use of com.endava.cats.http.HttpMethod in project cats by Endava.
the class FuzzingDataFactory method getFuzzDataForNonBodyMethods.
/**
* A similar FuzzingData object will be created for GET or DELETE requests. The "payload" will be a JSON with all the query or path params.
* In order to achieve this a synthetic object is created that will act as a root object holding all the query or path params as child schemas.
* The method returns a list of FuzzingData as you might have oneOf operations which will create multiple payloads.
*
* @param path the current path
* @param item the current path item
* @param openAPI the full OpenAPI object
* @param operation the OpenApi operation
* @return a list of FuzzingData objects
*/
private List<FuzzingData> getFuzzDataForNonBodyMethods(String path, PathItem item, Operation operation, OpenAPI openAPI, HttpMethod method) {
ObjectSchema syntheticSchema = this.createSyntheticSchemaForGet(operation.getParameters());
globalContext.getSchemaMap().put(SYNTH_SCHEMA_NAME + operation.getOperationId(), syntheticSchema);
Set<String> queryParams = this.extractQueryParams(syntheticSchema);
List<String> payloadSamples = this.getRequestPayloadsSamples(null, SYNTH_SCHEMA_NAME + operation.getOperationId());
Map<String, List<String>> responses = this.getResponsePayloads(operation, operation.getResponses().keySet());
Map<String, List<String>> responsesContentTypes = this.getResponseContentTypes(operation, operation.getResponses().keySet());
List<String> requestContentTypes = this.getRequestContentTypes(operation, openAPI);
return payloadSamples.stream().map(payload -> FuzzingData.builder().method(method).path(path).headers(this.extractHeaders(operation)).payload(payload).responseCodes(operation.getResponses().keySet()).reqSchema(syntheticSchema).pathItem(item).schemaMap(globalContext.getSchemaMap()).responses(responses).responseContentTypes(responsesContentTypes).requestPropertyTypes(globalContext.getRequestDataTypes()).requestContentTypes(requestContentTypes).queryParams(queryParams).openApi(openAPI).tags(operation.getTags()).reqSchemaName(SYNTH_SCHEMA_NAME).build()).collect(Collectors.toList());
}
use of com.endava.cats.http.HttpMethod in project cats by Endava.
the class CatsCommand method fuzzPath.
public void fuzzPath(Map.Entry<String, PathItem> pathItemEntry, OpenAPI openAPI) {
/* WE NEED TO ITERATE THROUGH EACH HTTP OPERATION CORRESPONDING TO THE CURRENT PATH ENTRY*/
LOGGER.info(" ");
LOGGER.start("Start fuzzing path {}", pathItemEntry.getKey());
List<FuzzingData> fuzzingDataList = fuzzingDataFactory.fromPathItem(pathItemEntry.getKey(), pathItemEntry.getValue(), openAPI);
if (fuzzingDataList.isEmpty()) {
LOGGER.warning("Skipping path {}. HTTP method not supported yet!", pathItemEntry.getKey());
return;
}
List<FuzzingData> fuzzingDataListWithHttpMethodsFiltered = fuzzingDataList.stream().filter(fuzzingData -> filterArguments.getHttpMethods().contains(fuzzingData.getMethod())).collect(Collectors.toList());
List<HttpMethod> excludedHttpMethods = fuzzingDataList.stream().map(FuzzingData::getMethod).filter(method -> !filterArguments.getHttpMethods().contains(method)).collect(Collectors.toList());
List<Fuzzer> allFuzzersSorted = filterArguments.getAllRegisteredFuzzers();
List<String> configuredFuzzers = filterArguments.getFuzzersForPath();
LOGGER.info("The following HTTP methods won't be executed for path {}: {}", pathItemEntry.getKey(), excludedHttpMethods);
LOGGER.info("{} configured fuzzers out of {} total fuzzers: {}", configuredFuzzers.size(), (long) allFuzzersSorted.size(), configuredFuzzers);
/*We only run the fuzzers supplied and exclude those that do not apply for certain HTTP methods*/
for (Fuzzer fuzzer : allFuzzersSorted) {
if (configuredFuzzers.contains(fuzzer.toString())) {
CatsUtil.filterAndPrintNotMatching(fuzzingDataListWithHttpMethodsFiltered, data -> !fuzzer.skipForHttpMethods().contains(data.getMethod()), LOGGER, "HTTP method {} is not supported by {}", t -> t.getMethod().toString(), fuzzer.toString()).forEach(data -> {
LOGGER.info("Fuzzer {} and payload: {}", ansi().fgGreen().a(fuzzer.toString()).reset(), data.getPayload());
testCaseListener.beforeFuzz(fuzzer.getClass());
fuzzer.fuzz(data);
testCaseListener.afterFuzz();
});
} else {
LOGGER.debug("Skipping fuzzer {} for path {} as configured!", fuzzer, pathItemEntry.getKey());
}
}
}
Aggregations