search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.62k stars 303 forks source link

How to use this in Docker #828

Open Mrinank-Bhowmick opened 1 year ago

Mrinank-Bhowmick commented 1 year ago

Description

/RESTler # ls
compiler         engine           restler          resultsAnalyzer

/RESTler # cd restler/

/RESTler/restler # ls

FSharp.Control.AsyncSeq.dll                     System.ComponentModel.Composition.dll
FSharp.Core.dll                                 System.Configuration.ConfigurationManager.dll
Microsoft.ApplicationInsights.dll               System.Net.Http.Formatting.dll
Microsoft.FSharpLu.Json.dll                     System.Security.Cryptography.ProtectedData.dll
Microsoft.FSharpLu.dll                          System.Security.Permissions.dll
NJsonSchema.Yaml.dll                            YamlDotNet.dll
NJsonSchema.dll                                 cs
NSwag.Core.Yaml.dll                             de
NSwag.Core.dll                                  es
Namotion.Reflection.dll                         fr
Newtonsoft.Json.Bson.dll                        it
Newtonsoft.Json.dll                             ja
Pluralize.NET.Core.dll                          ko
Restler                                         pl
Restler.Compiler.dll                            pt-BR
Restler.Compiler.pdb                            ru
Restler.deps.json                               runtimes
Restler.dll                                     tr
Restler.pdb                                     zh-Hans
Restler.runtimeconfig.json                      zh-Hant
Sysprep.ps1

/RESTler/restler #

Now what to do next as Restler wont run on conatiners?

And I want to improve the documentation for setting this up on docker and updating this file and section https://github.com/microsoft/restler-fuzzer#docker

varun-jupiter commented 9 months ago

If your question is what is to be done for using restler once you are in the container, you can run ./Restler compile --api_spec swagger.json after importing a json in the container

Angelinsky7 commented 7 months ago

it's not working for me... first i tried : chmod +x RESTler/restler/Restler.exe and got this error : 

<3>WSL (13) ERROR: UtilGetPpid:1293: Failed to parse: /proc/1/stat, content: 1 (sh) S 0 1 1 34816 13 4194560 529 276 0 0 0 1 0 0 20 0 1 0 2534910 1712128 277 18446744073709551615 94786931576832 94786932214462 140736819780704 0 0 0 0 2637828 65538 1 0 0 17 2 0 0 0 0 0 94786932357152 94786932371504 94786948694016 140736819785446 140736819785454 140736819785454 140736819785712 0

as #838

DSchmidlin commented 5 months ago

This also happens to me.

conduct0 commented 3 months ago

I had to change the Dockerfile:

FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine as builder

RUN apk add --no-cache python3 py3-pip

COPY src ./src
COPY restler ./restler
COPY build-restler.py .

RUN python3 build-restler.py --dest_dir /build

RUN python3 -m compileall -b /build/engine

FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine as target

RUN apk add --no-cache python3 py3-pip
// this doesnt change anything
- RUN pip3 install requests applicationinsights

COPY --from=builder /build /RESTler
+ ENTRYPOINT [ "/RESTler/restler/Restler" ]
+ WORKDIR /mnt

You can use it also by mounting a volume to the container so that you dont have to copy the grammar.

#  You dont need to set network to host but its helpful if you wanna later test in other network
docker run --rm -v ${PWD}:/mnt --network="host" -it restler compile --api_spec spec.yaml
# For other commands do
docker run --rm -v ${PWD}:/mnt --network="host" -it restler --help

This has the disadvantage that you cannot continue a test you started before. I dont know if that is even possible but yeah.