KissPeter / APIFuzzer

Fuzz test your application using your OpenAPI or Swagger API definition without coding
GNU General Public License v3.0
426 stars 69 forks source link

fuzzer: call stop(), removing need for check in _end_message #33

Closed cstockton closed 4 years ago

cstockton commented 4 years ago

Hello, I was doing investigative work on fuzz testing OpenAPI endpoints and came across your repo. When trying to use it as a library (I understand this is probably not a currently supported use case) I found it called sys.exit() - terminating before I could process the reports. This led me to the commentary in _end_message, once commented out caused the process to hang. Tracing what started the thread brought me to fuzzer.py which calls kitty.start(), but a minor omission of kitty.stop() prevented the thread.join().

This patch adds the kitty.stop() which removes the necessity of _end_message().

KissPeter commented 4 years ago

Hi, Thanks for the PR. Please give me some time to review it as I have limited internet connectivity at the moment due to travelling. Thanks

KissPeter commented 4 years ago

Hi, Thanks for the patience. Finally I had time to review you PR, looks good. I have only one requirement though: The related test is failing, please see the logs here: https://travis-ci.org/KissPeter/APIFuzzer/jobs/653855486

The reason of the failed test - as I see - is because in test_utils.py I expect sys.exit which obviously didn't happen. Once the tests are passing I'm happy to merge. Thanks, Péter

KissPeter commented 4 years ago

Ica investigated the last Travis test fail. It has nothing to do with your PR, test implementation issue. I will fix it later. Thank you for your contribution

cstockton commented 4 years ago

Thanks @KissPeter, looking forward to seeing what you do with the project.