kisspeter / apifuzzer Goto Github PK
View Code? Open in Web Editor NEWFuzz test your application using your OpenAPI or Swagger API definition without coding
License: GNU General Public License v3.0
apifuzzer's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
gitter-badger lyashenkogs h0wl d1pakda5 tuantmb axelliu hhao020 shreyanshp c002 buzzdeee tigerqiu712 mrampal lobax happynao rmaskell nasrullo cstockton slxiao silentsoul04 dgrudinin miguelfreitas93 mikisct iasthc zeta1999 alexvechirko rongqinglee gh0st0ne enzomar bipolarmorgan peterkiss-sophos jangelesg getgasenergen codesacka gavinwlove cleanmgr112 vokom rajivraj funcreepy jounghwan sayanjap flucianomsft walexzzy chainguns webclinic017 cholderby scopion elijahahianyo latkes alvacoder dhawanrohit l1kw1d mardcelo magmax princejnr hdys0vn 126789t garthoid cyberpunkych zhangkaibin0921 jabdy86apifuzzer's Issues
Space char at the headers argument
When I add a header that contains a space character I get an error regarding JSON breaking the content after the space.
usage: APIFuzzer [-h] [-s SRC_FILE] [--src_url SRC_URL] [-r REPORT_DIR] [--level LEVEL] [-u ALTERNATE_URL] [-t TEST_RESULT_DST]
[--log {critical,fatal,error,warn,warning,info,debug,notset}] [--basic_output BASIC_OUTPUT] [--headers HEADERS] [-v]
APIFuzzer: error: argument --headers: ('%s is not JSON', '[{"Authorization":"Basic')
Is there any way to fix this?
read YAML api specifications
I was trying to load a YAML OpenAPI file, but ran into a problem where it can only read a JSON file.
Source: https://github.com/KissPeter/APIFuzzer/blob/master/fuzzer.py#L118
$ python3 fuzzer.py -s ../../moov-io/paygate/openapi.yaml -u http://127.0.0.1:8082/ -r ./reports/ --log debug --headers '[{"x-user-id": "adam"}]'
Failed to parse input file: Expecting value: line 1 column 1 (char 0)
I can submit a PR to try and read YAML and JSON. Thoughts?
Exception for max_length(0) < 0 for boolean fuzzer
Describe the bug
Below error observed on execution.
fuzzer_type: boolean fuzzer: RandomBitsField
94093 [ ERROR] APIFuzzer [fuzzer.py:47 - prepare ]: Exception: max_length(0) < 0
Traceback (most recent call last):
File "/.pyenv/versions/3.9.0/lib/python3.9/site-packages/apifuzzer/fuzzer.py", line 45, in prepare/.pyenv/versions/3.9.0/lib/python3.9/site-packages/apifuzzer/openapi_template_generator.py", line 110, in process_api_resources
template_generator.process_api_resources()
File "
self._process_api_resources()
File "/.pyenv/versions/3.9.0/lib/python3.9/site-packages/apifuzzer/openapi_template_generator.py", line 252, in _process_api_resources/.pyenv/versions/3.9.0/lib/python3.9/site-packages/apifuzzer/custom_fuzzers.py", line 112, in init
fuzz_type(
File "
super(RandomBitsField, self).init(
File "/.pyenv/versions/3.9.0/lib/python3.9/site-packages/kitty/model/low_level/field.py", line 1114, in init/.pyenv/versions/3.9.0/lib/python3.9/site-packages/kitty/model/low_level/field.py", line 1135, in _validate_lengths
self._validate_lengths(min_length, max_length)
File "
raise KittyException('max_length(%d) < 0' % (max_length))
kitty.core.KittyException: max_length(0) < 0
Unexpected exception happened during fuzz test preparation: max_length(0) < 0. Feel free to report the issue
APIFuzzer debug log
Please provide the related APIFuzzer debug log
Related API definition
Please provide only the minimal but valid API definition which causes the issue
Software environment (please complete the following information):
- OS: Mac
- Python version: 3.9
- APIFuzzer Version: 0.9.13
Additional context
Add any other context about the problem here.
Missing response, parsed_status_code and request_body are in reports
Hi KissPeter,
I am able to run the tool successfully. But after validating the reports, I haven't found parameters which are response, parsed_status_code and request body .
Below is the report which i get
{"status": "failed",
"name": [{"Authorization": "SuperSecret"}, {"Auth2": "asd"}],
"sub_reports": [], "test_number": 177,
"state": "COMPLETED",
"request_url": "http://127.0.0.1:5000/v2/pet/findByStatus?status=\u0003\u0007U'",
"request_method": "GET",
"request_headers": "{"User-Agent": "APIFuzzer", "Accept-Encoding": "gzip, deflate", "Accept": "/", "Connection": "keep-alive", "Authorization": "SuperSecret", "Auth2": "asd"}",
"reason": "failed"
}
In provided example, I have seen below parameters
response,
parsed_status_code
request_body
Note: Based on status_code . I will try to eliminate false positives.
Package application
Would be great to have a setup.py for the APIFuzzer to allow isntallation via pip... as intermediate step until #12.
Parameters on "Path Item" level is not getting accepted
Describe the bug
I am working with the Fuzzer and while it is working well for resources without path parameters, I experienced an exception if I include a path parameter directly under a resource (called "path item" in the documentation of OpenAPI). The idea is that for a resource like /blacklists/{blacklistId} it is not making sense to add a PATH-parameter "blacklistId" to each single CRUD method, instead it should be defined one level above. Both would be valid syntax but my parser adds it to the path item and not the operations and as the document is about 7.000 lines and I cannot find a way to make the parser add it to each operation, it would be nice if you could fix this.
Reference to documentation
Each template expression in the path MUST correspond to a path parameter that is included in the Path Item itself and/or in each of the Path Item’s Operations. An exception is if the path item is empty, for example due to ACL constraints, matching path parameters are not required.
See: https://spec.openapis.org/oas/v3.1.0#path-templating
This error has the same log entry like described here: #46
Maybe it has a similar or the same cause.
APIFuzzer debug log
3496041 [ DEBUG] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:40 - _resolve ]: Processed: schemas -> {"schemas": {"Blacklist": {"properties": {"entries": {"items": {"type": "string"}, "type": "array"},
3496041 [ DEBUG] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:40 - _resolve ]: Processed: components -> {"components": {"schemas": {"Blacklist": {"properties": {"entries": {"items": {"type": "string"}, "t
3496041 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:108 - process_api_resources ]: Start preparation
3496041 [ ERROR] APIFuzzer [fuzzer.py:47 - prepare ]: Exception: 'list' object has no attribute 'get'
Traceback (most recent call last):
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/fuzzer.py", line 45, in prepare
template_generator.process_api_resources()
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/openapi_template_generator.py", line 109, in process_api_resources
self._process_request_body()
File "/home/mysecretusername/APIFuzzer/APIFuzzer/apifuzzer/openapi_template_generator.py", line 123, in _process_request_body
paths[resource][method].get("requestBody", {}).get("content", [])
AttributeError: 'list' object has no attribute 'get'
Unexpected exception happened during fuzz test preparation: 'list' object has no attribute 'get'. Feel free to report the issue
Related API definition
openapi: 3.0.3
info:
title: Generated API
version: "1.0"
servers:
- url: https://mysecretserver/1.0
paths:
/blacklists/{blacklistId}:
get:
responses:
"200":
description: OK
content:
text/xml:
schema:
$ref: '#/components/schemas/Blacklist'
parameters:
- in: path
name: blacklistId
schema:
format: int64
type: integer
required: true
description: The ID of the blacklist to retrieve details on
components:
schemas:
Blacklist:
type: object
properties:
id:
format: int64
type: integer
name:
type: string
entries:
type: array
items:
type: string
In this simple example I added a path parameter 'blacklistId' to be used for all future CRUD methods. Actually I did this not by myself but this was generated by some generator and the output can be used to e.g. provide a graphical documentation and everything looks fine.
First I tried different variations from the documentation, e.g. changing order of attributes, testing a string instead of a long but as soon as I add the parameter to the yaml, the fuzzer quits. I also tried renaming the parameter as 'blacklistid' but with no success. I can remove the whole Schema and all references to it,
Then I came up testing if it is a difference if I move the parameter description to the path item's operation:
---
openapi: 3.0.3
info:
title: Generated API
version: "1.0"
servers:
- url: https://mysecretserver/1.0
paths:
/blacklists/{blacklistId}:
get:
responses:
"200":
description: OK
content:
text/xml:
schema:
$ref: '#/components/schemas/Blacklist'
parameters:
- in: path
name: blacklistId
schema:
format: int64
type: integer
required: true
description: The ID of the blacklist to retrieve details on
components:
schemas:
Blacklist:
type: object
properties:
id:
format: int64
type: integer
name:
type: string
entries:
type: array
items:
type: string
Now the parameter belongs to the GET method and the fuzzer starts running.
