search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.59k stars 296 forks source link

Restler Compiler Crash on value null in example object. #472

Open Avreimyki opened 2 years ago

Avreimyki commented 2 years ago

Hi I got an issue from the compiler when when I have value null on example object. for example I have in requestBody like this:

          {"examples": {
                "abc": {
                  "value": null
                },
                "efg": {
                  "value": null
                }
              }
         }

and I got error:

Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
   at Restler.Compiler.Main.Parameters.getExamplesFromParameter(OpenApiParameter p) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 343
   at Restler.Compiler.Main.Parameters.schemaPayload@484.Invoke(OpenApiParameter p) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 486
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 78
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.Internal.IEnumerator.next@193[T](FSharpFunc`2 f, IEnumerator`1 e, FSharpRef`1 started, Unit unitVar0) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 194
   at Microsoft.FSharp.Collections.Internal.IEnumerator.filter@188.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 196
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 77
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 77
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.SeqModule.ToList[T](IEnumerable`1 source) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 546
   at Restler.Compiler.Main.requestHeaderParameters@834.Invoke(Tuple`2 tupledArg) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 862
   at Microsoft.FSharp.Primitives.Basics.List.map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 x) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\local.fs:line 248
   at Microsoft.FSharp.Collections.ListModule.Map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 list) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 75
   at Restler.Compiler.Main.generateRequestPrimitives(RequestId requestId, FSharpOption`1 dependencyData, RequestParameters requestParameters, Dictionary`2 dependencies, String basePath, String host, Boolean resolveQueryDependencies, Boolean resolveBodyDependencies, Boolean resolveHeaderDependencies, MutationsDictionary dictionary, RequestMetadata requestMetadata) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 833
   at Restler.Compiler.Main.generateRequestGrammar@1319.Invoke(MutationsDictionary currentDict, Tuple`2 tupledArg) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 1320
   at Microsoft.FSharp.Primitives.Basics.Array.mapFold[TState,T,TResult](FSharpFunc`2 f, TState acc, T[] array) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\local.fs:line 1054
   at Microsoft.FSharp.Collections.SeqModule.MapFold[T,TState,TResult](FSharpFunc`2 mapping, TState state, IEnumerable`1 source) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 1439
   at Restler.Compiler.Main.generateRequestGrammar(FSharpList`1 swaggerDocs, MutationsDictionary dictionary, Config config, FSharpList`1 globalExternalAnnotations, FSharpList`1 userSpecifiedExamples) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 1317
   at Restler.Workflow.generateGrammarFromSwagger(String grammarOutputDirectoryPath, FSharpOption`1 swaggerDoc, FSharpOption`1 specMetadata, Config config) in /restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 179
   at Restler.Workflow.generateRestlerGrammar(FSharpOption`1 swaggerDoc, Config config) in /restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 270
   at Program.main(String[] argv) in /restler-fuzzer/src/compiler/Restler.CompilerExe/Program.fs:line 37
root@ff3c46301087:/app#
root@ff3c46301087:/app# cat /tmp/tmp-295-QnS79hIQ2fz7/Compile/StdErr.txt
Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
   at Restler.Compiler.Main.Parameters.getExamplesFromParameter(OpenApiParameter p) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 343
   at Restler.Compiler.Main.Parameters.schemaPayload@484.Invoke(OpenApiParameter p) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 486
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 78
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.Internal.IEnumerator.next@193[T](FSharpFunc`2 f, IEnumerator`1 e, FSharpRef`1 started, Unit unitVar0) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 194
   at Microsoft.FSharp.Collections.Internal.IEnumerator.filter@188.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 196
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 77
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.Internal.IEnumerator.map@75.DoMoveNext(b& curr) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 77
   at Microsoft.FSharp.Collections.Internal.IEnumerator.MapEnumerator`1.System-Collections-IEnumerator-MoveNext() in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 64
   at Microsoft.FSharp.Collections.SeqModule.ToList[T](IEnumerable`1 source) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 546
   at Restler.Compiler.Main.requestHeaderParameters@834.Invoke(Tuple`2 tupledArg) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 862
   at Microsoft.FSharp.Primitives.Basics.List.map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 x) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\local.fs:line 248
   at Microsoft.FSharp.Collections.ListModule.Map[T,TResult](FSharpFunc`2 mapping, FSharpList`1 list) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\list.fs:line 75
   at Restler.Compiler.Main.generateRequestPrimitives(RequestId requestId, FSharpOption`1 dependencyData, RequestParameters requestParameters, Dictionary`2 dependencies, String basePath, String host, Boolean resolveQueryDependencies, Boolean resolveBodyDependencies, Boolean resolveHeaderDependencies, MutationsDictionary dictionary, RequestMetadata requestMetadata) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 833
   at Restler.Compiler.Main.generateRequestGrammar@1319.Invoke(MutationsDictionary currentDict, Tuple`2 tupledArg) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 1320
   at Microsoft.FSharp.Primitives.Basics.Array.mapFold[TState,T,TResult](FSharpFunc`2 f, TState acc, T[] array) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\local.fs:line 1054
   at Microsoft.FSharp.Collections.SeqModule.MapFold[T,TState,TResult](FSharpFunc`2 mapping, TState state, IEnumerable`1 source) in F:\workspace\_work\1\s\src\fsharp\FSharp.Core\seq.fs:line 1439
   at Restler.Compiler.Main.generateRequestGrammar(FSharpList`1 swaggerDocs, MutationsDictionary dictionary, Config config, FSharpList`1 globalExternalAnnotations, FSharpList`1 userSpecifiedExamples) in /restler-fuzzer/src/compiler/Restler.Compiler/Compiler.fs:line 1317
   at Restler.Workflow.generateGrammarFromSwagger(String grammarOutputDirectoryPath, FSharpOption`1 swaggerDoc, FSharpOption`1 specMetadata, Config config) in /restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 179
   at Restler.Workflow.generateRestlerGrammar(FSharpOption`1 swaggerDoc, Config config) in /restler-fuzzer/src/compiler/Restler.Compiler/Workflow.fs:line 270
   at Program.main(String[] argv) in /restler-fuzzer/src/compiler/Restler.CompilerExe/Program.fs:line 37
marina-p commented 2 years ago

