kitos/Autonomous-Bug-Explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fase(6): fuzzing module complete

Browse Source
This commit is contained in:
debian
2026-03-05 09:22:55 -05:00
parent d62bd615bf
commit e746dc0497
46 changed files with 1727 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
dist/modules/fuzzing/application/commands/RunFuzzCommand.js vendored Normal file
View File

@@ -0,0 +1,39 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RunFuzzCommand = void 0;
const Result_1 = require("../../../../shared/domain/Result");
const FuzzSession_1 = require("../../domain/entities/FuzzSession");
class RunFuzzCommand {
constructor(fuzzerEngine, repository, eventBus) {
this.fuzzerEngine = fuzzerEngine;
this.repository = repository;
this.eventBus = eventBus;
}
async execute(request) {
const sessionResult = FuzzSession_1.FuzzSession.create({
crawlSessionId: request.crawlSessionId,
intensity: request.intensity,
seed: request.seed,
});
if (!sessionResult.ok) {
return (0, Result_1.Err)(sessionResult.error);
}
const session = sessionResult.value;
await this.repository.save(session);
const actions = this.fuzzerEngine.generateFuzzActions(request.state.domSnapshot, request.state);
for (const _action of actions) {
session.incrementActions();
}
session.complete();
await this.repository.update(session);
for (const event of session.domainEvents) {
await this.eventBus.publish(event);
}
session.clearEvents();
return (0, Result_1.Ok)({
fuzzSessionId: session.id.toString(),
actionsGenerated: actions.length,
});
}
}
exports.RunFuzzCommand = RunFuzzCommand;

26
dist/modules/fuzzing/application/event-handlers/OnActionExecuted.js vendored Normal file
View File

@@ -0,0 +1,26 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.OnActionExecuted = void 0;
/**
* Listens for action_executed events from crawling module
* and triggers fuzzing on the resulting state's DOM.
*/
class OnActionExecuted {
constructor(runFuzz) {
this.runFuzz = runFuzz;
}
async handle(event) {
const payload = event.payload;
if (!payload.state || !payload.sessionId)
return;
if (!payload.state.domSnapshot)
return;
await this.runFuzz.execute({
crawlSessionId: payload.sessionId,
intensity: payload.intensity ?? 'low',
seed: payload.action?.seed ?? Date.now(),
state: payload.state,
});
}
}
exports.OnActionExecuted = OnActionExecuted;

22
dist/modules/fuzzing/domain/entities/FuzzResult.js vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzResult = void 0;
const Entity_1 = require("../../../../shared/domain/Entity");
class FuzzResult extends Entity_1.Entity {
static create(props, id) {
return new FuzzResult({ ...props, detectedAt: new Date() }, id);
}
static reconstitute(props, id) {
return new FuzzResult(props, id);
}
get sessionId() { return this.props.sessionId; }
get stateId() { return this.props.stateId; }
get selector() { return this.props.selector; }
get payload() { return this.props.payload; }
get strategy() { return this.props.strategy; }
get anomalyType() { return this.props.anomalyType; }
get severity() { return this.props.severity; }
get description() { return this.props.description; }
get detectedAt() { return this.props.detectedAt; }
}
exports.FuzzResult = FuzzResult;

96
dist/modules/fuzzing/domain/entities/FuzzSession.js vendored Normal file
View File

