Fuzzware is stateful. This means any testcase can be re-created from the string describing the state and the configuration files that hold the fuzzing values.
The string describing the state has the following format:
Prefix-Nodename-NodeIndex-FuzzingTechnique-FuzzIndex The Prefix-Nodename-NodeIndex is what identifies the XML node being fuzzed. The Prefix identifies the namespace of the node, the Nodename the name of the node and the NodeIndex identifies which node, from all the nodes with that prefix and name, we are currently referring to. Sometimes the Nodename will prefixed by an '@' symbol, this means the target is an XML attribute of a node. Sometimes the NodeIndex will have the value 'All', which means we are changing all the nodes with that prefix and name simultaneously.
The FuzzingTechnique names the fuzzing technique for this state and the FuzzIndex uniquely specifies the value that will be used by the FuzzingTechnique.
Since Fuzzware's state uses indexes (NodeIndex and FuzzIndex) it is sensitive to changes in what those indexes refer to. If the input XML document changes, the NodeIndex might refer to a completely different node, or a non-existent node. If the values for a particular fuzzing technique change then FuzzIndex might refer to a completely different value, or a non-existent value.
Hence Fuzzware's state is dependant not only on the value of the state string, but also on the input XML and configuration files used with fuzzing. If changes are made to the input XML or configuration files the ability to recreate the state is not guaranteed.
Saying that, all the indexes reference things in a first-to-last ordering, so generally adding information to the end of the input XML or configuration files should not affect the ability to recreate a state.
|