Exemplo n.º 1
0
    def test_api_random_caller_ressouce_mgmt(self):
        methods = {
            'update': restfuzz.method.Method({
                'name': 'update',
                'url': ['PUT', '%(resource_id)s.json'],
                'inputs': {'url_input': {
                    'resource_id': {'_type': 'resource', 'required': 'True'}}}
            }, base_url='http://localhost')
        }
        api = FakeApi(resp_code=404)
        fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
        fuzzer.ig.resources['resource_id'] = ['aaaa-aa']
        event = fuzzer.step()
        # Test resources is used in url
        self.assertEquals(event.url, 'http://localhost/aaaa-aa.json')
        # Test resource is removed because api returned 404
        self.assertEquals(len(fuzzer.ig.resources), 0)

        methods = {
            'delete': restfuzz.method.Method({
                'name': 'delete',
                'url': ['DELETE', '%(resource_id)s.json'],
                'inputs': {'url_input': {
                    'resource_id': {'_type': 'resource', 'required': 'True'}}}
            }, base_url='http://localhost')
        }
        api = FakeApi(resp_code=200)
        fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
        fuzzer.ig.resources['resource_id'] = ['aaaa-aa']
        # Test resource is removed because DELETE method called
        fuzzer.step()
        self.assertEquals(len(fuzzer.ig.resources), 0)

        methods = {
            'resource_list': restfuzz.method.Method({
                'name': 'resource_list',
                'url': ['GET', 'list.json'],
                'outputs': {'resource_id': {
                    '_type': 'resource',
                    'json_extract': 'lambda x: [i["id"] for i in x]'}}
            }, base_url='http://localhost'),
            'delete': restfuzz.method.Method({
                'name': 'delete',
                'url': ['DELETE', '%(resource_id)s.json'],
                'inputs': {'url_input': {'resource_id': {'_type': 'resource',
                                                         'required': 'True'}}}
            }, base_url='http://localhost')
        }
        api = FakeApi(resp_content='[{"id": "41"}, {"id": "43"}]',
                      resp_code=200)
        fuzzer = ApiRandomCaller(api, methods, chaos_monkey=False)
        fuzzer.sync_resources()
        self.assertTrue('41' in fuzzer.ig.resources['resource_id'])
Exemplo n.º 2
0
    def test_collect_and_use_resource(self):
        ig = restfuzz.input_generator.InputGenerator(False)

        method = restfuzz.method.Method(
            {
                'name': 'list',
                'url': ['GET', 'list.json'],
                'outputs': {
                    'id': {
                        'json_extract': 'lambda x: [i["id"] for i in x]'
                    }
                }
            },
            base_url='http://localhost:8080')
        api = FakeApi(resp_content='[{"id": "42"}, {"id": "43"}]')
        event = method.call(api)
        ig.resources_add(event.outputs)

        method = restfuzz.method.Method(
            {
                'name': 'update',
                'url': ['PUT', 'put.json'],
                'inputs': {
                    'id': {
                        '_type': 'resource',
                        'required': 'True'
                    }
                }
            },
            base_url='http://localhost:8080')
        params = ig.generate_inputs(method.inputs)
        self.assertTrue(params['id'] in ('42', '43'))
Exemplo n.º 3
0
 def test_method_basic_call(self):
     method = restfuzz.method.Method(
         {
             'name': 'test',
             'url': ['GET', 'list.json'],
         },
         base_url='http://localhost:8080')
     self.assertTrue("test" in str(method))
     api = FakeApi()
     event = method.call(api)
     self.assertEquals(event.url, 'http://localhost:8080/list.json')
Exemplo n.º 4
0
 def test_api_random_caller(self, display=False):
     methods = restfuzz.method.load_methods(API_DIR)
     api = FakeApi()
     fuzzer = ApiRandomCaller(api, methods)
     method_called = set()
     for i in range(10):
         event = fuzzer.step()
         self.assertTrue(len(event.url) > 5)
         method_called.add(event.name)
         if display:
             print(event)
             time.sleep(0.3)
     self.assertTrue(len(method_called) > 1)
     return
Exemplo n.º 5
0
 def test_method_inputs(self):
     method = restfuzz.method.Method(
         {
             'name': 'test',
             'url': ['POST', 'create.json'],
             'inputs': {
                 'name': {
                     '_type': 'string'
                 }
             }
         },
         base_url='http://localhost:8080')
     api = FakeApi()
     event = method.call(api, params={'name': 'test_name'})
     self.assertEquals(event.json_input, '{"name": "test_name"}')
Exemplo n.º 6
0
 def test_method_outputs(self):
     method = restfuzz.method.Method(
         {
             'name': 'test',
             'url': ['GET', 'list.json'],
             'outputs': {
                 'id': {
                     '_type': 'resource',
                     'json_extract': 'lambda x: x["id"]'
                 },
             }
         },
         base_url='http://localhost:8080')
     api = FakeApi(resp_content='{"id": "42"}')
     event = method.call(api)
     self.assertIsNotNone(event.outputs)
     self.assertEqual(event.outputs, {"id": ["42"]})
Exemplo n.º 7
0
 def test_method_url_inputs(self):
     method = restfuzz.method.Method(
         {
             'name': 'test',
             'url': ['PUT', '%(test)s.json'],
             'inputs': {
                 'url_input': {
                     'test': {
                         '_type': 'string'
                     }
                 }
             }
         },
         base_url='http://localhost:8080')
     api = FakeApi(resp_content='{"id": "42"}')
     event = method.call(api, {'url_input': {'typo': 42}})
     self.assertTrue("%(test)s" in event.url)
     event = method.call(api, {'url_input': {'test': 42}})
     self.assertTrue("42.json" in event.url)
Exemplo n.º 8
0
 def test_load_yaml(self):
     methods = {}
     with self.assertRaises(RuntimeError):
         # missing methods
         restfuzz.method.load_yaml(StringIO("base_url: ''"), methods)
     with self.assertRaises(RuntimeError):
         # invalid inputs
         restfuzz.method.Method(
             {
                 'name': 'test',
                 'url': ['GET', 'none'],
                 'inputs': {
                     'test': []
                 }
             },
             base_url='none')
     # invalid json extract
     m = restfuzz.method.Method(
         {
             'name': 'test',
             'url': ['GET', 'none'],
             'inputs': {
                 'net_id': {
                     '_type': 'resource',
                     'required': 'True'
                 }
             },
             'outputs': {
                 'test_id': {
                     '_type': 'resource',
                     'json_extract': 'lambda x: typo'
                 }
             }
         },
         base_url='none)')
     self.assertTrue(m.check_requirements({'net_id': 42}))
     self.assertFalse(m.check_requirements({'subnet_id': 42}))
     api = FakeApi(resp_content='{"id": "42"}')
     m.call(api)