def test_send_request_body_and_query(mocker, model):
class MockResponse:
text = "text"
reason = "reason"
status_code = 200
mocker.patch.object(requests, "request", return_value=MockResponse())
uri = "/poorly/designed/endpoint"
method = "GET"
endpoint = Fuzzer.get_endpoints(model["endpoints"], uri)[0]
domain_obj = [m for m in model["domains"] if m["name"] == "local"][0]
res = request.send_request(
domain_obj,
endpoint["uri"],
method,
timeout=0.1,
body_obj=endpoint["input"]["body"],
query_obj=endpoint["input"]["query"],
)
assert (res.body == endpoint["input"]["body"]
), "expected response to contain request body"
assert res.url == request.get_encoded_url(
domain_obj,
endpoint["uri"],
endpoint["input"]["query"],
), "expected response to contain url-encoded query"
def test_send_request(mocker, model):
expected_text = "text"
expected_error = None
expected_httpcode = 200
class MockResponse:
text = expected_text
reason = "reason"
status_code = expected_httpcode
expected_res = MockResponse()
mocker.patch.object(requests, "request", return_value=expected_res)
uri = "/json"
method = "GET"
endpoint = Fuzzer.get_endpoints(model["endpoints"], uri)[0]
domain_obj = [m for m in model["domains"] if m["name"] == "local"][0]
res = request.send_request(
domain_obj,
endpoint["uri"],
method,
body_obj=endpoint["input"]["body"],
)
assert res.status_code == expected_httpcode
assert res.response_text == expected_text
assert res.error == expected_error
assert res.response == expected_res
assert res.delay is 0
assert res.method == method
assert res.headers is None
def test_send_request_summary_size(model):
method = "GET"
uri = "/poorly/designed/endpoint"
endpoint = Fuzzer.get_endpoints(model["endpoints"], uri,
methods=[method])[0]
headers = endpoint["headers"]
body = endpoint["input"]["body"]
query = endpoint["input"]["query"]
domain_obj = [m for m in model["domains"] if m["name"] == "example"][0]
summary = request.send_request(
domain_obj,
uri,
method,
headers_obj=headers,
body_obj=body,
query_obj=query,
)
expected_url_size = 63
assert len(summary.url) == expected_url_size
expected_body_size = 35
assert len(json.dumps(summary.body)) == expected_body_size
expected_header_size = 58
assert request.get_header_size_in_bytes(
summary.headers) == expected_header_size
expected_size = expected_url_size + expected_body_size + expected_header_size
assert summary.size == expected_size, f"should have size {expected_size}"
def send_payload(self, payload, method, timeout, delay=0):
"""
Send the payload
:param payload: a mutated payload
:param method: request method
:param timeout: amount of seconds (float) that the request api will wait for the first byte of a response
:param delay: delay in seconds before the payload is sent
:return: Summary object
"""
return request.send_request(
self.get_domain_spec(),
payload["uri"],
method,
timeout,
delay,
payload["headers"],
payload["body"],
payload["query"],
)
def test_send_request_timeout(mocker, model):
expected_reason = "I timed out"
mocker.patch.object(
requests,
"request",
side_effect=requests.exceptions.Timeout(expected_reason))
uri = "/sleepabit"
method = "GET"
endpoint = Fuzzer.get_endpoints(model["endpoints"], uri)[0]
domain_obj = [m for m in model["domains"] if m["name"] == "local"][0]
res = request.send_request(
domain_obj,
endpoint["uri"],
method,
timeout=0.1,
query_obj=endpoint["input"]["query"],
)
assert expected_reason in res.error
def test_delay_request(model):
endpoint = Fuzzer.get_endpoints(model["endpoints"], "/delayabit")[0]
request_delay = request.get_request_delay(endpoint["requestsPerSecond"])
now = time.time()
domain_obj = [m for m in model["domains"] if m["name"] == "local"][0]
response = request.send_request(domain_obj,
endpoint["uri"],
"GET",
delay=request_delay)
request_time = time.time() - now
expected_delay = 0.4
assert (expected_delay == response.delay
), "Delay should be represented in the response object"
tolerance = 0.005
assert round(request_time - expected_delay, 3) >= round(
response.time - tolerance, 3
), ("Request time should be equal to the time between building the request to receiving"
" the response, minus the delay time +/- " + str(tolerance), )
assert round(request_time - expected_delay, 3) <= round(
response.time + tolerance, 3
), ("Request time should be equal to the time between building the request to receiving"
" the response, minus the delay time +/- " + str(tolerance), )