Since my fuzzing adventures had sort of reached a logical stage; I pinged Dinis and he said something about how auth testing would give us the correct order in which tests are to be executed; after which fuzzing becomes easier. Ouch.
Ouch because…my previous auth testing was picking methods from an unordered hash. Yes; I’d had logic to fill up exactly which methods to test as well; but that come to think of it is a little cumbersome. The other problem with that script is that it relied on a hardcoded set of sample values for every datatype; which it would pick from a file and use as an argument to a method. So for example: ns0:guid would have a sample value of 00001110-9987-6654-3312-444456781235 … and only that. Irrespective of whether ns0:guid was a ‘FolderID’ for CreateFolder or a ‘LibraryID’ for DeleteLibrary or something else. Results hence were going to be skewed. So I need to change the script a bit.
That’s where all the Unit tests though are going to come really handy. We already have 103 unit tests with perfectly valid method calls and we can just reuse those calls in our script. So I took bits from my old script, my unit tests and my fuzzing tests and created a brand new framework (well kinda ;)) to test TM authorization. I won’t babble too much about the code; I’ve commented it in great detail.
It’s all here. Have a look 🙂