| blob | 18af4de45d32f57692619182afcaa20e93f8ed99 |
1 <?php
2 /**
3 * Performs fuzz-style testing of MediaWiki's parser and forms.
4 *
5 * Copyright © 2006 Nick Jenkins
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 * http://www.gnu.org/copyleft/gpl.html
21 *
22 * @file
23 * @ingroup Maintenance
24 * @author Nick Jenkins ( http://nickj.org/ ).
27 Started: 18 May 2006.
29 Description:
30 Performs fuzz-style testing of MediaWiki's parser and forms.
32 How:
33 - Generate lots of nasty wiki text.
34 - Ask the Parser to render that wiki text to HTML, or ask MediaWiki's forms
35 to deal with that wiki text.
36 - Check MediaWiki's output for problems.
37 - Repeat.
39 Why:
40 - To help find bugs.
41 - To help find security issues, or potential security issues.
43 What type of problems are being checked for:
44 - Unclosed tags.
45 - Errors or interesting warnings from Tidy.
46 - PHP errors / warnings / notices.
47 - MediaWiki internal errors.
48 - Very slow responses.
49 - No response from apache.
50 - Optionally checking for malformed HTML using the W3C validator.
52 Background:
53 Many of the wikiFuzz class methods are a modified PHP port,
54 of a "shameless" Python port, of LCAMTUF'S MANGELME:
55 - http://www.securiteam.com/tools/6Z00N1PBFK.html
56 - http://www.securityfocus.com/archive/1/378632/2004-10-15/2004-10-21/0
58 Video:
59 There's an XviD video discussing this fuzz tester. You can get it from:
60 http://files.nickj.org/MediaWiki/Fuzz-Testing-MediaWiki-xvid.avi
62 Requirements:
63 To run this, you will need:
64 - Command-line PHP5, with PHP-curl enabled (not all installations have this
65 enabled - try "apt-get install php5-curl" if you're on Debian to install).
66 - the Tidy standalone executable. ("apt-get install tidy").
68 Optional:
69 - If you want to run the curl scripts, you'll need standalone curl installed
70 ("apt-get install curl")
71 - For viewing the W3C validator output on a command line, the "html2text"
72 program may be useful ("apt-get install html2text")
74 Saving tests and test results:
75 Any of the fuzz tests which find problems are saved for later review.
76 In order to help track down problems, tests are saved in a number of
77 different formats. The default filename extensions and their meanings are:
78 - ".test.php" : PHP script that reproduces just that one problem using PHP-Curl.
79 - ".curl.sh" : Shell script that reproduces that problem using standalone curl.
80 - ".data.bin" : The serialized PHP data so that this script can re-run the test.
81 - ".info.txt" : A human-readable text file with details of the field contents.
83 Wiki configuration for testing:
84 You should make some additions to LocalSettings.php in order to catch the most
85 errors. Note this configuration is for **TESTING PURPOSES ONLY**, and is IN NO
86 WAY, SHAPE, OR FORM suitable for deployment on a hostile network. That said,
87 personally I find these additions to be the most helpful for testing purposes:
89 // --------- Start ---------
90 // Everyone can do everything. Very useful for testing, yet useless for deployment.
91 $wgGroupPermissions['*']['autoconfirmed'] = true;
92 $wgGroupPermissions['*']['block'] = true;
93 $wgGroupPermissions['*']['bot'] = true;
94 $wgGroupPermissions['*']['delete'] = true;
95 $wgGroupPermissions['*']['deletedhistory'] = true;
96 $wgGroupPermissions['*']['deleterevision'] = true;
97 $wgGroupPermissions['*']['editinterface'] = true;
98 $wgGroupPermissions['*']['hiderevision'] = true;
99 $wgGroupPermissions['*']['import'] = true;
100 $wgGroupPermissions['*']['importupload'] = true;
101 $wgGroupPermissions['*']['minoredit'] = true;
102 $wgGroupPermissions['*']['move'] = true;
103 $wgGroupPermissions['*']['patrol'] = true;
104 $wgGroupPermissions['*']['protect'] = true;
105 $wgGroupPermissions['*']['proxyunbannable'] = true;
106 $wgGroupPermissions['*']['renameuser'] = true;
107 $wgGroupPermissions['*']['reupload'] = true;
108 $wgGroupPermissions['*']['reupload-shared'] = true;
109 $wgGroupPermissions['*']['rollback'] = true;
110 $wgGroupPermissions['*']['siteadmin'] = true;
111 $wgGroupPermissions['*']['trackback'] = true;
112 $wgGroupPermissions['*']['unwatchedpages'] = true;
113 $wgGroupPermissions['*']['upload'] = true;
114 $wgGroupPermissions['*']['userrights'] = true;
115 $wgGroupPermissions['*']['renameuser'] = true;
116 $wgGroupPermissions['*']['makebot'] = true;
117 $wgGroupPermissions['*']['makesysop'] = true;
119 // Enable weird and wonderful options:
120 // Increase default error reporting level.
121 error_reporting (E_ALL); // At a later date could be increased to E_ALL | E_STRICT
122 $wgBlockOpenProxies = true; // Some block pages require this to be true in order to test.
123 $wgEnableUploads = true; // enable uploads.
124 //$wgUseTrackbacks = true; // enable trackbacks; However this breaks the viewPageTest, so currently disabled.
125 $wgDBerrorLog = "/root/mediawiki-db-error-log.txt"; // log DB errors, replace with suitable path.
126 $wgShowSQLErrors = true; // Show SQL errors (instead of saying the query was hidden).
127 $wgShowExceptionDetails = true; // want backtraces.
128 $wgEnableAPI = true; // enable API.
129 $wgEnableWriteAPI = true; // enable API.
