Subscribe to C# codes        RSS Feed
-----

PRINCIPLES OF FUZZING for reliability testing

Icon Leave Comment
Abstract under Form1_Load(...).

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Diagnostics;
using System.Text.RegularExp<b></b>ressions;

namespace stringMethodExtension
{
    

    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }


        private void Form1_Load(object sender, EventArgs e)
        {
            /* 
             *         ::PRINCIPLES OF FUZZING::
             *         ::
             *         ::                  by :: Notary Sojac
             *                             
             * 
             *      Hello, this is a Fuzzing tutorial written right into my code.
             *  
             *  For best viewing, copy and paste this all into a new project.  So
             *  
             *  it looks green.  
             *  
             *  
             *      First, let's set up the situation of why Fuzzing is good.  Let's
             *      
             * say you have a nifty new application, and you just finish a cool
             * 
             * function, but you're afraid you have a lot of bugs in it and you're 
             * 
             * worried it will throw all kinds of exceptions and such when you 
             * 
             * deliver it to your client.  (How terribly embarrassing that would be).  
             * 
             * Being a thoughtful programmer, you of course test your application
             * 
             * a few times, but you're still worried it will one day be provided
             * 
             * inputs that you did not think to code for and the whole thing will
             * 
             * hang --or worse!  It could produce unreliable outputs!  Yikes!
             * 
             *     
             *       Today there is a cure to this pernicious disease!  It is to
             *    
             * "Fuzz" test your application.  The idea is to programmatically 
             * 
             * send inputs to your nifty function and ensure that the unexpected 
             * 
             * CANNOT HAPPEN.  And if it does happen, you modify your expectations
             * 
             * (Which of course means modifying your code for such new expectations).
             *
             * 
             *       Here in this program, I have built a CountWord() function, and
             *       
             * Set up a fuzz method that generates a List<string> of inputs.  Then 
             * 
             * I iterate through a loop, sending this List of inputs to the function
             * 
             * I am testing and toss up a message box if the function returns an inappropriate
             * 
             * value.  
             * 
             * 
             *       If you're a high profile coder, remember that if you're not fuzz testing your
             *       
             * Code... the bad guys probably are.  Fuzz coding can in some cases lead to discovery of
             * 
             * exploits including but not limited to SQL injection, buffer overflows, and DOS attacks.  
             * 
             * In this example, we aren't looking for anything fancy like that, we're just trying to
             * 
             * test our function and make sure it produces accurate outputs.  This type of function has
             * 
             * No security threats that I can think of.  
             * 
             * 
             *       Look at the FormLoad() method and you will see that I manually laid out all the
             *       
             * fuzz inputs that I was going to send to my CountWord() function.  About halfway, I realized
             * 
             * I had a LOT more potential fuzz samples to do before I even approximated the unique population.  
             * 
             * At that point I commented everything out and made my snazzy method CreateFuzzStrings(tokenA, tokenB).
             * 
             * CreateFuzzStrings returns a List of inputs.  This list can then be passed to my function using
             * 
             * a foreach loop.  It's pretty straight forward, so plz check out the code.  
             * 
             * Oh!  And search for "bool runHisCode = true;" and change it to false to test
             * 
             * my own code which should work 100% perfect on this fuzz test.  
             *
             *
             */


            // manually devized FUZZ Samples that passed...
            string[] fuzzTest = new string[] { 
             "a",   // a single letter single word possibilities up to two spaces out...
             "a ",
             "a  ",
             " a",
             "  a",
             " a ",
             " a  ",
             " a  ",
             "  a  ",

             "a a",       // two single letter word combo possibilities, up to two spaces out, single separating space...
             "a a ",
             "a a  ",
             " a a",
             "  a a",
             " a a ",
             " a a  ",
             "  a a ",
             "  a a  ",

             "a  a",      // two single letter word combo possibilities, up to two spaces out, double separating space...
             "a  a ",
             "a  a  ",
             " a  a",
             "  a  a",
             " a  a ",
             " a  a  ",
             "  a  a ",
             "  a  a  ",


              "a   a",      // two single letter word combo possibilities, up to two spaces out, tripple seperating space...
             "a   a ",
             "a   a  ",
             " a   a",
             "  a   a",
             " a   a ",
             " a   a  ",
             "  a   a ",
             "  a   a  ",



             "a armadillo",       // bla
             "a armadillo ",
             "a armadillo  ",
             " a armadillo",
             "  a armadillo",
             " a armadillo ",
             " a armadillo  ",
             "  a armadillo ",
             "  a armadillo  ",

             "a  armadillo",      // blaa
             "a  armadillo ",
             "a  armadillo  ",
             " a  armadillo",
             "  a  armadillo",
             " a  armadillo ",
             " a  armadillo  ",
             "  a  armadillo ",
             "  a  armadillo  ",


              "a   armadillo",     // blaaa
             "a   armadillo ",
             "a   armadillo  ",
             " a   armadillo",
             "  a   armadillo",
             " a   armadillo ",
             " a   armadillo  ",
             "  a   armadillo ",
             "  a   armadillo  ",

             // I trust the rest  of the possibilities, lol

             "this a",
             "this toe",
             " I am the wallruz!!!11" };

            //foreach (string fuzzSample in fuzzTest)
            //{
            //    MessageBox.Show("..." + fuzzSample + "...       =   " + fuzzSample.CountWords().ToString());
            //}
            //MessageBox.Show("Fuzz test complete");


            string testString = "a a  "; //This is a test.  Thanks again CodingSup3rnatur@l-360! ";
            int wordCount = testString.CountWords();

