In [1]:
from cgi_decode import cgi_decode
from poly_fuzzer.common.abstract_executor import AbstractExecutor
from poly_fuzzer.fuzzers.random_fuzzer import RandomFuzzer 
from poly_fuzzer.fuzzers.mutation_fuzzer import MutationFuzzer
from poly_fuzzer.common.abstract_seed import AbstractSeed
from poly_fuzzer.power_schedules.abstract_power_schedule import AbstractPowerSchedule
from poly_fuzzer.common.abstract_grammar import AbstractGrammar
from urllib.parse import urlparse
from html.parser import HTMLParser

### Generating random string with Random fuzzer for cgi_decode
Here is an example of how you can use the Random fuzzer to generate random strings for the cgi_decode function.
We only need to specify the executor object (the module to calculate the coverage of the program as it is being executed) to initialize the random fuzzer. Inside Random fuzzer we need to implement two functions: ```generate_input``` and ```_update```. We leave the ```_update``` function empty as we don't need to update the fuzzer based on the achieved coverage.

In [2]:
def test_cgi_decode(test_module):
    executor = AbstractExecutor(test_module)
    fuzzer = RandomFuzzer(executor)
    output = fuzzer.run_fuzzer(budget=10)  # Example time budget of 10 inputs
    assert output is not None
    print(output)

test_cgi_decode(cgi_decode) 

{'coverage': [35, 37, 37, 37, 37, 37, 37, 37, 39, 39], 'inputs': ['!D%$~jE.I,/oa]43N:;N>P1`g]gxCR?Z=2i{xnZnM]@O*hQH80OzVXRH=";BFg1(fX"^I[&E9e;Ouco}F^&Ov#Dz_p', 'GZgs~I^FgjJq@wTY=M-|xNETJGivsF6@T:o0RK<)sJ-;p!t...LfljKccjo9mg9QD,33*z3a;`2]^E"q2[y+uQE7fKywX3', "641oNzzE5*n%Jx)pz_ifkn@B+[Hll,:uH~<.Z/QexE)eI8A<B;A-/<+|?XfW+_j,sz'4|&az%G2ub8:.R.R|g2v+;5IJ]f", '0Kxt!V6rv7)7)pm6aN9NzF$yd!WC:*78C"x{u.so_/]U\'f\\t07k:4-v7W_/MVc_-=a@2^a7.+pb#qMb+VLZ\'+8Mw,$', "@Z:e}-Iq^pL{Hoooy,Gq>FVacvsr%tLcMtpp}ST]ks?f/HFwL%TH?06.w*FmmD0C&LB`%D'_>}k,X^lqKoMAQ1*<0B`zt\\6aK", '9!p`SZ]SVJ=>8G"~yc:YUH}WduKYCyEWkJ%"Bto$XyI"J70IDJ@Q7ZnH+5,SMg|,*>{$`FiySUig)5R+Q7^iH*&Yn$Fq:O', 'iMxfwI2Y"b;%diZzrA7dk3ObN/4Se_$wZb}[=\\Z_^Zi^=-x\\itUy>-#41hTa8n(`In-"i#@\'FQrED@6Aol;"uD=G1*', "KTfU[xT6-vC&Byz%TLt[OthHU&L<a`,%bl}?wo':tWB[Ox*o%3yu&Q4_(JO9<>6@UiGx?z^Kf=KDM4W\\9oY%TVy}s[)[4C2~", 'vBo^\\sHeNL"wPN)M]jXY+",$zFs~hJ1A6^!^xbBY)Phy^eh2z0D%85m_d\'#gE\\`>i0RJ>N*(ODDN!>Y\'e}=9\\sygF\'1<YV4', 't~TG54~>cDn;8`O4wsRd2pdc_-a)r.5zJ>qcK^2Ru&/

You should observe the ouput of the fuzzer after 10 generated inputs. The output includes such information as the number of covered lines achieved by each input, the relative coverage achieved, the inputs used, the time taken to generate the inputs, and the number of exceptions raised during the generation of the inputs.

### Generating random urls with Mutation fuzzer for the ```urllib.parse.urlparse``` module
Here is an example of how you can use the Mutation fuzzer to generate random urls for the ```urllib.parse.urlparse``` module. The mutation fuzzer requires the executor object as well as the Seed objects to be initialized. The seeds are then modified with random mutations to generate new inputs. The mutation fuzzer also requires the ```_update``` function to be implemented. This function is used to update the fuzzer based on the coverage achieved by the inputs.

