search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k stars 283 forks source link

Get confusing error "could not find token module file" when executing token module file throwing FileNotFoundError #825

Open qihongchen opened 8 months ago

qihongchen commented 8 months ago

Description

I setup authentication in engine_settings.json

  "authentication": {
    "token": {
      "module": {
        "file": "C:\\Repos\\lhsecurity-playground\\restler\\TJSSession\\tjs_acquire_tokens.py",
        "function": "acquire_token",
        "data": {
          "client_id": "client_dummy_id"
        }
      },
      "token_refresh_interval": 600
    }

but "Restler.exe test ..." command give following error in network log

2023-10-19 04:27:35.388: Could not find token module file at C:\Repos\lhsecurity-playground\restler\TJSSession\tjs_acquire_tokens.py. Please ensure that you've passed a valid path
2023-10-19 04:27:35.396: Error: Invalid token authentication mechanism. 
Failed with Could not find token module file at C:\Repos\lhsecurity-playground\restler\TJSSession\tjs_acquire_tokens.py. Please ensure that you've passed a valid path

the token module file tjs_acquire_tokens.py exists, what happen is tjs_acquire_tokens.py read a local file in the same directory, that local file was specified with relative path like "my_token.txt", and I was able to run the token module file directly w/o problem. But when "Restler.exe test ..." executing token module file, it can't find file "my_token.txt" since it most likely changes the current working path.

Since the code of loading token module file and execute token module file are in the same try/catch block, it can't differentiate FileNoteFoundError from loading or executing token module file (here's the link to that code https://github.com/microsoft/restler-fuzzer/blob/99bc15988cd4c1e53bda1133728801d7d92061ff/restler/engine/core/request_utilities.py#L144C1-L150C32), and it always assume it can't find token module file in this case, and the error message is confusing.

Steps to reproduce

in token module file, read a local file with relative path when generate token, something like following

        with open("s2stoken.txt") as tokenFile:
            s2sToken = "Bearer " + tokenFile.readline().strip()

Expected results

Get error shows FileNotFoundError when execute token module file

Actual results

token module file not found

Environment details

Windows 11, Python 3.8.2, dotnet 7.0.402, restler 9.2.2