Examples with CatsHeader - com.endava.cats.model.CatsHeader

Example 6 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class RecommendedHeadersContractInfoFuzzerTest method shouldReportInfo.

@ParameterizedTest
@CsvSource({ "X-Trace-Id", "XTraceid", "X-CorrelationId", "X-APP-Correlation_Id" })
void shouldReportInfo(String header) {
    CatsHeader catsHeader = CatsHeader.builder().name(header).build();
    FuzzingData data = FuzzingData.builder().headers(Sets.newHashSet(catsHeader)).method(HttpMethod.POST).build();
    recommendedHeadersContractInfoFuzzer.fuzz(data);
    Mockito.verify(testCaseListener, Mockito.times(1)).reportInfo(Mockito.any(), Mockito.eq("Path contains the recommended [TracedId/CorrelationId] headers for HTTP method {}"), Mockito.eq(HttpMethod.POST));
}

Also used : FuzzingData(com.endava.cats.model.FuzzingData) CatsHeader(com.endava.cats.model.CatsHeader) CsvSource(org.junit.jupiter.params.provider.CsvSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 7 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class CheckSecurityHeadersFuzzer method process.

private void process(FuzzingData data) {
    testCaseListener.addScenario(log, "Send a happy flow request and check the following Security Headers: {}", SECURITY_HEADERS_AS_STRING);
    testCaseListener.addExpectedResult(log, "Should get a 2XX response code and all the above security headers within the response");
    CatsResponse response = serviceCaller.call(ServiceData.builder().relativePath(data.getPath()).headers(data.getHeaders()).payload(data.getPayload()).queryParams(data.getQueryParams()).httpMethod(data.getMethod()).build());
    List<CatsHeader> missingSecurityHeaders = getMissingSecurityHeaders(response);
    if (!missingSecurityHeaders.isEmpty()) {
        testCaseListener.reportError(log, "Missing recommended Security Headers: {}", missingSecurityHeaders.stream().map(CatsHeader::nameAndValue).collect(Collectors.toSet()));
    } else {
        testCaseListener.reportResult(log, data, response, ResponseCodeFamily.TWOXX);
    }
}

Also used : CatsResponse(com.endava.cats.model.CatsResponse) CatsHeader(com.endava.cats.model.CatsHeader)

Example 8 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class ExtraHeaderFuzzer method process.

private void process(FuzzingData data) {
    Set<CatsHeader> headerSet = new HashSet<>(data.getHeaders());
    headerSet.add(CatsHeader.builder().name(CATS_FUZZY_HEADER).required(false).value(CATS_FUZZY_HEADER).build());
    testCaseListener.addScenario(LOGGER, "Add extra header inside the request: name [{}], value [{}]. All other details are similar to a happy flow", CATS_FUZZY_HEADER, CATS_FUZZY_HEADER);
    testCaseListener.addExpectedResult(LOGGER, "Should get a 2XX response code");
    CatsResponse response = serviceCaller.call(ServiceData.builder().relativePath(data.getPath()).httpMethod(data.getMethod()).headers(headerSet).payload(data.getPayload()).queryParams(data.getQueryParams()).build());
    testCaseListener.reportResult(LOGGER, data, response, ResponseCodeFamily.TWOXX);
}

Also used : CatsResponse(com.endava.cats.model.CatsResponse) CatsHeader(com.endava.cats.model.CatsHeader) HashSet(java.util.HashSet)

Example 9 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class RecommendedHeadersContractInfoFuzzerTest method shouldReportError.

@ParameterizedTest
@CsvSource({ "X-Trac-Id", "XTracing", "X-Correlation", "X-APP-Correlation*Id" })
void shouldReportError(String header) {
    CatsHeader catsHeader = CatsHeader.builder().name(header).build();
    FuzzingData data = FuzzingData.builder().headers(Sets.newHashSet(catsHeader)).method(HttpMethod.POST).build();
    recommendedHeadersContractInfoFuzzer.fuzz(data);
    Mockito.verify(testCaseListener, Mockito.times(1)).reportError(Mockito.any(), Mockito.eq("Path does not contain the recommended [TracedId/CorrelationId] headers for HTTP method {}"), Mockito.eq(HttpMethod.POST));
}

Example 10 with CatsHeader

use of com.endava.cats.model.CatsHeader in project cats by Endava.

the class BypassAuthenticationFuzzerTest method shouldProperlyIdentifyAuthHeadersFromContract.

@Test
void shouldProperlyIdentifyAuthHeadersFromContract() {
    List<CatsHeader> headers = Arrays.asList(CatsHeader.builder().name("jwt").build(), CatsHeader.builder().name("authorization").build(), CatsHeader.builder().name("api-key").build(), CatsHeader.builder().name("api_key").build(), CatsHeader.builder().name("cats").build());
    FuzzingData data = FuzzingData.builder().headers(new HashSet<>(headers)).reqSchema(new StringSchema()).build();
    Set<String> authHeaders = bypassAuthenticationFuzzer.getAuthenticationHeaderProvided(data);
    Assertions.assertThat(authHeaders).containsExactlyInAnyOrder("jwt", "api-key", "authorization", "api_key");
}

Also used : FuzzingData(com.endava.cats.model.FuzzingData) StringSchema(io.swagger.v3.oas.models.media.StringSchema) CatsHeader(com.endava.cats.model.CatsHeader) QuarkusTest(io.quarkus.test.junit.QuarkusTest) Test(org.junit.jupiter.api.Test)

Aggregations

CatsHeader (com.endava.cats.model.CatsHeader)11 CatsResponse (com.endava.cats.model.CatsResponse)6 FuzzingData (com.endava.cats.model.FuzzingData)5 ArrayList (java.util.ArrayList)4 ServiceData (com.endava.cats.io.ServiceData)2 FuzzingStrategy (com.endava.cats.model.FuzzingStrategy)2 TestCaseListener (com.endava.cats.report.TestCaseListener)2 PrettyLogger (io.github.ludovicianul.prettylogger.PrettyLogger)2 PrettyLoggerFactory (io.github.ludovicianul.prettylogger.PrettyLoggerFactory)2 QuarkusTest (io.quarkus.test.junit.QuarkusTest)2 StringSchema (io.swagger.v3.oas.models.media.StringSchema)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2 Set (java.util.Set)2 Test (org.junit.jupiter.api.Test)2 Fuzzer (com.endava.cats.Fuzzer)1 DryRun (com.endava.cats.annotations.DryRun)1 ApiArguments (com.endava.cats.args.ApiArguments)1 AuthArguments (com.endava.cats.args.AuthArguments)1