CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.11k
stars
76
forks
source link
For some spec files cyclic redundancy check goes into infinite loop #117
Step To Reproduce
Steps to reproduce the behaviour:
I can not share the actual spec file. But I have created similar component definition in attached file. Its not complete spec file it only has component definition which will help to understand the issue
In the attached file there are 3 components are defined: customerOrder, User and CredentialSource
Assuming that "customerOrder" is referred in one of the requestBody
When CATS will try to create payload for this requestBody, it will try to resolve all the object references
In this case, customerOrder object has the field "insertedBy" which refers to "User" object
"User" object has the field called "credentialSource" which refers to "CredentialSource" object
"CredentialSource" object has one field "addedBy" which refers to "User" Object
The current cyclicRedudancyCheck function checks the names of the property. If the propertyNames are same then it will consider as the same object and breaks recursion at given depth.
` public static boolean isCyclicReference(String currentProperty, int depth) {
String[] properties = currentProperty.split("#", -1);
if (properties.length < depth) {
return false;
}
for (int i = 0; i < properties.length - 1; i++) {
for (int j = i + 1; j <= properties.length - 1; j++) {
if (properties[i].equalsIgnoreCase(properties[j])) {
LOGGER.trace("Found cyclic dependencies for {}", currentProperty);
return true;
}
}
}
return false;
}`
But if the name of the properties are not same then it won't consider them as same object and won't break the loop
In this case field "insertedBy" (in customerOrder) and field "addedBy" (in CredentialSource) are referring to the same object, but the loop won't break and it will go in infinite loop
Expected behaviour
We should not go in Infinite Loop
What is the fix?
I have tried to add fix for this issue as per my understanding of the code. Here is the patch attached
cyclic-redudancy-fix.patch
Whats the logic ?
In OpenAPIModelGenerator, keep the map of propertyName and its referencePath.
Pass this map to new cyclicRedudancySchemaReference() function
Match the reference path instead of property name
break the loop if reference path match after some depth
I have tested this fix on some of the spec file and it is working fine. Please review it and add any changes if you have some better solution than this.
What is the issue For some of the openapi/swagger spec file the current cyclic redundancy check goes in infinite loop
openapi-recursive-component-schemas.json
Step To Reproduce Steps to reproduce the behaviour:
The current cyclicRedudancyCheck function checks the names of the property. If the propertyNames are same then it will consider as the same object and breaks recursion at given depth. ` public static boolean isCyclicReference(String currentProperty, int depth) { String[] properties = currentProperty.split("#", -1);
}`
Expected behaviour We should not go in Infinite Loop
What is the fix? I have tried to add fix for this issue as per my understanding of the code. Here is the patch attached cyclic-redudancy-fix.patch
Whats the logic ?
I have tested this fix on some of the spec file and it is working fine. Please review it and add any changes if you have some better solution than this.
I have not create PR as one PR is pending.