fase(6): fuzzing module complete

2026-03-05 09:22:55 -05:00
parent d62bd615bf
commit e746dc0497
46 changed files with 1727 additions and 35 deletions
--- a/dist/modules/fuzzing/infrastructure/adapters/FuzzingEngineAdapter.js
+++ b/dist/modules/fuzzing/infrastructure/adapters/FuzzingEngineAdapter.js
@@ -0,0 +1,127 @@
+"use strict";
+/**
+ * FuzzingEngineAdapter — implements IFuzzerEngine port using the 5 fuzzing strategies.
+ * Adapts the legacy FuzzingEngine logic to the hexagonal architecture.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FuzzingEngineAdapter = void 0;
+const crypto = __importStar(require("crypto"));
+const InputTypeDetector_1 = require("./InputTypeDetector");
+const EmptyValueStrategy_1 = require("../strategies/EmptyValueStrategy");
+const OversizedStringStrategy_1 = require("../strategies/OversizedStringStrategy");
+const SpecialCharsStrategy_1 = require("../strategies/SpecialCharsStrategy");
+const TypeMismatchStrategy_1 = require("../strategies/TypeMismatchStrategy");
+const BoundaryValueStrategy_1 = require("../strategies/BoundaryValueStrategy");
+const INPUT_RE = /<(input|textarea|select)[^>]*>/gi;
+const ATTR_RE = (name) => new RegExp(`${name}="([^"]*)"`, 'i');
+function extractFields(domSnapshot) {
+    const fields = [];
+    let match;
+    while ((match = INPUT_RE.exec(domSnapshot)) !== null) {
+        const tag = match[0] ?? '';
+        const tagName = match[1] ?? 'input';
+        const idMatch = ATTR_RE('id').exec(tag);
+        const nameMatch = ATTR_RE('name').exec(tag);
+        const typeMatch = ATTR_RE('type').exec(tag);
+        const placeholderMatch = ATTR_RE('placeholder').exec(tag);
+        const ariaMatch = ATTR_RE('aria-label').exec(tag);
+        const selector = idMatch?.[1]
+            ? `#${idMatch[1]}`
+            : nameMatch?.[1]
+                ? `[name="${nameMatch[1]}"]`
+                : tagName;
+        fields.push({
+            selector,
+            tagName,
+            inputType: typeMatch?.[1],
+            name: nameMatch?.[1],
+            placeholder: placeholderMatch?.[1],
+            ariaLabel: ariaMatch?.[1],
+        });
+    }
+    return fields;
+}
+class FuzzingEngineAdapter {
+    constructor(config) {
+        this.intensity = config.intensity;
+        this.seed = config.seed;
+    }
+    generateFuzzActions(domSnapshot, state) {
+        const fields = extractFields(domSnapshot);
+        const actions = [];
+        const now = Date.now();
+        const strategies = this.selectStrategies();
+        for (const field of fields) {
+            const detectedType = (0, InputTypeDetector_1.detectInputType)({
+                tagName: field.tagName,
+                inputType: field.inputType,
+                name: field.name,
+                placeholder: field.placeholder,
+                ariaLabel: field.ariaLabel,
+            });
+            for (const strategy of strategies) {
+                if (!strategy.appliesTo(detectedType))
+                    continue;
+                const values = strategy.values(detectedType);
+                for (const value of values) {
+                    actions.push({
+                        id: crypto.randomUUID(),
+                        type: 'fill',
+                        selector: field.selector,
+                        value,
+                        timestamp: now,
+                        seed: this.seed,
+                        stateId: state.id,
+                    });
+                }
+            }
+        }
+        return actions;
+    }
+    selectStrategies() {
+        const empty = new EmptyValueStrategy_1.EmptyValueStrategy();
+        const typeMismatch = new TypeMismatchStrategy_1.TypeMismatchStrategy();
+        const oversized = new OversizedStringStrategy_1.OversizedStringStrategy(this.intensity);
+        const boundary = new BoundaryValueStrategy_1.BoundaryValueStrategy();