Software environment (please complete the following information):
- OS: Ubuntu 20.04.3 LTS
- Python version: Python 3.8.10
- APIFuzzer Version: 0.9.12
APIFuzzer does not parse $ref in /paths
Describe the bug
The OpenAPI definition that I am using has references ($ref) in the /paths section. The parser from APIFuzzer does not take it as valid.
APIFuzzer debug log
jordi@DESKTOP-NISTS11:/mnt/c/dev/workspace/APIFuzzer$ ./APIFuzzer -s ../saas-api/openapi/main.yml
2508 [WARNING] APIFuzzer.ResolveReferences: Failed to find paths.~1v1~1tenants because: Parse error at 1:6 near token ~ (~)
2508 [WARNING] APIFuzzer.ResolveReferences: No /paths/~1v1~1tenants in {"components": {"parameters": {}, "schemas": {"Tenant": {"allOf": [{"$ref": "./types.yml#/components/schemas/Id"}, {"$ref": "#/components/schemas/TenantData"}], "description": "Tenant model"}, "Tenant
2508 [WARNING] APIFuzzer.ResolveReferences: 2 Nothing to do with <class 'NoneType'>: None
2508 [WARNING] APIFuzzer.ResolveReferences: Failed to find paths.~1v1~1tenants~1%7BtenantId%7D because: Parse error at 1:6 near token ~ (~)
2508 [WARNING] APIFuzzer.ResolveReferences: No /paths/~1v1~1tenants~1%7BtenantId%7D in {"components": {"parameters": {}, "schemas": {"Tenant": {"allOf": [{"$ref": "./types.yml#/components/schemas/Id"}, {"$ref": "#/components/schemas/TenantData"}], "description": "Tenant model"}, "Tenant
2508 [WARNING] APIFuzzer.ResolveReferences: 2 Nothing to do with <class 'NoneType'>: None
2508 [WARNING] APIFuzzer.ResolveReferences: Failed to find paths.~1v1~1tenants~1%7BtenantId%7D~1customers because: Parse error at 1:6 near token ~ (~)
2508 [WARNING] APIFuzzer.ResolveReferences: No /paths/~1v1~1tenants~1%7BtenantId%7D~1customers in {"components": {"schemas": {"Customer": {"allOf": [{"$ref": "./types.yml#/components/schemas/Id"}, {"$ref": "#/components/schemas/CustomerData"}], "description": "Customer model"}, "CustomerData": {"d
2508 [WARNING] APIFuzzer.ResolveReferences: 2 Nothing to do with <class 'NoneType'>: None
2508 [WARNING] APIFuzzer.ResolveReferences: Failed to find paths.~1v1~1tenants~1%7BtenantId%7D~1customers~1%7BcustomerId%7D because: Parse error at 1:6 near token ~ (~)
2508 [WARNING] APIFuzzer.ResolveReferences: No /paths/~1v1~1tenants~1%7BtenantId%7D~1customers~1%7BcustomerId%7D in {"components": {"schemas": {"Customer": {"allOf": [{"$ref": "./types.yml#/components/schemas/Id"}, {"$ref": "#/components/schemas/CustomerData"}], "description": "Customer model"}, "CustomerData": {"d
2508 [WARNING] APIFuzzer.ResolveReferences: 2 Nothing to do with <class 'NoneType'>: None
2508 [ ERROR] APIFuzzer: Exception: 'NoneType' object has no attribute 'keys'
Traceback (most recent call last):
File "/home/jordi/.local/lib/python3.8/site-packages/apifuzzer/fuzzer.py", line 37, in prepare
template_generator.process_api_resources()
File "/home/jordi/.local/lib/python3.8/site-packages/apifuzzer/openapi_template_generator.py", line 100, in process_api_resources
self._process_request_body()
File "/home/jordi/.local/lib/python3.8/site-packages/apifuzzer/openapi_template_generator.py", line 110, in _process_request_body
for method in paths[resource].keys():
AttributeError: 'NoneType' object has no attribute 'keys'
Unexpected exception happened during fuzz test preparation: 'NoneType' object has no attribute 'keys'. Feel free to report the issue
Related API definition
main.yml
openapi: 3.0.2
info:
title: Some API
version: 1.0.0
description: Main file to hold the rest of the OpenAPI definitions.
contact:
name: Some
email: [email protected]
servers:
- url: 'http://localhost:8080'
paths:
/v1/tenants:
$ref: 'tenants.yml#/paths/~1v1~1tenants'
/v1/tenants/{tenantId}:
$ref: 'tenants.yml#/paths/~1v1~1tenants~1%7BtenantId%7D'
tenants.yml (reduced)
openapi: 3.0.2
info:
title: Tenants
version: 1.0.0
contact:
name: Some
email: [email protected]
description: Tenants API
servers:
- url: 'http://localhost:8080'
paths:
/v1/tenants:
post:
tags:
- tenant
summary: Create a new tenant
responses:
'201':
description: Created
content:
application/json:
schema:
$ref: '#/components/schemas/TenantData'
operationId: post-v1-tenants
description: Create a new tenant
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TenantData'
components:
securitySchemes: {}
schemas:
TenantData:
title: TenantData
type: object
x-examples:
example-1:
name: Cool Startup
description: Holds the information for creating a new Tenant.
properties:
name:
type: string
example: Cool Startup
minLength: 1
maxLength: 256
required:
- name
parameters: {}
tags:
- name: tenant
description: Tenant Tag
Software environment (please complete the following information):
- OS: Windows with DSL Ubuntu 20.04.3
- Python version: 3.8.10
- APIFuzzer Version: 0.9.11
Additional context
Add any other context about the problem here.
Reports are missing request and base64-encoded
Reports are missing data about the request that cause the issue, and many fields are base64-encoded.
For instance, a report can look like this:
{
"status": "ZmFpbGVk",
"name": "dGFyZ2V0",
"sub_reports": [],
"test_number": 94,
"state": "Q09NUExFVEVE",
"reason": "dGFyZ2V0"
}Payload generation from response data
This is more of an idea/solution proposition, I have explored it with a POC.
Most of the time, openapi fuzzing will randomize data from the spec and end up making a lot of requests that won't drill into the actual implementation because of access control or non-existing ids. (403 and 404)
My idea for this is a recursive crawler on the api, by taking a look at the responses from "easy" paths that return some data, and inferring the data with the required parameters for other paths. By reusing the data you ensure that objects will actually exist, and you can check for IDOR easily.
It's a bit complex but I think storing a catalog of known good parameters can speed up the process of exploring the API. Whenever you fuzz a new path, look at the parameters and see if you have known ones that should work, check if you get 200 and then mutate that parameter.
Otherwise it feels a bit like brute forcing a lot of uuids and ids in paths.
The only alternative I know of is proxy-based fuzzing which doesn't have a lot of tools afaik. Some can fuzz lower level protocols but for HTTP I don't remember seeing a lot (maybe burp has a fancy plugin, I know that Autorize can check IDOR because it replays good requests and mutates that)
Questions
Question
Is HTTPS and oauth2 authorization supported?
Doing something like:
APIFuzzer --headers '[{"Authorization": "Bearer "}]' -s openapi.yml -u https://
Implement a controller component that will start the application under test
The proper way to start an application under test is using a controller component. See http://kitty.readthedocs.io/en/latest/base_structure.html#controller
Neet to implement a controller that will fork a process with the ingestion service on a free random port. After the service is up and running the controller should start fuzzing
Unexpected exception happened during fuzz test preparation
When running this command:
APIFuzzer -s /Users/username/Documents/demo.yaml
The result is:
Unexpected exception happened during fuzz test preparation: 'str' object has no attribute 'get'. Feel free to report the issue
Api
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Implement request and response logging
[new feature]
As a user, I want to set logging level as command line parameter.
The output and reports with log level debug should include request/response with headers.
Example:
python fuzzer.py -s your_swagger_definition.json -u http://localhost:8080/ --log DEBUG
Output:
Request:
GET /product/show/%7Bid%7D?id=asd HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.18.4
Response:
HTTP/1.1 400
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 05 Feb 2018 12:42:42 GMT
Connection: close
Body:
{"timestamp":1517834562537,"status":400,"error":"Bad Request","exception":"org.springframework.web.method.annotation.MethodArgumentTypeMismatchException","message":"Failed to convert value of type 'java.lang.String' to required type 'java.lang.Integer'; nested exception is java.lang.NumberFormatException: For input string: \"{id}\"","path":"/product/show/%7Bid%7D"}
Report filenames start with -1
Describe the bug
The reports that get stored in the directory indicated by the --report_dir argument have filenames prefixed with the current_index on the model. current_index seems to start with -1 (a feature of kittyfuzzer?) so the first report is -1-something, the next 0-something and then 1-something. It would make more sense to me for the reports to begin with either 1 or 0. In addition, zero padding the filenames would make sorting by name consistent with the order in which the reports were created.
Related API definition
I assume any, but here's the one I was using
Software environment (please complete the following information):
- OS: Ubuntu 20.04
- Python version: 3.8
- APIFuzzer Version: Latest from GitHub
APIFuzzer is failing for the CI integration
APIFuzzer is failing for the CI integration .
