Search in sources :

Example 1 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class DuplicateHeaderFuzzer method fuzz.

@Override
public void fuzz(FuzzingData data) {
    if (data.getHeaders().isEmpty()) {
        LOGGER.skip("No headers to fuzz");
    }
    List<CatsHeader> headers = new ArrayList<>(data.getHeaders());
    CatsHeader header = CatsHeader.builder().name(CATS_FUZZY_HEADER).required(false).value(CATS_FUZZY_HEADER).build();
    if (headers.isEmpty()) {
        headers.add(header);
    }
    for (CatsHeader catsHeader : headers) {
        List<CatsHeader> finalHeadersList = new ArrayList<>(headers);
        finalHeadersList.add(catsHeader.copy());
        testCaseListener.createAndExecuteTest(LOGGER, this, () -> process(data, finalHeadersList, catsHeader));
    }
}
Also used : ArrayList(java.util.ArrayList) CatsHeader(com.endava.cats.model.CatsHeader)

Example 2 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class BaseHeadersFuzzer method process.

private void process(FuzzingData data, Set<CatsHeader> clonedHeaders, CatsHeader header, FuzzingStrategy fuzzingStrategy) {
    String previousHeaderValue = header.getValue();
    header.withValue(fuzzingStrategy.process(previousHeaderValue));
    try {
        boolean isRequiredHeaderFuzzed = clonedHeaders.stream().filter(CatsHeader::isRequired).collect(Collectors.toList()).contains(header);
        testCaseListener.addScenario(logger, "Send [{}] in headers: header [{}] with value [{}]", this.typeOfDataSentToTheService(), header.getName(), fuzzingStrategy.truncatedValue());
        testCaseListener.addExpectedResult(logger, "Should get a [{}] response code", this.getExpectedResultCode(isRequiredHeaderFuzzed).asString());
        ServiceData serviceData = ServiceData.builder().relativePath(data.getPath()).headers(clonedHeaders).payload(data.getPayload()).fuzzedHeader(header.getName()).queryParams(data.getQueryParams()).httpMethod(data.getMethod()).build();
        CatsResponse response = serviceCaller.call(serviceData);
        testCaseListener.reportResult(logger, data, response, this.getExpectedResultCode(isRequiredHeaderFuzzed), this.matchResponseSchema());
    } finally {
        /* we reset back the current header */
        header.withValue(previousHeaderValue);
    }
}
Also used : CatsResponse(com.endava.cats.model.CatsResponse) ServiceData(com.endava.cats.io.ServiceData) CatsHeader(com.endava.cats.model.CatsHeader)

Example 3 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class BaseHeadersFuzzer method fuzz.

public void fuzz(FuzzingData fuzzingData) {
    Set<CatsHeader> headersWithoutAuth = this.getHeadersWithoutAuthHeaders(fuzzingData.getHeaders());
    if (headersWithoutAuth.isEmpty()) {
        logger.skip("No headers to fuzz");
    }
    Set<CatsHeader> clonedHeaders = Cloner.cloneMe(headersWithoutAuth);
    for (CatsHeader header : clonedHeaders) {
        for (FuzzingStrategy fuzzingStrategy : fuzzStrategy()) {
            testCaseListener.createAndExecuteTest(logger, this, () -> process(fuzzingData, clonedHeaders, header, fuzzingStrategy));
        }
    }
}
Also used : FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) CatsHeader(com.endava.cats.model.CatsHeader)

Example 4 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class BaseSecurityChecksHeadersFuzzer method process.

private void process(FuzzingData data, Set<CatsHeader> headers) {
    String headerValue = headers.stream().filter(header -> header.getName().equalsIgnoreCase(targetHeaderName())).findFirst().orElse(CatsHeader.builder().build()).getValue();
    testCaseListener.addScenario(log, "Send a happy flow request with a [{}] {} header, value [{}]", typeOfHeader(), targetHeaderName(), headerValue);
    testCaseListener.addExpectedResult(log, "Should get a {} response code", getExpectedResponseCode());
    CatsResponse response = serviceCaller.call(ServiceData.builder().relativePath(data.getPath()).headers(new ArrayList<>(headers)).payload(data.getPayload()).queryParams(data.getQueryParams()).httpMethod(data.getMethod()).build());
    testCaseListener.reportResult(log, data, response, ResponseCodeFamily.FOURXX_MT);
}
Also used : Arrays(java.util.Arrays) Cloner(com.endava.cats.generator.Cloner) PrettyLoggerFactory(io.github.ludovicianul.prettylogger.PrettyLoggerFactory) TestCaseListener(com.endava.cats.report.TestCaseListener) Set(java.util.Set) CatsResponse(com.endava.cats.model.CatsResponse) PrettyLogger(io.github.ludovicianul.prettylogger.PrettyLogger) ResponseCodeFamily(com.endava.cats.http.ResponseCodeFamily) ArrayList(java.util.ArrayList) Fuzzer(com.endava.cats.Fuzzer) ServiceData(com.endava.cats.io.ServiceData) List(java.util.List) ServiceCaller(com.endava.cats.io.ServiceCaller) FuzzingData(com.endava.cats.model.FuzzingData) CatsHeader(com.endava.cats.model.CatsHeader) CatsResponse(com.endava.cats.model.CatsResponse) ArrayList(java.util.ArrayList)

Example 5 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class ServiceCaller method callService.