+        const special = new SpecialCharsStrategy_1.SpecialCharsStrategy();
+        switch (this.intensity) {
+            case 'low': return [empty, typeMismatch];
+            case 'medium': return [empty, typeMismatch, oversized, boundary];
+            case 'high': return [empty, typeMismatch, oversized, boundary, special];
+        }
+    }
+}
+exports.FuzzingEngineAdapter = FuzzingEngineAdapter;
--- a/dist/modules/fuzzing/infrastructure/adapters/InputTypeDetector.js
+++ b/dist/modules/fuzzing/infrastructure/adapters/InputTypeDetector.js
@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectInputType = detectInputType;
+function detectInputType(attrs) {
+    const tag = (attrs.tagName ?? '').toLowerCase();
+    if (tag === 'textarea')
+        return 'textarea';
+    if (tag === 'select')
+        return 'select';
+    const inputType = (attrs.inputType ?? '').toLowerCase();
+    if (inputType === 'email')
+        return 'email';
+    if (inputType === 'password')
+        return 'password';
+    if (inputType === 'number')
+        return 'number';
+    if (inputType === 'date')
+        return 'date';
+    if (inputType === 'tel')
+        return 'phone';
+    if (inputType === 'url')
+        return 'url';
+    if (inputType === 'search')
+        return 'search';
+    if (inputType === 'file')
+        return 'file';
+    const hints = [
+        (attrs.name ?? '').toLowerCase(),
+        (attrs.placeholder ?? '').toLowerCase(),
+        (attrs.ariaLabel ?? '').toLowerCase(),
+    ].join(' ');
+    if (/email/.test(hints))
+        return 'email';
+    if (/password|pass/.test(hints))
+        return 'password';
+    if (/phone|tel|mobile/.test(hints))
+        return 'phone';
+    if (/date|birth|dob/.test(hints))
+        return 'date';
+    if (/number|qty|quantity|age/.test(hints))
+        return 'number';
+    if (/search/.test(hints))
+        return 'search';
+    if (/url|website|link/.test(hints))
+        return 'url';
+    return 'text';
+}
--- a/dist/modules/fuzzing/infrastructure/http/FuzzingController.js
+++ b/dist/modules/fuzzing/infrastructure/http/FuzzingController.js
@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createFuzzingRouter = createFuzzingRouter;
+const express_1 = require("express");
+function createFuzzingRouter(deps) {
+    const router = (0, express_1.Router)();
+    // POST /api/fuzz/run — trigger fuzzing for a given state
+    router.post('/run', async (req, res) => {
+        const { crawlSessionId, intensity, seed, state } = req.body;
+        if (!crawlSessionId || !state) {
+            res.status(400).json({ error: 'crawlSessionId and state are required' });
+            return;
+        }
+        const result = await deps.runFuzz.execute({
+            crawlSessionId,
+            intensity: intensity ?? 'low',
+            seed: seed ?? Date.now(),
+            state,
+        });
+        if (!result.ok) {
+            res.status(422).json({ error: result.error });
+            return;
+        }
+        res.status(201).json(result.value);
+    });
+    // GET /api/fuzz/sessions/:id — get fuzz session
+    router.get('/sessions/:id', async (req, res) => {
+        const sessionId = req.params['id'];
+        const session = await deps.repository.findById(sessionId);
+        if (!session) {
+            res.status(404).json({ error: 'Fuzz session not found' });
+            return;
+        }
+        res.json(toDTO(session));
+    });
+    return router;
+}
+function toDTO(s) {
+    return {
+        id: s.id.toString(),
+        crawlSessionId: s.crawlSessionId,
+        intensity: s.intensity.value,
+        seed: s.seed.value,
+        status: s.status,
+        actionsExecuted: s.actionsExecuted,
+        vulnerabilitiesFound: s.vulnerabilitiesFound,
+        startedAt: s.startedAt.toISOString(),
