def test_api_random_caller_ressouce_mgmt(self):
methods = {
'update': restfuzz.method.Method({
'name': 'update',
'url': ['PUT', '%(resource_id)s.json'],
'inputs': {'url_input': {
'resource_id': {'_type': 'resource', 'required': 'True'}}}
}, base_url='http://localhost')
}
api = FakeApi(resp_code=404)
fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
fuzzer.ig.resources['resource_id'] = ['aaaa-aa']
event = fuzzer.step()
# Test resources is used in url
self.assertEquals(event.url, 'http://localhost/aaaa-aa.json')
# Test resource is removed because api returned 404
self.assertEquals(len(fuzzer.ig.resources), 0)
methods = {
'delete': restfuzz.method.Method({
'name': 'delete',
'url': ['DELETE', '%(resource_id)s.json'],
'inputs': {'url_input': {
'resource_id': {'_type': 'resource', 'required': 'True'}}}
}, base_url='http://localhost')
}
api = FakeApi(resp_code=200)
fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
fuzzer.ig.resources['resource_id'] = ['aaaa-aa']
# Test resource is removed because DELETE method called
fuzzer.step()
self.assertEquals(len(fuzzer.ig.resources), 0)
methods = {
'resource_list': restfuzz.method.Method({
'name': 'resource_list',
'url': ['GET', 'list.json'],
'outputs': {'resource_id': {
'_type': 'resource',
'json_extract': 'lambda x: [i["id"] for i in x]'}}
}, base_url='http://localhost'),
'delete': restfuzz.method.Method({
'name': 'delete',
'url': ['DELETE', '%(resource_id)s.json'],
'inputs': {'url_input': {'resource_id': {'_type': 'resource',
'required': 'True'}}}
}, base_url='http://localhost')
}
api = FakeApi(resp_content='[{"id": "41"}, {"id": "43"}]',
resp_code=200)
fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
fuzzer.sync_resources()
self.assertTrue('41' in fuzzer.ig.resources['resource_id'])
def test_collect_and_use_resource(self):
ig = restfuzz.input_generator.InputGenerator(False)
method = restfuzz.method.Method(
{
'name': 'list',
'url': ['GET', 'list.json'],
'outputs': {
'id': {
'json_extract': 'lambda x: [i["id"] for i in x]'
}
}
},
base_url='http://localhost:8080')
api = FakeApi(resp_content='[{"id": "42"}, {"id": "43"}]')
event = method.call(api)
ig.resources_add(event.outputs)
method = restfuzz.method.Method(
{
'name': 'update',
'url': ['PUT', 'put.json'],
'inputs': {
'id': {
'_type': 'resource',
'required': 'True'
}
}
},
base_url='http://localhost:8080')
params = ig.generate_inputs(method.inputs)
self.assertTrue(params['id'] in ('42', '43'))
def test_method_basic_call(self):
method = restfuzz.method.Method(
{
'name': 'test',
'url': ['GET', 'list.json'],
},
base_url='http://localhost:8080')
self.assertTrue("test" in str(method))
api = FakeApi()
event = method.call(api)
self.assertEquals(event.url, 'http://localhost:8080/list.json')
def test_api_random_caller(self, display=False):
methods = restfuzz.method.load_methods(API_DIR)
api = FakeApi()
fuzzer = ApiRandomCaller(api, methods)
method_called = set()
for i in range(10):
event = fuzzer.step()
self.assertTrue(len(event.url) > 5)
method_called.add(event.name)
if display:
print(event)
time.sleep(0.3)
self.assertTrue(len(method_called) > 1)
return
def test_method_inputs(self):
method = restfuzz.method.Method(
{
'name': 'test',
'url': ['POST', 'create.json'],
'inputs': {
'name': {
'_type': 'string'
}
}
},
base_url='http://localhost:8080')
api = FakeApi()
event = method.call(api, params={'name': 'test_name'})
self.assertEquals(event.json_input, '{"name": "test_name"}')
def test_method_outputs(self):
method = restfuzz.method.Method(
{
'name': 'test',
'url': ['GET', 'list.json'],
'outputs': {
'id': {
'_type': 'resource',
'json_extract': 'lambda x: x["id"]'
},
}
},
base_url='http://localhost:8080')
api = FakeApi(resp_content='{"id": "42"}')
event = method.call(api)
self.assertIsNotNone(event.outputs)
self.assertEqual(event.outputs, {"id": ["42"]})
def test_method_url_inputs(self):
method = restfuzz.method.Method(
{
'name': 'test',
'url': ['PUT', '%(test)s.json'],
'inputs': {
'url_input': {
'test': {
'_type': 'string'
}
}
}
},
base_url='http://localhost:8080')
api = FakeApi(resp_content='{"id": "42"}')
event = method.call(api, {'url_input': {'typo': 42}})
self.assertTrue("%(test)s" in event.url)
event = method.call(api, {'url_input': {'test': 42}})
self.assertTrue("42.json" in event.url)
def test_load_yaml(self):
methods = {}
with self.assertRaises(RuntimeError):
# missing methods
restfuzz.method.load_yaml(StringIO("base_url: ''"), methods)
with self.assertRaises(RuntimeError):
# invalid inputs
restfuzz.method.Method(
{
'name': 'test',
'url': ['GET', 'none'],
'inputs': {
'test': []
}
},
base_url='none')
# invalid json extract
m = restfuzz.method.Method(
{
'name': 'test',
'url': ['GET', 'none'],
'inputs': {
'net_id': {
'_type': 'resource',
'required': 'True'
}
},
'outputs': {
'test_id': {
'_type': 'resource',
'json_extract': 'lambda x: typo'
}
}
},
base_url='none)')
self.assertTrue(m.check_requirements({'net_id': 42}))
self.assertFalse(m.check_requirements({'subnet_id': 42}))
api = FakeApi(resp_content='{"id": "42"}')
m.call(api)