maintenance/fuzz-tester.php File Reference

Go to the source code of this file.


Detailed Description

Author:
Nick Jenkins ( http://nickj.org/ ). 2006 Nick Jenkins GNU General Public Licence 2.0
Started: 18 May 2006.

Description: Performs fuzz-style testing of MediaWiki's parser and forms.

How:

Why:

What type of problems are being checked for:

Background: Many of the wikiFuzz class methods are a modified PHP port, of a "shameless" Python port, of LCAMTUF'S MANGELME:

Video: There's an XviD video discussing this fuzz tester. You can get it from: http://files.nickj.org/MediaWiki/Fuzz-Testing-MediaWiki-xvid.avi

Requirements: To run this, you will need:

Optional:

Saving tests and test results: Any of the fuzz tests which find problems are saved for later review. In order to help track down problems, tests are saved in a number of different formats. The default filename extensions and their meanings are:

Wiki configuration for testing: You should make some additions to LocalSettings.php in order to catch the most errors. Note this configuration is for **TESTING PURPOSES ONLY**, and is IN NO WAY, SHAPE, OR FORM suitable for deployment on a hostile network. That said, personally I find these additions to be the most helpful for testing purposes:

--------- Start --------- Everyone can do everything. Very useful for testing, yet useless for deployment. $wgGroupPermissions['*']['autoconfirmed'] = true; $wgGroupPermissions['*']['block'] = true; $wgGroupPermissions['*']['bot'] = true; $wgGroupPermissions['*']['delete'] = true; $wgGroupPermissions['*']['deletedhistory'] = true; $wgGroupPermissions['*']['deleterevision'] = true; $wgGroupPermissions['*']['editinterface'] = true; $wgGroupPermissions['*']['hiderevision'] = true; $wgGroupPermissions['*']['import'] = true; $wgGroupPermissions['*']['importupload'] = true; $wgGroupPermissions['*']['minoredit'] = true; $wgGroupPermissions['*']['move'] = true; $wgGroupPermissions['*']['patrol'] = true; $wgGroupPermissions['*']['protect'] = true; $wgGroupPermissions['*']['proxyunbannable'] = true; $wgGroupPermissions['*']['renameuser'] = true; $wgGroupPermissions['*']['reupload'] = true; $wgGroupPermissions['*']['reupload-shared'] = true; $wgGroupPermissions['*']['rollback'] = true; $wgGroupPermissions['*']['siteadmin'] = true; $wgGroupPermissions['*']['trackback'] = true; $wgGroupPermissions['*']['unwatchedpages'] = true; $wgGroupPermissions['*']['upload'] = true; $wgGroupPermissions['*']['userrights'] = true; $wgGroupPermissions['*']['renameuser'] = true; $wgGroupPermissions['*']['makebot'] = true; $wgGroupPermissions['*']['makesysop'] = true;

Enable weird and wonderful options: Increase default error reporting level. error_reporting (E_ALL); // At a later date could be increased to E_ALL | E_STRICT $wgBlockOpenProxies = true; // Some block pages require this to be true in order to test. $wgEnableUploads = true; // enable uploads. $wgUseTrackbacks = true; // enable trackbacks; However this breaks the viewPageTest, so currently disabled. $wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors, replace with suitable path. $wgShowSQLErrors = true; // Show SQL errors (instead of saying the query was hidden). $wgShowExceptionDetails = true; // want backtraces. $wgEnableAPI = true; // enable API. $wgEnableWriteAPI = true; // enable API.

Install & enable Parser Hook extensions to increase code coverage. E.g.: require_once("extensions/ParserFunctions/ParserFunctions.php"); require_once("extensions/Cite/Cite.php"); require_once("extensions/inputbox/inputbox.php"); require_once("extensions/Sort/Sort.php"); require_once("extensions/wikihiero/wikihiero.php"); require_once("extensions/CharInsert/CharInsert.php"); require_once("extensions/FixedImage/FixedImage.php");

Install & enable Special Page extensions to increase code coverage. E.g.: require_once("extensions/Cite/SpecialCite.php"); require_once("extensions/Filepath/SpecialFilepath.php"); require_once("extensions/Makebot/Makebot.php"); require_once("extensions/Makesysop/SpecialMakesysop.php"); require_once("extensions/Renameuser/SpecialRenameuser.php"); require_once("extensions/LinkSearch/LinkSearch.php"); --------- End ---------

If you want to try E_STRICT error logging, add this to the above: --------- Start --------- error_reporting (E_ALL | E_STRICT); set_error_handler( 'error_handler' ); function error_handler ($type, $message, $file=__FILE__, $line=__LINE__) { if ($message == "var: Deprecated. Please use the public/private/protected modifiers") return; print "<br />\n<b>Strict Standards:</b> Type: <b>$type</b>: $message in <b>$file</b> on line <b>$line</b><br />\n"; } --------- End ---------

Also add/change this in AdminSettings.php: --------- Start --------- $wgEnableProfileInfo = true; $wgDBserver = "localhost"; // replace with DB server hostname --------- End ---------

Usage: Run with "php fuzz-tester.php". To see the various command-line options, run "php fuzz-tester.php --help". To stop the script, press Ctrl-C.

Console output:

TODO: Some known things that could improve this script:

Definition in file fuzz-tester.php.


Generated on Sat Sep 5 02:08:27 2009 for MediaWiki by  doxygen 1.5.9