            MessageBox.Show(wordCount.ToString());
        }

        private void button1_Click(object sender, EventArgs e)
        {
            Stopwatch myWatch = new Stopwatch();
            myWatch.Start();

            List<string> singleLetterSingleWord = CreateFuzzStrings("a", "");

            foreach (string str in singleLetterSingleWord)
                if (str.CountWords() != 1)
                    MessageBox.Show("Errored on: " + str);


            List<string> singleLetterDoubleWord = CreateFuzzStrings("a", "a");

            foreach (string str in singleLetterDoubleWord)
                if (str.CountWords() != 2)
                    MessageBox.Show("Errored on: " + str);




            List<string> singleLetterFirstDoubleWord = CreateFuzzStrings("a", "bigword");

            foreach (string str in singleLetterFirstDoubleWord)
                if (str.CountWords() != 2)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on singleLetterFirstDoubleWord");


            List<string> singleLetterLastDoubleWord = CreateFuzzStrings("bigword", "a");

            foreach (string str in singleLetterLastDoubleWord)
                if (str.CountWords() != 2)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on singleLetterLastDoubleWord");


            List<string> singleBigWord = CreateFuzzStrings("bigword", "");

            foreach (string str in singleBigWord)
                if (str.CountWords() != 1)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on singleBigWord");


            List<string> doubleBigWord = CreateFuzzStrings("bigword", "bigword");

            foreach (string str in doubleBigWord)
                if (str.CountWords() != 2)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on doubleBigWord");




            //                  TRIPLE WORD TESTING
            //    TODO:   make a new CreateFuzzStrings that scales upwards properly...

            List<string> tripleBigWord = CreateFuzzStrings("bigword", "bigword");

            foreach (string str in tripleBigWord)
                if ((str + " bigwrd").CountWords() != 3)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on tripleBigWord");

            List<string> triplelilMiddleBigWord = CreateFuzzStrings("bigword", "a");

            foreach (string str in triplelilMiddleBigWord)
                if ((str + " bigwrd").CountWords() != 3)
                    MessageBox.Show("Errored on: " + str);
            //MessageBox.Show("Completed Fuzz testing on triplelilMiddleBigWord");

            myWatch.Stop();

            MessageBox.Show("Finished fuzz testing in: " + myWatch.Elapsed.TotalSeconds.ToString());

            //  Mine:  0.0019873      TWICE!!!
            //  His:   0.0041

        }

        private List<string> CreateFuzzStrings(string tokenA, string tokenB)
        {
            List<string> myList = new List<string>();

            int whiteSpacesToGoOut = 3;

            // go out on the right side with extra spaces
            for (int i = 0; i <= whiteSpacesToGoOut; i++)
            {
                string outRight = tokenA + " " + tokenB + new String(' ', i);

                myList.Add(outRight);

                // Expand the middle with white spaces
                for (int j = 0; j <= whiteSpacesToGoOut; j++)
                {

                    myList.Add(tokenA + " " + new String(' ', j) + tokenB + new String(' ', i));

                    // go out left with white spaces
                    for (int k = 0; k <= whiteSpacesToGoOut; k++)
                    {
                        myList.Add(new String(' ', k) + tokenA + " " + new String(' ', j) + tokenB + new String(' ', i));
                    }
                }
            }

            return myList;
        }
    }

    public static class Extensions
    {
        public static int CountWords(this string myString)
        {
            bool runHisCode = true;


            if (runHisCode)
            {
                bool regexVersion = false;

                if (regexVersion)
                {
                MatchCollection collection = Regex.Matches(myString, @"[\S]+");
                return collection.Count;
                }
                else
                {
                    int c = 0;
                    for (int i = 1; i < myString.Length; i++)
                    {
                        if (char.IsWhiteSpace(myString[i - 1]) == true)
                        {
                            if (char.IsLetterOrDigit(myString[i]) == true ||
                                char.IsPunctuation(myString[i]))
                            {
                                c++;
                            }
                        }
                    }
                    if (myString.Length > 2)
                    {
                        c++;
                    }
                    return c;
                }
            }
            else
            {

                // This extension counts the words in the string and returns that int.  It isn't fooled by double spaces either.  
                int wordCount = 0;
                int originIndex = 0;

                if (myString.Length > 0)     // if a word is ever 1 character long... it throws the double space rules
                    while (true)
                    {
                        wordCount++;
                        int firstSpaceIndex = myString.IndexOf(" ", originIndex + 1);
                        //string word = myString.Substring(originIndex, firstSpaceIndex - originIndex).Trim();   //"This";
                        #region complications...
                        #region 1) if there are no (further) white spaces, break out of the loop
                        if (firstSpaceIndex == -1)
                        {
                            // if this "word" is a white space, dec wordCount
                            if (myString.Substring(originIndex) == " ")
                                wordCount--;
                            break;
                        }
                        #endregion
                        #region 2) If there is a double space, or multiple spaces don't count those as words  I.E. IGNORE WHITESPACES
                        if (firstSpaceIndex - originIndex == 1 && myString.Substring(originIndex, 2) == "  ")
                        {
                            wordCount--;
                            originIndex++;
                            continue;
                        }
                        #endregion

                        #endregion

                        originIndex = firstSpaceIndex;
                    }


                return wordCount;  // just return this for now

            }
        }
    }
}


0 Comments On This Entry

 

Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

September 2014

S M T W T F S
 123456
78910111213
1415 16 17181920
21222324252627
282930