Research Article
Automatic Test Pattern Generator for Fuzzing Based on Finite State Machine
Algorithm 1
Response similarity comparison.
Input: | The HTTP response body message from the target server (invalid test cases) ; | The HTTP response body message from the target server (valid test case) ; | The designated threshold ; | Output: | Logical value | 0:no/low injection risk; 1: high injection risk | (1)if row.count() == row.count() then⊳ While responses and have same number of rows | (2)similarity = NULL⊳ Initiate a similarity vector for storing row-by-row similarity results. | (3)for in 1 to row.count() do | (4)similarity = append(similarity, diff(, )⊳ Compare the similarity of the two responses line by line. | (5)similarity.score = mean(similarity)⊳ Take the average of the similarity vector | (6)else⊳ If the length of response is different, concatenate responses as strings for comparison. | (7) = NULL | (8) = NULL | (9)for in 1 to row.count() do | (10) = string.concat() | (11)for in 1 to row.count() do | (12) = string.concat() | (13)similarity.score = 1 − (diff()) | (14)return if (); |
|