Search in sources :

Example 1 with FuzzingStrategy

use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.

the class BaseHeadersFuzzer method fuzz.

public void fuzz(FuzzingData fuzzingData) {
    Set<CatsHeader> headersWithoutAuth = this.getHeadersWithoutAuthHeaders(fuzzingData.getHeaders());
    if (headersWithoutAuth.isEmpty()) {
        logger.skip("No headers to fuzz");
    }
    Set<CatsHeader> clonedHeaders = Cloner.cloneMe(headersWithoutAuth);
    for (CatsHeader header : clonedHeaders) {
        for (FuzzingStrategy fuzzingStrategy : fuzzStrategy()) {
            testCaseListener.createAndExecuteTest(logger, this, () -> process(fuzzingData, clonedHeaders, header, fuzzingStrategy));
        }
    }
}
Also used : FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) CatsHeader(com.endava.cats.model.CatsHeader)

Example 2 with FuzzingStrategy

use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.

the class CatsUtilTest method shouldReturnEmptyFuzzingResultWhenEmptyJson.

@Test
void shouldReturnEmptyFuzzingResultWhenEmptyJson() {
    CatsUtil catsUtil = new CatsUtil(new CatsDSLParser());
    FuzzingStrategy strategy = FuzzingStrategy.replace().withData("fuzzed");
    FuzzingResult result = catsUtil.replaceField("", "test", strategy);
    Assertions.assertThat(result.getFuzzedValue()).isEmpty();
    Assertions.assertThat(result.getJson()).isEmpty();
}
Also used : FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) FuzzingResult(com.endava.cats.model.FuzzingResult) CatsDSLParser(com.endava.cats.dsl.CatsDSLParser) QuarkusTest(io.quarkus.test.junit.QuarkusTest) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with FuzzingStrategy

use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.

the class ServiceCaller method replacePayloadWithRefData.

/**
 * Besides reading data from the {@code --refData} file, this method will aso try to
 * correlate POST recorded data with DELETE endpoints in order to maximize success rate of DELETE requests.
 *
 * @param data the current ServiceData context
 * @return the initial payload with reference data replaced and matching POST correlations for DELETE requests
 */
String replacePayloadWithRefData(ServiceData data) {
    if (!data.isReplaceRefData()) {
        LOGGER.note("Bypassing reference data replacement for path {}!", data.getRelativePath());
        return data.getPayload();
    } else {
        Map<String, String> refDataForCurrentPath = filesArguments.getRefData(data.getRelativePath());
        LOGGER.note("Payload reference data replacement: path {} has the following reference data: {}", data.getRelativePath(), refDataForCurrentPath);
        Map<String, String> refDataWithoutAdditionalProperties = refDataForCurrentPath.entrySet().stream().filter(stringStringEntry -> !stringStringEntry.getKey().equalsIgnoreCase(ADDITIONAL_PROPERTIES)).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
        String payload = data.getPayload();
        /*this will override refData for DELETE requests in order to provide valid entities that will get deleted*/
        refDataWithoutAdditionalProperties.putAll(this.getPathParamFromCorrespondingPostIfDelete(data));
        for (Map.Entry<String, String> entry : refDataWithoutAdditionalProperties.entrySet()) {
            String refDataValue = catsDSLParser.parseAndGetResult(entry.getValue(), data.getPayload());
            try {
                if (CATS_REMOVE_FIELD.equalsIgnoreCase(refDataValue)) {
                    payload = JsonUtils.deleteNode(payload, entry.getKey());
                } else {
                    FuzzingStrategy fuzzingStrategy = FuzzingStrategy.replace().withData(refDataValue);
                    boolean mergeFuzzing = data.getFuzzedFields().contains(entry.getKey());
                    payload = catsUtil.replaceField(payload, entry.getKey(), fuzzingStrategy, mergeFuzzing).getJson();
                }
            } catch (PathNotFoundException e) {
                LOGGER.warning("Ref data key {} was not found within the payload!", entry.getKey());
            }
        }
        payload = catsUtil.setAdditionalPropertiesToPayload(refDataForCurrentPath, payload);
        LOGGER.note("Final payload after reference data replacement: {}", payload);
        return payload;
    }
}
Also used : X509Certificate(java.security.cert.X509Certificate) ADDITIONAL_PROPERTIES(com.endava.cats.dsl.CatsDSLWords.ADDITIONAL_PROPERTIES) JsonObject(com.google.gson.JsonObject) SSLContext(javax.net.ssl.SSLContext) Arrays(java.util.Arrays) CatsGlobalContext(com.endava.cats.model.CatsGlobalContext) CatsDSLWords(com.endava.cats.dsl.CatsDSLWords) TrustManager(javax.net.ssl.TrustManager) HtmlEscapers(com.google.common.html.HtmlEscapers) CatsResponse(com.endava.cats.model.CatsResponse) PrettyLogger(io.github.ludovicianul.prettylogger.PrettyLogger) StringUtils(org.apache.commons.lang3.StringUtils) SecureRandom(java.security.SecureRandom) GeneralSecurityException(java.security.GeneralSecurityException) FilesArguments(com.endava.cats.args.FilesArguments) Map(java.util.Map) ResponseBody(okhttp3.ResponseBody) CatsUtil(com.endava.cats.util.CatsUtil) Request(okhttp3.Request) Set(java.util.Set) KeyStore(java.security.KeyStore) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) AuthArguments(com.endava.cats.args.AuthArguments) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) List(java.util.List) CatsDSLParser(com.endava.cats.dsl.CatsDSLParser) PostConstruct(javax.annotation.PostConstruct) Optional(java.util.Optional) ApplicationScoped(javax.enterprise.context.ApplicationScoped) CatsRequest(com.endava.cats.model.CatsRequest) PathNotFoundException(com.jayway.jsonpath.PathNotFoundException) HttpUrl(okhttp3.HttpUrl) NameValuePair(org.apache.http.NameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) WordUtils(com.endava.cats.util.WordUtils) PrettyLoggerFactory(io.github.ludovicianul.prettylogger.PrettyLoggerFactory) HashMap(java.util.HashMap) RateLimiter(com.google.common.util.concurrent.RateLimiter) Headers(okhttp3.Headers) TreeSet(java.util.TreeSet) RequestBody(okhttp3.RequestBody) ArrayList(java.util.ArrayList) JsonElement(com.google.gson.JsonElement) Inject(javax.inject.Inject) NOT_SET(com.endava.cats.model.util.JsonUtils.NOT_SET) Response(okhttp3.Response) ProcessingArguments(com.endava.cats.args.ProcessingArguments) FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) ApiArguments(com.endava.cats.args.ApiArguments) TestCaseListener(com.endava.cats.report.TestCaseListener) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) JsonUtils(com.endava.cats.model.util.JsonUtils) TimeUnit(java.util.concurrent.TimeUnit) OkHttpClient(okhttp3.OkHttpClient) HttpMethod(com.endava.cats.http.HttpMethod) X509TrustManager(javax.net.ssl.X509TrustManager) DryRun(com.endava.cats.annotations.DryRun) ConnectionPool(okhttp3.ConnectionPool) ArrayDeque(java.util.ArrayDeque) Collections(java.util.Collections) CatsHeader(com.endava.cats.model.CatsHeader) InputStream(java.io.InputStream) FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) PathNotFoundException(com.jayway.jsonpath.PathNotFoundException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 4 with FuzzingStrategy