131 // Install & enable Parser Hook extensions to increase code coverage. E.g.:
132 require_once("extensions/ParserFunctions/ParserFunctions.php");
133 require_once("extensions/Cite/Cite.php");
134 require_once("extensions/inputbox/inputbox.php");
135 require_once("extensions/Sort/Sort.php");
136 require_once("extensions/wikihiero/wikihiero.php");
137 require_once("extensions/CharInsert/CharInsert.php");
138 require_once("extensions/FixedImage/FixedImage.php");
140 // Install & enable Special Page extensions to increase code coverage. E.g.:
141 require_once("extensions/Cite/SpecialCite.php");
142 require_once("extensions/Filepath/SpecialFilepath.php");
143 require_once("extensions/Makebot/Makebot.php");
144 require_once("extensions/Makesysop/SpecialMakesysop.php");
145 require_once("extensions/Renameuser/SpecialRenameuser.php");
146 require_once("extensions/LinkSearch/LinkSearch.php");
147 // --------- End ---------
149 If you want to try E_STRICT error logging, add this to the above:
150 // --------- Start ---------
151 error_reporting (E_ALL | E_STRICT);
152 set_error_handler( 'error_handler' );
153 function error_handler ($type, $message, $file=__FILE__, $line=__LINE__) {
154 if ($message == "var: Deprecated. Please use the public/private/protected modifiers") return;
155 print "<br />\n<b>Strict Standards:</b> Type: <b>$type</b>: $message in <b>$file</b> on line <b>$line</b><br />\n";
156 }
157 // --------- End ---------
159 Also add/change this in LocalSettings.php:
160 // --------- Start ---------
161 $wgEnableProfileInfo = true;
162 $wgDBserver = "localhost"; // replace with DB server hostname
163 // --------- End ---------
165 Usage:
166 Run with "php fuzz-tester.php".
167 To see the various command-line options, run "php fuzz-tester.php --help".
168 To stop the script, press Ctrl-C.
170 Console output:
171 - If requested, first any previously failed tests will be rerun.
172 - Then new tests will be generated and run. Any tests that fail will be saved,
173 and a brief message about why they failed will be printed on the console.
174 - The console will show the number of tests run, time run, number of tests
175 failed, number of tests being done per minute, and the name of the current test.
177 TODO:
178 Some known things that could improve this script:
179 - Logging in with cookie jar storage needed for some tests (as there are some
180 pages that cannot be tested without being logged in, and which are currently
181 untested - e.g. Special:Emailuser, Special:Preferences, adding to Watchist).
182 - Testing of Timeline extension (I cannot test as ploticus has/had issues on
183 my architecture).
185 */
187 // ///////////////////////// COMMAND LINE HELP ////////////////////////////////////
189 // This is a command line script, load MediaWiki env (gives command line options);
192 // if the user asked for an explanation of command line options.
197 [--directory=<failed-test-path>] [--include-binary]
198 [--w3c-validate] [--delete-passed-retests] [--help]
199 [--user=<username>] [--password=<password>]
200 [--rerun-failed-tests] [--max-errors=<int>]
201 [--max-runtime=<num-minutes>]
202 [--specific-test=<test-name>]
204 Options:
205 --quiet : Hides passed tests, shows only failed tests.
206 --base-url : URL to a wiki on which to run the tests.
207 The "http://" is optional and can be omitted.
208 --directory : Full path to directory for storing failed tests.
209 Will be created if it does not exist.
210 --include-binary : Includes non-alphanumeric characters in the tests.
211 --w3c-validate : Validates pages using the W3C's web validator.
212 Slow. Currently many pages fail validation.
213 --user : Login name of a valid user on your test wiki.
214 --password : Password for the valid user on your test wiki.
215 --delete-passed-retests : Will delete retests that now pass.
216 Requires --rerun-failed-tests to be meaningful.
217 --rerun-failed-tests : Whether to rerun any previously failed tests.
218 --max-errors : Maximum number of errors to report before exiting.
219 Does not include errors from --rerun-failed-tests
220 --max-runtime : Maximum runtime, in minutes, to run before exiting.
221 Only applies to new tests, not --rerun-failed-tests
222 --specific-test : Runs only the specified fuzz test.
223 Only applies to new tests, not --rerun-failed-tests
224 --keep-passed-tests : Saves all test files, even those that pass.
225 --help : Show this help message.
227 Example:
228 If you wanted to fuzz test a nightly MediaWiki checkout using cron for 1 hour,
229 and only wanted to be informed of errors, and did not want to redo previously
230 failed tests, and wanted a maximum of 100 errors, then you could do:
237 }
240 // if we got command line options, check they look valid.
249 }
250 }
253 // /////////////////////////// CONFIGURATION ////////////////////////////////////
255 // URL to some wiki on which we can run our tests.
260 }
262 // The directory name where we store the output.
263 // Example for Windows: "c:\\temp\\wiki-fuzz"
268 }
270 // Should our test fuzz data include binary strings?
273 // Whether we want to validate HTML output on the web.
274 // At the moment very few generated pages will validate, so not recommended.
276 // URL to use to validate our output:
279 // Location of Tidy standalone executable.
282 // The name of a user who has edited on your wiki. Used
283 // when testing the Special:Contributions and Special:Userlogin page.
288 }
290 // The password of the above user. Used when testing the login page,
291 // and to do this we sometimes need to login successfully.
295 // And no, this is not a valid password on any public wiki.
297 }
299 // If we have a test that failed, and then we run it again, and it passes,
300 // do you want to delete it or keep it?
303 // Do we want to rerun old saved tests at script startup?
304 // Set to true to help catch regressions, or false if you only want new stuff.
307 // File where the database errors are logged. Should be defined in LocalSettings.php.
310 // Run in chatty mode (all output, default), or run in quiet mode (only prints out details of failed tests)?
313 // Keep all test files, even those that pass. Potentially useful to tracking input that causes something
314 // unusual to happen, if you don't know what "unusual" is until later.
317 // The maximum runtime, if specified.
320 }
322 // The maximum number of problems to find, if specified. Excludes retest errors.
325 }
327 // if the user has requested a specific test (instead of all tests), and the test they asked for looks valid.
329 if ( class_exists( $options["specific-test"] ) && get_parent_class( $options["specific-test"] ) == "pageTest" ) {
331 }
334 }
335 }
337 // Define the file extensions we'll use:
344 // If it goes wrong, we want to know about it.
347 // ////////////// A CLASS THAT GENERATES RANDOM NASTY WIKI & HTML STRINGS //////////////////////
351 // Only some HTML tags are understood with params by MediaWiki, the rest are ignored.
352 // List the tags that accept params below, as well as what those params are.