CI script :
stage: validate
image:
variables:
SEARCH_DIR: "./reference"
script:
- cat /etc/os-release
- apt-get update
- apt-get -y install python3-pip tree
- python3 -m pip install --upgrade pip
- pip3 --version
- apt-get -y install gcc libcurl4-nss-dev python3-dev
- git clone https://github.com/KissPeter/APIFuzzer.git && tree
- pip3 install -r APIFuzzer/requirements.txt
- APIFuzzer/APIFuzzer -v && APIFuzzer/APIFuzzer -h
- mkdir reports && pwd && ls -lh
- |
for file in `find ${SEARCH_DIR} -type f -name "*.yaml"`
do
echo "##### Run APIFuzzer #####";
echo "Run APIFuzzer/APIFuzzer -s ${file} -r ./reports/ --log debug";
APIFuzzer/APIFuzzer -s ${file} -r ./reports/ --log debug;
#npx ibm-openapi-validator ${file};
done
error:
[32;1m$ for file in find ${SEARCH_DIR} -type f -name "*.yaml" # collapsed multi-line command�[0;m
##### Run APIFuzzer #####
Run APIFuzzer/APIFuzzer -s ./reference/authentication/demo.yaml -r ./reports/ --log debug
1024 [ INFO] APIFuzzer [fuzzer.py:34 - init ]: APIFuzzer 0.9.13 initialized
1024 [ INFO] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:48 - resolve ]: Resolving schema references
1024 [ DEBUG] APIFuzzer.JsonSectionAbove-schema [move_json_parts.py:55 - resolve ]: 1 resolving reference
Traceback (most recent call last):
File "APIFuzzer/APIFuzzer", line 94, in
prog.prepare()
File "/builds/YHitoRqx/1/dir/doc/APIFuzzer/apifuzzer/fuzzer.py", line 40, in prepare
template_generator = OpenAPITemplateGenerator(
File "/builds/YHitoRqx/1/dir/doc/APIFuzzer/apifuzzer/openapi_template_generator.py", line 42, in init
self.api_resources = self.json_formatter.resolve()
File "/builds/YHitoRqx/1/dir/doc/APIFuzzer/apifuzzer/move_json_parts.py", line 56, in resolve
data, resolved_in_this_iteration = self._resolve(data)
File "/builds/YHitoRqx/1/dir/doc/APIFuzzer/apifuzzer/move_json_parts.py", line 16, in _resolve
self.logger.debug(f"Processing {pretty_print(data, 50)}")
File "/builds/YHitoRqx/1/dir/doc/APIFuzzer/apifuzzer/utils.py", line 190, in pretty_print
return json.dumps(printable, sort_keys=True)[0:limit]
File "/usr/lib/python3.8/json/init.py", line 234, in dumps
return cls(
File "/usr/lib/python3.8/json/encoder.py", line 199, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/lib/python3.8/json/encoder.py", line 257, in iterencode
return _iterencode(o, 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "APIFuzzer/APIFuzzer", line 99, in <module>
print(f'Unexpected exception happened during fuzz test preparation: {traceback.print_stack(*sys.exc_info())}.\n'
File "/usr/lib/python3.8/traceback.py", line 190, in print_stack
print_list(extract_stack(f, limit=limit), file=file)
File "/usr/lib/python3.8/traceback.py", line 211, in extract_stack
stack = StackSummary.extract(walk_stack(f), limit=limit)
File "/usr/lib/python3.8/traceback.py", line 340, in extract
if limit >= 0:
TypeError: '>=' not supported between instances of 'ValueError' and 'int'
section_end:1656922805:step_script
�[0Ksection_start:1656922805:cleanup_file_variables
�[0K�[0K�[36;1mCleaning up file based variables�[0;m
�[0;msection_end:1656922805:cleanup_file_variables
�[0K�[31;1mERROR: Job failed: command terminated with exit code 1
�[0;m
Path items with no variables prevent the fuzzer from running
Describe the bug
I have a set of generated YAML and some contain a single path item with a single operation and instead of accepting it, the fuzzer gives an assertion error and stops processing. If I add another node, i.e. a second operation or even a nonsense parameter,the parser accepts the yaml and the fuzzing starts. I understand that this happens as the fuzzer sees "nothing to do" for this path item and defines this as "invalid", even if the OpenAPI YAML is valid according to the definition.
I would expect the parser to ignore this path item and just shut down instead of throwing an assertion error.
APIFuzzer debug log
3506003 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:108 - process_api_resources ]: Start preparation
3506003 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:152 - _process_api_resources ]: Resource: /blacklists Method: get
3506003 [ DEBUG] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:78 - _get_template ]: Open new Fuzz template for blacklists|get
3506003 [ INFO] APIFuzzer.BaseTemplate [base_template.py:51 - get_stat ]: Template size: 0, content: {'params': set(), 'headers': set(), 'data': set(), 'path_variables': set(), 'cookies': set(), 'query': set(), 'content_type': ''}
3506003 [ DEBUG] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:328 - compile_base_url ]: Using openapi style url: http://localhost:8080/api
3506003 [ INFO] APIFuzzer.FuzzerTarget [fuzz_request_sender.py:36 - __init__ ]: Logger initialized
3506003 [ INFO] APIFuzzer.OpenApiServerFuzzer [server_fuzzer.py:38 - __init__ ]: Logger initialized
Traceback (most recent call last):
File "./APIFuzzer", line 101, in <module>
prog.run()
File "/home/secretuser/APIFuzzer/APIFuzzer/apifuzzer/fuzzer.py", line 66, in run
fuzzer.set_model(model)
File "/home/secretuser/.local/lib/python3.8/site-packages/kitty/fuzzers/base.py", line 256, in set_model
self.handle_stage_changed(model)
File "/home/secretuser/.local/lib/python3.8/site-packages/kitty/fuzzers/base.py", line 404, in handle_stage_changed
stages = model.get_stages()
File "/home/secretuser/.local/lib/python3.8/site-packages/kitty/model/high_level/graph.py", line 223, in get_stages
sequence = self.get_sequence()
File "/home/secretuser/.local/lib/python3.8/site-packages/kitty/model/high_level/base.py", line 154, in get_sequence
self._get_ready()
File "/home/secretuser/.local/lib/python3.8/site-packages/kitty/model/high_level/graph.py", line 101, in _get_ready
assert len(self._sequences)
AssertionError
Related API definition
My failing definition looks like this:
---
openapi: 3.0.3
info:
title: Generated API
version: "1.0"
servers:
- url: http://localhost:8080/api
paths:
/blacklists:
get:
responses:
"200":
description: OK
content:
application/vnd.maileon.api+xml:
schema:
type: array
items:
$ref: '#/components/schemas/Blacklist'
components:
schemas:
Blacklist:
type: object
properties:
id:
format: int64
type: integer
name:
type: string
entries:
type: array
items:
type: string
Software environment (please complete the following information):
- OS: Ubuntu 20.04.3 LTS
- Python version: Python 3.8.10
- APIFuzzer Version: 0.9.12
Question: Workaround for missing -t option?
Is there a workaround for the missing -t command line option? If I pipe the stdout of APIFuzzer into a log file
python2.7 fuzzer.py -s <spec-file> -u <url> $PWD/apifuzzer.log
the log file content is not complete (misses content in comparison with the command line output).
Invalid JSON-Data Value
After utilizing fuzzer, am getting invalid json data value. While passing the
fuzzer.py: error: argument --headers: invalid json_data value: '[{Authorization:'
Constructed payload.
python fuzzer.py -s test/swagger.json -u http://muurl --headers [{"Authorization": "Placed Valid Token"}] -r /tmp/reports/ --log debug
Due to privacy issues, haven't pasted url and token.
Field with the name (v1+themes|post|inherited) already exists in this container
What does this error mean?
[INFO ][fuzz_request_sender.__init__] Logger initialized
Traceback (most recent call last):
File "fuzzer.py", line 158, in <module>
prog.run()
File "fuzzer.py", line 54, in run
model.connect(template.compile_template())
File "/root/tools/APIFuzzer/apifuzzer/base_template.py", line 43, in compile_template
template.append_fields([Container(name=name, fields=field)])
File "/usr/local/lib/python3.8/dist-packages/kitty/model/low_level/container.py", line 65, in __init__
self.replace_fields(fields)
File "/usr/local/lib/python3.8/dist-packages/kitty/model/low_level/container.py", line 333, in replace_fields
self.append_fields(new_fields)
File "/usr/local/lib/python3.8/dist-packages/kitty/model/low_level/container.py", line 253, in append_fields
self.push(field)
File "/usr/local/lib/python3.8/dist-packages/kitty/model/low_level/container.py", line 320, in push
raise KittyException('field with the name (%s) already exists in this container' % (name))
kitty.core.KittyException: field with the name (v1+themes|post|inherited) already exists in this container
Add license
A project without a license can't be used for commercial purposes in many companies.
@KissPeter, couldn't you add a license please. See https://help.github.com/articles/licensing-a-repository/. MIT license for example
Unexpected exception happened during fuzz test preparation: sequence item 0: expected str instance, list found.
