML)](GreyboxGrammarFuzzer.ipynb#Parsing-and-Recombining-HTML), [Greybox Fuzzing with Grammars (Building the Fragment Pool)](GreyboxGrammarFuzzer.ipynb#Building-the-Fragment-Pool)\n", "* `XML_TOKENS` — [Greybox Fuzzing with Grammars (Parsing and Recombining HTML)](GreyboxGrammarFuzzer.ipynb#Parsing-and-Recombining-HTML)\n", "* `XML_UNICODE_WCHAR_T` — [Testing Configurations (Part 3: C Preprocessor Configuration Fuzzing)](ConfigurationFuzzer.ipynb#Part-3:-C-Preprocessor-Configuration-Fuzzing)\n", "* XSS — [Testing Web Applications (Cross-Site Scripting Attacks)](WebFuzzer.ipynb#Cross-Site-Scripting-Attacks)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Z\n", "\n", "* `z3_as_string()` — [Concolic Fuzzing (ConcolicGrammarFuzzer)](ConcolicFuzzer.ipynb#ConcolicGrammarFuzzer)\n", "* `z3_names_and_types()` — [Symbolic Fuzzing (Get Names and Types of Variables Used)](SymbolicFuzzer.ipynb#Get-Names-and-Types-of-Variables-Used)\n", "* `Z3` — [Concolic Fuzzing (SMT Solvers)](ConcolicFuzzer.ipynb#SMT-Solvers)\n", "* `zbool` class — [Concolic Fuzzing (A Proxy Class for Booleans)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Booleans), [Concolic Fuzzing (Negation of Encoded formula)](ConcolicFuzzer.ipynb#Negation-of-Encoded-formula), [Concolic Fuzzing (Registering Predicates on Conditionals)](ConcolicFuzzer.ipynb#Registering-Predicates-on-Conditionals)\n", "* `zchr()` — [Concolic Fuzzing (Translating an Ordinal Value to ASCII)](ConcolicFuzzer.ipynb#Translating-an-Ordinal-Value-to-ASCII)\n", "* `ZeroDivisionRunner` class — [Reducing Failure-Inducing Inputs (Synopsis)](Reducer.ipynb#Synopsis)\n", "* `ZeroOrMore()` — [Railroad Diagrams](RailroadDiagrams.ipynb#Railroad-Diagrams)\n", "* `zeval()` — [Concolic Fuzzing (Evaluating the Concolic Expressions)](ConcolicFuzzer.ipynb#Evaluating-the-Concolic-Expressions)\n", "* `zeval_py()` — [Concolic Fuzzing (Using the Python API)](ConcolicFuzzer.ipynb#Using-the-Python-API)\n", "* `zeval_smt()` — [Concolic Fuzzing (Using the Command Line)](ConcolicFuzzer.ipynb#Using-the-Command-Line)\n", "* `zfloat` class — [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n", "* `zint` class — [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (Equality between Integers)](ConcolicFuzzer.ipynb#Equality-between-Integers), [Concolic Fuzzing (Equality between Integers)](ConcolicFuzzer.ipynb#Equality-between-Integers), [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers), [Concolic Fuzzing (Comparisons between Integers)](ConcolicFuzzer.ipynb#Comparisons-between-Integers), [Concolic Fuzzing (Using an Integer in a Boolean Context)](ConcolicFuzzer.ipynb#Using-an-Integer-in-a-Boolean-Context), [Concolic Fuzzing (Exercise 2: Bit Manipulation)](ConcolicFuzzer.ipynb#Exercise-2:-Bit-Manipulation)\n", "* `zord()` — [Concolic Fuzzing (Retrieving Ordinal Value)](ConcolicFuzzer.ipynb#Retrieving-Ordinal-Value)\n", "* `zproxy_create()` — [Concolic Fuzzing (Concolic Proxy Objects)](ConcolicFuzzer.ipynb#Concolic-Proxy-Objects)\n", "* `zstr_iterator` class — [Concolic Fuzzing (An Iterator Class for Strings)](ConcolicFuzzer.ipynb#An-Iterator-Class-for-Strings)\n", "* `zstr` class — [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (Equality between Strings)](ConcolicFuzzer.ipynb#Equality-between-Strings), [Concolic Fuzzing (Concatenation of Strings)](ConcolicFuzzer.ipynb#Concatenation-of-Strings), [Concolic Fuzzing (Producing Substrings)](ConcolicFuzzer.ipynb#Producing-Substrings), [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents), [Concolic Fuzzing (Translating to Upper and Lower Equivalents)](ConcolicFuzzer.ipynb#Translating-to-Upper-and-Lower-Equivalents), [Concolic Fuzzing (Checking for String Prefixes)](ConcolicFuzzer.ipynb#Checking-for-String-Prefixes), [Concolic Fuzzing (Finding Substrings)](ConcolicFuzzer.ipynb#Finding-Substrings), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends), [Concolic Fuzzing (Remove Space from Ends)](ConcolicFuzzer.ipynb#Remove-Space-from-Ends), [Concolic Fuzzing (Splitting Strings)](ConcolicFuzzer.ipynb#Splitting-Strings)\n", "* `_zv()` — [Concolic Fuzzing (A Proxy Class for Integers)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Integers), [Concolic Fuzzing (A Proxy Class for Strings)](ConcolicFuzzer.ipynb#A-Proxy-Class-for-Strings), [Concolic Fuzzing (Exercise 1: Implment a Concolic Float Proxy Class)](ConcolicFuzzer.ipynb#Exercise-1:-Implment-a-Concolic-Float-Proxy-Class)\n" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.6.6" }, "toc-autonumbering": false }, "nbformat": 4, "nbformat_minor": 2 }