From 048ec6291ac848979969adb72d6ebdd062113064 Mon Sep 17 00:00:00 2001
From: Toby Murray <toby.murray@unimelb.edu.au>
Date: Mon, 9 Sep 2019 20:58:07 +1000
Subject: [PATCH] java stubs for fuzzer; top-level README and pocs stubs

---
 README.md               | 24 ++++++++++++++++++
 fuzzer/Fuzzer.java      | 38 ++++++++++++++++++++++++++++
 fuzzer/Instruction.java | 56 +++++++++++++++++++++++++++++++++++++++++
 fuzzer/OperandType.java |  3 +++
 src/pocs/poc1.txt       |  0
 src/pocs/poc2.txt       |  0
 src/pocs/poc3.txt       |  0
 src/pocs/poc4.txt       |  0
 src/pocs/poc5.txt       |  0
 9 files changed, 121 insertions(+)
 create mode 100644 README.md
 create mode 100644 fuzzer/Fuzzer.java
 create mode 100644 fuzzer/Instruction.java
 create mode 100644 fuzzer/OperandType.java
 create mode 100644 src/pocs/poc1.txt
 create mode 100644 src/pocs/poc2.txt
 create mode 100644 src/pocs/poc3.txt
 create mode 100644 src/pocs/poc4.txt
 create mode 100644 src/pocs/poc5.txt

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..019d1f6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# SWEN90006 Assignment 2 2019
+
+Please see the assignment handout which contains all the essential
+information.
+
+Structure of this repository:
+
+* src/:        -  where the code for the C implementation of the passbook lives
+* src/pocs/:   -  where your PoCs live
+* fuzzer/:     -  where your fuzzer will live
+
+Pre-Included Scripts:
+
+* src/Makefile         - makefile for building the C implementation etc.
+* src/get_coverage.sh  - script to generate coverage reports
+
+Vulnerable Versions (you should put your security vulnerabilities in here):
+
+* src/passbook-vuln1.c -- src/passbook-vuln5.c
+
+Proofs of Concept (PoCs that you should provide for each vulnerability):
+
+* src/pocs/poc1.txt -- src/pocs/poc5.txt
+
diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
new file mode 100644
index 0000000..9394bf8
--- /dev/null
+++ b/fuzzer/Fuzzer.java
@@ -0,0 +1,38 @@
+import java.io.IOException;
+import java.io.FileOutputStream;
+import java.io.PrintWriter;
+
+
+/* a stub for your team's fuzzer */
+public class Fuzzer {
+
+    private static final String OUTPUT_FILE = "fuzz.txt";
+    
+    public static void main(String[] args) throws IOException {
+        System.out.println(Instruction.getBNF());
+        FileOutputStream out = null;
+        PrintWriter pw = null;
+        try {
+            out = new FileOutputStream(OUTPUT_FILE);
+            pw = new PrintWriter(out);
+            
+            /* We just print one instruction.
+               Hint: you might want to make use of the instruction
+               grammar which is effectively encoded in Instruction.java */
+            pw.println("list");
+            
+        }catch (Exception e){
+            e.printStackTrace(System.err);
+            System.exit(1);
+        }finally{
+            if (pw != null){
+                pw.flush();
+            }
+            if (out != null){
+                out.close();
+            }
+        }
+
+    }
+
+}
diff --git a/fuzzer/Instruction.java b/fuzzer/Instruction.java
new file mode 100644
index 0000000..e6bb0d0
--- /dev/null
+++ b/fuzzer/Instruction.java
@@ -0,0 +1,56 @@
+import java.util.Arrays;
+import java.util.ArrayList;
+
+public enum Instruction {
+    PUT("put",new OperandType[]{OperandType.STRING,OperandType.STRING,OperandType.STRING}),
+    GET("get",new OperandType[]{OperandType.STRING}),
+    REM("rem",new OperandType[]{OperandType.STRING}),
+    SAVE("save",new OperandType[]{OperandType.STRING,OperandType.STRING}),
+    LIST("list",new OperandType[]{}),
+    MASTERPW("masterpw",new OperandType[]{OperandType.STRING});
+
+    public static String getBNF(){
+        String grammar = "<INSTRUCTION> ::= \n";
+        Instruction[] INSTS = Instruction.values();
+        boolean firstInst = true;
+        for (Instruction inst : INSTS){
+            if (firstInst){
+                grammar += "      \"";
+                firstInst = false;
+            }else{
+                grammar += "    | \"";
+            }
+            grammar += inst.getOpcode() + "\"";
+            for (OperandType op : inst.getOperands()){
+                grammar += " <" + op.toString() + ">";
+            }
+            grammar += "\n";
+        }
+        return grammar;
+    }
+    
+    private final String opcode;
+    private final OperandType[] operands;
+
+    Instruction(String opcode, OperandType[] operands){
+        this.opcode = opcode;
+        this.operands = operands;
+    }
+
+    public String getOpcode(){
+        return opcode;
+    }
+    
+    public OperandType[] getOperands(){
+        return operands;
+    }
+
+    public String toString(){
+        String operandsString = "";
+        for (OperandType op : operands) {
+            operandsString += " " + op.toString();
+        }
+        return "\"" + opcode + "\"" + operandsString;
+    }
+    
+}
diff --git a/fuzzer/OperandType.java b/fuzzer/OperandType.java
new file mode 100644
index 0000000..b7a9520
--- /dev/null
+++ b/fuzzer/OperandType.java
@@ -0,0 +1,3 @@
+public enum OperandType {
+    STRING
+}
diff --git a/src/pocs/poc1.txt b/src/pocs/poc1.txt
new file mode 100644
index 0000000..e69de29
diff --git a/src/pocs/poc2.txt b/src/pocs/poc2.txt
new file mode 100644
index 0000000..e69de29
diff --git a/src/pocs/poc3.txt b/src/pocs/poc3.txt
new file mode 100644
index 0000000..e69de29
diff --git a/src/pocs/poc4.txt b/src/pocs/poc4.txt
new file mode 100644
index 0000000..e69de29
diff --git a/src/pocs/poc5.txt b/src/pocs/poc5.txt
new file mode 100644
index 0000000..e69de29
-- 
GitLab