371 "TR" => array( "CLASS", "STYLE", "ID", "BGCOLOR", "ALIGN", "VALIGN", "lang", "dir", "title", "char", "charoff" ),
399 "thead" => array( "CLASS", "ID", "STYLE", "lang", "dir", "title", 'align', 'char', 'charoff', 'valign' ),
400 "tfoot" => array( "CLASS", "ID", "STYLE", "lang", "dir", "title", 'align', 'char', 'charoff', 'valign' ),
401 "tbody" => array( "CLASS", "ID", "STYLE", "lang", "dir", "title", 'align', 'char', 'charoff', 'valign' ),
402 "colgroup" => array( "CLASS", "ID", "STYLE", "lang", "dir", "title", 'align', 'char', 'charoff', 'valign', 'span', 'width' ),
403 "col" => array( "CLASS", "ID", "STYLE", "lang", "dir", "title", 'align', 'char', 'charoff', 'valign', 'span', 'width' ),
406 // extension tags that accept parameters:
413 // older MW transclusion.
415 );
417 // The types of the HTML that we will be testing were defined above
418 // Note: this needs to be initialized later to be equal to: array_keys(wikiFuzz::$data);
419 // as such, it also needs to also be publicly modifiable.
423 // Some attribute values.
424 static private $other = array( "&", "=", ":", "?", "\"", "\n", "%n%n%n%n%n%n%n%n%n%n%n%n", "\\" );
426 // various numbers
430 // Different ways of saying: '
436 // Different ways of saying: "
442 // Different ways of saying: <
452 // Different ways of saying: >
459 // Different ways of saying: [
464 // Different ways of saying: {{
469 // Different ways of saying: |
475 // a "lignature" - http://www.robinlionheart.com/stds/html4/spchars#ligature
476 // ‌ == ‌
477 "‌"
478 );
480 // Defines various wiki-related bits of syntax, that can potentially cause
481 // MediaWiki to do something other than just print that literal text.
483 // links, templates, parameters.
486 // wiki tables.
494 // section headings.
497 // lists (ordered and unordered) and indentation.
501 // definition lists (dl, dt, dd), newline, and newline with pre, and a tab.
504 // Whitespace: newline, tab, space.
507 // Some XSS attack vectors from http://ha.ckers.org/xss.html
515 // various NULL fields
520 // horizontal rule.
523 // signature, redirect, bold, italics.
526 // comments.
529 // quotes.
532 // tag start and tag end.
535 // implicit link creation on URIs.
547 // images.
571 // misc stuff to throw at the Parser.
597 // implicit link creation on booknum, RFC, and PubMed ID usage (both with and without IDs)
605 // magic words:
620 // more magic words / internal templates.
677 // Some raw link for magic words.
695 // internal Math "extension":
699 // Parser extension functions:
709 // references table for the Cite extension.
712 // Internal Parser tokens - try inserting some of these.
717 // Inputbox extension:
721 // charInsert extension:
725 // wikiHiero extension:
729 // Image gallery:
733 // FixedImage extension.
736 // Timeline extension: currently untested.
738 // Nowiki:
742 // an external image to test the external image displaying code
745 // LabeledSectionTransclusion extension.
751 "}}"
752 );
754 /**
755 ** Randomly returns one element of the input array.
756 */
760 }
762 // Max number of parameters for HTML attributes.
765 /**
766 ** Returns random number between finish and start.
767 */
770 }
772 /**
773 ** Returns a mix of random text and random wiki syntax.
774 */
784 }
787 // Decimal version:
788 // "&#" . wikiFuzz::randnum(255) . ";"
789 // Hex version:
790 ? "&#x" . str_pad( dechex( wikiFuzz::randnum( 255 ) ), wikiFuzz::randnum( 2, 7 ), "0", STR_PAD_LEFT ) . ";"
791 // A truly binary version:
792 // ? chr(wikiFuzz::randnum(0,255))
797 }
798 }
800 }
802 /**
803 ** Returns either random text, or random wiki syntax, or random data from "ints",
804 ** or random data from "other".
805 */
810 }
813 }
816 }
817 }
819 /**
820 * Returns the matched character slash-escaped as in a C string
821 * Helper for makeTitleSafe callback
822 */
825 }
827 /**
828 ** Strips out the stuff that Mediawiki balks at in a page's title.
829 ** Implementation copied/pasted from cleanupTable.inc & cleanupImages.php
830 */
836 }
838 /**
839 ** Returns a string of fuzz text.
840 */
853 $string .= $badparam . "=" . wikiFuzz::getRandQuote() . $badstring . wikiFuzz::getRandQuote() . " ";
854 }
862 }
864 }
866 /**
867 ** Returns one of the three styles of random quote: ', ", and nothing.
868 */
874 }
875 }
877 /**
878 ** Returns fuzz text, with the parameter indicating approximately how many lines of text you want.
879 */
884 }
886 }
887 }
890 // ////// MEDIAWIKI PAGES TO TEST, AND HOW TO TEST THEM ///////
892 /**
893 ** A page test has just these things:
894 ** 1) Form parameters.
895 ** 2) the URL we are going to test those parameters on.
896 ** 3) Any cookies required for the test.
897 ** 4) Whether Tidy should validate the page. Defaults to true, but can be turned off.
898 ** Declared abstract because it should be extended by a class
899 ** that supplies these parameters.
900 */
909 }
913 }
917 }
921 }
922 }
925 /**
926 ** a page test for the "Edit" page. Tests Parser.php and Sanitizer.php.
927 */
943 );
945 // sometimes we don't want to specify certain parameters.
953 }
954 }
957 /**
958 ** a page test for "Special:Listusers".
959 */
969 "limit" => wikiFuzz::chooseInput( array( "0", "-1", "---'----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
970 "offset" => wikiFuzz::chooseInput( array( "0", "-1", "--------'-----0", "+1", "81343242346234234", wikiFuzz::makeFuzz( 2 ) ) )
971 );
972 }
973 }
976 /**
977 ** a page test for "Special:Search".
978 */
1003 "offset" => wikiFuzz::chooseInput( array( "", "0", "-1", "--------'-----0", "+1", "81343242346234234", wikiFuzz::makeFuzz( 2 ) ) ),
1004 "fulltext" => wikiFuzz::chooseInput( array( "", "0", "1", "--------'-----0", "+1", wikiFuzz::makeFuzz( 2 ) ) ),
1005 "searchx" => wikiFuzz::chooseInput( array( "", "0", "1", "--------'-----0", "+1", wikiFuzz::makeFuzz( 2 ) ) )
1006 );
1007 }
1008 }
1011 /**
1012 ** a page test for "Special:Recentchanges".
