Is this valid primitives.restler_fuzzable_int(['1', '2']) or primitives.restler_fuzzable_string(['abc', 'def']),

[joshi-mohit]

This is not being honered and can see the values being picked are beyond the range? (for example can see 0 as a value)

[marina-p]

Hello @joshi-mohit,

Could you please clarify your goal - do you want just a particular part of the payload (instead of all fuzzable_int values, which would be set through the dictionary) to have the values [1, 2]?

If yes, and you want to edit the grammar directly, the syntax for this is to use restler_fuzzable_group as follows:

   primitives.restler_fuzzable_group("fuzzable_group_tag_can_be_any_string", ['1','2'],quoted=False)

The syntax you tried is not supported in the grammar, the fuzzable string or int is expected to have one value specified directly in the grammar. For why you see 0 as a value, do you have zero in the dictionary by any chance? Dictionary values are always used, and override the grammar defaults for fuzzable primitives (except fuzzable group as above).

It would be great if you can share your scenario in more detail, I'd like to understand if there is a way for you to specify these values without editing the grammar (which is typically preferred to avoid having to manually patch grammars as the specification changes).

[joshi-mohit]

Thanks Marina. On the value being 0 -- you are right so since the value was in dictionary so as said it must be getting overridden.

I am trying to test the behavior of restler with a vulnerable-api server (https://github.com/jorritfolmer/vulnerable-api). The current open-api spec for the server is not too descriptive on dependencies or parsing the responses. For example /tokens when specified with username/password returns a token and in id to be used in future calls to the rest of the api's. Since I need to either modify the spec or the grammar. Since this only for basic validation, I decided to modify the grammar. Now example for fuzzing wanted to limit the tokens to a limited positive and negative sets primitives.restler_fuzzable_group("AuthTokens", ['X-Auth-Token: ce66447eae74c0efbe554316bb5d4d52\r\n', 'X-Auth-Token: 8c9d047bd3aae24e2ffb0de19d81acc9\r\n', '123', '345'], quoted=False). This is failing (unfortunately even the log directory is not getting inside experiment<>.. is not getting created. I tried moving it in as part of url but similar behavior .. could be some basic thing missing..checking code in parallel

Do you also have some practical samples on restler_custom_payload (I am assuming in that case we can specify set of payloads which will be rotated/reused) and it there is any similar syntax for customer_headers

[marina-p]

Hi,

This is failing (unfortunately even the log directory is not getting inside experiment<>.. is not getting created.

If you see this type of failure, more error information can be found in the following log files in the task directory (e.g. the 'Test' directory):

• EngineStdErr.txt
• restler-*.log

If you're still hitting this, can you please attach these files to this issue?

I get a successful test run with your grammar element above - to confirm, the following line will be printed in the network log (network.testing.*.txt)

+ restler_fuzzable_group: ['X-Auth-Token: ce66447eae74c0efbe554316bb5d4d52\r\n', 'X-Auth-Token: 8c9d047bd3aae24e2ffb0de19d81acc9\r\n', '123', '345']

Do you also have some practical samples on restler_custom_payload it there is any similar syntax for customer_headers

See a few examples in /docs/user-guide/FuzzingDictionary.md. The custom headers are supported via restler_custom_payload_header has the same syntax as restler_custom_payload. The typical usage of these is to add it to the dictionary before compilation - the compiler will then automatically generate the grammar elements to substitute the custom payload in the dictionary. I will open a separate new issue to add more detailed usage examples for these.