@@ -0,0 +1,96 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzSession = void 0;
const AggregateRoot_1 = require("../../../../shared/domain/AggregateRoot");
const Result_1 = require("../../../../shared/domain/Result");
const FuzzIntensity_1 = require("../value-objects/FuzzIntensity");
const Seed_1 = require("../value-objects/Seed");
const FuzzStarted_1 = require("../events/FuzzStarted");
const FuzzCompleted_1 = require("../events/FuzzCompleted");
const VulnerabilityDetected_1 = require("../events/VulnerabilityDetected");
class FuzzSession extends AggregateRoot_1.AggregateRoot {
constructor(props, id) {
super(props, id);
}
static reconstitute(props, id) {
return new FuzzSession(props, id);
}
static create(request) {
let intensity;
try {
intensity = FuzzIntensity_1.FuzzIntensity.fromString(request.intensity);
}
catch (e) {
return (0, Result_1.Err)(e.message);
}
let seed;
try {
seed = Seed_1.Seed.create(request.seed);
}
catch (e) {
return (0, Result_1.Err)(e.message);
}
const props = {
crawlSessionId: request.crawlSessionId,
intensity,
seed,
status: 'running',
actionsExecuted: 0,
vulnerabilitiesFound: 0,
startedAt: new Date(),
};
const session = new FuzzSession(props);
session.addDomainEvent(new FuzzStarted_1.FuzzStarted(session.id.toString(), {
crawlSessionId: request.crawlSessionId,
intensity: request.intensity,
seed: request.seed,
}));
return (0, Result_1.Ok)(session);
}
get crawlSessionId() { return this.props.crawlSessionId; }
get intensity() { return this.props.intensity; }
get seed() { return this.props.seed; }
get status() { return this.props.status; }
get actionsExecuted() { return this.props.actionsExecuted; }
get vulnerabilitiesFound() { return this.props.vulnerabilitiesFound; }
get startedAt() { return this.props.startedAt; }
get completedAt() { return this.props.completedAt; }
recordVulnerability(result) {
this.props = {
...this.props,
actionsExecuted: this.props.actionsExecuted + 1,
vulnerabilitiesFound: this.props.vulnerabilitiesFound + 1,
};
this.addDomainEvent(new VulnerabilityDetected_1.VulnerabilityDetected(this.id.toString(), {
crawlSessionId: this.props.crawlSessionId,
stateId: result.stateId,
anomalyType: result.anomalyType,
severity: result.severity,
selector: result.selector,
payload: result.payload,
strategy: result.strategy,
}));
}
incrementActions() {
this.props = { ...this.props, actionsExecuted: this.props.actionsExecuted + 1 };
}
complete() {
this.props = { ...this.props, status: 'completed', completedAt: new Date() };
this.addDomainEvent(new FuzzCompleted_1.FuzzCompleted(this.id.toString(), {
crawlSessionId: this.props.crawlSessionId,
actionsExecuted: this.props.actionsExecuted,
vulnerabilitiesFound: this.props.vulnerabilitiesFound,
}));
}
fail(reason) {
this.props = { ...this.props, status: 'failed', completedAt: new Date() };
this.addDomainEvent(new FuzzCompleted_1.FuzzCompleted(this.id.toString(), {
crawlSessionId: this.props.crawlSessionId,
actionsExecuted: this.props.actionsExecuted,
vulnerabilitiesFound: this.props.vulnerabilitiesFound,
failed: true,
reason,
}));
}
}
exports.FuzzSession = FuzzSession;

14
dist/modules/fuzzing/domain/events/FuzzCompleted.js vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzCompleted = void 0;
const crypto_1 = require("crypto");
class FuzzCompleted {
constructor(aggregateId, payload) {
this.aggregateId = aggregateId;
this.payload = payload;
this.eventId = (0, crypto_1.randomUUID)();
this.eventName = 'fuzz.completed';
this.occurredOn = new Date();
}
}
exports.FuzzCompleted = FuzzCompleted;

14
dist/modules/fuzzing/domain/events/FuzzStarted.js vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzStarted = void 0;
const crypto_1 = require("crypto");
class FuzzStarted {
constructor(aggregateId, payload) {
this.aggregateId = aggregateId;
this.payload = payload;
this.eventId = (0, crypto_1.randomUUID)();
this.eventName = 'fuzz.started';
this.occurredOn = new Date();
}
}
exports.FuzzStarted = FuzzStarted;

14
dist/modules/fuzzing/domain/events/VulnerabilityDetected.js vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.VulnerabilityDetected = void 0;
const crypto_1 = require("crypto");
class VulnerabilityDetected {
constructor(aggregateId, payload) {
this.aggregateId = aggregateId;
this.payload = payload;
this.eventId = (0, crypto_1.randomUUID)();
this.eventName = 'fuzz.vulnerability_detected';
this.occurredOn = new Date();
}
}
exports.VulnerabilityDetected = VulnerabilityDetected;