1013 */
1023 "invert" => wikiFuzz::chooseInput( array( "-1", "---'----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1024 "hideanons" => wikiFuzz::chooseInput( array( "-1", "------'-------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1025 'limit' => wikiFuzz::chooseInput( array( "0", "-1", "---------'----0", "+1", "81340909772349234", wikiFuzz::makeFuzz( 2 ) ) ),
1026 "days" => wikiFuzz::chooseInput( array( "-1", "----------'---0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1027 "hideminor" => wikiFuzz::chooseInput( array( "-1", "-----------'--0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1028 "hidebots" => wikiFuzz::chooseInput( array( "-1", "---------'----0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1029 "hideliu" => wikiFuzz::chooseInput( array( "-1", "-------'------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1030 "hidepatrolled" => wikiFuzz::chooseInput( array( "-1", "-----'--------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1031 "hidemyself" => wikiFuzz::chooseInput( array( "-1", "--'-----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1032 'categories_any' => wikiFuzz::chooseInput( array( "-1", "--'-----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1033 'categories' => wikiFuzz::chooseInput( array( "-1", "--'-----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1034 'feed' => wikiFuzz::chooseInput( array( "-1", "--'-----------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) )
1035 );
1036 }
1037 }
1040 /**
1041 ** a page test for "Special:Prefixindex".
1042 */
1051 );
1053 // sometimes we want 'prefix', sometimes we want 'from', and sometimes we want nothing.
1057 }
1061 }
1062 }
1063 }
1066 /**
1067 ** a page test for "Special:MIMEsearch".
1068 */
1076 'limit' => wikiFuzz::chooseInput( array( "0", "-1", "-------'------0", "+1", "81342321351235325", wikiFuzz::makeFuzz( 2 ) ) ),
1077 'offset' => wikiFuzz::chooseInput( array( "0", "-1", "-----'--------0", "+1", "81341231235365252234324", wikiFuzz::makeFuzz( 2 ) ) )
1078 );
1079 }
1080 }
1083 /**
1084 ** a page test for "Special:Log".
1085 */
1098 );
1099 }
1100 }
1103 /**
1104 ** a page test for "Special:Userlogin", with a successful login.
1105 */
1108 $this->pagePath = "index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=" . wikiFuzz::makeFuzz( 2 );
1112 // sometimes real password, sometimes not:
1115 );
1117 $this->cookie = "wikidb_session=" . wikiFuzz::chooseInput( array( "1" , wikiFuzz::makeFuzz( 2 ) ) );
1118 }
1119 }
1122 /**
1123 ** a page test for "Special:Userlogin".
1124 */
1146 );
1148 $this->cookie = "wikidb_session=" . wikiFuzz::chooseInput( array( "1" , wikiFuzz::makeFuzz( 2 ) ) );
1149 }
1150 }
1153 /**
1154 ** a page test for "Special:Ipblocklist" (also includes unblocking)
1155 */
1163 // something like an IP address, sometimes invalid:
1168 'action' => wikiFuzz::chooseInput( array( wikiFuzz::makeFuzz( 2 ), "success", "submit", "unblock" ) ),
1175 );
1177 // sometimes we don't want to specify certain parameters.
1182 }
1183 }
1186 /**
1187 ** a page test for "Special:Newimages".
1188 */
1198 );
1200 // sometimes we don't want to specify certain parameters.
1203 }
1204 }
1207 /**
1208 ** a page test for the "Special:Imagelist" page.
1209 */
1215 'sort' => wikiFuzz::chooseInput( array( "bysize", "byname" , "bydate", wikiFuzz::makeFuzz( 2 ) ) ),
1216 'limit' => wikiFuzz::chooseInput( array( "0", "-1", "--------'-----0", "+1", "09700982312351132098234", wikiFuzz::makeFuzz( 2 ) ) ),
1217 'offset' => wikiFuzz::chooseInput( array( "0", "-1", "------'-------0", "+1", "09700980982341535324234234", wikiFuzz::makeFuzz( 2 ) ) ),
1219 );
1220 }
1221 }
1224 /**
1225 ** a page test for "Special:Export".
1226 */
1236 'history' => wikiFuzz::chooseInput( array( "0", "-1", "------'-------0", "+1", "09700980982341535324234234", wikiFuzz::makeFuzz( 2 ) ) ),
1238 );
1240 // For the time being, need to disable "submit" action as Tidy barfs on MediaWiki's XML export.
1243 // Sometimes remove the history field.
1246 // page does not produce HTML.
1248 }
1249 }
1252 /**
1253 ** a page test for "Special:Booksources".
1254 */
1261 // ISBN codes have to contain some semi-numeric stuff or will be ignored:
1263 );
1264 }
1265 }
1268 /**
1269 ** a page test for "Special:Allpages".
1270 */
1279 );
1280 }
1281 }
1284 /**
1285 ** a page test for the page History.
1286 */
1292 'limit' => wikiFuzz::chooseInput( array( "-1", "0", "-------'------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1293 'offset' => wikiFuzz::chooseInput( array( "-1", "0", "------'-------0", "+1", "9823412312312412435", wikiFuzz::makeFuzz( 2 ) ) ),
1296 "diff" => wikiFuzz::chooseInput( array( "-1", "--------'-----0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1297 "oldid" => wikiFuzz::chooseInput( array( "prev", "-1", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1299 );
1300 }
1301 }
1304 /**
1305 ** a page test for the Special:Contributions".
1306 */
1312 'target' => wikiFuzz::chooseInput( array( wikiFuzz::makeFuzz( 2 ), "newbies", USER_ON_WIKI ) ),
1314 'offset' => wikiFuzz::chooseInput( array( "0", "-1", "------'-------0", "+1", "982342131232131231241", wikiFuzz::makeFuzz( 2 ) ) ),
1317 );
1318 }
1319 }
1322 /**
1323 ** a page test for viewing a normal page, whilst posting various params.
1324 */
1349 "action" => wikiFuzz::chooseInput( array( "view", "raw", "render", wikiFuzz::makeFuzz( 2 ), "markpatrolled" ) ),
1368 );
1370 // Tidy does not know how to valid atom or rss, so exclude from testing for the time being.
1374 // Raw pages cannot really be validated
1377 // sometimes we don't want to specify certain parameters.
1383 // usually don't want action == purge.
1385 }
1386 }
1389 /**
1390 ** a page test for "Special:Allmessages".
1391 */
1396 // only really has one parameter
1399 );
1400 }
1401 }
1403 /**
1404 ** a page test for "Special:Newpages".
