The engine should validate the dictionary values are all quoted

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.

MIT License

2.52k stars 284 forks source link

The engine should validate the dictionary values are all quoted #773

Open marina-p opened 1 year ago

marina-p commented 1 year ago

💡 Idea

The array values in the dictionary must all be strings. For example:

Correct way to define a fuzzable int:

  "restler_fuzzable_int": [
    "1"
  ],

Incorrect way to define a fuzzable int:

  "restler_fuzzable_int": [
    1
  ],

We need to validate this in the engine before proceeding, since later errors can be difficult to debug.

Design Notes

No response

gauravdhiman217 commented 1 year ago

Hey Marina, is this issue still open ?. this could be my first contribution . can you please guide me through. thank you

marina-p commented 1 year ago

Hello @gauravdhiman217,

Yes, the issue is still open. The way to implement the validation would be in the engine. Taking a quick look, I suggest starting with adding it to the set_candidate_values method of the CandidateValuesPool class. You can create a separate function (could be local function) and validate it at the very beginning.

To test this, you will need to add a unit test in the engine unit tests with the invalid dictionary.

Thanks,

Marina

gauravdhiman217 commented 1 year ago

Hey @marina-p Thank You So much for responding. I am going through code base and try to understand the flow. I have one question , here we are only concern about custom dict . right ?