2
dist/modules/fuzzing/domain/ports/IFuzzerEngine.js vendored Normal file
View File

@@ -0,0 +1,2 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });

18
dist/modules/fuzzing/domain/value-objects/FuzzIntensity.js vendored Normal file
View File

@@ -0,0 +1,18 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzIntensity = void 0;
const ValueObject_1 = require("../../../../shared/domain/ValueObject");
class FuzzIntensity extends ValueObject_1.ValueObject {
static low() { return new FuzzIntensity({ value: 'low' }); }
static medium() { return new FuzzIntensity({ value: 'medium' }); }
static high() { return new FuzzIntensity({ value: 'high' }); }
static fromString(s) {
if (!FuzzIntensity.LEVELS.includes(s)) {
throw new Error(`Invalid intensity: ${s}. Must be one of: ${FuzzIntensity.LEVELS.join(', ')}`);
}
return new FuzzIntensity({ value: s });
}
get value() { return this.props.value; }
}
exports.FuzzIntensity = FuzzIntensity;
FuzzIntensity.LEVELS = ['low', 'medium', 'high'];

12
dist/modules/fuzzing/domain/value-objects/FuzzPayload.js vendored Normal file
View File

@@ -0,0 +1,12 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzPayload = void 0;
const ValueObject_1 = require("../../../../shared/domain/ValueObject");
class FuzzPayload extends ValueObject_1.ValueObject {
static create(value, strategy) {
return new FuzzPayload({ value, strategy });
}
get value() { return this.props.value; }
get strategy() { return this.props.strategy; }
}
exports.FuzzPayload = FuzzPayload;

20
dist/modules/fuzzing/domain/value-objects/FuzzStrategy.js vendored Normal file
View File

@@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzStrategy = void 0;
const ValueObject_1 = require("../../../../shared/domain/ValueObject");
class FuzzStrategy extends ValueObject_1.ValueObject {
static empty() { return new FuzzStrategy({ value: 'empty' }); }
static oversized() { return new FuzzStrategy({ value: 'oversized' }); }
static specialChars() { return new FuzzStrategy({ value: 'special_chars' }); }
static typeMismatch() { return new FuzzStrategy({ value: 'type_mismatch' }); }
static boundary() { return new FuzzStrategy({ value: 'boundary' }); }
static fromString(s) {
if (!FuzzStrategy.ALL.includes(s)) {
throw new Error(`Invalid fuzz strategy: ${s}`);
}
return new FuzzStrategy({ value: s });
}
get value() { return this.props.value; }
}
exports.FuzzStrategy = FuzzStrategy;
FuzzStrategy.ALL = ['empty', 'oversized', 'special_chars', 'type_mismatch', 'boundary'];

17
dist/modules/fuzzing/domain/value-objects/Seed.js vendored Normal file
View File

@@ -0,0 +1,17 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.Seed = void 0;
const ValueObject_1 = require("../../../../shared/domain/ValueObject");
class Seed extends ValueObject_1.ValueObject {
static create(value) {
if (!Number.isInteger(value) || value < 0) {
throw new Error(`Seed must be a non-negative integer, got: ${value}`);
}
return new Seed({ value });
}
static fromTimestamp() {
return new Seed({ value: Date.now() });
}
get value() { return this.props.value; }
}
exports.Seed = Seed;

