use of com.endava.cats.model.CatsHeader in project cats by Endava.
the class DuplicateHeaderFuzzer method fuzz.
@Override
public void fuzz(FuzzingData data) {
if (data.getHeaders().isEmpty()) {
LOGGER.skip("No headers to fuzz");
}
List<CatsHeader> headers = new ArrayList<>(data.getHeaders());
CatsHeader header = CatsHeader.builder().name(CATS_FUZZY_HEADER).required(false).value(CATS_FUZZY_HEADER).build();
if (headers.isEmpty()) {
headers.add(header);
}
for (CatsHeader catsHeader : headers) {
List<CatsHeader> finalHeadersList = new ArrayList<>(headers);
finalHeadersList.add(catsHeader.copy());
testCaseListener.createAndExecuteTest(LOGGER, this, () -> process(data, finalHeadersList, catsHeader));
}
}
use of com.endava.cats.model.CatsHeader in project cats by Endava.
the class BaseHeadersFuzzer method process.
private void process(FuzzingData data, Set<CatsHeader> clonedHeaders, CatsHeader header, FuzzingStrategy fuzzingStrategy) {
String previousHeaderValue = header.getValue();
header.withValue(fuzzingStrategy.process(previousHeaderValue));
try {
boolean isRequiredHeaderFuzzed = clonedHeaders.stream().filter(CatsHeader::isRequired).collect(Collectors.toList()).contains(header);
testCaseListener.addScenario(logger, "Send [{}] in headers: header [{}] with value [{}]", this.typeOfDataSentToTheService(), header.getName(), fuzzingStrategy.truncatedValue());
testCaseListener.addExpectedResult(logger, "Should get a [{}] response code", this.getExpectedResultCode(isRequiredHeaderFuzzed).asString());
ServiceData serviceData = ServiceData.builder().relativePath(data.getPath()).headers(clonedHeaders).payload(data.getPayload()).fuzzedHeader(header.getName()).queryParams(data.getQueryParams()).httpMethod(data.getMethod()).build();
CatsResponse response = serviceCaller.call(serviceData);
testCaseListener.reportResult(logger, data, response, this.getExpectedResultCode(isRequiredHeaderFuzzed), this.matchResponseSchema());
} finally {
/* we reset back the current header */
header.withValue(previousHeaderValue);
}
}
use of com.endava.cats.model.CatsHeader in project cats by Endava.
the class BaseHeadersFuzzer method fuzz.
public void fuzz(FuzzingData fuzzingData) {
Set<CatsHeader> headersWithoutAuth = this.getHeadersWithoutAuthHeaders(fuzzingData.getHeaders());
if (headersWithoutAuth.isEmpty()) {
logger.skip("No headers to fuzz");
}
Set<CatsHeader> clonedHeaders = Cloner.cloneMe(headersWithoutAuth);
for (CatsHeader header : clonedHeaders) {
for (FuzzingStrategy fuzzingStrategy : fuzzStrategy()) {
testCaseListener.createAndExecuteTest(logger, this, () -> process(fuzzingData, clonedHeaders, header, fuzzingStrategy));
}
}
}
use of com.endava.cats.model.CatsHeader in project cats by Endava.
the class BaseSecurityChecksHeadersFuzzer method process.
private void process(FuzzingData data, Set<CatsHeader> headers) {
String headerValue = headers.stream().filter(header -> header.getName().equalsIgnoreCase(targetHeaderName())).findFirst().orElse(CatsHeader.builder().build()).getValue();
testCaseListener.addScenario(log, "Send a happy flow request with a [{}] {} header, value [{}]", typeOfHeader(), targetHeaderName(), headerValue);
testCaseListener.addExpectedResult(log, "Should get a {} response code", getExpectedResponseCode());
CatsResponse response = serviceCaller.call(ServiceData.builder().relativePath(data.getPath()).headers(new ArrayList<>(headers)).payload(data.getPayload()).queryParams(data.getQueryParams()).httpMethod(data.getMethod()).build());
testCaseListener.reportResult(log, data, response, ResponseCodeFamily.FOURXX_MT);
}
use of com.endava.cats.model.CatsHeader in project cats by Endava.
the class ServiceCaller method callService.
public CatsResponse callService(CatsRequest catsRequest, Set<String> fuzzedFields) throws IOException {
long startTime = System.currentTimeMillis();
RequestBody requestBody = null;
Headers.Builder headers = new Headers.Builder();
catsRequest.getHeaders().forEach(header -> headers.addUnsafeNonAscii(header.getName(), header.getValue()));
if (HttpMethod.requiresBody(catsRequest.getHttpMethod())) {
requestBody = RequestBody.create(catsRequest.getPayload().getBytes(StandardCharsets.UTF_8));
}
Response response = okHttpClient.newCall(new Request.Builder().url(catsRequest.getUrl()).headers(headers.build()).method(catsRequest.getHttpMethod(), requestBody).build()).execute();
long endTime = System.currentTimeMillis();
LOGGER.complete("Protocol: {}, Method: {}, ReasonPhrase: {}, ResponseCode: {}, ResponseTimeInMs: {}", response.protocol(), catsRequest.getHttpMethod(), response.message(), response.code(), endTime - startTime);
String responseBody = this.getAsJson(response);
List<CatsHeader> responseHeaders = response.headers().toMultimap().entrySet().stream().map(header -> CatsHeader.builder().name(header.getKey()).value(header.getValue().get(0)).build()).collect(Collectors.toList());
return CatsResponse.from(response.code(), responseBody, catsRequest.getHttpMethod(), endTime - startTime, responseHeaders, fuzzedFields);
}
Aggregations