+        completedAt: s.completedAt?.toISOString() ?? null,
+    };
+}
--- a/dist/modules/fuzzing/infrastructure/strategies/BoundaryValueStrategy.js
+++ b/dist/modules/fuzzing/infrastructure/strategies/BoundaryValueStrategy.js
@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BoundaryValueStrategy = void 0;
+class BoundaryValueStrategy {
+    constructor() {
+        this.name = 'BoundaryValueStrategy';
+    }
+    appliesTo(type) {
+        return type === 'number' || type === 'date';
+    }
+    values(type) {
+        switch (type) {
+            case 'number': return ['0', '-1', '2147483647', '2147483648', '-2147483648'];
+            case 'date': return ['1900-01-01', '2099-12-31', '1970-01-01'];
+            default: return [];
+        }
+    }
+}
+exports.BoundaryValueStrategy = BoundaryValueStrategy;
--- a/dist/modules/fuzzing/infrastructure/strategies/EmptyValueStrategy.js
+++ b/dist/modules/fuzzing/infrastructure/strategies/EmptyValueStrategy.js
@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EmptyValueStrategy = void 0;
+class EmptyValueStrategy {
+    constructor() {
+        this.name = 'EmptyValueStrategy';
+    }
+    appliesTo(_type) {
+        return true;
+    }
+    values() {
+        return ['', ' ', '\t'];
+    }
+}
+exports.EmptyValueStrategy = EmptyValueStrategy;
--- a/dist/modules/fuzzing/infrastructure/strategies/OversizedStringStrategy.js
+++ b/dist/modules/fuzzing/infrastructure/strategies/OversizedStringStrategy.js
@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OversizedStringStrategy = void 0;
+const APPLICABLE_TYPES = ['text', 'email', 'password', 'textarea'];
+class OversizedStringStrategy {
+    constructor(intensity) {
+        this.intensity = intensity;
+        this.name = 'OversizedStringStrategy';
+    }
+    appliesTo(type) {
+        return APPLICABLE_TYPES.includes(type);
+    }
+    values() {
+        switch (this.intensity) {
+            case 'low': return ['A'.repeat(256)];
+            case 'medium': return ['A'.repeat(1024)];
+            case 'high': return ['A'.repeat(10000) + '日本語テスト𠮷野家'];
+        }
+    }
+}
+exports.OversizedStringStrategy = OversizedStringStrategy;
--- a/dist/modules/fuzzing/infrastructure/strategies/SpecialCharsStrategy.js
+++ b/dist/modules/fuzzing/infrastructure/strategies/SpecialCharsStrategy.js
@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SpecialCharsStrategy = void 0;
+const APPLICABLE_TYPES = ['text', 'email', 'search', 'textarea'];
+class SpecialCharsStrategy {
+    constructor() {
+        this.name = 'SpecialCharsStrategy';
+    }
+    appliesTo(type) {
+        return APPLICABLE_TYPES.includes(type);
+    }
+    values() {
+        return [
+            "' OR 1=1 --",
+            '<script>alert(1)</script>',
+            '../../etc/passwd',
+            '${7*7}',
+            '\x00\x01\x02',
+        ];
+    }
+}
+exports.SpecialCharsStrategy = SpecialCharsStrategy;
--- a/dist/modules/fuzzing/infrastructure/strategies/TypeMismatchStrategy.js
+++ b/dist/modules/fuzzing/infrastructure/strategies/TypeMismatchStrategy.js
@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TypeMismatchStrategy = void 0;
+class TypeMismatchStrategy {
+    constructor() {
+        this.name = 'TypeMismatchStrategy';
+    }
+    appliesTo(type) {
+        return ['email', 'number', 'date', 'url', 'phone'].includes(type);
+    }
+    values(type) {
+        switch (type) {
+            case 'email': return ['not-an-email', '12345', '@@@'];
+            case 'number': return ['abc', '-999999', '9.9.9', 'NaN'];
+            case 'date': return ['yesterday', '32/13/2025', '0000-00-00'];
+            case 'url': return ['javascript:alert(1)', 'not a url'];
+            case 'phone': return ['000', '++++', 'abcdefghij'];
+            default: return [];
+        }
+    }
+}
+exports.TypeMismatchStrategy = TypeMismatchStrategy;