Closed vityaman closed 4 months ago
Sends requests with valid method and path, but does not use type constraints and therefore can't bypass first level validation and get inside business logic
The same problem
So maybe we need to write our own "fuzzer"
This uses examples to generate input, so able to bypass validation. Helped to found some unhandled databases exceptions.
https://github.com/microsoft/restler-fuzzer
RESTler/restler/Restler compile --api_spec lms/botalka/src/main/resources/static/openapi/api.yml
RESTler/restler/Restler test --settings settings.json --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json
# settings.json
{
"host": "lms-botalka",
"target_port": 8080,
"no_ssl": true
}
Found a new one
Looks cool:
Depends on #33