search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.56k stars 293 forks source link

Error when running swagger's petstore sample service #63

Open stishkin opened 3 years ago

stishkin commented 3 years ago

Ran RESTler on petstore3 (and petstore which is v2 of openapi)

https://github.com/swagger-api/swagger-petstore

Exception in thread Fuzzer: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/RESTler/engine/engine/core/fuzzer.py", line 36, in run self._num_total_sequences = driver.generate_sequences( File "/RESTler/engine/engine/core/driver.py", line 579, in generate_sequences return generate_sequences_directed_smoketest(fuzzing_requests, checkers) File "/RESTler/engine/engine/core/driver.py", line 495, in generate_sequences_directed_smoketest renderings, response_body, rendering_information = render_request(req, new_seq) File "/RESTler/engine/engine/core/driver.py", line 395, in render_request apply_checkers(checkers, renderings, global_lock) File "/RESTler/engine/engine/core/driver.py", line 143, in apply_checkers checker.apply(renderings, global_lock) File "/RESTler/engine/checkers/payload_body_checker.py", line 186, in apply self._run_feedback_fuzzing(last_request, body_schema_list) File "/RESTler/engine/checkers/payload_body_checker.py", line 634, in _run_feedback_fuzzing self._run_invalid_json_task( File "/RESTler/engine/checkers/payload_body_checker.py", line 736, in _run_invalid_json_task self._run_body_value_fuzzing( File "/RESTler/engine/checkers/payload_body_checker.py", line 842, in _run_body_value_fuzzing self._exec_request_with_new_body(request, body_blocks, tracker) File "/RESTler/engine/checkers/payload_body_checker.py", line 1115, in _exec_request_with_new_body for rendered_data, parser in new_request.render_iter( AttributeError: 'NoneType' object has no attribute 'render_iter'

rifiles commented 3 years ago

The issue is that a request has a body and a valid schema in grammar.json, but the request body in grammar.py looks like this:

primitives.restler_static_string("\r\n"),
primitives.restler_fuzzable_string("fuzzstring", quoted=True),
primitives.restler_static_string("\r\n"),

Because there is no '{' the payload body checker fails to find the body start, correctly returns a failure, but then the failure is never handled properly and the invalid request tries to get used anyway (as None) and then crashes. A check for the failure and an abort must be fixed in the payload body checker, but why was the grammar compiled like this in the first place?

marina-p commented 3 years ago

@rifiles Which endpoint?

marina-p commented 3 years ago

@stishkin Could you please provide the full path to the yaml file you passed to RESTler?

marina-p commented 3 years ago

@rifiles Found it: # Endpoint: /pet/{petId}/uploadImage, method: Post

marina-p commented 3 years ago

@rifiles This is currently by design because RESTler only supports bodies of type application/json.

The payload body checker should skip these, as you are already planning to do.

To support this use case, what changes need to be made to the engine? We probably need the content type in the grammar - let's discuss.

Let's leave the issue open requestBody: content: application/octet-stream: schema: type: string format: binary

marina-p commented 3 years ago

https://petstore3.swagger.io/api/v3/openapi.json

joshi-mohit commented 3 years ago

Has anyone exercised the petstore server (with openapi v3) with restler. Need some some details on how it has been run (compiled with restler and on basic run getting all 404/405 errors -- which seem reasonable so wanting to under what prework/config is required on petstore so that restler can be used