def _set_operation_params(self, operation):
"""
Takes all of the information associated with an operation and fills the
parameters with some values in order to have a non-empty REST API call
which will increase our chances of finding vulnerabilities.
:param operation: Data associated with the operation
:return: Two instances of the operation instance:
* One only containing values for the required fields
* One containing values for the required and optional fields
"""
parameter_handler = ParameterHandler(self.spec, operation)
has_optional = parameter_handler.operation_has_optional_params()
for optional in {False, has_optional}:
op = parameter_handler.set_operation_params(optional=optional)
if op is not None:
yield op
def _set_operation_params(self, operation):
"""
Takes all of the information associated with an operation and fills the
parameters with some values in order to have a non-empty REST API call
which will increase our chances of finding vulnerabilities.
:param operation: Data associated with the operation
:return: Two instances of the operation instance:
* One only containing values for the required fields
* One containing values for the required and optional fields
"""
parameter_handler = ParameterHandler(self.spec, operation)
has_optional = parameter_handler.operation_has_optional_params()
for optional in {False, has_optional}:
op = parameter_handler.set_operation_params(optional=optional)
if op is not None:
yield op
def check_parameter_setting(self, spec_handler):
data = [d for d in spec_handler.get_api_information()]
self.assertIsNotNone(data)
self.assertIsNotNone(spec_handler.spec)
for api_resource_name, resource in spec_handler.spec.resources.items():
for operation_name, operation in resource.operations.items():
# Make sure that the parameter doesn't have a value yet
for parameter_name, parameter in operation.params.iteritems():
self.assertFalse(hasattr(parameter, 'fill'))
parameter_handler = ParameterHandler(spec_handler.spec, operation)
updated_operation = parameter_handler.set_operation_params(True)
self.assertOperation(operation, updated_operation)
parameter_handler = ParameterHandler(spec_handler.spec, operation)
updated_operation = parameter_handler.set_operation_params(False)
self.assertOperation(operation, updated_operation)
def check_parameter_setting(self, spec_handler):
data = [d for d in spec_handler.get_api_information()]
self.assertIsNotNone(data)
self.assertIsNotNone(spec_handler.spec)
for api_resource_name, resource in spec_handler.spec.resources.items():
for operation_name, operation in resource.operations.items():
# Make sure that the parameter doesn't have a value yet
for parameter_name, parameter in operation.params.iteritems():
self.assertFalse(hasattr(parameter, 'fill'))
parameter_handler = ParameterHandler(spec_handler.spec,
operation)
updated_operation = parameter_handler.set_operation_params(
True)
self.assertOperation(operation, updated_operation)
parameter_handler = ParameterHandler(spec_handler.spec,
operation)
updated_operation = parameter_handler.set_operation_params(
False)
self.assertOperation(operation, updated_operation)