search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.59k stars 296 forks source link

Missing part of request path when using variable and colon #705

Closed ngrozae closed 1 year ago

ngrozae commented 1 year ago

Description

I tried to run request containing colon sign with variable just before it, but such configuration causes fuzzable string to be omitted together with the part after colon.

Example: For request path: /dummy/{FOO}/path/{BAR}:baz RESTler in Test step generates following path: /dummy/fuzzstring/path Instead of: /dummy/fuzzstring/path/fuzzstring:baz

I can get the whole path only when I don't use variable before colon: /dummy/{FOO}/path/bar:baz Then RESTler in Test step generates correct path: /dummy/fuzzstring/path/bar:baz

Steps to reproduce

Prepare swagger spec with path that contains fuzzable string and a colon after it:

info:
  title: 'Dummy'
  version: '1.0'
openapi: 3.0.0
paths:
  /dummy/{FOO}/path/{BAR}:baz:
    parameters:
    - in: path
      name: FOO
      required: true
      schema:
        type: string
    - in: path
      name: BAR
      required: true
      schema:
        type: string
    get:
      responses:
        '200':
          description: OK

Commands: dotnet restler/Restler.dll compile --api_spec /mnt/dummy.yaml

dotnet restler/Restler.dll test --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json --settings Compile/engine_settings.json

Expected results

Expecting restler_fuzzable_string: 'fuzzstring' for {BAR} and ':baz' in restler_static_string like:

                - restler_static_string: 'GET '
                - restler_static_string: ''
                - restler_static_string: '/'
                - restler_static_string: 'dummy'
                - restler_static_string: '/'
                - restler_fuzzable_string: 'fuzzstring'
                - restler_static_string: '/'
                - restler_static_string: 'path'
                - restler_static_string: '/'
                - restler_fuzzable_string: 'fuzzstring'
                - restler_static_string: ':baz'
                - restler_static_string: 'path'
                - restler_static_string: ' HTTP/1.1\r\n'
                - restler_static_string: 'Accept: application/json\r\n'
                - restler_static_string: 'Host: \r\n'
                + restler_refreshable_authentication_token: ['token_auth_method', 'token_refresh_interval']
                - restler_static_string: '\r\n'

Actual results

/{BAR}:baz part is ommited in request path:

2023-02-23 13:59:02.717: Request 0
2023-02-23 13:59:02.717: Endpoint - /dummy/{FOO}/path/{BAR}:baz
2023-02-23 13:59:02.717: Hex Def - c2b5083cf04cafbc9a49a495fde82d98f23563e8
2023-02-23 13:59:02.717: Sequence length that satisfies dependencies: 1
2023-02-23 13:59:02.717: Rendering INVALID
                - restler_static_string: 'GET '
                - restler_static_string: ''
                - restler_static_string: '/'
                - restler_static_string: 'dummy'
                - restler_static_string: '/'
                - restler_fuzzable_string: 'fuzzstring'
                - restler_static_string: '/'
                - restler_static_string: 'path'
                - restler_static_string: ' HTTP/1.1\r\n'
                - restler_static_string: 'Accept: application/json\r\n'
                - restler_static_string: 'Host: \r\n'
                + restler_refreshable_authentication_token: ['token_auth_method', 'token_refresh_interval']
                - restler_static_string: '\r\n'

Environment details

• Used docker built from commit: 50944acf159c997f4bf7d12ef443d7a38950acc8 • Python 3.10.10 • RESTler version: 9.1.1