Skip to content

Commit a50331c

Browse files
jorritfolmerjorritfolmer
committed
Applied code formatting using black
1 parent f4c4c72 commit a50331c

File tree

4 files changed

+343
-226
lines changed

4 files changed

+343
-226
lines changed

test/__init__.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
import connexion
33
from flask_testing import TestCase
44

5-
class BaseTestCase(TestCase):
65

6+
class BaseTestCase(TestCase):
77
def create_app(self):
8-
logging.getLogger('connexion.operation').setLevel('INFO')
9-
app = connexion.App(__name__, specification_dir='../openapi/')
10-
app.add_api('vAPI.yaml', pythonic_params=True)
8+
logging.getLogger("connexion.operation").setLevel("INFO")
9+
app = connexion.App(__name__, specification_dir="../openapi/")
10+
app.add_api("vAPI.yaml", pythonic_params=True)
1111
return app.app

test/test_fuzzing.py

Lines changed: 101 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
from test import BaseTestCase
1414

15+
1516
def do_post_req(mytestcase, ep, headers, payload):
1617
"""
1718
Perform an actual POST request
@@ -22,15 +23,13 @@ def do_post_req(mytestcase, ep, headers, payload):
2223
# print("--- Starting POST request to {}".format(ep))
2324
sleep(0.05)
2425
r = self.client.open(
25-
ep,
26-
method='POST',
27-
data=json.dumps(payload),
28-
headers=headers)
26+
ep, method="POST", data=json.dumps(payload), headers=headers
27+
)
2928
# r = requests.post('{}'.format(ep), data=payload,
3029
# headers=headers, timeout=20, allow_redirects=False)
3130
except Exception as e:
3231
print(" Exception connecting to {} with {}".format(ep, str(e)))
33-
return({"status_code": -1, "content": ""})
32+
return {"status_code": -1, "content": ""}
3433
else:
3534
# print(" POST request to {} returned status {}: {}".format(ep, r.status_code, r.data))
3635
return r
@@ -45,22 +44,19 @@ def do_get_req(mytestcase, ep, headers):
4544
try:
4645
# print("--- Starting GET request to {}".format(ep))
4746
sleep(0.05)
48-
r = self.client.open(
49-
ep,
50-
method='GET',
51-
headers=headers)
47+
r = self.client.open(ep, method="GET", headers=headers)
5248
# r = requests.get('{}'.format(ep), headers=headers,
5349
# timeout=20, allow_redirects=False)
5450
except Exception as e:
5551
print(" Exception connecting to {} with {}".format(ep, str(e)))
56-
return({"status_code": -1, "content": ""})
52+
return {"status_code": -1, "content": ""}
5753
else:
5854
# print(" GET request to {} returned status {}: {}".format(ep,r.status_code, r.content))
59-
return(r)
55+
return r
6056

6157

6258
def get_happyday_pattern(datatype):
63-
fuzzdbfile = "test/fuzz-{}.txt".format(re.sub(r'[^a-zA-Z]', '', datatype))
59+
fuzzdbfile = "test/fuzz-{}.txt".format(re.sub(r"[^a-zA-Z]", "", datatype))
6460
fuzzdbfallbackfile = "test/fuzz-fallback.txt"
6561
happydaystring = ""
6662
if os.path.exists(fuzzdbfile):
@@ -75,7 +71,7 @@ def get_happyday_pattern(datatype):
7571

7672

7773
def get_fuzz_patterns(datatype):
78-
fuzzdbfile = "test/fuzz-{}.txt".format(re.sub(r'[^a-zA-Z]', '', datatype))
74+
fuzzdbfile = "test/fuzz-{}.txt".format(re.sub(r"[^a-zA-Z]", "", datatype))
7975
fuzzdbfallbackfile = "test/fuzz-fallback.txt"
8076
lines = []
8177
if os.path.exists(fuzzdbfile):
@@ -99,8 +95,9 @@ def generate_happy_day_url_from_pathvars(baseurl, path, pathvars):
9995
for pathvar in pathvars:
10096
datatype = pathvar.get("schema", {}).get("type", "fallback")
10197
happydaystring = get_happyday_pattern(datatype)
102-
url = url.replace("{{{}}}".format(
103-
pathvar.get("name")), happydaystring.rstrip())
98+
url = url.replace(
99+
"{{{}}}".format(pathvar.get("name")), happydaystring.rstrip()
100+
)
104101
return url
105102