public CatsResponse callService(CatsRequest catsRequest, Set<String> fuzzedFields) throws IOException {
    long startTime = System.currentTimeMillis();
    RequestBody requestBody = null;
    Headers.Builder headers = new Headers.Builder();
    catsRequest.getHeaders().forEach(header -> headers.addUnsafeNonAscii(header.getName(), header.getValue()));
    if (HttpMethod.requiresBody(catsRequest.getHttpMethod())) {
        requestBody = RequestBody.create(catsRequest.getPayload().getBytes(StandardCharsets.UTF_8));
    }
    Response response = okHttpClient.newCall(new Request.Builder().url(catsRequest.getUrl()).headers(headers.build()).method(catsRequest.getHttpMethod(), requestBody).build()).execute();
    long endTime = System.currentTimeMillis();
    LOGGER.complete("Protocol: {}, Method: {}, ReasonPhrase: {}, ResponseCode: {}, ResponseTimeInMs: {}", response.protocol(), catsRequest.getHttpMethod(), response.message(), response.code(), endTime - startTime);
    String responseBody = this.getAsJson(response);
    List<CatsHeader> responseHeaders = response.headers().toMultimap().entrySet().stream().map(header -> CatsHeader.builder().name(header.getKey()).value(header.getValue().get(0)).build()).collect(Collectors.toList());
    return CatsResponse.from(response.code(), responseBody, catsRequest.getHttpMethod(), endTime - startTime, responseHeaders, fuzzedFields);
}
Also used : CatsResponse(com.endava.cats.model.CatsResponse) Response(okhttp3.Response) X509Certificate(java.security.cert.X509Certificate) ADDITIONAL_PROPERTIES(com.endava.cats.dsl.CatsDSLWords.ADDITIONAL_PROPERTIES) JsonObject(com.google.gson.JsonObject) SSLContext(javax.net.ssl.SSLContext) Arrays(java.util.Arrays) CatsGlobalContext(com.endava.cats.model.CatsGlobalContext) CatsDSLWords(com.endava.cats.dsl.CatsDSLWords) TrustManager(javax.net.ssl.TrustManager) HtmlEscapers(com.google.common.html.HtmlEscapers) CatsResponse(com.endava.cats.model.CatsResponse) PrettyLogger(io.github.ludovicianul.prettylogger.PrettyLogger) StringUtils(org.apache.commons.lang3.StringUtils) SecureRandom(java.security.SecureRandom) GeneralSecurityException(java.security.GeneralSecurityException) FilesArguments(com.endava.cats.args.FilesArguments) Map(java.util.Map) ResponseBody(okhttp3.ResponseBody) CatsUtil(com.endava.cats.util.CatsUtil) Request(okhttp3.Request) Set(java.util.Set) KeyStore(java.security.KeyStore) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) AuthArguments(com.endava.cats.args.AuthArguments) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) List(java.util.List) CatsDSLParser(com.endava.cats.dsl.CatsDSLParser) PostConstruct(javax.annotation.PostConstruct) Optional(java.util.Optional) ApplicationScoped(javax.enterprise.context.ApplicationScoped) CatsRequest(com.endava.cats.model.CatsRequest) PathNotFoundException(com.jayway.jsonpath.PathNotFoundException) HttpUrl(okhttp3.HttpUrl) NameValuePair(org.apache.http.NameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) WordUtils(com.endava.cats.util.WordUtils) PrettyLoggerFactory(io.github.ludovicianul.prettylogger.PrettyLoggerFactory) HashMap(java.util.HashMap) RateLimiter(com.google.common.util.concurrent.RateLimiter) Headers(okhttp3.Headers) TreeSet(java.util.TreeSet) RequestBody(okhttp3.RequestBody) ArrayList(java.util.ArrayList) JsonElement(com.google.gson.JsonElement) Inject(javax.inject.Inject) NOT_SET(com.endava.cats.model.util.JsonUtils.NOT_SET) Response(okhttp3.Response) ProcessingArguments(com.endava.cats.args.ProcessingArguments) FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) ApiArguments(com.endava.cats.args.ApiArguments) TestCaseListener(com.endava.cats.report.TestCaseListener) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) JsonUtils(com.endava.cats.model.util.JsonUtils) TimeUnit(java.util.concurrent.TimeUnit) OkHttpClient(okhttp3.OkHttpClient) HttpMethod(com.endava.cats.http.HttpMethod) X509TrustManager(javax.net.ssl.X509TrustManager) DryRun(com.endava.cats.annotations.DryRun) ConnectionPool(okhttp3.ConnectionPool) ArrayDeque(java.util.ArrayDeque) Collections(java.util.Collections) CatsHeader(com.endava.cats.model.CatsHeader) InputStream(java.io.InputStream) Headers(okhttp3.Headers) RequestBody(okhttp3.RequestBody) CatsHeader(com.endava.cats.model.CatsHeader)

Aggregations

CatsHeader (com.endava.cats.model.CatsHeader)11 CatsResponse (com.endava.cats.model.CatsResponse)6 FuzzingData (com.endava.cats.model.FuzzingData)5 ArrayList (java.util.ArrayList)4 ServiceData (com.endava.cats.io.ServiceData)2 FuzzingStrategy (com.endava.cats.model.FuzzingStrategy)2 TestCaseListener (com.endava.cats.report.TestCaseListener)2 PrettyLogger (io.github.ludovicianul.prettylogger.PrettyLogger)2 PrettyLoggerFactory (io.github.ludovicianul.prettylogger.PrettyLoggerFactory)2 QuarkusTest (io.quarkus.test.junit.QuarkusTest)2 StringSchema (io.swagger.v3.oas.models.media.StringSchema)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2 Set (java.util.Set)2 Test (org.junit.jupiter.api.Test)2 Fuzzer (com.endava.cats.Fuzzer)1 DryRun (com.endava.cats.annotations.DryRun)1 ApiArguments (com.endava.cats.args.ApiArguments)1 AuthArguments (com.endava.cats.args.AuthArguments)1