GSoC End - Current Status

Hi all.

The GSoC 2013 is now ended, and this post will describe shortly the current status of the project.

Of course, this sort of projects has always a load of things which can be done, and I'll continue to work on it, after this great summer of code. I'm pretty happy about how things went... I worked a lot, of course, but I enjoyed this experience a lot!

 After this brief introduction, I can declare the status of my project as checked in.
Many things can still be made, and some minor tweaks which can improve user experience.

You can find:

• full Zest documentation here (API), and here (wiki);
• Zest code here (Official) and here (my repo, a fork with my latest changes);
• Zap Code here;
• Zap-extensions code here.

Minor Tweaks:

• Adding ExpressionLength Dialog;
• Adding a hover over to the IF node showing the full expression tree;
• Same as before for AND/OR nodes;
• Change some menu names.

Some Screenshots of the Project:

Conditional UI

Structured Expression UI

SurroundWith menu for Expressions

A complex Script using Loops and Structured Expression (with debug output).

for more screenshots, contact me, or simply check it out and try it ;)

Things Made:

• Created Structured Expressions inside Zest;
• Added support for Structured Expression in ZestConditional & ZestAssertion
• Added Loop to Zest as a new Statement;
• Added support for the runner which manages loops of different types;
• Added UI in ZAP for the changes above;
• Tests;
• Docs.

For more information, please do not hesitate to write a comment or to email in the dev-groups or to me directly.

Week 14 - close to the end: cleaning and debugging

In this phase I'm cleaning the code and I'm making some other test to find out any other bug.

This is a sample screenshot of the working project:

Intermediate Post - ZestComplexExpression UI

This post only to show the current implementation of the ComplexConditionals UI:

The script implemented is very simple, but it tests complex conditionals.

Simply it checks if the status code is 200 AND if the url request is equals to http://localhost:8080/bodgeit/login.jsp (exactly the request added  in the script).

Then, it checks if the response time is >10 ms OR <100 ms (which is obviously true).

Complex Expressions are really close to be finished!

week 13 - Complex Conditionals UI

This is the 13th week. This week I continued working on the Complex Conditional UI.

I have developed two UIs for adding Complex Conditionals:

• via Script Tree: It is now possible to build a new conditional with empty expression. The expression will be then built step by step by adding AND/OR nodes: Here some screenshots:

and this is the result:

As you can see, the "IF" node contains no child (no expression).

User can then add other nodes, such as Simple Conditional, AND or OR nodes:

This is an example:

• via a complex Conditional Dialog:

This is the screenshot:

What is still missing?

I have to add some lines to manage elimination of complex conditional nodes; 

Some lines to perform a check about where is it possible to insert which type of conditional node;

A method to add the complete subtree given by a complete structured expression (built with the complex conditional dialog) .

Week 12 - Complex Conditional UI

This week I completed and pushed the definitive code for ZestLoops.
Then I started working on ComplexConditional. I created a sample UI based on the prototype I made in my proposal:

There are still many things to do for Complex Conditional. The most interesting challenge is to parse the condition and create the RootExpression for the structured conditional.

This week I wrote a basic standard text representation for all the simple conditionals, and I wrote the regex to recognize them.

Week 11 - Loops UI, tests and refractoring

This is the 11th week.

This week I worked a lot on loops, making the edits required to the loop interface.

These changes forced me to refractor the previous code. Also some problem occurred.

The main problem is about the serialization of loops. The test I made for serialization passed because they consisted on the serialization of a single Loop. This kind of test was not good, because it didn't consider the loop inside a Script. In fact the serialization of a Script containing a Loop didn't work properly.

This problem is caused by the usage of generics and a bad design of the structure of loops.

This week I noticed this problem and fixed it making some changes at the design:

• The set of token is now declared in the subtype (LoopInteger, LoopFile & LoopString);
• The step is declared only for LoopInteger;
• The loop phase now considers the  index of the current token, and no more the value of the token.

After these changes I worked also at the Loop UI, changing the previous dialogs, here some snapshots:

This is the dialog for String Loops:

This is the dialog for Integer Loops:

This is the dialog for File (only fuzzers files)

Thes interfaces are much more easy.

As you can see, I inserted a new field: "Variable Name". This is a change I had to made to loops because it helps a lot in  the usage of the tokens iside the loops.

This week I planned to clear the code and make a, hopefully, definitive push for Loops. 

Week - 10 Graphic User Interface

This week I started working on the GUI for Zest.
I started with the UI for Loops, since they should be much more easier than the Complex Conditionals.

Here some simple snapshot (click on the img for zooming):

The images above show how user can create loops graphically (in the example, loops through values stored in a file).

After this simple realization, I started developing another feature: "Surround with..". This feature allow users to add some statement, select them, and wurround them with a Loop!

This week I've implemented these two features.

Two things are missing now:

1. to allow user load fuzzer files for loops;
2. Complex conditionals UI.