search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.17k stars 74 forks source link

java.lang.NullPointerException when trying to parse a swagger v2.0 with custom extentions #46

Closed vzhirnov closed 2 years ago

vzhirnov commented 2 years ago

cats --server=https://my_server --contract=swagger.json --headers=my_headers.yaml --paths=/v1/objects/hint/create --blackbox --debug

[**][*] 👣 trace Getting fields for prefix:
[**][*] 👣 trace Getting fields for prefix: clientid java.lang.NullPointerException at com.endava.cats.model.FuzzingData.getFields(FuzzingData.java:94) at com.endava.cats.model.FuzzingData.getFields(FuzzingData.java:105) at com.endava.cats.model.FuzzingData.getAllFieldsAsCatsFields(FuzzingData.java:147) at com.endava.cats.model.FuzzingData.getAllReadOnlyFields(FuzzingData.java:126) at com.endava.cats.model.FuzzingData.removeReadWrite(FuzzingData.java:71) at com.endava.cats.model.FuzzingData.getPayload(FuzzingData.java:63) at com.endava.cats.command.CatsCommand.lambda$fuzzPath$6(CatsCommand.java:225) at java.util.ArrayList.forEach(ArrayList.java:1541) at com.endava.cats.command.CatsCommand.fuzzPath(CatsCommand.java:224) at com.endava.cats.command.CatsCommand.startFuzzing(CatsCommand.java:137) at com.endava.cats.command.CatsCommand.doLogic(CatsCommand.java:121) at com.endava.cats.command.CatsCommand.run(CatsCommand.java:108) at picocli.CommandLine.executeUserObject(CommandLine.java:1939) at picocli.CommandLine.access$1300(CommandLine.java:145) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358) at picocli.CommandLine$RunLast.handle(CommandLine.java:2352) at picocli.CommandLine$RunLast.handle(CommandLine.java:2314) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179) at picocli.CommandLine$RunLast.execute(CommandLine.java:2316) at picocli.CommandLine.execute(CommandLine.java:2078) at com.endava.cats.CatsMain.run(CatsMain.java:27) at com.endava.cats.CatsMain_ClientProxy.run(Unknown Source) at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:124) at io.quarkus.runtime.Quarkus.run(Quarkus.java:67) at io.quarkus.runtime.Quarkus.run(Quarkus.java:41) at io.quarkus.runner.GeneratedMain.main(Unknown Source)

Presumably, CATS does not know how to work with ^x- custom extensions, could you please check this case?

en-milie commented 2 years ago

Hi @vzhirnov. Thank you for raising this. I'll take a look into it.

en-milie commented 2 years ago

Hi @vzhirnov. Is there a particular reason for using custom extension for these objects instead of just placing them in the Components section?

vzhirnov commented 2 years ago

Hi @en-milie , sorry for long delay with the answer.

Yes, we can fix our swagger. And it will even be more conventional than using an extension for this, as we are currently doing. There are no good reasons for us to have just such a structure in the swagger. But your tool doesn't (sort of) follow the standard completely.

In short, we are not blocked by their bug, we can fix it ourselves. But you may want to fix this issue in your tool to meet the standard.

en-milie commented 2 years ago

I understand. Currently CATS does not support custom extensions. We will think about how to best support this in future releases, but it might be tricky as these being "custom" it's hard to acomodate all possible behaviours.

en-milie commented 2 years ago

Closing this for now.