search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k stars 283 forks source link

Content-Length header is not getting fuzzed based on the list of naughty strings #871

Closed hemantyy closed 2 months ago

hemantyy commented 3 months ago

Description

We are seeing some discrepancy while fuzzing the content length header for one of the PATCH API. Although the list of naughty string has a bunch of different values, at server side, we seem to get the content length with a value of 4096 (the default value set for this) always. The number of permutated requests expected from the list of naughty string that I am currently using (=11) is also differing to the number of requests landing on the server (=4). Some of them are failing with "read operation timeout", and doesn't have any info related to response from server. I guess they were never sent to the server or server never processed them because content length was greater than the body length. Although in the speccov.json, I can see the request header having values from the list of naughty string given. Have shared logs with the team.

Steps to reproduce

Fuzzing PATCH or PUT API with content length can be used to reproduce the problem.

Expected results

No response

Actual results

No response

Environment details

No response

marina-p commented 2 months ago

Hi @hemantyy,

I have confirmed that RESTler sends all of the Content-Length custom_payload_header values as specified in the dictionary. The missing requests on the server side are likely due to error handling for the invalid Content-Length taking place earlier. Closing the issue.

Thanks,

Marina