26
dist/modules/fuzzing/index.js vendored Normal file
View File

@@ -0,0 +1,26 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.createFuzzingRouter = exports.FuzzingEngineAdapter = exports.OnActionExecuted = exports.RunFuzzCommand = exports.Seed = exports.FuzzPayload = exports.FuzzStrategy = exports.FuzzIntensity = exports.FuzzResult = exports.FuzzSession = void 0;
// Domain
var FuzzSession_1 = require("./domain/entities/FuzzSession");
Object.defineProperty(exports, "FuzzSession", { enumerable: true, get: function () { return FuzzSession_1.FuzzSession; } });
var FuzzResult_1 = require("./domain/entities/FuzzResult");
Object.defineProperty(exports, "FuzzResult", { enumerable: true, get: function () { return FuzzResult_1.FuzzResult; } });
var FuzzIntensity_1 = require("./domain/value-objects/FuzzIntensity");
Object.defineProperty(exports, "FuzzIntensity", { enumerable: true, get: function () { return FuzzIntensity_1.FuzzIntensity; } });
var FuzzStrategy_1 = require("./domain/value-objects/FuzzStrategy");
Object.defineProperty(exports, "FuzzStrategy", { enumerable: true, get: function () { return FuzzStrategy_1.FuzzStrategy; } });
var FuzzPayload_1 = require("./domain/value-objects/FuzzPayload");
Object.defineProperty(exports, "FuzzPayload", { enumerable: true, get: function () { return FuzzPayload_1.FuzzPayload; } });
var Seed_1 = require("./domain/value-objects/Seed");
Object.defineProperty(exports, "Seed", { enumerable: true, get: function () { return Seed_1.Seed; } });
// Application
var RunFuzzCommand_1 = require("./application/commands/RunFuzzCommand");
Object.defineProperty(exports, "RunFuzzCommand", { enumerable: true, get: function () { return RunFuzzCommand_1.RunFuzzCommand; } });
var OnActionExecuted_1 = require("./application/event-handlers/OnActionExecuted");
Object.defineProperty(exports, "OnActionExecuted", { enumerable: true, get: function () { return OnActionExecuted_1.OnActionExecuted; } });
// Infrastructure
var FuzzingEngineAdapter_1 = require("./infrastructure/adapters/FuzzingEngineAdapter");
Object.defineProperty(exports, "FuzzingEngineAdapter", { enumerable: true, get: function () { return FuzzingEngineAdapter_1.FuzzingEngineAdapter; } });
var FuzzingController_1 = require("./infrastructure/http/FuzzingController");
Object.defineProperty(exports, "createFuzzingRouter", { enumerable: true, get: function () { return FuzzingController_1.createFuzzingRouter; } });

127
dist/modules/fuzzing/infrastructure/adapters/FuzzingEngineAdapter.js vendored Normal file
View File

@@ -0,0 +1,127 @@
"use strict";
/**
* FuzzingEngineAdapter — implements IFuzzerEngine port using the 5 fuzzing strategies.
* Adapts the legacy FuzzingEngine logic to the hexagonal architecture.
*/
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.FuzzingEngineAdapter = void 0;
const crypto = __importStar(require("crypto"));
const InputTypeDetector_1 = require("./InputTypeDetector");
const EmptyValueStrategy_1 = require("../strategies/EmptyValueStrategy");
const OversizedStringStrategy_1 = require("../strategies/OversizedStringStrategy");
const SpecialCharsStrategy_1 = require("../strategies/SpecialCharsStrategy");
const TypeMismatchStrategy_1 = require("../strategies/TypeMismatchStrategy");
const BoundaryValueStrategy_1 = require("../strategies/BoundaryValueStrategy");
const INPUT_RE = /<(input|textarea|select)[^>]*>/gi;
const ATTR_RE = (name) => new RegExp(`${name}="([^"]*)"`, 'i');
function extractFields(domSnapshot) {
const fields = [];
let match;
while ((match = INPUT_RE.exec(domSnapshot)) !== null) {
const tag = match[0] ?? '';
const tagName = match[1] ?? 'input';
const idMatch = ATTR_RE('id').exec(tag);
const nameMatch = ATTR_RE('name').exec(tag);
const typeMatch = ATTR_RE('type').exec(tag);
const placeholderMatch = ATTR_RE('placeholder').exec(tag);
const ariaMatch = ATTR_RE('aria-label').exec(tag);
const selector = idMatch?.[1]
? `#${idMatch[1]}`
: nameMatch?.[1]
? `[name="${nameMatch[1]}"]`
: tagName;
fields.push({
selector,
tagName,
inputType: typeMatch?.[1],
name: nameMatch?.[1],
placeholder: placeholderMatch?.[1],
ariaLabel: ariaMatch?.[1],
});
}
return fields;
}
class FuzzingEngineAdapter {
constructor(config) {
this.intensity = config.intensity;
this.seed = config.seed;
}
generateFuzzActions(domSnapshot, state) {
const fields = extractFields(domSnapshot);
const actions = [];
const now = Date.now();
const strategies = this.selectStrategies();
for (const field of fields) {
const detectedType = (0, InputTypeDetector_1.detectInputType)({
tagName: field.tagName,
inputType: field.inputType,
name: field.name,
placeholder: field.placeholder,
ariaLabel: field.ariaLabel,
});
for (const strategy of strategies) {
if (!strategy.appliesTo(detectedType))
continue;
const values = strategy.values(detectedType);
for (const value of values) {
actions.push({
id: crypto.randomUUID(),
type: 'fill',
selector: field.selector,
value,
timestamp: now,
seed: this.seed,
stateId: state.id,
});
}
}
}
return actions;
}
selectStrategies() {
const empty = new EmptyValueStrategy_1.EmptyValueStrategy();
const typeMismatch = new TypeMismatchStrategy_1.TypeMismatchStrategy();
const oversized = new OversizedStringStrategy_1.OversizedStringStrategy(this.intensity);
const boundary = new BoundaryValueStrategy_1.BoundaryValueStrategy();
const special = new SpecialCharsStrategy_1.SpecialCharsStrategy();
switch (this.intensity) {
case 'low': return [empty, typeMismatch];
case 'medium': return [empty, typeMismatch, oversized, boundary];
case 'high': return [empty, typeMismatch, oversized, boundary, special];
}
}
}
exports.FuzzingEngineAdapter = FuzzingEngineAdapter;