1405 */
1413 'limit' => wikiFuzz::chooseInput( array( "-1", "0", "-------'------0", "+1", "8134", wikiFuzz::makeFuzz( 2 ) ) ),
1414 'offset' => wikiFuzz::chooseInput( array( "-1", "0", "------'-------0", "+1", "9823412312312412435", wikiFuzz::makeFuzz( 2 ) ) )
1415 );
1417 // Tidy does not know how to valid atom or rss, so exclude from testing for the time being.
1420 }
1421 }
1423 /**
1424 ** a page test for "redirect.php"
1425 */
1432 );
1434 // sometimes we don't want to specify certain parameters.
1436 }
1437 }
1440 /**
1441 ** a page test for "Special:Confirmemail"
1442 */
1445 // sometimes we send a bogus confirmation code, and sometimes we don't.
1446 $this->pagePath = "index.php?title=Special:Confirmemail" . wikiFuzz::chooseInput( array( "", "/" . wikiFuzz::makeTitleSafe( wikiFuzz::makeFuzz( 1 ) ) ) );
1450 );
1451 }
1452 }
1455 /**
1456 ** a page test for "Special:Watchlist"
1457 ** Note: this test would be better if we were logged in.
1458 */
1464 "remove" => wikiFuzz::chooseInput( array( "Remove checked items from watchlist", wikiFuzz::makeFuzz( 2 ) ) ),
1473 );
1475 // sometimes we specifiy "reset", and sometimes we don't.
1476 if ( wikiFuzz::randnum( 3 ) == 0 ) $this->params["reset"] = wikiFuzz::chooseInput( array( "", "0", "1", wikiFuzz::makeFuzz( 2 ) ) );
1477 }
1478 }
1481 /**
1482 ** a page test for "Special:Blockme"
1483 */
1490 // sometimes we specify "ip", and sometimes we don't.
1492 $this->params["ip"] = wikiFuzz::chooseInput( array( "10.12.41.213", wikiFuzz::randnum( 8134, -10 ), wikiFuzz::makeFuzz( 2 ) ) );
1493 }
1494 }
1495 }
1498 /**
1499 ** a page test for "Special:Movepage"
1500 */
1506 "action" => wikiFuzz::chooseInput( array( "success", "submit", "", wikiFuzz::makeFuzz( 2 ) ) ),
1508 'target' => wikiFuzz::chooseInput( array( "x", wikiFuzz::makeTitleSafe( wikiFuzz::makeFuzz( 2 ) ) ) ),
1509 'wpOldTitle' => wikiFuzz::chooseInput( array( "z", wikiFuzz::makeTitleSafe( wikiFuzz::makeFuzz( 2 ) ), wikiFuzz::makeFuzz( 2 ) ) ),
1510 'wpNewTitle' => wikiFuzz::chooseInput( array( "y", wikiFuzz::makeTitleSafe( wikiFuzz::makeFuzz( 2 ) ), wikiFuzz::makeFuzz( 2 ) ) ),
1512 'wpMovetalk' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1513 'wpDeleteAndMove' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1514 'wpConfirm' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1515 'talkmoved' => wikiFuzz::chooseInput( array( "1", wikiFuzz::makeFuzz( 2 ), "articleexists", 'notalkpage' ) ),
1519 );
1521 // sometimes we don't want to specify certain parameters.
1527 }
1528 }
1531 /**
1532 ** a page test for "Special:Undelete"
1533 */
1541 'target' => wikiFuzz::chooseInput( array( "x", wikiFuzz::makeTitleSafe( wikiFuzz::makeFuzz( 2 ) ) ) ),
1547 );
1549 // sometimes we don't want to specify certain parameters.
1554 }
1555 }
1558 /**
1559 ** a page test for "Special:Unlockdb"
1560 */
1566 "action" => wikiFuzz::chooseInput( array( "submit", "success", "", wikiFuzz::makeFuzz( 2 ) ) ),
1569 );
1571 // sometimes we don't want to specify certain parameters.
1575 }
1576 }
1579 /**
1580 ** a page test for "Special:Lockdb"
1581 */
1587 "action" => wikiFuzz::chooseInput( array( "submit", "success", "", wikiFuzz::makeFuzz( 2 ) ) ),
1590 'wpLockConfirm' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) )
1591 );
1593 // sometimes we don't want to specify certain parameters.
1597 }
1598 }
1601 /**
1602 ** a page test for "Special:Userrights"
1603 */
1610 'user-editname' => wikiFuzz::chooseInput( array( "Nickj2", "Nickj2\n<xyz>", wikiFuzz::makeFuzz( 2 ) ) ),
1611 'ssearchuser' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1612 'saveusergroups' => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ), "Save User Groups" ),
1613 'member[]' => wikiFuzz::chooseInput( array( "0", "bot", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1614 "available[]" => wikiFuzz::chooseInput( array( "0", "sysop", "bureaucrat", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) )
1615 );
1617 // sometimes we don't want to specify certain parameters.
1620 }
1621 }
1624 /**
1625 ** a test for page protection and unprotection.
1626 */
1634 "mwProtect-level-edit" => wikiFuzz::chooseInput( array( '', 'autoconfirmed', 'sysop', wikiFuzz::makeFuzz( 2 ) ) ),
1635 "mwProtect-level-move" => wikiFuzz::chooseInput( array( '', 'autoconfirmed', 'sysop', wikiFuzz::makeFuzz( 2 ) ) ),
1636 "mwProtectUnchained" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1637 'mwProtect-reason' => wikiFuzz::chooseInput( array( "because it was there", wikiFuzz::makeFuzz( 2 ) ) )
1638 );
1641 // sometimes we don't want to specify certain parameters.
1644 }
1645 }
1648 /**
1649 ** a page test for "Special:Blockip".
1650 */
1658 "wpBlockAddress" => wikiFuzz::chooseInput( array( "20398702394", "", "Nickj2", wikiFuzz::makeFuzz( 2 ),
1659 // something like an IP address, sometimes invalid:
1663 // something like an IP address, sometimes invalid:
1667 "wpBlockExpiry" => wikiFuzz::chooseInput( array( "other", "2 hours", "1 day", "3 days", "1 week", "2 weeks",
1669 "wpBlockReason" => wikiFuzz::chooseInput( array( "because it was there", wikiFuzz::makeFuzz( 2 ) ) ),
1670 "wpAnonOnly" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1671 "wpCreateAccount" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1673 );
1675 // sometimes we don't want to specify certain parameters.
