filter stack always to use left operand

nr4v3n · Feb 16, 2019 · fe71942 · fe71942
1 parent 567da23
commit fe71942
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 15 deletions.
diff --git a/src/wfuzz/core.py b/src/wfuzz/core.py
@@ -113,6 +113,12 @@ def restart(self, seed):
         self.dictio = self.get_dictio()
 
     def _check_dictio_len(self, element):
+        fuzz_words = self.options["compiled_prefilter"].get_fuzz_words() + self.get_fuzz_words()
+
+        if len(element) != len(set(fuzz_words)):
+            raise FuzzExceptBadOptions("FUZZ words and number of payloads do not match!")
+
+    def get_fuzz_words(self):
         marker_regex = re.compile(r"FUZ\d*Z", re.MULTILINE | re.DOTALL)
         fuzz_words = marker_regex.findall(str(self.seed.history))
         method, userpass = self.seed.history.auth
@@ -125,8 +131,7 @@ def _check_dictio_len(self, element):
         if self.options["seed_payload"]:
             fuzz_words += ["FUZZ"]
 
-        if len(element) != len(set(fuzz_words)):
-            raise FuzzExceptBadOptions("FUZZ words and number of payloads do not match!")
+        return fuzz_words
 
     def count(self):
         v = self.dictio.count()

diff --git a/src/wfuzz/filter.py b/src/wfuzz/filter.py
@@ -90,7 +90,7 @@ def __init__(self, ffilter=None, filter_string=None):
             self.hideparams['filter_string'] = filter_string
 
         self.baseline = None
-        self.stack = {}
+        self.stack = []
 
         self._cache = collections.defaultdict(set)
 
@@ -107,9 +107,9 @@ def set_baseline(self, res):
         self.baseline = res
 
     def __compute_res_value(self, tokens):
-        self.stack["field"] = tokens[0]
+        self.stack.append(tokens[0])
 
-        return rgetattr(self.res, self.stack["field"])
+        return rgetattr(self.res, tokens[0])
 
     def _compute_fuzz_symbol(self, tokens):
         i = tokens[0]
@@ -127,17 +127,17 @@ def _compute_fuzz_symbol(self, tokens):
     def __compute_fuzz_value(self, tokens):
         fuzz_val, field = tokens
 
-        self.stack["field"] = field
+        self.stack.append(field)
 
         try:
-            return rgetattr(fuzz_val, self.stack["field"]) if field else fuzz_val
+            return rgetattr(fuzz_val, field) if field else fuzz_val
         except IndexError:
             raise FuzzExceptIncorrectFilter("Non existent FUZZ payload! Use a correct index.")
         except AttributeError as e:
             raise FuzzExceptIncorrectFilter("A field expression must be used with a fuzzresult payload not a string. %s" % str(e))
 
     def __compute_bbb_value(self, tokens):
-        element = self.stack["field"]
+        element = self.stack[0] if self.stack else None
 
         if self.baseline is None:
             raise FuzzExceptBadOptions("FilterQ: specify a baseline value when using BBB")
@@ -195,7 +195,7 @@ def __compute_xxx_value(self, tokens):
     def __compute_expr(self, tokens):
         leftvalue, exp_operator, rightvalue = tokens[0]
 
-        field_to_set = self.stack.get('field', None)
+        field_to_set = self.stack[0] if self.stack else None
 
         try:
             if exp_operator in ["=", '==']:
@@ -238,6 +238,7 @@ def __myreduce(self, elements):
             elif elements[i] == "or":
                 first = (first or elements[i + 1])
 
+        self.stack = []
         return first
 
     def __compute_not_operator(self, tokens):
@@ -321,6 +322,12 @@ def from_options(filter_options):
 
         return ffilter
 
+    def get_fuzz_words(self):
+        marker_regex = re.compile(r"FUZ\d*Z", re.MULTILINE | re.DOTALL)
+        fuzz_words = marker_regex.findall(self.hideparams["filter_string"])
+
+        return fuzz_words
+
 
 class FuzzResFilterSlice(FuzzResFilter):
     def _compute_fuzz_symbol(self, tokens):

diff --git a/src/wfuzz/fuzzobjects.py b/src/wfuzz/fuzzobjects.py
@@ -441,9 +441,6 @@ def from_seed(seed, payload, seed_options):
             if desc:
                 fuzz_values_array += desc
 
