Go to the source code of this file.
Description: Performs fuzz-style testing of MediaWiki's parser and forms.
How:
Why:
What type of problems are being checked for:
Background: Many of the wikiFuzz class methods are a modified PHP port, of a "shameless" Python port, of LCAMTUF'S MANGELME:
Video: There's an XviD video discussing this fuzz tester. You can get it from: http://files.nickj.org/MediaWiki/Fuzz-Testing-MediaWiki-xvid.avi
Requirements: To run this, you will need:
Optional:
Saving tests and test results: Any of the fuzz tests which find problems are saved for later review. In order to help track down problems, tests are saved in a number of different formats. The default filename extensions and their meanings are:
Wiki configuration for testing: You should make some additions to LocalSettings.php in order to catch the most errors. Note this configuration is for **TESTING PURPOSES ONLY**, and is IN NO WAY, SHAPE, OR FORM suitable for deployment on a hostile network. That said, personally I find these additions to be the most helpful for testing purposes:
--------- Start --------- Everyone can do everything. Very useful for testing, yet useless for deployment. $wgGroupPermissions['*']['autoconfirmed'] = true; $wgGroupPermissions['*']['block'] = true; $wgGroupPermissions['*']['bot'] = true; $wgGroupPermissions['*']['delete'] = true; $wgGroupPermissions['*']['deletedhistory'] = true; $wgGroupPermissions['*']['deleterevision'] = true; $wgGroupPermissions['*']['editinterface'] = true; $wgGroupPermissions['*']['hiderevision'] = true; $wgGroupPermissions['*']['import'] = true; $wgGroupPermissions['*']['importupload'] = true; $wgGroupPermissions['*']['minoredit'] = true; $wgGroupPermissions['*']['move'] = true; $wgGroupPermissions['*']['patrol'] = true; $wgGroupPermissions['*']['protect'] = true; $wgGroupPermissions['*']['proxyunbannable'] = true; $wgGroupPermissions['*']['renameuser'] = true; $wgGroupPermissions['*']['reupload'] = true; $wgGroupPermissions['*']['reupload-shared'] = true; $wgGroupPermissions['*']['rollback'] = true; $wgGroupPermissions['*']['siteadmin'] = true; $wgGroupPermissions['*']['trackback'] = true; $wgGroupPermissions['*']['unwatchedpages'] = true; $wgGroupPermissions['*']['upload'] = true; $wgGroupPermissions['*']['userrights'] = true; $wgGroupPermissions['*']['renameuser'] = true; $wgGroupPermissions['*']['makebot'] = true; $wgGroupPermissions['*']['makesysop'] = true;
Enable weird and wonderful options: Increase default error reporting level. error_reporting (E_ALL); // At a later date could be increased to E_ALL | E_STRICT $wgBlockOpenProxies = true; // Some block pages require this to be true in order to test. $wgEnableUploads = true; // enable uploads. $wgUseTrackbacks = true; // enable trackbacks; However this breaks the viewPageTest, so currently disabled. $wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors, replace with suitable path. $wgShowSQLErrors = true; // Show SQL errors (instead of saying the query was hidden). $wgShowExceptionDetails = true; // want backtraces. $wgEnableAPI = true; // enable API. $wgEnableWriteAPI = true; // enable API.
Install & enable Parser Hook extensions to increase code coverage. E.g.: require_once("extensions/ParserFunctions/ParserFunctions.php"); require_once("extensions/Cite/Cite.php"); require_once("extensions/inputbox/inputbox.php"); require_once("extensions/Sort/Sort.php"); require_once("extensions/wikihiero/wikihiero.php"); require_once("extensions/CharInsert/CharInsert.php"); require_once("extensions/FixedImage/FixedImage.php");
Install & enable Special Page extensions to increase code coverage. E.g.: require_once("extensions/Cite/SpecialCite.php"); require_once("extensions/Filepath/SpecialFilepath.php"); require_once("extensions/Makebot/Makebot.php"); require_once("extensions/Makesysop/SpecialMakesysop.php"); require_once("extensions/Renameuser/SpecialRenameuser.php"); require_once("extensions/LinkSearch/LinkSearch.php"); --------- End ---------
If you want to try E_STRICT error logging, add this to the above: --------- Start --------- error_reporting (E_ALL | E_STRICT); set_error_handler( 'error_handler' ); function error_handler ($type, $message, $file=__FILE__, $line=__LINE__) { if ($message == "var: Deprecated. Please use the public/private/protected modifiers") return; print "<br />\n<b>Strict Standards:</b> Type: <b>$type</b>: $message in <b>$file</b> on line <b>$line</b><br />\n"; } --------- End ---------
Also add/change this in AdminSettings.php: --------- Start --------- $wgEnableProfileInfo = true; $wgDBserver = "localhost"; // replace with DB server hostname --------- End ---------
Usage: Run with "php fuzz-tester.php". To see the various command-line options, run "php fuzz-tester.php --help". To stop the script, press Ctrl-C.
Console output:
TODO: Some known things that could improve this script:
Definition in file fuzz-tester.php.