1683 }
1684 }
1687 /**
1688 ** a test for the imagepage.
1689 */
1699 );
1701 // sometimes we don't want to specify certain parameters.
1706 }
1707 }
1710 /**
1711 ** a test for page deletion form.
1712 */
1719 "wpReason" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1720 "wpConfirm" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1721 );
1723 // sometimes we don't want to specify certain parameters.
1727 }
1728 }
1732 /**
1733 ** a test for Revision Deletion.
1734 */
1743 "wpReason" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1744 "revdelete-hide-text" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1745 "revdelete-hide-comment" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1746 "revdelete-hide-user" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1747 "revdelete-hide-restricted" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1748 );
1750 // sometimes we don't want to specify certain parameters.
1759 }
1760 }
1763 /**
1764 ** a test for Special:Import.
1765 */
1773 "MAX_FILE_SIZE" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1774 "xmlimport" => wikiFuzz::chooseInput( array( "/var/www/hosts/mediawiki/wiki/AdminSettings.php", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1775 "namespace" => wikiFuzz::chooseInput( array( wikiFuzz::randnum( 30, -6 ), wikiFuzz::makeFuzz( 2 ) ) ),
1779 );
1781 // sometimes we don't want to specify certain parameters.
1790 // Note: Need to do a file upload to fully test this Special page.
1791 }
1792 }
1795 /**
1796 ** a test for thumb.php
1797 */
1803 "f" => wikiFuzz::chooseInput( array( "..", "\\", "small-email.png", wikiFuzz::makeFuzz( 2 ) ) ),
1804 "w" => wikiFuzz::chooseInput( array( "80", wikiFuzz::randnum( 6000, -200 ), wikiFuzz::makeFuzz( 2 ) ) ),
1806 );
1808 // sometimes we don't want to specify certain parameters.
1812 }
1813 }
1816 /**
1817 ** a test for trackback.php
1818 */
1825 "blog_name" => wikiFuzz::chooseInput( array( "80", wikiFuzz::randnum( 6000, -200 ), wikiFuzz::makeFuzz( 2 ) ) ),
1829 );
1831 // sometimes we don't want to specify certain parameters.
1835 // page does not produce HTML.
1837 }
1838 }
1841 /**
1842 ** a test for profileinfo.php
1843 */
1852 );
1854 // sometimes we don't want to specify certain parameters.
1857 }
1858 }
1861 /**
1862 ** a test for Special:Cite (extension Special page).
1863 */
1869 "page" => wikiFuzz::chooseInput( array( "\" onmouseover=\"alert(1);\"", "Main Page", wikiFuzz::makeFuzz( 2 ) ) ),
1870 "id" => wikiFuzz::chooseInput( array( "-1", "0", "------'-------0", "+1", "-9823412312312412435", wikiFuzz::makeFuzz( 2 ) ) ),
1871 );
1873 // sometimes we don't want to specify certain parameters.
1876 }
1877 }
1880 /**
1881 ** a test for Special:Filepath (extension Special page).
1882 */
1888 "file" => wikiFuzz::chooseInput( array( "Small-email.png", "Small-email.png" . wikiFuzz::makeFuzz( 1 ), wikiFuzz::makeFuzz( 2 ) ) ),
1889 );
1890 }
1891 }
1894 /**
1895 ** a test for Special:Makebot (extension Special page).
1896 */
1902 "username" => wikiFuzz::chooseInput( array( "Nickj2", "192.168.0.2", wikiFuzz::makeFuzz( 1 ) ) ),
1903 "dosearch" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1907 );
1909 // sometimes we don't want to specify certain parameters.
1913 }
1914 }
1917 /**
1918 ** a test for Special:Makesysop (extension Special page).
1919 */
1925 "wpMakesysopUser" => wikiFuzz::chooseInput( array( "Nickj2", "192.168.0.2", wikiFuzz::makeFuzz( 1 ) ) ),
1927 "wpMakesysopSubmit" => wikiFuzz::chooseInput( array( "0", "1", "++--34234", wikiFuzz::makeFuzz( 2 ) ) ),
1929 "wpSetBureaucrat" => wikiFuzz::chooseInput( array( "20398702394", "", wikiFuzz::makeFuzz( 2 ) ) ),
1930 );
1932 // sometimes we don't want to specify certain parameters.
1936 }
1937 }
1940 /**
1941 ** a test for Special:Renameuser (extension Special page).
1942 */
1948 "oldusername" => wikiFuzz::chooseInput( array( "Nickj2", "192.168.0.2", wikiFuzz::makeFuzz( 1 ) ) ),
1949 "newusername" => wikiFuzz::chooseInput( array( "Nickj2", "192.168.0.2", wikiFuzz::makeFuzz( 1 ) ) ),
1951 );
1952 }
1953 }
1956 /**
1957 ** a test for Special:Linksearch (extension Special page).
1958 */
1965 );
1967 // sometimes we don't want to specify certain parameters.
1969 }
1970 }
1973 /**
1974 ** a test for Special:CategoryTree (extension Special page).
1975 */
1985 "mode" => wikiFuzz::chooseInput( array( "pages", "categories", "all", wikiFuzz::makeFuzz( 2 ) ) ),
1986 );
1988 // sometimes we do want to specify certain parameters.
1989 if ( wikiFuzz::randnum( 5 ) == 0 ) $this->params["notree"] = wikiFuzz::chooseInput( array( "1", 0, "", wikiFuzz::makeFuzz( 2 ) ) );
1990 }
1991 }
1994 /**
1995 ** a test for "Special:Chemicalsources" (extension Special page).
1996 */
2001 // choose an input format to use.
2016 'Name'
2017 )
2018 );
2020 // values for different formats usually start with either letters or numbers.
2027 }
2029 // and then we append the fuzz input.
2031 }
2032 }
2035 /**
2036 ** A test for api.php (programmatic interface to MediaWiki in XML/JSON/RSS/etc formats).
2037 ** Quite involved to test because there are lots of options/parameters, and because
2038 ** for a lot of the functionality if all the parameters don't make sense then it just
2039 ** returns the help screen - so currently a lot of the tests aren't actually doing much
2040 ** because something wasn't right in the query.
2041 **
2042 ** @todo: Incomplete / unfinished; Runs too fast (suggests not much testing going on).
