use restler_custom_payload for a single parameter

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

MIT License

2.59k stars 296 forks source link

use restler_custom_payload for a single parameter #630

Open omiguelgomes opened 2 years ago

omiguelgomes commented 2 years ago

Description

I am trying to specify a custom value for a parameter in my request body, using restler_custom_payload in the dictionary file. I am not able to do so, is it possible, or am I using the wrong syntax? I tried using this:

"restler_custom_payload": { "api_route/post/__body__/parameter_name": [value] },

The parameter I want to indicate is directly in the body, not nested. Is this possible? If so, how would I do this for a nested attribute? Thank you

marina-p commented 2 years ago

Hello @omiguelgomes,

The above syntax is not currently supported. We will look into what it would take to support this.

Would you be able to specify an example value for this parameter directly in your specification? If yes, RESTler will use this instead of the default fuzzable value for the type. If not, the only way to pass the value may be through providing a full example payload (as described in Examples.md).

Thanks,

Marina

omiguelgomes commented 2 years ago

Most of my routes have several parameters in the body, which can only be set to a certain group of values. The only way to have RESTler cycle through them is to create my own entire payloads, or have them in my API specification yaml?