Hello @Avreimyki,

In order to reproduce your failure, would you be able to share a sample schema corresponding to your example? I tried a few different request bodies with a null value, and have not been able to reproduce this crash with the latest version of RESTler.

Thanks,

Marina

Avreimyki commented 2 years ago

Hi @marina-p

Thank you for quick replay.

here is example spec:

{
    "openapi": "3.0.1",
    "info": {
      "title": "httpbin",
      "description": "An unofficial OpenAPI definition for [httpbin.org](https://httpbin.org).",
      "version": "1.0"
    },
    "servers": [
      {
        "url": "https://apim3.azure-api.net/httpbin"
      }
    ],
    "paths": {
      "/cache": {
        "get": {
          "summary": "Returns 200 unless an If-Modified-Since or If-None-Match header is provided, when it returns a 304.",
          "description": "Returns 200 unless an If-Modified-Since or If-None-Match header is provided, when it returns a 304.",
          "operationId": "get-cache",
          "parameters": [
            {
              "name": "If-Modified-Since",
              "in": "header",
              "description": "For testing purposes this header accepts any value. (???) See also https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since\n",
              "schema": {
                "type": "string",
                "example": "Wed, 21 Oct 2015 07:28:00 GMT"
              }
            },
            {
              "name": "If-None-Match",
              "in": "header",
              "description": "For testing purposes this header accepts any value. (???) See also https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match\n",
              "schema": {
                "type": "string"
              },
              "examples": {
                "abc": {
                  "value": null
                }
              }
            }
          ],
          "responses": {
            "200": {
              "description": "Neigher If-Modified-Since nor If-None-Match header is provided"
            }
          }
        }
      }
    }
  }

Thanks. Avreimy