2043 */
2046 // API login mode.
2050 );
2051 // sometimes we want to specify the extra "lgdomain" parameter.
2054 }
2057 }
2059 // API OpenSearch mode.
2062 }
2064 // API watchlist feed mode.
2066 // @todo FIXME: Add "wikiFuzz::makeFuzz(2)" as possible value below?
2068 }
2070 // API query mode.
2072 // @todo FIXME: Add "wikiFuzz::makeFuzz(2)" as possible params for the elements below?
2073 // Suspect this will stuff up the tests more, but need to check.
2075 // @todo FIXME: More titles.
2077 // @todo FIXME: More pageids.
2080 "list" => wikiFuzz::chooseInput( array( "allpages", "logevents", "watchlist", "usercontribs", "recentchanges", "backlinks", "embeddedin", "imagelinks" ) ),
2082 "generator" => wikiFuzz::chooseInput( array( "allpages", "logevents", "watchlist", "info", "revisions" ) ),
2084 );
2086 // Add extra parameters based on what list choice we got.
2088 case "usercontribs" : self::addListParams ( $params, "uc", array( "limit", "start", "end", "user", "dir" ) ); break;
2089 case "allpages" : self::addListParams ( $params, "ap", array( "from", "prefix", "namespace", "filterredir", "limit" ) ); break;
2090 case "watchlist" : self::addListParams ( $params, "wl", array( "allrev", "start", "end", "namespace", "dir", "limit", "prop" ) ); break;
2091 case "logevents" : self::addListParams ( $params, "le", array( "limit", "type", "start", "end", "user", "dir" ) ); break;
2092 case "recentchanges": self::addListParams ( $params, "rc", array( "limit", "prop", "show", "namespace", "start", "end", "dir" ) ); break;
2093 case "backlinks" : self::addListParams ( $params, "bl", array( "continue", "namespace", "redirect", "limit" ) ); break;
2094 case "embeddedin" : self::addListParams ( $params, "ei", array( "continue", "namespace", "redirect", "limit" ) ); break;
2095 case "imagelinks" : self::addListParams ( $params, "il", array( "continue", "namespace", "redirect", "limit" ) ); break;
2096 }
2099 self::addListParams ( $params, "rv", array( "prop", "limit", "startid", "endid", "end", "dir" ) );
2100 }
2102 // Sometimes we want redirects, sometimes we don't.
2105 }
2108 }
2110 // Adds all the elements to the array, using the specified prefix.
2114 }
2115 }
2117 // For a given element name, returns the data for that element.
2124 case 'limit' : return wikiFuzz::chooseInput( array( "0", "-1", "---'----------0", "+1", "8134", "320742734234235", "20060230121212", wikiFuzz::randnum( 9000, -100 ), wikiFuzz::makeFuzz( 2 ) ) );
2125 case 'dir' : return wikiFuzz::chooseInput( array( "newer", "older", wikiFuzz::makeFuzz( 2 ) ) );
2127 case 'namespace' : return wikiFuzz::chooseInput( array( -2, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 200000, wikiFuzz::makeFuzz( 2 ) ) );
2128 case 'filterredir': return wikiFuzz::chooseInput( array( "all", "redirects", "nonredirectsallpages", wikiFuzz::makeFuzz( 2 ) ) );
2130 case 'prop' : return wikiFuzz::chooseInput( array( "user", "comment", "timestamp", "patrol", "flags", "user|user|comment|flags", wikiFuzz::makeFuzz( 2 ) ) );
2131 case 'type' : return wikiFuzz::chooseInput( array( "block", "protect", "rights", "delete", "upload", "move", "import", "renameuser", "newusers", "makebot", wikiFuzz::makeFuzz( 2 ) ) );
2132 case 'hide' : return wikiFuzz::chooseInput( array( "minor", "bots", "anons", "liu", "liu|bots|", wikiFuzz::makeFuzz( 2 ) ) );
2133 case 'show' : return wikiFuzz::chooseInput( array( 'minor', '!minor', 'bot', '!bot', 'anon', '!anon', wikiFuzz::makeFuzz( 2 ) ) );
2135 }
2136 }
2138 // Entry point.
2161 // There is no "helpMode".
2165 }
2167 // Save the selected action.
2170 // Set the cookie:
2171 // @todo FIXME: Need to get this cookie dynamically set, rather than hard-coded.
2172 $this->cookie = "wikidbUserID=10001; wikidbUserName=Test; wikidb_session=178df0fe68c75834643af65dec9ec98a; wikidbToken=1adc6753d62c44aec950c024d7ae0540";
2174 // Output format
2180 // Page does not produce HTML (sometimes).
2182 }
2183 }
2186 /**
2187 ** a page test for the GeSHi extension.
2188 */
2195 . "start=" . wikiFuzz::chooseInput( array( wikiFuzz::randnum( 6000, -6000 ), wikiFuzz::makeFuzz( 2 ) ) )
2199 }
2202 return wikiFuzz::chooseInput( array( "actionscript", "ada", "apache", "applescript", "asm", "asp", "autoit", "bash", "blitzbasic", "bnf", "c", "c_mac", "caddcl", "cadlisp",
2203 "cfdg", "cfm", "cpp", "cpp-qt", "csharp", "css", "d", "delphi", "diff", "div", "dos", "eiffel", "fortran", "freebasic", "gml", "groovy", "html4strict", "idl",
2204 "ini", "inno", "io", "java", "java5", "javascript", "latex", "lisp", "lua", "matlab", "mirc", "mpasm", "mysql", "nsis", "objc", "ocaml", "ocaml-brief", "oobas",
2205 "oracle8", "pascal", "perl", "php", "php-brief", "plsql", "python", "qbasic", "rails", "reg", "robots", "ruby", "sas", "scheme", "sdlbasic", "smalltalk", "smarty",
2206 "sql", "tcl", "text", "thinbasic", "tsql", "vb", "vbnet", "vhdl", "visualfoxpro", "winbatch", "xml", "xpp", "z80", wikiFuzz::makeFuzz( 1 ) ) );
2207 }
2223 );
2224 }
2225 }
2228 /**
2229 ** selects a page test to run.
2230 */
2233 // if the user only wants a specific test, then only ever give them that.
2237 }
2239 // Some of the time we test Special pages, the remaining
2240 // time we test using the standard edit page.