106103

@@ -113,19 +110,19 @@ def generate_urls_from_pathvars(baseurl, path, pathvars):
113110
"""
114111
urls = set()
115112
for pathvar in pathvars:
116-
if pathvar.get('in', None) == 'path' and 'name' in pathvar.keys():
113+
if pathvar.get("in", None) == "path" and "name" in pathvar.keys():
117114
datatype = pathvar.get("schema", {}).get("type", "fallback")
118115
lines = get_fuzz_patterns(datatype)
119116
for line in lines:
120117
url = "{}{}".format(baseurl, path)
121-
url = url.replace("{{{}}}".format(
122-
pathvar.get("name")), line.rstrip())
118+
url = url.replace("{{{}}}".format(pathvar.get("name")), line.rstrip())
123119
for otherpathvar in pathvars:
124-
datatype = otherpathvar.get(
125-
"schema", {}).get("type", "fallback")
120+
datatype = otherpathvar.get("schema", {}).get("type", "fallback")
126121
happydaystring = get_happyday_pattern(datatype)
127-
url = url.replace("{{{}}}".format(
128-
otherpathvar.get("name")), happydaystring.rstrip())
122+
url = url.replace(
123+
"{{{}}}".format(otherpathvar.get("name")),
124+
happydaystring.rstrip(),
125+
)
129126
urls.add(url)
130127
return urls
131128

@@ -148,7 +145,11 @@ def generate_payloads_from_postvars(postvars):
148145
datatype = postvars.get(param, {}).get("type", "")
149146
happydaystring = get_happyday_pattern(datatype)
150147
if param == fuzzparam:
151-
if jsontype == "int" or datatype == "int" or datatype == "number":
148+
if (
149+
jsontype == "int"
150+
or datatype == "int"
151+
or datatype == "number"
152+
):
152153
try:
153154
payload[param] = int(line.rstrip())
154155
except ValueError:
@@ -172,13 +173,13 @@ def generate_payloads_from_postvars(postvars):
172173

173174

174175
def do_post_fuzzing(*args, **kwargs):
175-
baseurl = kwargs.get('baseurl', "")
176-
headers = kwargs.get('headers', {})
177-
path = kwargs.get('path', None)
178-
pathvars = kwargs.get('pathvars', {})
179-
postvars = kwargs.get('postvars', {})
180-
responses = kwargs.get('responses', [])
181-
self = kwargs.get('mytestcase', None)
176+
baseurl = kwargs.get("baseurl", "")
177+
headers = kwargs.get("headers", {})
178+
path = kwargs.get("path", None)
179+
pathvars = kwargs.get("pathvars", {})
180+
postvars = kwargs.get("postvars", {})
181+
responses = kwargs.get("responses", [])
182+
self = kwargs.get("mytestcase", None)
182183

183184
newresponses = []
184185
for response in responses:
@@ -203,17 +204,17 @@ def do_get_fuzzing(*args, **kwargs):
203204
"""
204205
Perform fuzzing on a GET endpoint
205206
"""
206-
baseurl = kwargs.get('baseurl', "")
207-
headers = kwargs.get('headers', {})
208-
path = kwargs.get('path', None)
209-
pathvars = kwargs.get('pathvars', {})
210-
responses = kwargs.get('responses', [])
211-
self = kwargs.get('mytestcase', None)
207+
baseurl = kwargs.get("baseurl", "")
208+
headers = kwargs.get("headers", {})
209+
path = kwargs.get("path", None)
210+
pathvars = kwargs.get("pathvars", {})
211+
responses = kwargs.get("responses", [])
212+
self = kwargs.get("mytestcase", None)
212213

213214
urls = generate_urls_from_pathvars(baseurl, path, pathvars)
214215
stats = {}
215-
stats['path'] = path
216-
stats['method'] = 'GET'
216+
stats["path"] = path
217+
stats["method"] = "GET"
217218

218219
newresponses = []
219220
for response in responses:
@@ -230,6 +231,7 @@ def do_get_fuzzing(*args, **kwargs):
230231
self.assertIn(r.status_code, responses)
231232
return True
232233