47
dist/modules/fuzzing/infrastructure/adapters/InputTypeDetector.js vendored Normal file
View File

@@ -0,0 +1,47 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.detectInputType = detectInputType;
function detectInputType(attrs) {
const tag = (attrs.tagName ?? '').toLowerCase();
if (tag === 'textarea')
return 'textarea';
if (tag === 'select')
return 'select';
const inputType = (attrs.inputType ?? '').toLowerCase();
if (inputType === 'email')
return 'email';
if (inputType === 'password')
return 'password';
if (inputType === 'number')
return 'number';
if (inputType === 'date')
return 'date';
if (inputType === 'tel')
return 'phone';
if (inputType === 'url')
return 'url';
if (inputType === 'search')
return 'search';
if (inputType === 'file')
return 'file';
const hints = [
(attrs.name ?? '').toLowerCase(),
(attrs.placeholder ?? '').toLowerCase(),
(attrs.ariaLabel ?? '').toLowerCase(),
].join(' ');
if (/email/.test(hints))
return 'email';
if (/password|pass/.test(hints))
return 'password';
if (/phone|tel|mobile/.test(hints))
return 'phone';
if (/date|birth|dob/.test(hints))
return 'date';
if (/number|qty|quantity|age/.test(hints))
return 'number';
if (/search/.test(hints))
return 'search';
if (/url|website|link/.test(hints))
return 'url';
return 'text';
}

50
dist/modules/fuzzing/infrastructure/http/FuzzingController.js vendored Normal file
View File

@@ -0,0 +1,50 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.createFuzzingRouter = createFuzzingRouter;
const express_1 = require("express");
function createFuzzingRouter(deps) {
const router = (0, express_1.Router)();
// POST /api/fuzz/run — trigger fuzzing for a given state
router.post('/run', async (req, res) => {
const { crawlSessionId, intensity, seed, state } = req.body;
if (!crawlSessionId || !state) {
res.status(400).json({ error: 'crawlSessionId and state are required' });
return;
}
const result = await deps.runFuzz.execute({
crawlSessionId,
intensity: intensity ?? 'low',
seed: seed ?? Date.now(),
state,
});
if (!result.ok) {
res.status(422).json({ error: result.error });
return;
}
res.status(201).json(result.value);
});
// GET /api/fuzz/sessions/:id — get fuzz session
router.get('/sessions/:id', async (req, res) => {
const sessionId = req.params['id'];
const session = await deps.repository.findById(sessionId);
if (!session) {
res.status(404).json({ error: 'Fuzz session not found' });
return;
}
res.json(toDTO(session));
});
return router;
}
function toDTO(s) {
return {
id: s.id.toString(),
crawlSessionId: s.crawlSessionId,
intensity: s.intensity.value,
seed: s.seed.value,
status: s.status,
actionsExecuted: s.actionsExecuted,
vulnerabilitiesFound: s.vulnerabilitiesFound,
startedAt: s.startedAt.toISOString(),
completedAt: s.completedAt?.toISOString() ?? null,
};
}