Describe the bug
For a list of lists property with default [[]] (alternatives in the schema attached), you get this error:
Unexpected exception happened during fuzz test preparation: sequence item 0: expected str instance, list found.
APIFuzzer debug log
Related API definition
Software environment (please complete the following information):
- OS: Ubuntu 20.04
- Python version: 3.8
- APIFuzzer Version: Latest from GitHub
Correct headers and path variables parsing
- The fuzzer passes a Parameter Type: header as a GET parameter
- The fuzzer passes a Parameter Type: path as a GET parameter
Expected:
GET /product/show/l%D7x%26%B5%B8%C86%19%D4q%98 HTTP/1.1
someOptionalHeader:asd
Host: localhost:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.18.4
Actual: (provided by wireshark)
GET /product/show/%7Bid%7D?someOptionalHeader=asd&id=l%D7x%26%B5%B8%C86%19%D4q%98 HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.18.4
How to reproduce:
Use https://github.com/LyashenkoGS/springboot_swagger_example/commit/13636377d2074755816f8fa1152c962ceb5e5d07
Build, run, export swagger.json according to the README.md
Failed to start API Fuzzer
Tried to run APIFuzzer in both host system(macos) and in docker container(python:3.7-alpine).
Steps to reproduce:
git clone https://github.com/KissPeter/APIFuzzer.git
pip3 install -r APIFuzzer/requirements.txt
python3 fuzzer.py -s test/test_swagger_definition.json -u http://localhost:5000/ -r /tmp/reports/
Here is my stdout:
[INFO ][fuzzer_target.__init__] Logger initialized
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 45, in run
target = FuzzerTarget(name='target', base_url=self.base_url, report_dir=self.report_dir)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 29, in __init__
self.logger.info('Logger initialized')
Message: 'Logger initialized'
Arguments: ()
[INFO ][base._load_session] No session loaded
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 345, in start
if self._load_session():
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 587, in _load_session
self.logger.info('No session loaded')
Message: 'No session loaded'
Arguments: ()
[INFO ][base._start_message]
--------------------------------------------------
Starting fuzzing session
Target: FuzzerTarget
UI: WebInterface listening on 127.0.0.1:26000
Log: ./kittylogs/kitty_20190918-103124.log
Total possible mutation count: 1113920
--------------------------------------------------
Happy hacking
--------------------------------------------------
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 378, in start
self._start_message()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 475, in _start_message
self.model.num_mutations(),
Message: '\n --------------------------------------------------\n Starting fuzzing session\n Target: %s\n UI: %s\n Log: %s\n\n Total possible mutation count: %d\n --------------------------------------------------\n Happy hacking\n --------------------------------------------------\n '
Arguments: ('FuzzerTarget', 'WebInterface listening on 127.0.0.1:26000', './kittylogs/kitty_20190918-103124.log', 1113920)
[INFO ][base.start] Performing environment test
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 384, in start
self.logger.info('Performing environment test')
Message: 'Performing environment test'
Arguments: ()
[INFO ][base._test_info] Current test: -1
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 66, in _run_sequence
self._test_info()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 498, in _test_info
self.logger.info('Current test: %s' % self.model.current_index())
Message: 'Current test: -1'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: params
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: params'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: headers
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: headers'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: data
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: data'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: path_variables
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: path_variables'
Arguments: ()
[INFO ][fuzzer_target.transmit] URL part: 127.0.0.1:9770/api/task_manager/v2
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 65, in transmit
self.logger.info('URL part: {}'.format(url_part))
Message: 'URL part: 127.0.0.1:9770/api/task_manager/v2'
Arguments: ()
[INFO ][fuzzer_target.transmit] URL part: b'/queues'
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 65, in transmit
self.logger.info('URL part: {}'.format(url_part))
Message: "URL part: b'/queues'"
Arguments: ()
[ERROR ][server_fuzzer._transmit] Error in transmit: a bytes-like object is required, not 'str'
--- Logging error ---
Traceback (most recent call last):
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 62, in _transmit
self.logger.error('Error in transmit: %s', e)
Message: 'Error in transmit: %s'
Arguments: (TypeError("a bytes-like object is required, not 'str'"),)
[INFO ][server_fuzzer._test_environment] Environment test failed
--- Logging error ---
Traceback (most recent call last):
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 105, in _test_environment
if self._run_sequence(sequence):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 385, in start
self._test_environment()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 108, in _test_environment
self.logger.info('Environment test failed')
Message: 'Environment test failed'
Arguments: ()
[INFO ][server._start] should keep running? True
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 39, in _start
self.logger.info('should keep running? %s' % self._keep_running())
Message: 'should keep running? True'
Arguments: ()
[INFO ][base._test_info] Current test: 0
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 66, in _run_sequence
self._test_info()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 498, in _test_info
self.logger.info('Current test: %s' % self.model.current_index())
Message: 'Current test: 0'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: params
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: params'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: headers
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: headers'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: data
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: data'
Arguments: ()
[INFO ][server_fuzzer._transmit] Transmit place: path_variables
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
self.logger.info('Transmit place: {}'.format(place))
Message: 'Transmit place: path_variables'
Arguments: ()
[INFO ][fuzzer_target.transmit] URL part: 127.0.0.1:9770/api/task_manager/v2
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 65, in transmit
self.logger.info('URL part: {}'.format(url_part))
Message: 'URL part: 127.0.0.1:9770/api/task_manager/v2'
Arguments: ()
[INFO ][fuzzer_target.transmit] URL part: b'/queues'
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 65, in transmit
self.logger.info('URL part: {}'.format(url_part))
Message: "URL part: b'/queues'"
Arguments: ()
[ERROR ][server_fuzzer._transmit] Error in transmit: a bytes-like object is required, not 'str'
--- Logging error ---
Traceback (most recent call last):
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 62, in _transmit
self.logger.error('Error in transmit: %s', e)
Message: 'Error in transmit: %s'
Arguments: (TypeError("a bytes-like object is required, not 'str'"),)
[ERROR ][server._start] Error occurred while fuzzing: TypeError("a bytes-like object is required, not 'str'")
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 45, in _start
self.logger.error('Error occurred while fuzzing: %s', repr(e))
Message: 'Error occurred while fuzzing: %s'
Arguments: ('TypeError("a bytes-like object is required, not \'str\'")',)
[ERROR ][server._start] Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 46, in _start
self.logger.error(traceback.format_exc())
Message: 'Traceback (most recent call last):\n File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start\n self._run_sequence(sequence)\n File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence\n resp = self._transmit(node)\n File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit\n return self.target.transmit(**payload)\n File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit\n _req_url.append(url_part.strip(\'/\'))\nTypeError: a bytes-like object is required, not \'str\'\n'
Arguments: ()
[INFO ][base._end_message]
--------------------------------------------------
Finished fuzzing session
Target: FuzzerTarget
Tested 1 mutation
Failure count: 0
--------------------------------------------------
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 48, in _start
self._end_message()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 39, in _end_message
super(OpenApiServerFuzzer, self)._end_message()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 493, in _end_message
self.session_info.failure_count
Message: '\n --------------------------------------------------\n Finished fuzzing session\n Target: %s\n\n Tested %d mutation%s\n Failure count: %d\n --------------------------------------------------\n '
Arguments: ('FuzzerTarget', 1, '', 0)
[INFO ][server_fuzzer._end_message] Stop fuzzing session_info: {'start_time': 1568791885.3502212, 'start_index': 0, 'end_index': 1113919, 'current_index': 1, 'failure_count': 0, 'kitty_version': '0.7.4', 'data_model_hash': 3273593218446261471, 'test_list_str': '0-1113919'}
--- Logging error ---
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 934, in emit
self.socket.send(msg)
OSError: [Errno 9] Bad file descriptor
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 855, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 937, in emit
self._connect_unixsocket(self.address)
File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/logging/handlers.py", line 866, in _connect_unixsocket
self.socket.connect(address)
FileNotFoundError: [Errno 2] No such file or directory
Call stack:
File "fuzzer.py", line 117, in <module>
prog.run()
File "fuzzer.py", line 54, in run
fuzzer.start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/base.py", line 391, in start
self._start()
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 48, in _start
self._end_message()
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 41, in _end_message
self.logger.info('Stop fuzzing session_info: {}'.format(self.session_info.as_dict()))
Message: "Stop fuzzing session_info: {'start_time': 1568791885.3502212, 'start_index': 0, 'end_index': 1113919, 'current_index': 1, 'failure_count': 0, 'kitty_version': '0.7.4', 'data_model_hash': 3273593218446261471, 'test_list_str': '0-1113919'}"
Arguments: ()
Log from ./kittylogs:
[2019-09-18 10:33:07,480] [INFO] [fuzzer_target.__init__] -> Logger initialized
[2019-09-18 10:33:08,066] [INFO] [base._load_session] -> No session loaded
[2019-09-18 10:33:08,110] [INFO] [base._start_message] ->
--------------------------------------------------
Starting fuzzing session
