Merge pull request #28 from kazet/fuzzingfiles-is-enabled

Fuzzing files is enabled
kazet · Feb 21, 2024 · dfec336 · dfec336
2 parents 2b563b7 + 1ee213d
commit dfec336
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/README.md b/README.md
@@ -180,10 +180,6 @@ edit `docker_image/magic_payloads.php` and `docker_image/fuzz/config.py`.
 `crash_detector.py` contans regular expressions that find interesting crashes or interesting
 information (e.g. e-mails) being exposed.
 
-Fuzzing files (i.e. executing each PHP file with injected payloads) has been disabled
-because it didn't lead to many findings. Uncomment `files` in  `config.DEFAULT_ENABLED_FEATURES`
-to change that.
-
 Fuzzing REST routes as logged-in admin has been disabled as it led to false positives.
 Uncomment `rest_routes_admin` in  `config.DEFAULT_ENABLED_FEATURES` to change that.
 

diff --git a/config.py b/config.py
@@ -9,7 +9,6 @@
     "find_in_files_after_fuzzing",
     "find_in_admin_after_fuzzing",
     "find_in_pages_after_fuzzing",
-    # Disabled - see README.txt
-    # "files",
+    "files",
     # "rest_routes_admin",
 ]