search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.11k stars 76 forks source link

For some spec files cyclic redundancy check goes into infinite loop #117

Closed ganeshnikam18 closed 2 months ago

ganeshnikam18 commented 3 months ago

What is the issue For some of the openapi/swagger spec file the current cyclic redundancy check goes in infinite loop

openapi-recursive-component-schemas.json

Step To Reproduce Steps to reproduce the behaviour:

  1. I can not share the actual spec file. But I have created similar component definition in attached file. Its not complete spec file it only has component definition which will help to understand the issue
  2. In the attached file there are 3 components are defined: customerOrder, User and CredentialSource
  3. Assuming that "customerOrder" is referred in one of the requestBody
  4. When CATS will try to create payload for this requestBody, it will try to resolve all the object references
  5. In this case, customerOrder object has the field "insertedBy" which refers to "User" object
  6. "User" object has the field called "credentialSource" which refers to "CredentialSource" object
  7. "CredentialSource" object has one field "addedBy" which refers to "User" Object

  8. The current cyclicRedudancyCheck function checks the names of the property. If the propertyNames are same then it will consider as the same object and breaks recursion at given depth. ` public static boolean isCyclicReference(String currentProperty, int depth) { String[] properties = currentProperty.split("#", -1);

    if (properties.length < depth) {
    return false;
}

for (int i = 0; i < properties.length - 1; i++) {
    for (int j = i + 1; j <= properties.length - 1; j++) {
        if (properties[i].equalsIgnoreCase(properties[j])) {
            LOGGER.trace("Found cyclic dependencies for {}", currentProperty);
            return true;
        }
    }
}

return false;

    }`

  9. But if the name of the properties are not same then it won't consider them as same object and won't break the loop
  10. In this case field "insertedBy" (in customerOrder) and field "addedBy" (in CredentialSource) are referring to the same object, but the loop won't break and it will go in infinite loop

Expected behaviour We should not go in Infinite Loop

What is the fix? I have tried to add fix for this issue as per my understanding of the code. Here is the patch attached cyclic-redudancy-fix.patch

Whats the logic ?

I have tested this fix on some of the spec file and it is working fine. Please review it and add any changes if you have some better solution than this.

I have not create PR as one PR is pending.

ganeshnikam18 commented 3 months ago

@en-milie can you please create new release tag ? I need new version with all the fixes like this one.

en-milie commented 3 months ago

Yes, will do tomorrow.

en-milie commented 3 months ago

Fixed in: https://github.com/Endava/cats/releases/tag/cats-11.4.0