Refactoring + Insert Modification for Strings, Integer, BigInteger, Long + Some more Modifications for Long #182
Conversation
Modification classes. Also simplify some conditions in validateAssertions() and modify() methods.
…logging methods with parameterized log messages
…ification was not modified, just copied.
…ually return modified copies and not only the same modification.
…modification types instead of constant integers. This also unifies the method in all factories. Also remove unnecessary semicolons from previous commit.
…rayInsertModification class. To make the String modifiable variable more complete. Naming it InsertValue to keep it consistent with append and prepend, though the other Modification classes put "value" only behind Explicit Modifications.
* origin/main: build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.2.1 to 4.2.4 ci: Use Maven 3.9.9 ci: Switch to recordCoverage plugin build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.2.0 to 4.2.1 build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.17 to 4.2.0 build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.16 to 4.1.17 build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.10 to 4.1.16 build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.9 to 4.1.10 release: Prepare for next development iteration release: v4.2.2 Added suppressing adapters to leave default values out of XML build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.7 to 4.1.9 build(deps): bump de.rub.nds:protocol-toolkit-bom from 4.1.6 to 4.1.7 fixed and supressed warning added generics added supression of warning as its a test with reflections closes scanner after use
src/main/java/de/rub/nds/modifiablevariable/string/StringAppendValueModification.java
Outdated
Show resolved
Hide resolved
…it more semantic. There is no real reason for this change. Now the magic numbers, are a little bit less magic (just counting up the different modifications)
SSH-Fuzzer hat defined some modificiations using the explicitValueModificationGenerator() method. It makes not much sense for me to define them not well structured in the SSH-Fuzzer (and abusing explicit modifications for this). The Mutations that got moved over are: - Append - Insert - Prepend for Integer, BigInteger, ByteArray and Long These Modifications do currently produce no usefull values for negative parameters, but if someone needs this, he should revise this. For our work, we mostly need only positiv values. I also added the missing modifications for long, since SFTP uses longs. And also added multiply modifiaction to integer.
Head branch was pushed to by a user without write access
|
That got me thinking, I think I'll change the behavior completely, so that the insert works for arbitrary positions, which would be better for random positions that don't necessarily take the length of the original value into account. |
…eger and Long, so that they actually make sense. Before the calculations where copied form SSH-Fuzzer, but they do not really produce values that makes any sense. Because the values were shifted and then a new value were added, but adding a value to a binary integer, does not produce the expected insertion. Now we insert the values bitwise, I see a use-case for this. e.g. in mask fields. Also let the insert position wrap around in all insert modifications. For int and long it wraps around the bit size.
C0D3D3V
changed the title
…ons and use standard prime number instead.
Also some refactoring
…ng null as object. I think it makes no sense to allow null as copy object.
… wil see the same Warnings, in IntelliJ.
…icit value modifications.
… the name pattern for the new eigthBytesToLong and fourBytesToInt methods.
|
To summarize, some wanted changes:
I will only do this, as soon as I added a way to dynamically load xml descriptions of Modifications, else all my stored xml vectors would need major changes or I would need to use my own version of modifiable variables |
It's fine to have a separate package with functions and classes that create modifications - but the logic should not be within the modifiable variables. ModifiabeVariables do not have the context to make good choices for modifications. The code that was there for this purpose was basically there since the very beginning of the project when we were still experimenting with fuzzing designs... Like - if you have a modifiableInteger - a create randomModification call does not know that values that can actually be encoded in a message may only be within a certain range. This knowledge must be injected context specific from the outside. |
I am not sure what you mean with descriptions of modifications. If this is for a thesis, you must not switch to the newest version in the master branch and can stay at your own branch with your changes till the end. |
Also removing all propOrder annotations, because without modificationFilter the order is the same as specified.
…cker#182 (comment) Projects that relayed on strong typing need now to add all Modifications and Mod Vars to the JAXB Context.
Move all Append, Insert, Prepend Modifications for Integer, Long and BigInteger to Fuzzer code, because it does not fit into the vision of ModifiableVariables Framework (and are not self explained because they work at binary level). Remove all Explicit Value from file modifications.
…lue is null. I used an extra message so one can distinguish it from "null" string.
|
ready for another review. |
src/main/java/de/rub/nds/modifiablevariable/ModifiableVariable.java
Outdated
Show resolved
Hide resolved
src/main/java/de/rub/nds/modifiablevariable/ModifiableVariable.java
Outdated
Show resolved
Hide resolved
src/main/java/de/rub/nds/modifiablevariable/string/ModifiableString.java
Show resolved
Hide resolved
|
Other than that it looks good now can we can merge it after |
…This makes it slower, but at least it is more similar to the rest of the attacker ecosystem. Remove getFirstModification() because you can use getModifications()
Add clearModifications() because a call with null on setModifications() is not possible.
|
I added a clearModifications() method. If you do not want it, I can remove it. You could archive the same when calling setModifications() without argument. |
|
In last commit I replaces all setModification calls with setModifications calls. I could also use the new addModification method, that would avoid the overhead, in the Modifiable class, not in the tests. |
|
I just noticed that all modifications are now named differently. They all start with a lower case letter. For example, ByteArrayInsertValueModification is now named byteArrayInsertValueModification. Previously, the name was set explicitly. Should I still change that? Or do you not care? 02b7eaa#diff-9e2c450cee5dc51a7658b65a833e95b3aaa7fae666e7d27121e96cf38c2045d7L37 -> All old serialized modifications cannot be loaded without modification. (but they do not load anyway because they are not in a My opinion is that names should be lowerCamelCase. It looks more natural, and most XML schemas I'm familiar with use it. Furthermore, hard-coding names per class could lead to typos or unclear schemas, or forgetting to specify them. For example, TLS-Attacker uses lowerCamelCase for some names and upperCamelCase for some others. I think it would be best to stick with JAXB default naming as much as possible. |
2 participants
Includes some refactoring:
Adds some more modifications, including StingInsertValueModification