Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow developers to whitelist tags for fuzzing #28

Merged
merged 5 commits into from
Oct 17, 2019
Merged

Allow developers to whitelist tags for fuzzing #28

merged 5 commits into from
Oct 17, 2019

Conversation

OiCMudkips
Copy link
Contributor

Justification

This is useful for when certain parts of the Swagger spec are ready for fuzzing, but others aren't.

Explanation of code

The approach is basically identical to #9, except this handles Swagger tags instead of operations (and is therefore much simpler).

Question

I feel like includelist and denylist are better name than inclusions and exclusions. What do you two think? Should I change it? This would make the decorators look like:

@fuzz_lightyear.includelist.tags
def foo():
    pass

@fuzz_lightyear.denylist.operations
def bar()
    pass

instead of

@fuzz_lightyear.inclusions.tags
def foo():
    pass

@fuzz_lightyear.exclusions.operations
def bar()
    pass

Bonus

Add a travis badge to the README cause it looks "good" for some definition of good (pics: https://github.com/Yelp/fuzz-lightyear/blob/fuzz_only_input_tags/README.md)

Victor Zhou added 2 commits October 16, 2019 16:38
Add allowlist for tags
3d7a17b 
This makes it so that developers can whitelist tags into
being included in the fuzzing process. This is useful for
when certain parts of the spec are ready for fuzzing, but
others aren't.
Add Travis badge to README
935afcc
@OiCMudkips OiCMudkips mentioned this pull request Oct 17, 2019
Open
margaretgorguissian
margaretgorguissian reviewed Oct 17, 2019
View reviewed changes
fuzz_lightyear/generator.py Outdated
from .output.util import print_warning
from .request import FuzzingRequest
from .result import FuzzingResult
from .supplements.abstraction import get_abstraction


def get_fuzzable_tags(client: Optional[SwaggerClient]) -> List[str]:
"""Given a Swagger client, returns a list of tags that should
actually be fuzzed. This respects the user-defined whitelist for
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super duper nit: whitelist -> allowlist for consistency sake?

@OiCMudkips OiCMudkips merged commit 316da7c into master Oct 17, 2019
@OiCMudkips OiCMudkips deleted the fuzz_only_input_tags branch October 17, 2019 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@margaretgorguissian margaretgorguissian margaretgorguissian approved these changes

@domanchi domanchi domanchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@OiCMudkips @domanchi @margaretgorguissian