use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.

the class NullValuesInFieldsFuzzerTest method givenANewNullValuesInFieldsFuzzer_whenCreatingANewInstance_thenTheMethodsBeingOverriddenAreMatchingTheNullValuesInFieldsFuzzer.

@Test
void givenANewNullValuesInFieldsFuzzer_whenCreatingANewInstance_thenTheMethodsBeingOverriddenAreMatchingTheNullValuesInFieldsFuzzer() {
    Assertions.assertThat(nullValuesInFieldsFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX);
    FuzzingStrategy fuzzingStrategy = nullValuesInFieldsFuzzer.getFieldFuzzingStrategy(null, null).get(0);
    Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name());
    Assertions.assertThat(fuzzingStrategy.getData()).isNull();
    Assertions.assertThat(nullValuesInFieldsFuzzer.description()).isNotNull();
    Assertions.assertThat(nullValuesInFieldsFuzzer.typeOfDataSentToTheService()).isNotNull();
}
Also used : FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) QuarkusTest(io.quarkus.test.junit.QuarkusTest) Test(org.junit.jupiter.api.Test)

Example 5 with FuzzingStrategy

use of com.endava.cats.model.FuzzingStrategy in project cats by Endava.

the class ZalgoTextInStringFieldsSanitizeValidateFuzzerTest method shouldProperlyOverrideSuperClassMethods.

@Test
void shouldProperlyOverrideSuperClassMethods() {
    FuzzingData data = Mockito.mock(FuzzingData.class);
    Map<String, Schema> reqTypes = new HashMap<>();
    reqTypes.put("field", new StringSchema());
    Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes);
    FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0);
    Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name());
    Assertions.assertThat(fuzzingStrategy.getData()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a");
    Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX);
    Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.description()).isNotNull();
    Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name());
    Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty();
    Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull();
}
Also used : FuzzingStrategy(com.endava.cats.model.FuzzingStrategy) HashMap(java.util.HashMap) StringSchema(io.swagger.v3.oas.models.media.StringSchema) Schema(io.swagger.v3.oas.models.media.Schema) FuzzingData(com.endava.cats.model.FuzzingData) StringSchema(io.swagger.v3.oas.models.media.StringSchema) QuarkusTest(io.quarkus.test.junit.QuarkusTest) Test(org.junit.jupiter.api.Test)

Aggregations

FuzzingStrategy (com.endava.cats.model.FuzzingStrategy)67 QuarkusTest (io.quarkus.test.junit.QuarkusTest)62 Test (org.junit.jupiter.api.Test)62 FuzzingData (com.endava.cats.model.FuzzingData)35 StringSchema (io.swagger.v3.oas.models.media.StringSchema)34 Schema (io.swagger.v3.oas.models.media.Schema)30 HashMap (java.util.HashMap)27 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)9 NumberSchema (io.swagger.v3.oas.models.media.NumberSchema)4 CatsDSLParser (com.endava.cats.dsl.CatsDSLParser)3 FuzzingResult (com.endava.cats.model.FuzzingResult)3 CatsHeader (com.endava.cats.model.CatsHeader)2 CatsResponse (com.endava.cats.model.CatsResponse)2 DryRun (com.endava.cats.annotations.DryRun)1 ApiArguments (com.endava.cats.args.ApiArguments)1 AuthArguments (com.endava.cats.args.AuthArguments)1 FilesArguments (com.endava.cats.args.FilesArguments)1 ProcessingArguments (com.endava.cats.args.ProcessingArguments)1 CatsDSLWords (com.endava.cats.dsl.CatsDSLWords)1 ADDITIONAL_PROPERTIES (com.endava.cats.dsl.CatsDSLWords.ADDITIONAL_PROPERTIES)1