Target: FuzzerTarget
UI: WebInterface listening on 127.0.0.1:26000
Log: ./kittylogs/kitty_20190918-103307.log
Total possible mutation count: 1113920
--------------------------------------------------
Happy hacking
--------------------------------------------------
[2019-09-18 10:33:08,111] [INFO] [base.start] -> Performing environment test
[2019-09-18 10:33:08,112] [INFO] [base._test_info] -> Current test: -1
[2019-09-18 10:33:08,113] [INFO] [server_fuzzer._transmit] -> Transmit place: params
[2019-09-18 10:33:08,114] [INFO] [server_fuzzer._transmit] -> Transmit place: headers
[2019-09-18 10:33:08,115] [INFO] [server_fuzzer._transmit] -> Transmit place: data
[2019-09-18 10:33:08,115] [INFO] [server_fuzzer._transmit] -> Transmit place: path_variables
[2019-09-18 10:33:08,116] [INFO] [fuzzer_target.transmit] -> URL part: 127.0.0.1:9770/api/task_manager/v2
[2019-09-18 10:33:08,116] [INFO] [fuzzer_target.transmit] -> URL part: b'/queues'
[2019-09-18 10:33:08,118] [ERROR] [server_fuzzer._transmit] -> Error in transmit: a bytes-like object is required, not 'str'
[2019-09-18 10:33:08,119] [INFO] [server_fuzzer._test_environment] -> Environment test failed
[2019-09-18 10:33:08,119] [INFO] [server._start] -> should keep running? True
[2019-09-18 10:33:08,123] [INFO] [base._test_info] -> Current test: 0
[2019-09-18 10:33:08,123] [INFO] [server_fuzzer._transmit] -> Transmit place: params
[2019-09-18 10:33:08,124] [INFO] [server_fuzzer._transmit] -> Transmit place: headers
[2019-09-18 10:33:08,124] [INFO] [server_fuzzer._transmit] -> Transmit place: data
[2019-09-18 10:33:08,125] [INFO] [server_fuzzer._transmit] -> Transmit place: path_variables
[2019-09-18 10:33:08,125] [INFO] [fuzzer_target.transmit] -> URL part: 127.0.0.1:9770/api/task_manager/v2
[2019-09-18 10:33:08,125] [INFO] [fuzzer_target.transmit] -> URL part: b'/queues'
[2019-09-18 10:33:08,127] [ERROR] [server_fuzzer._transmit] -> Error in transmit: a bytes-like object is required, not 'str'
[2019-09-18 10:33:08,127] [ERROR] [server._start] -> Error occurred while fuzzing: TypeError("a bytes-like object is required, not 'str'")
[2019-09-18 10:33:08,128] [ERROR] [server._start] -> Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/usr/local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/Users/vlapatin/src/acronis/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
[2019-09-18 10:33:08,128] [INFO] [base._end_message] ->
--------------------------------------------------
Finished fuzzing session
Target: FuzzerTarget
Tested 1 mutation
Failure count: 0
--------------------------------------------------
[2019-09-18 10:33:08,129] [INFO] [server_fuzzer._end_message] -> Stop fuzzing session_info: {'start_time': 1568791988.110522, 'start_index': 0, 'end_index': 1113919, 'current_index': 1, 'failure_count': 0, 'kitty_version': '0.7.4', 'data_model_hash': -194456617570993828, 'test_list_str': '0-1113919'}
Copy/paste error in compile_base_url()
Describe the bug
Destination URL can't be extracted from OpenAPI definition files, because function compile_base_url() calls _compile_base_url_for_swagger() in all situations (probably a copy/paste error)
Executed command
APIFuzzer --src_url https://petstore3.swagger.io/api/v3/openapi.json
APIFuzzer debug log
Unexpected exception happened during fuzz test preparation: 'schemes'. Feel free to report the issue
Related API definition
Publicly available at https://petstore3.swagger.io/api/v3/openapi.json
Software environment (please complete the following information):
- OS: Ubuntu 20.4
- Python version: 3.8.10
- APIFuzzer Version: 0.9.9
Import errors when running with Python 3
Using Python 3 ad running pip3 install -r requirements.txt fails to install a dependency and produces the following error:
WARNING: Generating metadata for package kittyfuzzer produced metadata for project name kittyfuzzer-remote. Fix your #egg=kittyfuzzer fragments.
Which leads to the following error when running fuzzer.py with python3:
File "fuzzer.py", line 15, in <module>
from kitty.interfaces import WebInterface
ModuleNotFoundError: No module named 'kitty.interfaces'
The error can be reproduced with the following dockerfile and running the command docker build . -t api-fuzzer; docker run -it api-fuzzer
FROM alpine:3.7
RUN apk add --no-cache git && \
apk add --no-cache python3 && \
python3 -m ensurepip && \
rm -r /usr/lib/python*/ensurepip && \
pip3 install --upgrade pip setuptools && \
rm -r /root/.cache
RUN git clone https://github.com/KissPeter/APIFuzzer.git /root/APIFuzzer
RUN pip3 install -r /root/APIFuzzer/requirements.txt
WORKDIR /root/APIFuzzer
ENTRYPOINT python3 fuzzer.py
field with the name (....) already exists in this container
[INFO ][fuzz_request_sender.__init__] Logger initialized
19112 [INFO] kitty: Logger initialized
Traceback (most recent call last):
File ".\APIFuzzer.py", line 113, in <module>
prog.run()
File "c:\Users\IB\Downloads\PG_res\here\swagger-codegen\APIFuzzer-develop\apifuzzer\fuzzer.py", line 44, in run
model.connect(template.compile_template())
File "c:\Users\IB\Downloads\PG_res\here\swagger-codegen\APIFuzzer-develop\apifuzzer\base_template.py", line 43, in compile_template
template.append_fields([Container(name=name, fields=field)])
File "C:\Users\IB\Anaconda3\envs\api-test\lib\site-packages\kitty\model\low_level\container.py", line 65, in __init__
self.replace_fields(fields)
File "C:\Users\IB\Anaconda3\envs\api-test\lib\site-packages\kitty\model\low_level\container.py", line 333, in replace_fields
self.append_fields(new_fields)
File "C:\Users\IB\Anaconda3\envs\api-test\lib\site-packages\kitty\model\low_level\container.py", line 253, in append_fields
self.push(field)
File "C:\Users\IB\Anaconda3\envs\api-test\lib\site-packages\kitty\model\low_level\container.py", line 320, in push
raise KittyException('field with the name (%s) already exists in this container' % (name))
kitty.core.KittyException: field with the name (api+v1+tender+create|post|StartDate) already exists in this container
APIFuzzer 0.9
Unexpected exception happened during fuzz test preparation: 'schemes'
Describe the bug
When loading APIFuzzer, receive an error related to "schemes"
APIFuzzer debug log
It's long, but here's a representative sample from the end:
1 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-forwarded-proto', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-forwarded-proto, fuzzer: RandomBitsField
1 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-real-ip', 'in': 'header', 'type': 'string', 'format': 'ip'}, Parameter place: header, Sample data: asd, Param name: |get|x-real-ip, fuzzer: RandomBitsField
1 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-request-id', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-request-id, fuzzer: UnicodeStrings
1 [ INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-scheme', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-scheme, fuzzer: RandomBitsField
1 [ INFO] APIFuzzer.BaseTemplate [base_template.py:45 - get_stat ]: Template size: 15, content: {'params': set(), 'headers': {|get|x-forwarded-host->b'\xff\xfea\x00s\x00d\x00', |get|x-real-ip->b'\xff\xfea\x00s\x00d\x00', |get|user-agent->b'\xff\xfea\x00s\x00d\x00', |get|upgrade-insecure-requests->b'\xff\xfea\x00s\x00d\x00', |get|x-scheme->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-for->b'\xff\xfea\x00s\x00d\x00', |get|x-request-id->b'\xff\xfea\x00s\x00d\x00', |get|accept-encoding->b'\xff\xfea\x00s\x00d\x00', |get|via->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-proto->b'\xff\xfea\x00s\x00d\x00', |get|host->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-port->b'\xff\xfea\x00s\x00d\x00', |get|content-length->b'\xff\xfea\x00s\x00d\x00', |get|accept-language->b'\xff\xfea\x00s\x00d\x00', |get|if-none-match->b'\xff\xfea\x00s\x00d\x00'}, 'data': set(), 'path_variables': set(), 'cookies': set(), 'query': set(), 'content_type': ''}
1 [ DEBUG] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:82 - _save_template ]: Adding template to list: |get, templates list: 4
Unexpected exception happened during fuzz test preparation: 'schemes'. Feel free to report the issue
Related API definition
Here's the whole OAS file:
{
"openapi" : "3.0.1",
"info" : {
"title" : "aaron-hybrid",
"description" : "OAS export of Salt Security Api Discovery",
"version" : "1.0.0"
},
"servers" : [ {
"url" : "http://kong-ent1:8000/v1/"
} ],
"paths" : {
"/users/{userId}" : {
"get" : {
"operationId" : "610cb99d160000d4253fce69",
"parameters" : [ {
"name" : "accept-encoding",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "accept-language",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "cache-control",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "content-length",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "if-none-match",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "pragma",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-dest",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-mode",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-site",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-user",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "upgrade-insecure-requests",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "user-agent",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-for",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-forwarded-host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-port",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "x-forwarded-proto",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-real-ip",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-request-id",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-scheme",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "userId",
"in" : "path",
"required" : true,
"schema" : {
"type" : "string",
"format" : "number"
}
} ],
"responses" : {
"default" : {
"description" : "default"
}
}
}
},
"/users/{name}" : {
"get" : {
"operationId" : "6129c98e310000d7eee6d692",
"parameters" : [ {
"name" : "accept-encoding",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "accept-language",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "cache-control",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "content-length",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "pragma",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-dest",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-mode",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-site",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-user",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "upgrade-insecure-requests",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "user-agent",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-for",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-forwarded-host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-port",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "x-forwarded-proto",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-real-ip",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-request-id",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-scheme",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "name",
