syntribos

unicode payload crashes for xml request template

Bug #1580250 reported by Michael Dong
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
syntribos
Triaged
Undecided
Unassigned

Bug Description

The payload:

‘ or 1=1 --

where ‘ is 0x2018 in UTF-16, causes syntribos to crash with an error message of:

UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 0: ordinal not in range(128).

The full traceback can be found below:
Traceback (most recent call last):
  File "/Users/mich7622/Envs/api_test/bin/syntribos", line 10, in <module>
    sys.exit(entry_point())
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/runner.py", line 211, in entry_point
    Runner.run()
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/runner.py", line 146, in run
    for test in test_class.get_test_cases(file_path, req_str):
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/base_fuzz.py", line 199, in get_test_cases
    for fuzz_name, request, fuzz_string, param_path in fr:
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/datagen.py", line 226, in fuzz_request
    request_copy.prepare_request(fuzz_type)
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/datagen.py", line 230, in prepare_request
    super(FuzzRequest, self).prepare_request()
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/clients/http/models.py", line 116, in prepare_request
    self.data = self._string_data(self.data)
  File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/clients/http/models.py", line 89, in _string_data
    str_data = ElementTree.tostring(data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1126, in tostring
    ElementTree(element).write(file, encoding, method=method)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 820, in write
    serialize(write, self._root, encoding, qnames, namespaces)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 937, in _serialize_xml
    write(_escape_cdata(text, encoding))
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1073, in _escape_cdata
    return text.encode(encoding, "xmlcharrefreplace")

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on syntribos (master)

Change abandoned by Michael Dong (<email address hidden>) on branch: master
Review: https://review.openstack.org/314700

Rahul U Nair (rahulunair)
Changed in syntribos:
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.