A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Other
205
stars
25
forks
source link
Endpoint specific fixtures cannot be called by generic fixtures #63
fuzz-lightyear has a test case,test_nested_endpoint_dependency_uses_default, which currently fails. We want to support this case in the future, but making this change is somewhat difficult. Here's the problem:
Consider the following:
A nested_dependency that is registered for generic endpoints, returning caller * 2
A caller that is registered for generic endpoints and new_opid, returning dependency + 1 and dependency + 2 respectively
A dependency registered for generic endpoints that returns 1.
Now, when we call nested_dependency with the new_opid endpoint, we get 4 instead of 6. This is because nested_dependency is generic, so when we call register_factory it doesn't callinject_user_defined_variables with the list of operation_ids, since there is no list. Fixing this issue will require us to pass in the endpoint called into the wrapped function, and selecting which caller to use at that time.
fuzz-lightyearhas a test case,test_nested_endpoint_dependency_uses_default, which currently fails. We want to support this case in the future, but making this change is somewhat difficult. Here's the problem:Consider the following:
nested_dependencythat is registered for generic endpoints, returningcaller * 2callerthat is registered for generic endpoints andnew_opid, returningdependency + 1anddependency + 2respectivelydependencyregistered for generic endpoints that returns1.Now, when we call
nested_dependencywith thenew_opidendpoint, we get4instead of6. This is becausenested_dependencyis generic, so when we callregister_factoryit doesn't callinject_user_defined_variableswith the list ofoperation_ids, since there is no list. Fixing this issue will require us to pass in the endpoint called into the wrapped function, and selecting whichcallerto use at that time.