"in" : "path",
"required" : true,
"schema" : {
"type" : "string"
}
} ],
"responses" : {
"default" : {
"description" : "default"
}
}
}
},
"/users" : {
"get" : {
"operationId" : "610cb99d160000d4253fce67",
"parameters" : [ {
"name" : "accept-encoding",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "accept-language",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "cache-control",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "connection",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "content-length",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "if-none-match",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "pragma",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-dest",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-mode",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-site",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-fetch-user",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-websocket-key",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "sec-websocket-version",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "upgrade",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "upgrade-insecure-requests",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "user-agent",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "via",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-for",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-forwarded-host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-port",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "x-forwarded-proto",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-real-ip",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-request-id",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-scheme",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "01d1dc2c9d",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "1b3c2eb3ba",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "2a9c0caa8e",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "2cbf6b5db3",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "2f8bc5c3f1",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "35ef4aebbb",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "3d6dc4adac",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "3fab2decbd",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "42b4fd9afa",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "50a0afa2c4",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "50abbf1c56",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "51ec5de1f5",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "5dbe4ece48",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "5edf8bb6fe",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "69a4e6aafd",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "6f1c4e1d14",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "70a2fcf9c9",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "79bff1dced",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "79fbdeccb0",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "83d3fca9e3",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "98b9f5fb5f",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "99a7daff0d",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "9ac4fb0e33",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "9df1c5da41",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "a4ffcfe1d2",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "ac4da7f2e5",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "ae8ec5cb4a",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "afdfe5c3ca",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "bfbb5eefdd",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "bffecfc1cb",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "c0df9d4cfc",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "ccdcf6ae30",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "d3afb2fa95",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "d3e3ceb8bf",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "e7ba4cf8fc",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "f2c7cff1a4",
"in" : "query",
"schema" : {
"type" : "string"
}
}, {
"name" : "fa6e1a9c7c",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "xss"
}
}, {
"name" : "😈",
"in" : "query",
"schema" : {
"type" : "string",
"format" : "uri"
}
} ],
"responses" : {
"default" : {
"description" : "default"
}
}
}
},
"/" : {
"get" : {
"operationId" : "611a1d4a2a0000c9694edf70",
"parameters" : [ {
"name" : "accept-encoding",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "accept-language",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "content-length",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "if-none-match",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "upgrade-insecure-requests",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "user-agent",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "via",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-for",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-forwarded-host",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-forwarded-port",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "number"
}
}, {
"name" : "x-forwarded-proto",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-real-ip",
"in" : "header",
"schema" : {
"type" : "string",
"format" : "ip"
}
}, {
"name" : "x-request-id",
"in" : "header",
"schema" : {
"type" : "string"
}
}, {
"name" : "x-scheme",
"in" : "header",
"schema" : {
"type" : "string"
}
} ],
"responses" : {
"default" : {
"description" : "default"
}
}
}
}
}
}
Software environment (please complete the following information):
- OS: OS X 11.6 (but running in Docker 20.10.8)
- Python version: 3.9.7
- APIFuzzer Version: 0.9.9
Additional context
I'm running APIFuzzer as a Docker container and have made it part of a Docker Compose stack. It shouldn't make a difference but wanted you to be aware.
Protobuff support
The fuzzer should generate proper request for the application/x-protobuf type
Retrieve swagger.json from a URL
As a user,
I want to pass a path to swagger.json
both as a file and as a URL
Example:
- Passing swagger.json as a file(currently implemented)
fuzzer.py -s api-docs.json -u http://localhost:8080 - Passing swagger.json as a URL
fuzzer.py -s http://localhost:8080/v2/api-docs -u http://localhost:8080
Reasoning:
This will allow to simplify integrating fuzzing in CI process by removing intermediate step of persisting a swagger definition locally.
Cant shutdown the application via ctl+c on error
How to reproduce:
run dd38bcf
against https://github.com/LyashenkoGS/springboot_swagger_example/commit/13636377d2074755816f8fa1152c962ceb5e5d07
Actual behavior:
After the error message, you can't close the application by pressing ctrl+c
Tested on Ubuntu 16.04
/usr/bin/python2.7 /home/vagrant/APIFuzzer/fuzzer.py -s swagger.json -u http://localhost:8080
/product/show/{id}
get
id
someOptionalHeader
/product/delete/{id}
delete
id
someOptionalHeader
/product/list
get
someOptionalHeader
/product/add
post
product
someOptionalHeader
/product/update/{id}
put
id
product
someOptionalHeader
[INFO ][base._load_session] No session loaded
[INFO ][base._start_message]
--------------------------------------------------
Starting fuzzing session
Target: FuzzerTarget
UI: WebInterface listening on 127.0.0.1:26000
Log: ./kittylogs/kitty_20180206-131801.log
Total possible mutation count: 720
--------------------------------------------------
Happy hacking
--------------------------------------------------
[INFO ][base.start] Performing environment test
[INFO ][base._test_info] Current test: -1
[WARNING ][server_fuzzer._transmit] Exception occurred: field named (product_show{id}_GET|Template|default:0x2f70726f647563742f73686f772f7b69647d47455461736400) was not found in (params)
[WARNING ][server_fuzzer._transmit] Exception occurred: field named (product_show{id}_GET|Template|default:0x2f70726f647563742f73686f772f7b69647d47455461736400) was not found in (path_variables)
[ERROR ][server_fuzzer._transmit] Error in transmit: 'NoneType' object has no attribute 'getitem'
[INFO ][server._test_environment] Environment test failed
[ERROR ][base.start] Error occurred while fuzzing: TypeError("'NoneType' object has no attribute 'getitem'",)
[ERROR ][base.start] Traceback (most recent call last):
File "/home/vagrant/.local/lib/python2.7/site-packages/kitty/fuzzers/base.py", line 384, in start
self._test_environment()
File "/home/vagrant/.local/lib/python2.7/site-packages/kitty/fuzzers/server.py", line 53, in _test_environment
if self._run_sequence(sequence):
File "/home/vagrant/.local/lib/python2.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/home/vagrant/APIFuzzer/apifuzzer/server_fuzzer.py", line 53, in _transmit
return self.target.transmit(**payload)
File "/home/vagrant/APIFuzzer/apifuzzer/fuzzer_target.py", line 50, in transmit
kwargs['url'] = self.expand_path_variables(kwargs.get('path_variables'), kwargs['url'])
File "/home/vagrant/APIFuzzer/apifuzzer/fuzzer_target.py", line 104, in expand_path_variables
value = params[''.join(placeholder).decode('utf-8')]
TypeError: 'NoneType' object has no attribute 'getitem'
Pass authorization header as command line parameters
As a user, I want to pass authorization headers that will be used with each request
as command line parameters. Assumed that credentials will be stored in a CI server and passed as environment variables.
Example:
python fuzzer.py -s your_swagger_definition.json -u http://localhost:8080/ --headers {"authorization": 'Bearer an-authorization-token', "authorization-claims": 'azazadsfdsf'}
Can't run test server
Trying to run the test server gives the following error:
Traceback (most recent call last):
File "test_application.py", line 6, in <module>
from apifuzzer.utils import try_b64encode
ModuleNotFoundError: No module named 'apifuzzer'
Field type aware mutations
OpenAPI Specification v2 (Swagger) support data types for fields. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md
Need to implement parsing swagger.json to a data model with according field types
and perform mutations based on this types.
See http://kitty.readthedocs.io/en/latest/data_model/big_list_of_fields.html
--version not valid
Describe the bug
The -h options says both -v and --version should work, but only -v does. --version throws an error.
APIFuzzer debug log
# APIFuzzer --log debug --version
usage: APIFuzzer [-h] [-s SRC_FILE] [--src_url SRC_URL] [-r REPORT_DIR] [--level LEVEL] [-u ALTERNATE_URL] [-t TEST_RESULT_DST]
[--log {critical,fatal,error,warn,warning,info,debug,notset}] [--basic_output BASIC_OUTPUT] [--headers HEADERS]
[-v ,--version]
APIFuzzer: error: unrecognized arguments: --version
Related API definition
n/a
Software environment (please complete the following information):
- OS: Docker 20.10.8 (running on Mac OS 11.6)
- Python version: 3.9.7
- APIFuzzer Version: 0.9.9
Additional context
Add any other context about the problem here.