2290 }
2291 }
2294 // ///////////////////// SAVING OUTPUT /////////////////////////
2296 /**
2297 ** Utility function for saving a file. Currently has no error checking.
2298 */
2301 }
2304 /**
2305 ** Returns a test as an experimental GET-to-POST URL.
2306 ** This doesn't seem to always work though, and sometimes the output is too long
2307 ** to be a valid GET URL, so we also save in other formats.
2308 */
2316 }
2319 }
2321 }
2323 }
2326 /**
2327 ** Saves a plain-text human-readable version of a test.
2328 */
2333 }
2336 }
2339 /**
2340 ** Saves a test as a standalone basic PHP script that shows this one problem.
2341 ** Resulting script requires PHP-Curl be installed in order to work.
2342 */
2349 . "curl_setopt(\$ch, CURLOPT_URL, " . var_export( WIKI_BASE_URL . $test->getPagePath(), true ) . ");\n"
2351 . ( $test->getCookie() ? "curl_setopt(\$ch, CURLOPT_COOKIE, " . var_export( $test->getCookie(), true ) . ");\n" : "" )
2357 }
2360 /**
2361 ** Escapes a value so that it can be used on the command line by Curl.
2362 ** Specifically, "<" and "@" need to be escaped if they are the first character,
2363 ** otherwise curl interprets these as meaning that we want to insert a file.
2364 */
2370 }
2372 }
2374 }
2377 /**
2378 ** Saves a test as a standalone CURL shell script that shows this one problem.
2379 ** Resulting script requires standalone Curl be installed in order to work.
2380 */
2387 }
2388 $str .= " " . escapeshellarg( WIKI_BASE_URL . $test->getPagePath() ); // beginning space matters.
2392 }
2395 /**
2396 ** Saves the internal data structure to file.
2397 */
2400 }
2403 /**
2404 ** saves a test in the various formats.
2405 */
2412 }
2415 // ////////////////// MEDIAWIKI OUTPUT /////////////////////////
2417 /**
2418 ** Asks MediaWiki for the HTML output of a test.
2419 */
2424 // specify the cookie, if required.
2436 // if we encountered an error, then say so, and return an empty string.
2440 }
2445 }
2448 // ////////////////// HTML VALIDATION /////////////////////////
2450 /*
2451 ** Asks the validator whether this is valid HTML, or not.
2452 */
2466 // if we encountered an error, then log it, and exit.
2471 }
2478 }
2481 /**
2482 ** Get tidy to check for no HTML errors in the output file (e.g. unescaped strings).
2483 */
2489 // Look for the most interesting Tidy errors and warnings.
2498 }
2499 }
2502 /**
2503 ** Returns whether or not an database error log file has changed in size since
2504 ** the last time this was run. This is used to tell if a test caused a DB error.
2505 */
2509 // first time running this function
2511 // create log if it does not exist
2514 }
2517 }
2520 // if the log has grown, then assume the current test caused it.
2524 }
2527 }
2529 // //////////////// TOP-LEVEL PROBLEM-FINDING FUNCTION ////////////////////////
2531 /**
2532 ** takes a page test, and runs it and tests it for problems in the output.
2533 ** Returns: False on finding a problem, or True on no problems being found.
2534 */
2537 // by default don't overwrite a previous test of the same name.
2540 }
2544 // Store the time before and after, to find slow pages.
2547 // Get MediaWiki to give us the output of this test.
2552 // if we received no response, then that's interesting.
2556 }
2558 // save output HTML to file.
2562 // if there were PHP errors in the output, then that's interesting too.
2568 ) {
2570 // Avoid probable PHP bug with bad session ids; http://bugs.php.net/bug.php?id=38224
2574 }
2575 }
2577 // if there was a MediaWiki Backtrace message in the output, then that's also interesting.
2581 }
2583 // if there was a Parser error comment in the output, then that's potentially interesting.
2587 }
2589 // if a database error was logged, then that's definitely interesting.
2593 }
2595 // validate result
2599 if ( !$valid ) print "\nW3C web validation failed - view details with: html2text " . DIRECTORY . "/" . $testname . ".validator_output.html";
2600 }
2602 // Get tidy to check the page, unless we already know it produces non-XHTML output.
2605 }
2607 // if it took more than 2 seconds to render, then it may be interesting too. (Possible DoS attack?)
2609 print "\nParticularly slow to render (" . round( $after - $before, 2 ) . " seconds): $filename";
2611 }
2614 // Remove temp HTML file if test was valid:
2618 }
2621 }
2624 // ///////////////// RERUNNING OLD TESTS ///////////////////
2626 /**
2627 ** We keep our failed tests so that they can be rerun.
2628 ** This function does that retesting.
2629 */
2635 // sort file into the order a normal person would use.
2640 // if file is not a test, then skip it.
2641 // Note we need to escape any periods or will be treated as "any character".
2643 if ( !preg_match( "/(.*)" . str_replace( ".", "\.", DATA_FILE ) . "$/", $file, $matches ) ) continue;
2645 // reload the test.
2649 // if this is not a valid test, then skip it.
2653 }
2655 // The date format is in Apache log format, which makes it easier to locate
2656 // which retest caused which error in the Apache logs (only happens usually if
2657 // apache segfaults).
2658 if ( !QUIET ) print "[" . date ( "D M d H:i:s Y" ) . "] Retesting $file (" . get_class( $test ) . ")";
2660 // run test
2670 }
2671 }
2680 }
2681 }
2682 }
2685 }
2688 // //////////////////// MAIN LOOP ////////////////////////
2691 // first check whether CURL is installed, because sometimes it's not.
2694 }
2696 // Initialization of types. wikiFuzz doesn't have a constructor because we want to
2697 // access it staticly and not have any globals.
2700 // Make directory if doesn't exist
2703 }
2704 // otherwise, we first retest the things that we have found in previous runs
2707 }
2709 // main loop.
2715 }
2719 // spinning progress indicator.
2725 }
2727 }
2729 // generate a page test to run.
2738 }
2740 // run this test against MediaWiki, and see if the output was valid.
2744 // save the failed test
2750 }
2754 // print current time, with microseconds (matches "strace" format), and the test name.
2755 print " " . date( "H:i:s." ) . substr( current( explode( " ", microtime() ) ), 2 ) . " " . $testname;
2757 }
2759 // stop if we have reached max number of errors.
2762 }
2764 // stop if we have reached max number of mins runtime.
2767 }
2768 }