search

KissPeter / APIFuzzer

Fuzz test your application using your OpenAPI or Swagger API definition without coding
GNU General Public License v3.0
431 stars 71 forks source link

Unexpected exception happened during fuzz test preparation: 'schemes' #43

Open aaronhmiller opened 3 years ago

aaronhmiller commented 3 years ago

Describe the bug When loading APIFuzzer, receive an error related to "schemes"

APIFuzzer debug log It's long, but here's a representative sample from the end:

1 [   INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-forwarded-proto', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-forwarded-proto, fuzzer: RandomBitsField
1 [   INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-real-ip', 'in': 'header', 'type': 'string', 'format': 'ip'}, Parameter place: header, Sample data: asd, Param name: |get|x-real-ip, fuzzer: RandomBitsField
1 [   INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-request-id', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-request-id, fuzzer: UnicodeStrings
1 [   INFO] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:185 - _process_api_resources ]: Resource: / Method: get Parameter: {'name': 'x-scheme', 'in': 'header', 'type': 'string'}, Parameter place: header, Sample data: asd, Param name: |get|x-scheme, fuzzer: RandomBitsField
1 [   INFO] APIFuzzer.BaseTemplate [base_template.py:45 -             get_stat ]: Template size: 15, content: {'params': set(), 'headers': {|get|x-forwarded-host->b'\xff\xfea\x00s\x00d\x00', |get|x-real-ip->b'\xff\xfea\x00s\x00d\x00', |get|user-agent->b'\xff\xfea\x00s\x00d\x00', |get|upgrade-insecure-requests->b'\xff\xfea\x00s\x00d\x00', |get|x-scheme->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-for->b'\xff\xfea\x00s\x00d\x00', |get|x-request-id->b'\xff\xfea\x00s\x00d\x00', |get|accept-encoding->b'\xff\xfea\x00s\x00d\x00', |get|via->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-proto->b'\xff\xfea\x00s\x00d\x00', |get|host->b'\xff\xfea\x00s\x00d\x00', |get|x-forwarded-port->b'\xff\xfea\x00s\x00d\x00', |get|content-length->b'\xff\xfea\x00s\x00d\x00', |get|accept-language->b'\xff\xfea\x00s\x00d\x00', |get|if-none-match->b'\xff\xfea\x00s\x00d\x00'}, 'data': set(), 'path_variables': set(), 'cookies': set(), 'query': set(), 'content_type': ''}
1 [  DEBUG] APIFuzzer.OpenAPITemplateGenerator [openapi_template_generator.py:82 -       _save_template ]: Adding template to list: |get, templates list: 4
Unexpected exception happened during fuzz test preparation: 'schemes'. Feel free to report the issue

Related API definition Here's the whole OAS file:

{
  "openapi" : "3.0.1",
  "info" : {
    "title" : "aaron-hybrid",
    "description" : "OAS export of Salt Security Api Discovery",
    "version" : "1.0.0"
  },
  "servers" : [ {
    "url" : "http://kong-ent1:8000/v1/"
  } ],
  "paths" : {
    "/users/{userId}" : {
      "get" : {
        "operationId" : "610cb99d160000d4253fce69",
        "parameters" : [ {
          "name" : "accept-encoding",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "accept-language",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "cache-control",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "content-length",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "if-none-match",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "pragma",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-dest",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-mode",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-site",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-user",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "upgrade-insecure-requests",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "user-agent",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-for",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-forwarded-host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-port",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "x-forwarded-proto",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-real-ip",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-request-id",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-scheme",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "userId",
          "in" : "path",
          "required" : true,
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        } ],
        "responses" : {
          "default" : {
            "description" : "default"
          }
        }
      }
    },
    "/users/{name}" : {
      "get" : {
        "operationId" : "6129c98e310000d7eee6d692",
        "parameters" : [ {
          "name" : "accept-encoding",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "accept-language",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "cache-control",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "content-length",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "pragma",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-dest",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-mode",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-site",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-user",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "upgrade-insecure-requests",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "user-agent",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-for",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-forwarded-host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-port",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "x-forwarded-proto",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-real-ip",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-request-id",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-scheme",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "name",
          "in" : "path",
          "required" : true,
          "schema" : {
            "type" : "string"
          }
        } ],
        "responses" : {
          "default" : {
            "description" : "default"
          }
        }
      }
    },
    "/users" : {
      "get" : {
        "operationId" : "610cb99d160000d4253fce67",
        "parameters" : [ {
          "name" : "accept-encoding",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "accept-language",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "cache-control",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "connection",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "content-length",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "if-none-match",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "pragma",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-dest",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-mode",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-site",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-fetch-user",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-websocket-key",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "sec-websocket-version",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "upgrade",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "upgrade-insecure-requests",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "user-agent",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "via",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-for",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-forwarded-host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-port",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "x-forwarded-proto",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-real-ip",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-request-id",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-scheme",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "01d1dc2c9d",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "1b3c2eb3ba",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "2a9c0caa8e",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "2cbf6b5db3",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "2f8bc5c3f1",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "35ef4aebbb",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "3d6dc4adac",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "3fab2decbd",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "42b4fd9afa",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "50a0afa2c4",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "50abbf1c56",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "51ec5de1f5",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "5dbe4ece48",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "5edf8bb6fe",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "69a4e6aafd",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "6f1c4e1d14",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "70a2fcf9c9",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "79bff1dced",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "79fbdeccb0",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "83d3fca9e3",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "98b9f5fb5f",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "99a7daff0d",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "9ac4fb0e33",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "9df1c5da41",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "a4ffcfe1d2",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "ac4da7f2e5",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "ae8ec5cb4a",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "afdfe5c3ca",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "bfbb5eefdd",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "bffecfc1cb",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "c0df9d4cfc",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "ccdcf6ae30",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "d3afb2fa95",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "d3e3ceb8bf",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "e7ba4cf8fc",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "f2c7cff1a4",
          "in" : "query",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "fa6e1a9c7c",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "xss"
          }
        }, {
          "name" : "😈",
          "in" : "query",
          "schema" : {
            "type" : "string",
            "format" : "uri"
          }
        } ],
        "responses" : {
          "default" : {
            "description" : "default"
          }
        }
      }
    },
    "/" : {
      "get" : {
        "operationId" : "611a1d4a2a0000c9694edf70",
        "parameters" : [ {
          "name" : "accept-encoding",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "accept-language",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "content-length",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "if-none-match",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "upgrade-insecure-requests",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "user-agent",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "via",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-for",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-forwarded-host",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-forwarded-port",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "number"
          }
        }, {
          "name" : "x-forwarded-proto",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-real-ip",
          "in" : "header",
          "schema" : {
            "type" : "string",
            "format" : "ip"
          }
        }, {
          "name" : "x-request-id",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        }, {
          "name" : "x-scheme",
          "in" : "header",
          "schema" : {
            "type" : "string"
          }
        } ],
        "responses" : {
          "default" : {
            "description" : "default"
          }
        }
      }
    }
  }
}

Software environment (please complete the following information):

Additional context I'm running APIFuzzer as a Docker container and have made it part of a Docker Compose stack. It shouldn't make a difference but wanted you to be aware.

KissPeter commented 3 years ago

Hi @aaronhmiller, Thanks for reporting, will be checking soon.

KissPeter commented 2 years ago

Hi, It took a bit longer than I expected but hopefully the new version can cope with this. Can you please test it?