A counter string is a specific type of self-describing text data used primarily in software testing and security analysis.
It is a long, graduated sequence of characters in which a number is placed periodically to indicate the character position of the character immediately following it. This design makes it possible to determine the exact point of truncation or overflow in a text-entry field without manually counting characters.
The structure of a counter string, with its embedded position markers, provides a highly efficient and accurate way to identify character limits and vulnerabilities in software.
Example of a counter string
A typical counter string uses a delimiter (like an asterisk) to separate the numeric position markers.1*2*3*4*5*6*7*8*9*10*12*14*16*19*22*25*29*33*37*41*46*51*56*61*66*71*76*81*86*91*96*101*106*111*116*...
In this example:
- The first asterisk is at position 2.
- The second asterisk is at position 4.
- The number
29appears at the beginning of the string fragment29*, and the asterisk following it is at position 29.
If a tester inputs this string into a text box and the resulting output shows ...2045*20, they know the string was truncated at position 2047. This is because the last full marker was 2045*, and the 20 that follows represents the first two digits of the next position marker, 2050* (2045 for the marker plus 2 for the two characters that follow).
Core functions and uses
Input validation and buffer overflow testing
A primary use of counter strings is to test the size limits of data-entry fields and other text buffers. Testers can create counter strings of varying or very long lengths and input them into an application.
- Identify truncation: If the string is cut off, the last full marker and any partial digits reveal the exact number of characters the field was able to accept before hitting its limit.
- Discover buffer overflows: By exceeding the buffer's capacity, a counter string can expose vulnerabilities where a program writes data beyond its allocated space, potentially leading to crashes or security flaws.
Creating large datasets
Counter strings are useful for generating large quantities of self-describing data for other types of testing.
- Database testing: They can be used to populate database fields to test for character limits, data indexing efficiency with large text blocks, and performance under high data volume.
- Stress testing: Inserting huge counter strings into various application components can simulate heavy load and test system stability.
Automated testing
Counter strings can be incorporated into automated test suites. Automated tests can generate a long counter string, input it into a field, and then read the value from the UI or database to verify that it was stored correctly and not truncated. This is more efficient and reliable than manually creating and checking long strings of non-descript data.
Benefits of using counter strings
Pinpoint accuracy
Unlike using a repeating character like "A," which only indicates truncation without specifying the exact length, a counter string provides immediate and precise information. This eliminates guesswork and the time-consuming manual process of copying and counting the text.
Efficiency
Counter strings are a more efficient testing method compared to older "caveman-like" techniques that involved manually counting characters. A quick visual check of a truncated string reveals the length, and in automated testing, a simple parsing function can extract the same information.
Enhanced security testing
Counter strings are a valuable tool for security testing, helping to uncover potential buffer overflows that could be exploited by malicious code. They allow testers to push the boundaries of an input field and identify weaknesses in the application's handling of oversized data.
Versatility
These strings can be generated to any arbitrary length and can be customized with different delimiters or formatting, making them highly adaptable to different testing scenarios and application requirements.
Challenges and limitations
Application-specific breaking characters
Some applications may have unexpected behavior or crash when encountering special characters, like delimiters, within a counter string. Testers may need to generate and test different versions of counter strings to account for this.
Performance overhead
While highly useful for testing, the generation and manipulation of extremely long counter strings in automation can introduce some performance overhead. However, this is generally a negligible concern in exchange for the diagnostic value.
Complexity for custom formats
If a unique counter string format is required for a specific application, developing a custom generator might be necessary. While tools exist, they may not cover all possible variations.
Contextual limitations
A counter string is most effective for discovering basic size limitations and buffer overflow issues. It does not provide insight into other potential data validation problems, such as incorrect data types, handling of malicious code, or improper data sanitization. More advanced testing techniques are needed for these issues.
Counter string generation
Several methods exist for generating counter strings, from simple scripts to dedicated tools.
Manual generation
For a short counter string, a tester can manually type a small, simple version for quick spot-checks. This is tedious for long strings, however, and is not a practical approach for most applications.
Scripting with Python
A simple Python script can generate a counter string of any desired length.
def generate_counter_string(length):
counter_string = ""
next_marker = 1
while len(counter_string) < length:
marker_str = str(next_marker)
if len(counter_string) + len(marker_str) + 1 > length:
break
counter_string += marker_str + "*"
next_marker += 1
return counter_string
print(generate_counter_string(100))
Use code with caution.
Dedicated tools
Tools have been developed specifically to generate counter strings. For example, James Bach created a Perl-based tool called perlclip. Such tools offer a convenient way to create, copy, and paste counter strings of arbitrary lengths for various testing purposes.
Conclusion
A counter string is an invaluable diagnostic tool in a software tester's arsenal, providing a simple yet powerful method for uncovering size limitations and potential security vulnerabilities. By embedding position markers directly into the data, it transforms a manual, time-consuming process into a quick and efficient one. While it may not solve all validation problems, its unique ability to precisely identify truncation points makes it an essential technique for ensuring the robustness and security of applications.