Configuration¶

This section describes the configuration specified in your configuration file (second argument to the runner).

class syntribos.config.MainConfig(config_file_path=None, section_name=None)¶

Reads in configuration data from config file.

endpoint¶

The target host to be tested.

version¶

Used for base_auth test

Tests¶

This section describes the components involved with writing your own tests with Syntribos.

All Syntribos tests inherit from syntribos.tests.base.BaseTestCase, either directly, or through a subclass like syntribos.tests.fuzz.base_fuzz.BaseFuzzTestCase.

All tests are aggregated in the syntribos.tests.base.test_table variable

class syntribos.tests.base.TestType¶

This is the metaclass for each class extending BaseTestCase.

class syntribos.tests.base.BaseTestCase(methodName='runTest')¶

Base class for building new tests

Attribute test_name:
	A name like XML_EXTERNAL_ENTITY_BODY, containing the test type and the portion of the request template being tested

classmethod extend_class(new_name, fuzz_string, param_path, kwargs)¶

Creates an extension for the class

Each TestCase class created is added to the test_table, which is then read in by the test runner as the master list of tests to be run.

Parameters:	new_name (str) – Name of new class to be created fuzz_string (str) – Fuzz string that is being used in this iteration param_path (str) – String tracing location of the ImpactedParameter kwargs (dict) – Keyword arguments to pass to the new class
Return type:	class
Returns:	A TestCase class extending BaseTestCase

classmethod get_test_cases(filename, file_content)¶

Returns tests for a given TestCase class (overwritten by children)

register_issue(issue)¶

Adds an issue to the test’s list of issues

Registers a syntribos.issue.Issue object as a failure and associates the test’s metadata to it.

Parameters:	issue (syntribos.issue.Issue) – issue object to update
Returns:	new issue object with metadata associated
Return type:	syntribos.issue.Issue

run_test()¶

This kicks off the test(s) for a given TestCase class

After running the tests, an AssertionError is raised if any tests were added to self.failures.

Raises:	AssertionError

test_case()¶

This method is overwritten by individual TestCase classes

It represents the actual test that is called in run_test(), and handles populating self.failures

test_issues()¶

Run assertions for each test registered in test_case.

syntribos.tests.base.replace_invalid_characters(string, new_char='_')¶

Replace invalid characters in test names

This function corrects string so the following is true.

Identifiers (also referred to as names) are described by the following lexical definitions:

identifier ::=  (letter|"_") (letter | digit | "_")*

letter     ::=  lowercase | uppercase

lowercase  ::=  "a"..."z"

uppercase  ::=  "A"..."Z"

digit      ::=  "0"..."9"

Parameters:	string (str) – Test name new_char (str) – The character to replace invalid characters with
Returns:	The test name, with invalid characters replaced with new_char
Return type:	str

class syntribos.tests.fuzz.datagen.FuzzMixin¶

Mixin for fuzz tests

This class provides the _fuzz_data() function which yields a test name and all iterations of a given piece of data (currently supports dict, xml.etree.ElementTree.Element, and basestring formats) with each string provided.

classmethod _build_combinations(stri, dic, skip_var)¶

Places fuzz string in fuzz location for object data.

Parameters:	stri – dic – skip_var –

classmethod _build_str_combinations(fuzz_string, data)¶

Places fuzz_string in fuzz location for string data.

Parameters:	fuzz_string (str) – Value to place in fuzz location data (str) – Lines from the request template

classmethod _build_xml_combinations(stri, ele, skip_var)¶

Places fuzz string in fuzz location for XML data.

classmethod _fuzz_data(strings, data, skip_var, name_prefix)¶

Iterates through model fields and places fuzz string in each field

For each attribute in the model object, call the _build_combinations method corresponding to the type of the data parameter, which replaces the value with the fuzz string.

Parameters:	strings – data – skip_var – name_prefix –

static _merge_dictionaries(x, y)¶

Merge dicts together

Create a copy of x, and update that with elements of y, to prevent squashing of passed in dicts.

Parameters:	x (dict) – Dictionary 1 y (dict) – Dictionary 2
Returns:	Merged dictionary
Return type:	dict

static _update_attribs(ele, attribs)¶

Copies an XML element, populates attributes from attribs

Parameters:	ele (xml.ElementTree.Element) – XML element to be copied, modified attribs (dict) – Source of new attribute values for ele
Returns:	XML element with all attributes overwritten by attribs
Return type:	xml.ElementTree.Element

static _update_element(ele, text)¶

Copies an XML element, updates its text attribute with text

Parameters:	ele (xml.ElementTree.Element) – XML element to be copied, modified text (str) – Text to populate ele‘s text attribute with
Returns:	XML element with “text” attribute set to text
Return type:	xml.ElementTree.Element

static _update_inner_element(ele, list_)¶

Copies an XML element, populates sub-elements from list_

Returns a copy of the element with the subelements given via list_ :param ele: XML element to be copied, modified :type ele: xml.ElementTree.Element :param list list_: List of subelements to append to ele :returns: XML element with new subelements from list_ :rtype: xml.ElementTree.Element

static remove_braces(string)¶

Remove braces from strings (in request templates)

class syntribos.tests.fuzz.datagen.FuzzRequest(method, url, action_field=None, headers=None, params=None, data=None)¶

fuzz_request(strings, fuzz_type, name_prefix)¶

Creates the fuzzed request object

Gets the name and the fuzzed request model from _fuzz_data, and creates a request object from the parameters of the model.