In [5]:
def test_fuzzer(test_module):
    executor = AbstractExecutor(test_module)
    seeds = [AbstractSeed("www.google.com"), AbstractSeed("www.polymtl.ca")]
    fuzzer = MutationFuzzer(executor, seeds)

    output = fuzzer.run_fuzzer(budget=10)  # Example time budget of 5 seconds
    
    assert output is not None
    print(output)

test_fuzzer(urlparse)

{'coverage': [24, 24, 37, 37, 37, 37, 37, 37, 40, 40], 'inputs': ['www.google.com', 'www.polymtl.ca', 'wwk.polymtl.ca', 'wwk.polymtl.ca', 'ww9Fpuymtl.ca', 'wwk.5o{mt(.c', 'wgoog.}[', 'www.googl.co', 'www.polym-l.ca', 'www.polym-l.ca'], 'execution_times': [0.009056329727172852, 0.006001472473144531, 0.009129047393798828, 0.00613093376159668, 0.009397506713867188, 0.009515047073364258, 0.009201526641845703, 0.0093231201171875, 0.009458780288696289, 0.006075382232666016], 'exceptions': 0}


Here an example of adding a power schedule to the mutation fuzzer is also shown. The power schedule is used to prioritize the inputs that achieve higher coverage. In the current example this schedule assigns equal weights to all the seeds. You should implement a power schedule that considers the size of the inputs, their execution time, and achieved coverage to prioritize the inputs (combine coverage with one more criteria).

In [6]:
def test_fuzzer(test_module):
    executor = AbstractExecutor(test_module)
    powerschedule = AbstractPowerSchedule()
    seeds = [AbstractSeed("www.google.com"), AbstractSeed("www.polymtl.ca")]
    fuzzer = MutationFuzzer(executor, seeds, powerschedule)

    output = fuzzer.run_fuzzer(budget=10)  # Example time budget of 5 seconds
    
    assert output is not None
    print(output)

test_fuzzer(urlparse)

{'coverage': [36, 36, 36, 36, 36, 36, 36, 36, 40, 41], 'inputs': ['www.google.com', 'www.polymtl.ca', 'owwxolymtl.ca', 'S8wg<ogl.od', 'lww.gogleqom', 'www.{oog(e.com', 'ww.google.com', 'w\\.2oCg<e.co', 'ww`googl;.[om', 'ww`googl;.[om'], 'execution_times': [0.0110015869140625, 0.010179758071899414, 0.009395599365234375, 0.01000833511352539, 0.012602090835571289, 0.011003494262695312, 0.01100301742553711, 0.011001825332641602, 0.013003349304199219, 0.0069997310638427734], 'exceptions': 0}


### Generating random html code with mutation fuzzer for the ```html.parser.HTMLParser.feed``` module
It takes the same arguments as the previous example. 

In [9]:
def test_fuzzer(test_module):
    executor = AbstractExecutor(test_module)
    powerschedule = AbstractPowerSchedule()
    seeds =     seeds = [AbstractSeed("<html><head><title>Test</title></head>"), AbstractSeed("<body><h1>Parse me!</h1></body></html>")]
    fuzzer = MutationFuzzer(executor, seeds, powerschedule)

    output = fuzzer.run_fuzzer(budget=10)  # Example time budget of 5 seconds
    
    assert output is not None
    print(output)

test_fuzzer(HTMLParser().feed)

{'coverage': [68, 68, 68, 75, 75, 75, 78, 78, 78, 88], 'inputs': ['<html><head><title>Test</title></head>', '<body><h1>Parse me!</h1></body></html>', '<body><h1>PNrse me</h1></boy></html>', '<bodyc<h1>Parse me!</Q1></bodyzx/htm >', '<bodyc<h1>Parse me!</Q1></bodyzx/htm >', '<body><h1>Parse me!</h1=</body></html>', 'bzy<h1>Parse me!/h1 /boky></tml', 'bzy<h1>Parse me!/h1 /boky></tml', '<html><head>ieaTest</ttle></hea!>', '<html><hea=>tiBle>T(^t<title></6&a>'], 'execution_times': [0.022034406661987305, 0.02127242088317871, 0.019811391830444336, 0.012666702270507812, 0.012487411499023438, 0.016331911087036133, 0.008004426956176758, 0.005997419357299805, 0.014002799987792969, 0.01701068878173828], 'exceptions': 0}


### Using Grammar to generate seeds
Generating html code manually is a tedious task. One solution is to define Grammar that would allow us to generate valid html code automatically. Below we provide an example of how to create Grammar to generate valid US numbers. Your task is to create Grammar to generate valid html code and use it to generate seeds for the mutation fuzzer. 
You should also create grammar for the ```cgi_decode``` function as well as the ```urllib.parse.urlparse```.

In [12]:
gram = {
"<start>": ["<phone-number>"],
"<phone-number>": ["(<area>)<exchange>-<line>"],
"<area>": ["<lead-digit><digit><digit>"],
"<exchange>": ["<lead-digit><digit><digit>"],
"<line>": ["<digit><digit><digit><digit>"],
"<lead-digit>": ["2", "3", "4", "5", "6", "7", "8", "9"],
"<digit>": ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9"]
}
grammar = AbstractGrammar(gram)

html_input = grammar.generate_input()

print(html_input)

(952)707-4988


You task is to implement the following modules:
- ```test_cgi_decode``` for the Mutation fuzzer for the ```cgi_decode``` function
- ```test_urlparse``` for the Mutation fuzzer for the ```urllib.parse.urlparse``` module
- ```test_feed``` for the Mutation fuzzer for the ```html.parser.HTMLParser.feed``` module