search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k stars 283 forks source link

TypeError: can only concatenate str (not "bool") to str #807

Open bungdanar opened 10 months ago

bungdanar commented 10 months ago

Description

I run restler to fuzz my app with following command:

.\restler\Restler.exe fuzz --grammar_file .\Compile\grammar.py --dictionary_file .\Compile\dict.json --settings .\Compile\engine_settings.json --no_ssl --time_budget 1

Before fuzzing process is complete, I got following error:

Starting task Fuzz...
Using python: 'python.exe' (Python 3.11.1)

ERROR: Restler engine failed. See logs in D:\Projects\pribadi\rest-fuzzing\restler_bin\Fuzz directory for more information.

Task Fuzz failed.
Collecting logs...

This is the error detail from the log:

Exception can only concatenate str (not "bool") to str applying checker <checkers.payload_body_checker.PayloadBodyChecker object at 0x0000024DCCD2E4D0>
2023-09-02 18:41:02.470: Terminating garbage collection. Waiting for max 300 seconds. 
Traceback (most recent call last):
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\core\fuzzer.py", line 43, in run
    self._num_total_sequences = driver.generate_sequences(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\core\driver.py", line 702, in generate_sequences
    seq_collection = render(seq_collection, fuzzing_pool, checkers, generation, global_lock,
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\core\driver.py", line 319, in render_sequential
    valid_renderings = render_one(seq_collection[ith], ith, checkers, generation, global_lock, garbage_collector)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\core\driver.py", line 217, in render_one
    apply_checkers(checkers, renderings, global_lock)
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\core\driver.py", line 151, in apply_checkers
    checker.apply(renderings, global_lock)
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\checkers\payload_body_checker.py", line 188, in apply
    self._run_feedback_fuzzing(last_request, body_schema_list)
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\checkers\payload_body_checker.py", line 641, in _run_feedback_fuzzing
    self._run_invalid_json_task(
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\checkers\payload_body_checker.py", line 743, in _run_invalid_json_task
    self._run_body_value_fuzzing(
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\checkers\payload_body_checker.py", line 847, in _run_body_value_fuzzing
    body_blocks_fuzzed = body_schema.fuzz_body_blocks(config)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\body_schema.py", line 190, in fuzz_body_blocks
    blocks = self._schema.get_fuzzing_blocks(self._config)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 644, in get_fuzzing_blocks
    members_blocks = self._traverse(config, sys._getframe().f_code.co_name, [])
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 702, in _traverse
    accum_value.append(getattr(member, func)(config))
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 1711, in get_fuzzing_blocks
    self._value.get_fuzzing_blocks(config)
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 644, in get_fuzzing_blocks
    members_blocks = self._traverse(config, sys._getframe().f_code.co_name, [])
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 702, in _traverse
    accum_value.append(getattr(member, func)(config))
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 1711, in get_fuzzing_blocks
    self._value.get_fuzzing_blocks(config)
  File "D:\Projects\pribadi\rest-fuzzing\restler_bin\engine\engine\fuzzing_parameters\request_params.py", line 1271, in get_fuzzing_blocks
    default_value = dependencies.RDELIM + default_value + dependencies.RDELIM
                    ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
TypeError: can only concatenate str (not "bool") to str

Environment: Windows 11 restler 9.2.2 dotnet 7.0.110 python 3.11.1

bungdanar commented 10 months ago

If anyone encounter the same thing, just use the lower version. I used v9.0.1 and it turned out okay