RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k
stars
283
forks
source link
The number of requests in the command and testing summary is misleading when running partial number of endpoints #862
when running a test / fuzz / fuzz-lean on a number of endpoints, not the entire swagger, by choosing a number of endpoints in the engine_settings file, the number of APIs that shows in testing_summary and command line is the number of APIs in the full swagger and not the filtered number of APIs.
I see the right amount of requests that were actually sent in main.txt file.
Steps to reproduce
In engine_settings file Add include_requests field - in my case I added 2 endpoints that have 5 APIs (where full swagger has 9 APIs)
run test / fuzz-lean command from the command line with that engine_settings file
wait for the run to end
Expected results
I would see x/5 requests in coverage both in command line and testing_summary file.
Actual results
This is what I see in command line
This is what I get in testing_summary file
"final_spec_coverage": "3 / 9",
"rendered_requests": "3 / 9",
"rendered_requests_valid_status": "3 / 3",
This is what I see in main.txt
Random seed: 12345
Setting fuzzing schemes: directed-smoke-test
2024-02-15 01:39:01.570: Going to fuzz a set with 5 requests
Description
when running a test / fuzz / fuzz-lean on a number of endpoints, not the entire swagger, by choosing a number of endpoints in the engine_settings file, the number of APIs that shows in testing_summary and command line is the number of APIs in the full swagger and not the filtered number of APIs.
I see the right amount of requests that were actually sent in main.txt file.
Steps to reproduce
Expected results
I would see x/5 requests in coverage both in command line and testing_summary file.
Actual results
This is what I see in command line![image](https://github.com/microsoft/restler-fuzzer/assets/25950746/9a9c60b2-fd00-46e6-b2c7-1b7ba21f414d)
This is what I get in testing_summary file "final_spec_coverage": "3 / 9", "rendered_requests": "3 / 9", "rendered_requests_valid_status": "3 / 3",
This is what I see in main.txt Random seed: 12345 Setting fuzzing schemes: directed-smoke-test 2024-02-15 01:39:01.570: Going to fuzz a set with 5 requests
Environment details
No response