Question: How to interpret "!! Failure detected !!" in kitty log files
Where can I find information about how to interpret !! Failure detected !! in kitty log files, e.g. ./kittylogs/kitty_20180314-114844.log?
Relates to request and response logging: #4
Create a "fuzzable" application
Need to create a simple application or use existed one that :
- have simple business logic
- exposes REST API
- exposes documentation according to https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md
- have endpoints with different data types and content types (json, protobuff)
Currently, the https://github.com/LyashenkoGS/springboot_swagger_example/releases/tag/0.0.1-SNAPSHOT is used, so the application might be based on it.
Unable to install APIFuzzer
Describe the bug
unable to install APIFuzzer, throws error
APIFuzzer debug log
Please provide the related APIFuzzer debug log
Collecting APIFuzzer
Using cached APIFuzzer-0.9.13-py3-none-any.whl (38 kB)
Requirement already satisfied: kittyfuzzer==0.7.4 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (0.7.4)
Collecting pycurl==7.43.0.6 (from APIFuzzer)
Using cached pycurl-7.43.0.6.tar.gz (222 kB)
Preparing metadata (setup.py) ... done
Requirement already satisfied: ruamel.yaml==0.16.12 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (0.16.12)
Requirement already satisfied: junit-xml==1.9 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (1.9)
Requirement already satisfied: jsonpath-ng==1.5.2 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (1.5.2)
Requirement already satisfied: PyYAML==6.0 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (6.0)
Requirement already satisfied: json-ref-dict>=0.7.1 in ./.venv/lib/python3.11/site-packages (from APIFuzzer) (0.7.2)
Requirement already satisfied: ply in ./.venv/lib/python3.11/site-packages (from jsonpath-ng==1.5.2->APIFuzzer) (3.11)
Requirement already satisfied: decorator in ./.venv/lib/python3.11/site-packages (from jsonpath-ng==1.5.2->APIFuzzer) (5.1.1)
Requirement already satisfied: six in ./.venv/lib/python3.11/site-packages (from jsonpath-ng==1.5.2->APIFuzzer) (1.16.0)
Requirement already satisfied: docopt in ./.venv/lib/python3.11/site-packages (from kittyfuzzer==0.7.4->APIFuzzer) (0.6.2)
Requirement already satisfied: bitstring in ./.venv/lib/python3.11/site-packages (from kittyfuzzer==0.7.4->APIFuzzer) (4.1.4)
Requirement already satisfied: requests in ./.venv/lib/python3.11/site-packages (from kittyfuzzer==0.7.4->APIFuzzer) (2.31.0)
Requirement already satisfied: jsonpointer~=2.0 in ./.venv/lib/python3.11/site-packages (from json-ref-dict>=0.7.1->APIFuzzer) (2.4)
Requirement already satisfied: bitarray<3.0.0,>=2.8.0 in ./.venv/lib/python3.11/site-packages (from bitstring->kittyfuzzer==0.7.4->APIFuzzer) (2.9.2)
Requirement already satisfied: charset-normalizer<4,>=2 in ./.venv/lib/python3.11/site-packages (from requests->kittyfuzzer==0.7.4->APIFuzzer) (3.3.2)
Requirement already satisfied: idna<4,>=2.5 in ./.venv/lib/python3.11/site-packages (from requests->kittyfuzzer==0.7.4->APIFuzzer) (3.6)
Requirement already satisfied: urllib3<3,>=1.21.1 in ./.venv/lib/python3.11/site-packages (from requests->kittyfuzzer==0.7.4->APIFuzzer) (2.2.0)
Requirement already satisfied: certifi>=2017.4.17 in ./.venv/lib/python3.11/site-packages (from requests->kittyfuzzer==0.7.4->APIFuzzer) (2024.2.2)
Building wheels for collected packages: pycurl
Building wheel for pycurl (setup.py) ... error
error: subprocess-exited-with-error
× python setup.py bdist_wheel did not run successfully.
│ exit code: 1
╰─> [444 lines of output]
/private/var/folders/x9/mpsf7mlx5yj3fchvy4nw9h0m0000gs/T/pip-install-d9o4zaho/pycurl_620a480ac6da4440919e9485912e15ce/setup.py:933: DeprecationWarning: distutils Version classes are deprecated. Use packaging.version instead.
if LooseVersion(distutils.version) > LooseVersion("1.0.1"):
/private/var/folders/x9/mpsf7mlx5yj3fchvy4nw9h0m0000gs/T/pip-install-d9o4zaho/pycurl_620a480ac6da4440919e9485912e15ce/setup.py:935: DeprecationWarning: distutils Version classes are deprecated. Use packaging.version instead.
if LooseVersion(distutils.version) < LooseVersion("1.0.3"):
Using curl-config (libcurl 7.88.1)
Warning: libcurl is configured to use SSL, but we have not been able to determine which SSL backend it is using. If your Curl is built against OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS or mbedTLS please specify the SSL backend manually. For other SSL backends please ignore this message.Not using an SSL library
running bdist_wheel
running build
running build_py
creating build
creating build/lib.macosx-10.9-universal2-cpython-311
creating build/lib.macosx-10.9-universal2-cpython-311/curl
copying python/curl/init.py -> build/lib.macosx-10.9-universal2-cpython-311/curl
running build_ext
building 'pycurl' extension
creating build/temp.macosx-10.9-universal2-cpython-311
creating build/temp.macosx-10.9-universal2-cpython-311/src
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/docstrings.c -o build/temp.macosx-10.9-universal2-cpython-311/src/docstrings.o
In file included from src/docstrings.c:4:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
In file included from src/docstrings.c:4:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/easy.c -o build/temp.macosx-10.9-universal2-cpython-311/src/easy.o
In file included from src/easy.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easy.c:283:5: warning: 'UsingDeprecatedTrashcanMacro' is deprecated [-Wdeprecated-declarations]
Py_TRASHCAN_SAFE_BEGIN(self);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/cpython/object.h:507:9: note: expanded from macro 'Py_TRASHCAN_SAFE_BEGIN'
UsingDeprecatedTrashcanMacro cond=1;
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/cpython/object.h:504:1: note: 'UsingDeprecatedTrashcanMacro' has been explicitly marked deprecated here
Py_DEPRECATED(3.11) typedef int UsingDeprecatedTrashcanMacro;
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
2 warnings generated.
In file included from src/easy.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easy.c:283:5: warning: 'UsingDeprecatedTrashcanMacro' is deprecated [-Wdeprecated-declarations]
Py_TRASHCAN_SAFE_BEGIN(self);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/cpython/object.h:507:9: note: expanded from macro 'Py_TRASHCAN_SAFE_BEGIN'
UsingDeprecatedTrashcanMacro cond=1;
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/cpython/object.h:504:1: note: 'UsingDeprecatedTrashcanMacro' has been explicitly marked deprecated here
Py_DEPRECATED(3.11) typedef int UsingDeprecatedTrashcanMacro;
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
2 warnings generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/easycb.c -o build/temp.macosx-10.9-universal2-cpython-311/src/easycb.o
In file included from src/easycb.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easycb.c:45:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:187:22: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
python_address = PyEval_CallObject(curl_sockaddr_type, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:198:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->opensocket_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:260:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->sockopt_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:312:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->closesocket_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:413:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->ssh_key_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:491:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:557:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->r_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:665:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->pro_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:718:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->xferinfo_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:778:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->debug_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:819:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->ioctl_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
13 warnings generated.
In file included from src/easycb.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easycb.c:45:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:187:22: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
python_address = PyEval_CallObject(curl_sockaddr_type, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:198:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->opensocket_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:260:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->sockopt_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:312:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->closesocket_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:413:15: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
ret_obj = PyEval_CallObject(self->ssh_key_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:491:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:557:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->r_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:665:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->pro_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:718:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->xferinfo_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:778:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->debug_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
src/easycb.c:819:14: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
result = PyEval_CallObject(self->ioctl_cb, arglist);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
13 warnings generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/easyinfo.c -o build/temp.macosx-10.9-universal2-cpython-311/src/easyinfo.o
In file included from src/easyinfo.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
In file included from src/easyinfo.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/easyopt.c -o build/temp.macosx-10.9-universal2-cpython-311/src/easyopt.o
In file included from src/easyopt.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
In file included from src/easyopt.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
1 warning generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/easyperform.c -o build/temp.macosx-10.9-universal2-cpython-311/src/easyperform.o
In file included from src/easyperform.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easyperform.c:31:10: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
io = PyEval_CallObject(bytesio, NULL);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
2 warnings generated.
