use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.
the class BaseHeadersFuzzer method fuzz.
public void fuzz(FuzzingData fuzzingData) {
Set<CatsHeader> headersWithoutAuth = this.getHeadersWithoutAuthHeaders(fuzzingData.getHeaders());
if (headersWithoutAuth.isEmpty()) {
logger.skip("No headers to fuzz");
}
Set<CatsHeader> clonedHeaders = Cloner.cloneMe(headersWithoutAuth);
for (CatsHeader header : clonedHeaders) {
for (FuzzingStrategy fuzzingStrategy : fuzzStrategy()) {
testCaseListener.createAndExecuteTest(logger, this, () -> process(fuzzingData, clonedHeaders, header, fuzzingStrategy));
}
}
}
use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.
the class CatsUtilTest method shouldReturnEmptyFuzzingResultWhenEmptyJson.
@Test
void shouldReturnEmptyFuzzingResultWhenEmptyJson() {
CatsUtil catsUtil = new CatsUtil(new CatsDSLParser());
FuzzingStrategy strategy = FuzzingStrategy.replace().withData("fuzzed");
FuzzingResult result = catsUtil.replaceField("", "test", strategy);
Assertions.assertThat(result.getFuzzedValue()).isEmpty();
Assertions.assertThat(result.getJson()).isEmpty();
}
use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.
the class ServiceCaller method replacePayloadWithRefData.
/**
* Besides reading data from the {@code --refData} file, this method will aso try to
* correlate POST recorded data with DELETE endpoints in order to maximize success rate of DELETE requests.
*
* @param data the current ServiceData context
* @return the initial payload with reference data replaced and matching POST correlations for DELETE requests
*/
String replacePayloadWithRefData(ServiceData data) {
if (!data.isReplaceRefData()) {
LOGGER.note("Bypassing reference data replacement for path {}!", data.getRelativePath());
return data.getPayload();
} else {
Map<String, String> refDataForCurrentPath = filesArguments.getRefData(data.getRelativePath());
LOGGER.note("Payload reference data replacement: path {} has the following reference data: {}", data.getRelativePath(), refDataForCurrentPath);
Map<String, String> refDataWithoutAdditionalProperties = refDataForCurrentPath.entrySet().stream().filter(stringStringEntry -> !stringStringEntry.getKey().equalsIgnoreCase(ADDITIONAL_PROPERTIES)).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
String payload = data.getPayload();
/*this will override refData for DELETE requests in order to provide valid entities that will get deleted*/
refDataWithoutAdditionalProperties.putAll(this.getPathParamFromCorrespondingPostIfDelete(data));
for (Map.Entry<String, String> entry : refDataWithoutAdditionalProperties.entrySet()) {
String refDataValue = catsDSLParser.parseAndGetResult(entry.getValue(), data.getPayload());
try {
if (CATS_REMOVE_FIELD.equalsIgnoreCase(refDataValue)) {
payload = JsonUtils.deleteNode(payload, entry.getKey());
} else {
FuzzingStrategy fuzzingStrategy = FuzzingStrategy.replace().withData(refDataValue);
boolean mergeFuzzing = data.getFuzzedFields().contains(entry.getKey());
payload = catsUtil.replaceField(payload, entry.getKey(), fuzzingStrategy, mergeFuzzing).getJson();
}
} catch (PathNotFoundException e) {
LOGGER.warning("Ref data key {} was not found within the payload!", entry.getKey());
}
}
payload = catsUtil.setAdditionalPropertiesToPayload(refDataForCurrentPath, payload);
LOGGER.note("Final payload after reference data replacement: {}", payload);
return payload;
}
}
use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.
the class NullValuesInFieldsFuzzerTest method givenANewNullValuesInFieldsFuzzer_whenCreatingANewInstance_thenTheMethodsBeingOverriddenAreMatchingTheNullValuesInFieldsFuzzer.
@Test
void givenANewNullValuesInFieldsFuzzer_whenCreatingANewInstance_thenTheMethodsBeingOverriddenAreMatchingTheNullValuesInFieldsFuzzer() {
Assertions.assertThat(nullValuesInFieldsFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX);
FuzzingStrategy fuzzingStrategy = nullValuesInFieldsFuzzer.getFieldFuzzingStrategy(null, null).get(0);
Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name());
Assertions.assertThat(fuzzingStrategy.getData()).isNull();
Assertions.assertThat(nullValuesInFieldsFuzzer.description()).isNotNull();
Assertions.assertThat(nullValuesInFieldsFuzzer.typeOfDataSentToTheService()).isNotNull();
}
use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.
the class ZalgoTextInStringFieldsSanitizeValidateFuzzerTest method shouldProperlyOverrideSuperClassMethods.
@Test
void shouldProperlyOverrideSuperClassMethods() {
FuzzingData data = Mockito.mock(FuzzingData.class);
Map<String, Schema> reqTypes = new HashMap<>();
reqTypes.put("field", new StringSchema());
Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes);
FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0);
Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name());
Assertions.assertThat(fuzzingStrategy.getData()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a");
Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX);
Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.description()).isNotNull();
Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name());
Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty();
Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull();
}
Aggregations