Comments (6)
Hi Joshua,
To answer your first question about unique resources, I believe this can be solved using the create-once feature. This feature allows you to specify an endpoint in the settings file whose resource(s) will only be created once at the start of the fuzzing run and then deleted at the end of the run.
To do this, include the endpoint in the "per_resource_settings" dict in the settings file and add "create_once": 1 as one of that endpoint's options, like so:
"per_resource_settings": {
"/your/endpoint/resourcetobecreatedonce" : {
"create_once": 1
}
}
If the producer-consumer dependencies for this request are correct in the grammar, the requests that consume the singly-created resource will be fuzzed using that single resource as a static value, while the create-once resource itself will not be.
from restler-fuzzer.
Hello @JoshuaEN,
One quick pointer before I've had a chance to look at your example project.
-
If by "unique" you mean one specific "magic value" that should always be used, the way to do this is to specify a restler_custom_payload with the exact path to the parameter or property. What didn't work when you tried adding restler_custom_payload?
-
We don't support equality constraints yet. If (1) above is just one static value, you could simply include both properties in restler_custom_payload and specify the same value.
from restler-fuzzer.
Hi Richard,
Thanks for the suggestion. After some testing, using create_once appears to avoid generating HTTP errors, however it also appears to exclude the resource creation and deletion endpoint from the fuzzing. This makes sense, but ideally it would be possible to fuzz endpoints in the future even if they require unique values as parameters.
That said, this is a good work around. Thanks again!
from restler-fuzzer.
Hello @marina-p,
Thanks for looking into this. Regarding (1), unique in that the parameter (e.g. id
) needs to be unique across instances of that resource. A primary key in a database table effectively.
Using the restler_custom_payload
worked as expected (in that it used the custom payload value instead of the normal fuzzing value), but the REST API requires the parameter is unique across all of that resource.
I think what I want is a way to specify the provider of a parameter as a random generator, maybe like how UUID suffix properties are currently represented in dependencies.json
for PUT producers?
{
"producer_endpoint": "",
"producer_method": "",
"producer_resource_name": "restler_custom_payload_uuid_suffix__testId",
"consumer_param": "testId"
}
(I tried to add a custom annotation in this style, but it didn't appear to work)
from restler-fuzzer.
After further investigation -
- Re: A way to specify which parameter names for a request (or globally) should be unique
This does not work due to a bug, and we will fix it shortly. This should work by providing the suffix values the same as custom payload is provided, for example:
"restler_custom_payload_uuid4_suffix": {
"resourceId": "resourceprefix",
"/resource/id": "resourceprefix"
}
This will produce the following grammar:
primitives.restler_custom_payload_uuid4_suffix("resourceId"),
primitives.restler_static_string(" HTTP/1.1\r\n"),
...
primitives.restler_static_string("{"),
primitives.restler_static_string("""
"resource":
{
"id":"""),
primitives.restler_custom_payload_uuid4_suffix("/resource/id"),
primitives.restler_static_string(""",
...
RE: And for those unique parameters, which ones within a request should match (have the same unique value)
This is a new feature needed for cases when the parameters aren't named the same, so a global replacement is not possible (such as in the case above, where "resourceId" and "/resource/id" will get different suffixes in the same request). The equality constraint will most likely be supported via an annotation. Unfortunately, for now the only workaround is to modify the grammar.json/grammar.py.
from restler-fuzzer.
Thank you looking into this further and for the detailed response! It is very helpful to know both of these cases are planned to be supported in the future.
from restler-fuzzer.
Related Issues (20)
- How can I test and fuzz multiple examples? HOT 1
- refactor compiler configs so strict deserialization can be turned on HOT 2
- Content-Length header is not getting fuzzed based on the list of naughty strings HOT 1
- "Attempting to get resources from GET request..." ignores required GET parameters
- Can't run restler compile
- Ensuring Mandatory Headers for API Access in Restler Requests HOT 1
- How to properly configure and use authentication tokens in Restler? HOT 1
- Improve logging in RESTler compile step in case of a spec issue instead of just failing without and not giving clear indication of which property is problematic HOT 1
- RESTler's attempts to reproduce bugs add extra quotes (") for values sourced from restler_custom_payload
- Automatic inferred dependencies not working
- Trace database requests include authorization token
- Dynamic object encoding is adding extra double quotes when consuming value from other call
- RESTler is logging error for missing parameter in the response even when the parameter is not configured for the specific response code
- RESTler ran forever: "Exhausted collection..." loop prevented RESTler from honoring --time_budget
- Token Refresh Interval is not working under Proxy
- Can RESTler detect other status codes than 500? HOT 1
- Question about "restler_custom_payload_header" HOT 1
- [Feature Request] Improve Annotations to Support Integer Responses
- Handling ByteArray in Request Object During Fuzz Testing: Incorrect JSON Representation Issue
- Authorization using setting 'token_refresh_cmd' not working HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from restler-fuzzer.