search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k stars 283 forks source link

How can I test and fuzz multiple examples? #867

Open DooniilGameDeveloper opened 4 months ago

DooniilGameDeveloper commented 4 months ago

Description

Hello!

I have a POST request and I need to use <20 custom examples for it. As I understand these examples can help in mutation data, am I right?

So, I created examples.json, specified it in config.json and everything works for the first example: image But if I add another example, like this image The example doesn't use while testing. In grammar.py I found just the first one. Can I do something with it?

marina-p commented 3 months ago

Hello @DooniilGameDeveloper,

You can enable testing all examples through the following engine setting:

"test_combinations_settings": {
      "example_payloads" : {
          "payload_kind": "all"
      }
}

And in the following two use cases:

1) test mode when --test_all_combinations is specified on the RESTler command line

2) fuzz mode and setting "fuzzing_mode": "bfs" in the engine settings.

Currently, it does not work with fuzz-lean mode but that would be straightforward to enable.

Side note: as you saw, RESTler only adds the first example to the Python grammar - the others are only added to the grammar.json file generated side by side with grammar.py.

Thanks,

Marina