The payload:
‘ or 1=1 --
where ‘ is 0x2018 in UTF-16, causes syntribos to crash with an error message of:
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 0: ordinal not in range(128).
The full traceback can be found below:
Traceback (most recent call last):
File "/Users/mich7622/Envs/api_test/bin/syntribos", line 10, in <module>
sys.exit(entry_point())
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/runner.py", line 211, in entry_point
Runner.run()
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/runner.py", line 146, in run
for test in test_class.get_test_cases(file_path, req_str):
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/base_fuzz.py", line 199, in get_test_cases
for fuzz_name, request, fuzz_string, param_path in fr:
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/datagen.py", line 226, in fuzz_request
request_copy.prepare_request(fuzz_type)
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/tests/fuzz/datagen.py", line 230, in prepare_request
super(FuzzRequest, self).prepare_request()
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/clients/http/models.py", line 116, in prepare_request
self.data = self._string_data(self.data)
File "/Users/mich7622/Envs/api_test/lib/python2.7/site-packages/syntribos/clients/http/models.py", line 89, in _string_data
str_data = ElementTree.tostring(data)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1126, in tostring
ElementTree(element).write(file, encoding, method=method)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 820, in write
serialize(write, self._root, encoding, qnames, namespaces)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 937, in _serialize_xml
write(_escape_cdata(text, encoding))
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/xml/etree/ElementTree.py", line 1073, in _escape_cdata
return text.encode(encoding, "xmlcharrefreplace")
Change abandoned by Michael Dong (<email address hidden>) on branch: master /review. openstack. org/314700
Review: https:/