Class FuzzExecutor

Namespace

Kuestenlogik.Bowire.Security

Assembly

Kuestenlogik.Bowire.dll

Server-side runtime for the schema-aware fuzzer. Shared between the bowire fuzz CLI subcommand and the /api/security/fuzz HTTP endpoint that the workbench's right-click "Fuzz this field" menu calls into. Stateless; payload wordlists + per-category response heuristics live as static data so neither consumer pays for instance state.

public static class FuzzExecutor

Inheritance

object

FuzzExecutor

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Remarks

v1 scope: HTTP-class targets, JSON request bodies, four payload categories (sqli / xss / pathtrav / cmdinj), five payloads per category. Heuristics fire on response-body markers (SQL error banners, /etc/passwd content, command-output markers like uid=…gid=) plus a cross-category latency-spike check that catches blind-execution oracles.

Schema-awareness — the ADR's killer differentiator — is the value-shape skip in ShouldSkipForValueShape(JsonValueKind, string): numeric / boolean fields don't take string payloads cleanly, so the caller is told to drop SQLi / XSS / etc. on those before any network traffic happens. Full frame-semantics-driven skipping (don't fuzz coordinate.latitude with SQLi even when the value happens to round-trip as a string) lives in the workbench- side menu, which has the annotation store and asks the executor to run the categories that survive that filter.

Fields

Payloads

Built-in payload wordlists keyed by category name.

public static readonly IReadOnlyDictionary<string, IReadOnlyList<string>> Payloads

Field Value

IReadOnlyDictionary<string, IReadOnlyList<string>>

Methods

EvaluateHeuristic(string, string, AttackProbeResponse, AttackProbeResponse?)

Per-category response heuristic — public so callers (and tests) can drive the marker logic in isolation without orchestrating a full fuzz run.

public static string? EvaluateHeuristic(string category, string payload, AttackProbeResponse resp, AttackProbeResponse? baseline)

Parameters

category string

payload string

resp AttackProbeResponse

baseline AttackProbeResponse

Returns

string

RunAsync(FuzzExecutorRequest, CancellationToken)

Run the fuzz session: capture a baseline against the original body, replay every payload in the category against the same endpoint with the field mutated, evaluate heuristics, return a structured result list (one entry per payload — both fired and not-fired so the caller can render a per-row table).

public static Task<FuzzRunResult> RunAsync(FuzzExecutorRequest request, CancellationToken ct)

Parameters

request FuzzExecutorRequest

ct CancellationToken

Returns

Task<FuzzRunResult>

ShouldSkipForValueShape(JsonValueKind, string)

Schema-awareness check — value-shape vs payload-class. Returns true when the targeted field's existing value is a kind the payload category doesn't fit (numeric / bool field for SQLi / XSS / pathtrav / cmdinj string payloads). Caller decides whether to skip or force.

public static bool ShouldSkipForValueShape(JsonValueKind kind, string category)

Parameters

kind JsonValueKind

category string

Returns

bool