In file included from src/easyperform.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/easyperform.c:31:10: warning: 'PyEval_CallObjectWithKeywords' is deprecated [-Wdeprecated-declarations]
io = PyEval_CallObject(bytesio, NULL);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:34:5: note: expanded from macro 'PyEval_CallObject'
PyEval_CallObjectWithKeywords(callable, arg, (PyObject *)NULL)
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:27:1: note: 'PyEval_CallObjectWithKeywords' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(PyObject *) PyEval_CallObjectWithKeywords(
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
2 warnings generated.
clang -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DPYCURL_VERSION="7.43.0.6" -DHAVE_CURL_SSL=1 -I/Users/shubham.mantri/newApifuzzers/pythonProject/.venv/include -I/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11 -c src/module.c -o build/temp.macosx-10.9-universal2-cpython-311/src/module.o
In file included from src/module.c:1:
src/pycurl.h:227:5: warning: "libcurl was compiled with SSL support, but configure could not determine which " "library was used; thus no SSL crypto locking callbacks will be set, which may " "cause random crashes on SSL requests" [-W#warnings]
# warning
^
src/module.c:415:25: error: expression is not assignable
Py_TYPE(&Curl_Type) = &PyType_Type;
~~~~~~~~~~~~~~~~~~~ ^
src/module.c:416:30: error: expression is not assignable
Py_TYPE(&CurlMulti_Type) = &PyType_Type;
~~~~~~~~~~~~~~~~~~~~~~~~ ^
src/module.c:417:30: error: expression is not assignable
Py_TYPE(&CurlShare_Type) = &PyType_Type;
~~~~~~~~~~~~~~~~~~~~~~~~ ^
src/module.c:1468:5: warning: 'PyEval_InitThreads' is deprecated [-Wdeprecated-declarations]
PyEval_InitThreads();
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/ceval.h:132:1: note: 'PyEval_InitThreads' has been explicitly marked deprecated here
Py_DEPRECATED(3.9) PyAPI_FUNC(void) PyEval_InitThreads(void);
^
/Library/Frameworks/Python.framework/Versions/3.11/include/python3.11/pyport.h:336:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) attribute((deprecated))
^
2 warnings and 3 errors generated.
error: command '/usr/bin/clang' failed with exit code 1
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for pycurl
Running setup.py clean for pycurl
Failed to build pycurl
ERROR: Could not build wheels for pycurl, which is required to install pyproject.toml-based projects
Software environment (please complete the following information):
- OS:MacOS
- Python version:3.11
- APIFuzzer Version:
Fuzzed requests not being sent
I think there might be some issues with malformed requests not being sent through the request library, there are a bunch of reports without response info and I can't find those outgoing requests at all with wireshark.
If you run the test application for instance, you will get the following report for test case 80:
{
"status": "ZmFpbGVk",
"name": "dGFyZ2V0",
"sub_reports": [],
"test_number": 80,
"state": "Q09NUExFVEVE",
"reason": "dGFyZ2V0"
}As you can see, no response. It could be that this request causes some error on the server such that it doesn't reply, but I cannot even find outgoing traffic for these requests when inspecting the traffic with WireShark.
This is the output from the fuzzer while it runs:
[INFO ][base._test_info] Current test: 80
25790 [INFO] kitty: Current test: 80
25790 [DEBUG] root: Transmit: {'url': b'get', 'method': b'GET', 'headers': {'get|get|headerparam': 'Lm2Ҁ'}}
25790 [INFO] root: Request URL : http://127.0.0.1:5000/get
25790 [DEBUG] root: Request kwargs:{'headers': {'get|get|headerparam': 'Lm2Ҁ'}}, url: http://127.0.0.1:5000/get, method: GET
25790 [DEBUG] urllib3.connectionpool: Starting new HTTP connection (1): 127.0.0.1:5000
25790 [WARNING] root: Failed to parse http response code, exception occurred
25790 [WARNING] root: Test 80 status: failed
25790 [WARNING] root: Reason: target
[WARNING ][base._post_test] !! Failure detected !!
25790 [WARNING] kitty: !! Failure detected !!
Failure when running against the test server according to documentation
The fuzzers fails when running against the test server Error in transmit: a bytes-like object is required, not 'str' when running according to the documentation.
This issue has been replicated running directly on Linux and with PR #21 in a docker container.
$ python3 fuzzer.py -s test/test_swagger_definition.json -u http://localhost:5000/ -r /tmp/reports/
[INFO ][fuzzer_target.__init__] Logger initialized
[INFO ][base._load_session] No session loaded
[INFO ][base._start_message]
--------------------------------------------------
Starting fuzzing session
Target: FuzzerTarget
UI: WebInterface listening on 127.0.0.1:26000
Log: ./kittylogs/kitty_20191002-160156.log
Total possible mutation count: 6480
--------------------------------------------------
Happy hacking
--------------------------------------------------
[INFO ][base.start] Performing environment test
[INFO ][base._test_info] Current test: -1
[INFO ][server_fuzzer._transmit] Transmit place: params
[INFO ][server_fuzzer._transmit] Transmit place: headers
[INFO ][server_fuzzer._transmit] Transmit place: data
[INFO ][server_fuzzer._transmit] Transmit place: path_variables
[INFO ][fuzzer_target.transmit] URL part: http://localhost:5000/
[INFO ][fuzzer_target.transmit] URL part: b'/exception/{integer_id}'
[ERROR ][server_fuzzer._transmit] Error in transmit: a bytes-like object is required, not 'str'
[INFO ][server_fuzzer._test_environment] Environment test failed
[INFO ][server._start] should keep running? True
[INFO ][base._test_info] Current test: 0
[INFO ][server_fuzzer._transmit] Transmit place: params
[INFO ][server_fuzzer._transmit] Transmit place: headers
[INFO ][server_fuzzer._transmit] Transmit place: data
[INFO ][server_fuzzer._transmit] Transmit place: path_variables
[INFO ][fuzzer_target.transmit] URL part: http://localhost:5000/
[INFO ][fuzzer_target.transmit] URL part: b'/exception/{integer_id}'
[ERROR ][server_fuzzer._transmit] Error in transmit: a bytes-like object is required, not 'str'
[ERROR ][server._start] Error occurred while fuzzing: TypeError("a bytes-like object is required, not 'str'")
[ERROR ][server._start] Traceback (most recent call last):
File "/home/krijor/.local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 43, in _start
self._run_sequence(sequence)
File "/home/krijor/.local/lib/python3.7/site-packages/kitty/fuzzers/server.py", line 74, in _run_sequence
resp = self._transmit(node)
File "/home/krijor/kth/APIFuzzer/apifuzzer/server_fuzzer.py", line 60, in _transmit
return self.target.transmit(**payload)
File "/home/krijor/kth/APIFuzzer/apifuzzer/fuzzer_target.py", line 66, in transmit
_req_url.append(url_part.strip('/'))
TypeError: a bytes-like object is required, not 'str'
[INFO ][base._end_message]
--------------------------------------------------
Finished fuzzing session
Target: FuzzerTarget
Tested 1 mutation
Failure count: 0
--------------------------------------------------
[INFO ][server_fuzzer._end_message] Stop fuzzing session_info: {'start_time': 1570024916.855605, 'start_index': 0, 'end_index': 6479, 'current_index': 1, 'failure_count': 0, 'kitty_version': '0.7.4', 'data_model_hash': -7729877241357270196, 'test_list_str': '0-6479'}
Submit the library to https://pypi.python.org/pypi
Make the library available to download via pip
Failed to test API with POST json body
Error:
87916 [INFO] root: APIFuzzer initialized
87916 [INFO] root: Logger initialized
87916 [INFO] root: Start preparation
87916 [INFO] root: Resource: /status Method: get
87916 [INFO] root: Resource: /queues Method: get
87916 [INFO] root: Resource: /queues/{queue-name} Method: get
87916 [INFO] root: Resource: /workflows Method: post
Traceback (most recent call last):
File "fuzzer.py", line 115, in <module>
prog.prepare()
File "fuzzer.py", line 40, in prepare
template_generator.process_api_resources()
File "/Users/n/src/acronis/APIFuzzer/apifuzzer/swagger_template_generator.py", line 38, in process_api_resources
transform_data_to_bytes(param.get('type'))) # gives RandomBitsField at the moment
File "/Users/n/src/acronis/APIFuzzer/apifuzzer/utils.py", line 56, in transform_data_to_bytes
return bytes(data_in)
TypeError: cannot convert 'NoneType' object to bytes
My swagger spec for POST /workflows contains following parameter:
{
"name": "body",
"in": "body",
"required": true,
"description": "",
"schema": {
"$ref": "#/definitions/workflowDefinition"
}
}
This definition is absolutely valid according to swagger 2 spec
Numbers in Unit XML wrong
Describe the bug
I have been been fuzzing for some hours and got a report telling me the following:
<?xml version="1.0" ?>
<testsuites disabled="0" errors="0" failures="32693" tests="32693" time="0.0">
<testsuite disabled="0" errors="0" failures="32693" name="API Fuzzer" skipped="0" tests="32693" time="0">
<testcase name="136" status="failed">
According to this, the time was 0 seconds and all tests failed. However, looking at the last failed record I see:
<testcase name="61525" status="failed">
So I have at least 61525 tests. So the numbers above are not correct. However, the numbers of failures is correct as in many cases the API returned 505, which is not critical but will be fixed, however, I would like to see the correct numbers in the report.
Software environment (please complete the following information):
- OS: Ubuntu 20.04.3 LTS
- Python version: Python 3.8.10
- APIFuzzer Version: 0.9.12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.