Parameters:	strings – fuzz_type – name_prefix –
Returns:	Tuple of (name, request, fuzz string, ImpactedParameter name)
Return type:	tuple

class syntribos.tests.fuzz.datagen.FuzzParser¶

Issues¶

This section describes the representation of issues that are uncovered by Syntribos.

class syntribos.issue.Issue(test, severity, text, confidence, request=None, response=None, impacted_parameter=None)¶

Object that encapsulates a security vulnerability

This object is designed to hold the metadata associated with a vulnerability.

Variables:

test – The type of vulnerability that Syntribos believes it has found. This may be something like 500 error or DoS, regardless of what the Test Type is. severity – “Low”, “Medium”, or “High”, depending on the defect text – Description of the defect confidence – The confidence of the defect request – The request object sent that generated this defect response – The response object returned after sending the request target – A hostname/IP/etc. to be tested path – A specific REST API method, i.e. a URL path associated with a Target. test_type – The type of vulnerability that is being tested for. This is not necessarily the same as the Defect Type, which may be something like 500 error or DoS. impacted_parameter – For fuzz tests only, a syntribos.tests.fuzz.base_fuzz.ImpactedParameter that holds data about what part of the request was affected by the fuzz test.

as_dict()¶

Convert the issue to a dict of values for outputting.

Return type:	dict
Returns:	dictionary of issue data

request_as_dict(req)¶

Convert the request object to a dict of values for outputting.

Parameters:	req – The request object
Return type:	dict
Returns:	dictionary of HTTP request data

response_as_dict(res)¶

Convert the response object to a dict of values for outputting.

Parameters:	res – The result object
Return type:	dict
Returns:	dictionary of HTTP response data

Results¶

This section describes the representation of results (collections of issues) from a given Syntribos run.

class syntribos.result.IssueTestResult(stream, descriptions, verbosity)¶

Custom unnittest results holder class

This class aggregates syntribos.issue.Issue objects from all the tests as they run

addError(test, err)¶

Duplicates parent class addError functionality.

Parameters:	test (syntribos.tests.base.BaseTestCase) – The test that encountered an error err –

addFailure(test, err)¶

Adds issues to data structures

Appends issues to the result’s list of failures, as well as to a dict of {url: {method: {test_name: issue}}} structure.

Parameters:	test (syntribos.tests.base.BaseTestCase) – The test that has failed err (tuple) – Tuple of format (type, value, traceback)

printErrors(output_format)¶

Print out each syntribos.issue.Issue that was encountered

Parameters:	output_format (str) – Either “json” or “xml”

stopTestRun()¶

Print errors when the test run is complete.

HTTP Requests¶

This section describes the components related to generating, fuzzing, and making HTTP requests.

class syntribos.clients.http.parser.RequestCreator¶

classmethod _parse_data(lines)¶

Parse the body of the HTTP request (e.g. POST variables)

Parameters:	lines (list) – lines of the HTTP body
Returns:	object representation of body data (JSON or XML)

classmethod _parse_headers(lines)¶

Find and return headers in HTTP request

Parameters:	lines (str) – All but the first line of the HTTP request (list)
Return type:	dict
Returns:	headers as key:value pairs

classmethod _parse_url_line(line, endpoint)¶

Split first line of an HTTP request into its components

Parameters:	line (str) – the first line of the HTTP request endpoint (str) – the full URL of the endpoint to test
Return type:	tuple
Returns:	HTTP method, URL, request parameters, HTTP version

classmethod call_external_functions(string)¶

Parse external function calls in the body of request templates

Parameters:	string (str) – full HTTP request template as a string
Return type:	str
Returns:	the request, with EXTERNAL calls filled in with their values or UUIDs

classmethod create_request(string, endpoint)¶

Parse the HTTP request template into its components

Parameters:	string (str) – HTTP request template endpoint (str) – URL of the target to be tested
Return type:	syntribos.clients.http.models.RequestObject
Returns:	RequestObject with method, url, params, etc. for use by runner

request_model_type¶

alias of RequestObject

class syntribos.clients.http.models.RequestObject(method, url, action_field=None, headers=None, params=None, data=None)¶

An object that holds information about an HTTP request.

class syntribos.clients.http.models.RequestHelperMixin¶

Class that helps with fuzzing requests.

static _replace_iter(string)¶

Fuzz a string.

classmethod _run_iters(data, action_field)¶

Recursively fuzz variables in data and its children

Parameters:	data – The request data to be modified action_field – The name of the field to be replaced
Returns:	object or string with action_field fuzzed
Return type:	dict OR str OR ElementTree.Element

classmethod _run_iters_dict(dic, action_field='')¶

Run fuzz iterators for a dict type.

classmethod _run_iters_list(val, action_field='')¶

Run fuzz iterators for a list type.

classmethod _run_iters_xml(ele, action_field='')¶

Run fuzz iterators for an XML element type.

static _string_data(data)¶

Replace various objects types with string representations.

get_prepared_copy()¶

Create a copy of self, and prepare it for use by a fuzzer

Returns:	Copy of request object that has been prepared for sending
Return type:	RequestHelperMixin

prepare_request()¶

Prepare a request for sending off

It should be noted this function does not make a request copy, destroying iterators in request. A copy should be made if making multiple requests.