RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k
stars
283
forks
source link
the leakage rule checker does not handle async DELETEs #809
The leakage rule checker reports a bug when DELETE returns a 202. It should instead perform async polling (checking for DELETED_CODES_ASYNC), and only report a bug after an incorrect final result (or timeout).
Steps to reproduce
Run 'fuzz-lean' against any API that has async DELETE.
Description
The leakage rule checker reports a bug when DELETE returns a 202. It should instead perform async polling (checking for DELETED_CODES_ASYNC), and only report a bug after an incorrect final result (or timeout).
Steps to reproduce
Run 'fuzz-lean' against any API that has async DELETE.
Expected results
Bug not reported for DELETE 202 status.
Actual results
Bug reported for DELETE 202 status.
Environment details
No response