RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.52k
stars
283
forks
source link
RESTler is logging error for missing parameter in the response even when the parameter is not configured for the specific response code #883
Configured a service with a value expected in response header for status code 200.
A request resulted in a status code 400, but RESTler is logging an error that value is missing in response.
Description
Configured a service with a value expected in response header for status code 200. A request resulted in a status code 400, but RESTler is logging an error that value is missing in response.
Steps to reproduce
Spec:
"responses": { "200": { "description": "The request has succeeded.", "headers": { "ETag": { "required": true, "schema": { "type": "string" } } }, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Models.TenantResource" } } } }, "default": { "description": "An unexpected error response.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Models.ErrorResponse" } } } }
Request:
2024-03-22 18:36:25.930: Sending: 'PUT /tenants/public:simself:f8ce4953-ce54-4eaa-b6de-144292939e90?api-version=2023-05-01 HTTP/1.1\r\nAccept: application/json\r\nHost: targets-capabilities.westus2.chaos-test.azure.com\r\nIf-Match: fuzzstring\r\nContent-Type: application/json\r\n_OMITTED_AUTH_TOKEN_\r\nContent-Length: 456\r\nUser-Agent: SimulatedSelfhost/C6584DEF-2F60-4967-A8EC-2B7F65507E42\r\nx-restler-sequence-id: 1ffaf9fb-4325-4db0-b29c-030d7fbde879\r\n\r\n{\n "properties":\n {\n "state":\n "Registered"\n ,\n "featureFlags":\n [\n {\n "name":"fuzzstring"\n }\n ],\n "quotaLimits":\n [\n {\n "name":"foobar",\n "value":1\n }\n ],\n "additionalProperties":{ "fuzz": false }\n }\n }\r\n'
Response:
2024-03-22 18:36:26.024: Received: 'HTTP/1.1 412 Precondition Failed\r\nDate: Fri, 22 Mar 2024 18:36:25 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nRequest-Context: appId=\r\nStrict-Transport-Security: max-age=15724800; includeSubDomains\r\n\r\n86\r\n{"status":"Failed","error":{"code":"PreconditionFailed","message":"The entity tag \'fuzzstring\' does not match.","correlationId":null}}\r\n0\r\n\r\n'
RESTler logging error:
2024-03-22 18:36:26.024: Parser exception: 'Error: all of the expected dynamic objects were not present in the response.'.
Expected results
No response
Actual results
No response
Environment details
No response