A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Other
212
stars
26
forks
source link
Fix RecursionError: Limit depth of nested Objects when generating fuzz parameters #89
...
...
File "/github/fuzz-lightyear/fuzz_lightyear/fuzzer.py", line 81, in _fuzz_parameter
strategy = fuzz_fn(parameter, operation_id, required=required) # type: ignore
File "/github/fuzz-lightyear/fuzz_lightyear/fuzzer.py", line 178, in _fuzz_array
elements=_fuzz_parameter(item, operation_id, required=required),
File "/github/fuzz-lightyear/fuzz_lightyear/fuzzer.py", line 81, in _fuzz_parameter
strategy = fuzz_fn(parameter, operation_id, required=required) # type: ignore
File "/github/fuzz-lightyear/fuzz_lightyear/fuzzer.py", line 213, in _fuzz_object
if strategy:
...
...
packages/hypothesis/strategies/_internal/lazy.py", line 139, in __repr__
sig = signature(self.function)
File "/usr/lib/python3.8/inspect.py", line 3105, in signature
return Signature.from_callable(obj, follow_wrapped=follow_wrapped)
...
...
File "/usr/lib/python3.8/enum.py", line 339, in __call__
return cls.__new__(cls, value)
RecursionError: maximum recursion depth exceeded while calling a Python object
APPSEC-5131
For self-referencing Objects, generating fuzz parameters results in a non-ending recursive call
In this PR:
fixing the nested object depth to a max limit
this limit ( --depth) can be passed as an argument (default=6)
Overview
APPSEC-5131--depth) can be passed as an argument (default=6)