19
dist/modules/fuzzing/infrastructure/strategies/BoundaryValueStrategy.js vendored Normal file
View File

@@ -0,0 +1,19 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.BoundaryValueStrategy = void 0;
class BoundaryValueStrategy {
constructor() {
this.name = 'BoundaryValueStrategy';
}
appliesTo(type) {
return type === 'number' || type === 'date';
}
values(type) {
switch (type) {
case 'number': return ['0', '-1', '2147483647', '2147483648', '-2147483648'];
case 'date': return ['1900-01-01', '2099-12-31', '1970-01-01'];
default: return [];
}
}
}
exports.BoundaryValueStrategy = BoundaryValueStrategy;

15
dist/modules/fuzzing/infrastructure/strategies/EmptyValueStrategy.js vendored Normal file
View File

@@ -0,0 +1,15 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.EmptyValueStrategy = void 0;
class EmptyValueStrategy {
constructor() {
this.name = 'EmptyValueStrategy';
}
appliesTo(_type) {
return true;
}
values() {
return ['', ' ', '\t'];
}
}
exports.EmptyValueStrategy = EmptyValueStrategy;

21
dist/modules/fuzzing/infrastructure/strategies/OversizedStringStrategy.js vendored Normal file
View File

@@ -0,0 +1,21 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.OversizedStringStrategy = void 0;
const APPLICABLE_TYPES = ['text', 'email', 'password', 'textarea'];
class OversizedStringStrategy {
constructor(intensity) {
this.intensity = intensity;
this.name = 'OversizedStringStrategy';
}
appliesTo(type) {
return APPLICABLE_TYPES.includes(type);
}
values() {
switch (this.intensity) {
case 'low': return ['A'.repeat(256)];
case 'medium': return ['A'.repeat(1024)];
case 'high': return ['A'.repeat(10000) + '日本語テスト𠮷野家'];
}
}
}
exports.OversizedStringStrategy = OversizedStringStrategy;

22
dist/modules/fuzzing/infrastructure/strategies/SpecialCharsStrategy.js vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SpecialCharsStrategy = void 0;
const APPLICABLE_TYPES = ['text', 'email', 'search', 'textarea'];
class SpecialCharsStrategy {
constructor() {
this.name = 'SpecialCharsStrategy';
}
appliesTo(type) {
return APPLICABLE_TYPES.includes(type);
}
values() {
return [
"' OR 1=1 --",
'<script>alert(1)</script>',
'../../etc/passwd',
'${7*7}',
'\x00\x01\x02',
];
}
}
exports.SpecialCharsStrategy = SpecialCharsStrategy;

22
dist/modules/fuzzing/infrastructure/strategies/TypeMismatchStrategy.js vendored Normal file
View File

@@ -0,0 +1,22 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TypeMismatchStrategy = void 0;
class TypeMismatchStrategy {
constructor() {
this.name = 'TypeMismatchStrategy';
}
appliesTo(type) {
return ['email', 'number', 'date', 'url', 'phone'].includes(type);
}
values(type) {
switch (type) {
case 'email': return ['not-an-email', '12345', '@@@'];
case 'number': return ['abc', '-999999', '9.9.9', 'NaN'];
case 'date': return ['yesterday', '32/13/2025', '0000-00-00'];
case 'url': return ['javascript:alert(1)', 'not a url'];
case 'phone': return ['000', '++++', 'abcdefghij'];
default: return [];
}
}
}
exports.TypeMismatchStrategy = TypeMismatchStrategy;