Open marcindulak opened 5 months ago
Tried to debug and in /RESTler/engine/engine/core/request_utilities.py
added some debug prints
def replace_auth_token(data, replace_str):
print("replace_auth_token", data)
print("replace_str", replace_str)
if data:
if latest_token_value:
print("latest_token_value", latest_token_value)
data = data.replace(latest_token_value.strip('\r\n'), replace_str)
if latest_shadow_token_value:
print("latest_shadow_token_value", latest_shadow_token_value)
data = data.replace(latest_shadow_token_value.strip('\r\n'), replace_str)
print("data", data)
return data
This results in the following cat /usr/src/restler-fuzzer/Replay/EngineStdOut.txt
replace_auth_token Will refresh token: sh /usr/src/restler-fuzzer/authentication_token.sh
replace_str _OMITTED_AUTH_TOKEN_
latest_token_value NO-TOKEN-SPECIFIED
latest_shadow_token_value NO-SHADOW-TOKEN-SPECIFIED
Failed to play sequence from log:
A valid authorization token was expected.
Retry with a token refresh script in the settings file or update the request in the replay log with a valid authorization token.
@marina-p
I also encountered the same problem. When I set cmd it fails to replay but when I change AUTHORIZATION TOKEN it replays fine.
Description
It appears that the replay of bugs doesn't use the
AUTHORIZATION TOKEN
, when the token is provided using--token_refresh_command
and--token_refresh_interval
parameters.The token is used as expected, and confirmed to be valid, when the
bug_buckets/*.replay.txt
is modified by hand to replaceAUTHORIZATION TOKEN
byAuthorization: Bearer RealTokenHere
.Steps to reproduce
These are not really reproduction steps, I hope someone will be able to confirm this using a project with
Authorization: Bearer
token.I'm running a replay of a bug found by the fuzzer
The main contents of
Fuzz/RestlerResults/experiment525/bug_buckets/PayloadBodyChecker_500_1.replay.txt
isThe contents of
/usr/src/restler-fuzzer/authentication_token.sh
isIf I replace
AUTHORIZATION TOKEN
withAuthorization: Bearer RealTokenHere
in thebug_buckets/*.replay.txt
, then the bug replays as expected.Expected results
Starting task Replay... Using python: 'python3' (Python 3.11.6) Task Replay succeeded. Collecting logs...
Actual results
When using
AUTHORIZATION TOKEN
with--token_refresh_command
and--token_refresh_interval
, the fuzzer logs the following on screenand
/usr/src/restler-fuzzer/Replay/EngineStdOut.txt
containsEnvironment details
PRETTY_NAME="Alpine Linux v3.18"; Python 3.11.6; No .NET SDKs were found; RESTler version: 9.2.3; https://github.com/microsoft/restler-fuzzer/commit/aef01a5a76c297c93645b93e471f65c97dde8807