def test_api_random_caller_ressouce_mgmt(self): methods = { 'update': restfuzz.method.Method({ 'name': 'update', 'url': ['PUT', '%(resource_id)s.json'], 'inputs': {'url_input': { 'resource_id': {'_type': 'resource', 'required': 'True'}}} }, base_url='http://localhost') } api = FakeApi(resp_code=404) fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False) fuzzer.ig.resources['resource_id'] = ['aaaa-aa'] event = fuzzer.step() # Test resources is used in url self.assertEquals(event.url, 'http://localhost/aaaa-aa.json') # Test resource is removed because api returned 404 self.assertEquals(len(fuzzer.ig.resources), 0) methods = { 'delete': restfuzz.method.Method({ 'name': 'delete', 'url': ['DELETE', '%(resource_id)s.json'], 'inputs': {'url_input': { 'resource_id': {'_type': 'resource', 'required': 'True'}}} }, base_url='http://localhost') } api = FakeApi(resp_code=200) fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False) fuzzer.ig.resources['resource_id'] = ['aaaa-aa'] # Test resource is removed because DELETE method called fuzzer.step() self.assertEquals(len(fuzzer.ig.resources), 0) methods = { 'resource_list': restfuzz.method.Method({ 'name': 'resource_list', 'url': ['GET', 'list.json'], 'outputs': {'resource_id': { '_type': 'resource', 'json_extract': 'lambda x: [i["id"] for i in x]'}} }, base_url='http://localhost'), 'delete': restfuzz.method.Method({ 'name': 'delete', 'url': ['DELETE', '%(resource_id)s.json'], 'inputs': {'url_input': {'resource_id': {'_type': 'resource', 'required': 'True'}}} }, base_url='http://localhost') } api = FakeApi(resp_content='[{"id": "41"}, {"id": "43"}]', resp_code=200) fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False) fuzzer.sync_resources() self.assertTrue('41' in fuzzer.ig.resources['resource_id'])
def test_collect_and_use_resource(self): ig = restfuzz.input_generator.InputGenerator(False) method = restfuzz.method.Method( { 'name': 'list', 'url': ['GET', 'list.json'], 'outputs': { 'id': { 'json_extract': 'lambda x: [i["id"] for i in x]' } } }, base_url='http://localhost:8080') api = FakeApi(resp_content='[{"id": "42"}, {"id": "43"}]') event = method.call(api) ig.resources_add(event.outputs) method = restfuzz.method.Method( { 'name': 'update', 'url': ['PUT', 'put.json'], 'inputs': { 'id': { '_type': 'resource', 'required': 'True' } } }, base_url='http://localhost:8080') params = ig.generate_inputs(method.inputs) self.assertTrue(params['id'] in ('42', '43'))
def test_method_basic_call(self): method = restfuzz.method.Method( { 'name': 'test', 'url': ['GET', 'list.json'], }, base_url='http://localhost:8080') self.assertTrue("test" in str(method)) api = FakeApi() event = method.call(api) self.assertEquals(event.url, 'http://localhost:8080/list.json')
def test_api_random_caller(self, display=False): methods = restfuzz.method.load_methods(API_DIR) api = FakeApi() fuzzer = ApiRandomCaller(api, methods) method_called = set() for i in range(10): event = fuzzer.step() self.assertTrue(len(event.url) > 5) method_called.add(event.name) if display: print(event) time.sleep(0.3) self.assertTrue(len(method_called) > 1) return
def test_method_inputs(self): method = restfuzz.method.Method( { 'name': 'test', 'url': ['POST', 'create.json'], 'inputs': { 'name': { '_type': 'string' } } }, base_url='http://localhost:8080') api = FakeApi() event = method.call(api, params={'name': 'test_name'}) self.assertEquals(event.json_input, '{"name": "test_name"}')
def test_method_outputs(self): method = restfuzz.method.Method( { 'name': 'test', 'url': ['GET', 'list.json'], 'outputs': { 'id': { '_type': 'resource', 'json_extract': 'lambda x: x["id"]' }, } }, base_url='http://localhost:8080') api = FakeApi(resp_content='{"id": "42"}') event = method.call(api) self.assertIsNotNone(event.outputs) self.assertEqual(event.outputs, {"id": ["42"]})
def test_method_url_inputs(self): method = restfuzz.method.Method( { 'name': 'test', 'url': ['PUT', '%(test)s.json'], 'inputs': { 'url_input': { 'test': { '_type': 'string' } } } }, base_url='http://localhost:8080') api = FakeApi(resp_content='{"id": "42"}') event = method.call(api, {'url_input': {'typo': 42}}) self.assertTrue("%(test)s" in event.url) event = method.call(api, {'url_input': {'test': 42}}) self.assertTrue("42.json" in event.url)
def test_load_yaml(self): methods = {} with self.assertRaises(RuntimeError): # missing methods restfuzz.method.load_yaml(StringIO("base_url: ''"), methods) with self.assertRaises(RuntimeError): # invalid inputs restfuzz.method.Method( { 'name': 'test', 'url': ['GET', 'none'], 'inputs': { 'test': [] } }, base_url='none') # invalid json extract m = restfuzz.method.Method( { 'name': 'test', 'url': ['GET', 'none'], 'inputs': { 'net_id': { '_type': 'resource', 'required': 'True' } }, 'outputs': { 'test_id': { '_type': 'resource', 'json_extract': 'lambda x: typo' } } }, base_url='none)') self.assertTrue(m.check_requirements({'net_id': 42})) self.assertFalse(m.check_requirements({'subnet_id': 42})) api = FakeApi(resp_content='{"id": "42"}') m.call(api)