-            if len(fuzz_values_array) == 0:
-                raise FuzzExceptBadOptions("No %s word!" % fuzz_word)
-
             newres.payload.append(FuzzPayload(payload_content, fuzz_values_array))
 
         newres.history.update_from_raw_http(rawReq, scheme)
@@ -704,7 +701,9 @@ def __str__(self):
 
     @property
     def description(self):
-        ret_str = ' - '.join([payload.description(self.url) for payload in self.payload])
+        payl_descriptions = [payload.description(self.url) for payload in self.payload]
+        ret_str = ' - '.join([p_des for p_des in payl_descriptions if p_des])
+
         if self.exception:
             return ret_str + "! " + str(self.exception)
 

diff --git a/src/wfuzz/options.py b/src/wfuzz/options.py
@@ -259,6 +259,12 @@ def compile(self):
         # seed
         self.data["compiled_genreq"] = requestGenerator(self)
 
+        # Check payload num
+        fuzz_words = self.data["compiled_prefilter"].get_fuzz_words() + self.data["compiled_genreq"].get_fuzz_words()
+
+        if self.data['allvars'] is None and len(set(fuzz_words)) == 0:
+            raise FuzzExceptBadOptions("You must specify at least a FUZZ word!")
+
         if self.data["compiled_genreq"].baseline is None and (FuzzResult.BASELINE_CODE in self.data['hc'] or
            FuzzResult.BASELINE_CODE in self.data['hl'] or FuzzResult.BASELINE_CODE in self.data['hw'] or
            FuzzResult.BASELINE_CODE in self.data['hh']):

diff --git a/tests/test_acceptance.py b/tests/test_acceptance.py
@@ -41,6 +41,9 @@
 testing_savedsession_tests = [
 ]
 
+testing_tests = [
+]
+
 savedsession_tests = [
     # field fuzz values
     ("test_desc_fuzz", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ FUZZ", ["http://localhost:9000/1"], None),
@@ -62,9 +65,16 @@
     ("test_fuzz_symbol_code", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ --slice FUZ1Z[c]=404 FUZZ", ["http://localhost:9000/1"], "Unknown field"),
     ("test_fuzz_symbol_code2", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ --slice FUZ2Z[c]=404 FUZZ", ["http://localhost:9000/1"], "Non existent FUZZ payload"),
     ("test_desc_assign_fuzz_symbol_op", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ --slice FUZZ[r.url]:=FUZZ[r.url|replace('1','2')] FUZZ[url]", ["http://localhost:9000/2"], None),
-]
 
-testing_tests = [
+    # filter based on various payloads
+    ("test_fuzz_fuz2z_code", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,404-302-200 --prefilter FUZZ[code]=FUZ2Z FUZZ[url]/FUZ2Z", ['http://localhost:9000/1 - 404'], None),
+    ("test_fuzz_fuz2z_code2", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,404-302-200 --prefilter FUZZ[code]=FUZ2Z FUZZ[url]", ['http://localhost:9000/1'], None),
+    ("test_fuzz_fuz2z_code3", "-z range,1-1 {}/FUZZ".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,404-302-200 --prefilter FUZZ[code]=FUZ2Z FUZZ", ['http://localhost:9000/1'], None),
+
+    # set values various payloads
+    ("test_set_fuzz_from_fuz2z_full", "-z range,1-1 {}/FUZZ?param=1".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,6-3 --prefilter r.params.get.param:=FUZ2Z FUZZ", ["http://localhost:9000/1?param=6", "http://localhost:9000/1?param=3"], None),
+    ("test_set_fuzz_from_fuz2z_full2", "-z range,1-1 {}/FUZZ?param=1".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,6-3 --prefilter FUZZ[r.params.get.param]:=FUZ2Z FUZZ", ["http://localhost:9000/1?param=6", "http://localhost:9000/1?param=3"], None),
+    ("test_set_fuzz_from_fuz2z_url", "-z range,1-1 {}/FUZZ?param=1".format(HTTPBIN_URL), "-z wfuzzp,$$PREVFILE$$ -z list,6-3 --prefilter r.params.get.param:=FUZ2Z FUZZ[url]", ["http://localhost:9000/1?param=1", "http://localhost:9000/1?param=1"], None),
 ]
 
 basic_tests = [