234+
233235
def do_fuzzing(mytestcase, headers):
234236

235237
self = mytestcase
@@ -238,52 +240,87 @@ def do_fuzzing(mytestcase, headers):
238240
parser = ResolvingParser("openapi/vAPI.yaml")
239241
spec = parser.specification # contains fully resolved specs as a dict
240242
# print(json.dumps(parser.specification.get("paths").get("/employees/expenses/{expenses_id}/attachments").get("post"),indent=2))
241-
for path, pathvalues in spec.get("paths",{}).items():
242-
for method,methodvalues in pathvalues.items():
243+
for path, pathvalues in spec.get("paths", {}).items():
244+
for method, methodvalues in pathvalues.items():
243245
pathvars = {}
244246
# postvars = {}
245-
if method == 'get':
246-
if 'parameters' in methodvalues.keys():
247-
pathvars = methodvalues.get("parameters",{})
248-
responses = list(methodvalues.get("responses",{}).keys())
247+
if method == "get":
248+
if "parameters" in methodvalues.keys():
249+
pathvars = methodvalues.get("parameters", {})
250+
responses = list(methodvalues.get("responses", {}).keys())
249251
# print("--------------------------------------------")
250252
# print("GET fuzzing {}".format(path))
251-
do_get_fuzzing(mytestcase=self, baseurl=baseurl, headers=headers, path=path, pathvars=pathvars, responses=responses)
252-
if method == 'post':
253-
responses = list(methodvalues.get("responses",{}).keys())
254-
if 'requestBody' in methodvalues.keys() and 'parameters' in methodvalues.keys():
253+
do_get_fuzzing(
254+
mytestcase=self,
255+
baseurl=baseurl,
256+
headers=headers,
257+
path=path,
258+
pathvars=pathvars,
259+
responses=responses,
260+
)
261+
if method == "post":
262+
responses = list(methodvalues.get("responses", {}).keys())
263+
if (
264+
"requestBody" in methodvalues.keys()
265+
and "parameters" in methodvalues.keys()
266+
):
255267
pathvars = methodvalues.get("parameters")
256-
postvars = methodvalues.get("requestBody",{}).get("content",{}).get("application/json",{}).get("schema",{}).get("properties",{})
268+
postvars = (
269+
methodvalues.get("requestBody", {})
270+
.get("content", {})
271+
.get("application/json", {})
272+
.get("schema", {})
273+
.get("properties", {})
274+
)
257275
# print("--------------------------------------------")
258276
# print("POST fuzzing param URL {}:".format(path))
259-
do_post_fuzzing(mytestcase=self, baseurl=baseurl, headers=headers, path=path, pathvars=pathvars, postvars=postvars, responses=responses)
260-
elif 'requestBody' in methodvalues.keys():
261-
postvars = methodvalues.get("requestBody",{}).get("content",{}).get("application/json",{}).get("schema",{}).get("properties",{})
277+
do_post_fuzzing(
278+
mytestcase=self,
279+
baseurl=baseurl,
280+
headers=headers,
281+
path=path,
282+
pathvars=pathvars,
283+
postvars=postvars,
284+
responses=responses,
285+
)
286+
elif "requestBody" in methodvalues.keys():
287+
postvars = (
288+
methodvalues.get("requestBody", {})
289+
.get("content", {})
290+
.get("application/json", {})
291+
.get("schema", {})
292+
.get("properties", {})
293+
)
262294
# print("--------------------------------------------")
263295
# print("POST fuzzing non-param URL {}:".format(path))
264-
do_post_fuzzing(mytestcase=self, baseurl=baseurl, headers=headers, path=path, postvars=postvars, responses=responses)
296+
do_post_fuzzing(
297+
mytestcase=self,
298+
baseurl=baseurl,
299+
headers=headers,
300+
path=path,
301+
postvars=postvars,
302+
responses=responses,
303+
)
265304

266305

267306
class TestvAPI(BaseTestCase):
268-
269307
def test_unauth_fuzzing(self):
270-
headers = { "Content-type": "application/json"}
308+
headers = {"Content-type": "application/json"}
271309
do_fuzzing(self, headers)
272310

273311
def test_auth_fuzzing(self):
274-
headers = { "Content-type": "application/json"}
312+
headers = {"Content-type": "application/json"}
275313
payload = {"username": "user1", "password": "pass1"}
276314
url = "/tokens"
277315
r = self.client.open(
278-
url,
279-
method='POST',
280-
data=json.dumps(payload),
281-
headers=headers)
282-
self.assertEqual(r.status_code,200)
283-
self.assertRegex(r.json['access']['token']['id'], r'\w{32}')
284-
token = r.json['access']['token']['id']
316+
url, method="POST", data=json.dumps(payload), headers=headers
317+
)
318+
self.assertEqual(r.status_code, 200)
319+
self.assertRegex(r.json["access"]["token"]["id"], r"\w{32}")
320+
token = r.json["access"]["token"]["id"]
285321
headers["X-Auth-Token"] = token
286322
do_fuzzing(self, headers)
287323

288-
if __name__ == '__main__':
324+
325+
if __name__ == "__main__":
289326
unittest.main()

0 commit comments

Comments
 (0)