diff --git a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java index 58f777a02..510a7f5d7 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java @@ -3,7 +3,8 @@ import com.endava.cats.annotations.FieldFuzzer; import com.endava.cats.annotations.SanitizeAndValidate; import com.endava.cats.args.FilesArguments; -import com.endava.cats.fuzzer.fields.base.InvisibleCharsBaseTrimValidateFuzzer; +import com.endava.cats.fuzzer.fields.base.ExpectOnly2XXBaseFieldsFuzzer; +import com.endava.cats.http.ResponseCodeFamily; import com.endava.cats.io.ServiceCaller; import com.endava.cats.model.CommonWithinMethods; import com.endava.cats.model.FuzzingData; @@ -14,14 +15,12 @@ import io.swagger.v3.oas.models.media.Schema; import javax.inject.Singleton; -import java.util.Collections; import java.util.List; -import java.util.stream.Collectors; @Singleton @FieldFuzzer @SanitizeAndValidate -public class AbugidasInStringFieldsSanitizeValidateFuzzer extends InvisibleCharsBaseTrimValidateFuzzer { +public class AbugidasInStringFieldsSanitizeValidateFuzzer extends ExpectOnly2XXBaseFieldsFuzzer { protected AbugidasInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { super(sc, lr, cu, cp); @@ -29,11 +28,7 @@ protected AbugidasInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCas @Override public List getFieldFuzzingStrategy(FuzzingData data, String fuzzedField) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); - return PayloadUtils.getAbugidasChars() - .stream() - .map(abugidasChar -> CommonWithinMethods.getTextBasedOnMaxSize(fuzzedFieldSchema, abugidasChar)) - .collect(Collectors.toList()); + return CommonWithinMethods.getFuzzingStrategies(data, fuzzedField, PayloadUtils.getAbugidasChars(), true); } @Override @@ -42,12 +37,19 @@ protected String typeOfDataSentToTheService() { } @Override - public List getInvisibleChars() { - return Collections.emptyList(); + public boolean isFuzzingPossibleSpecificToFuzzer(FuzzingData data, String fuzzedField, FuzzingStrategy fuzzingStrategy) { + Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); + boolean isRefDataField = filesArguments.getRefData(data.getPath()).get(fuzzedField) != null; + return testCaseListener.isFieldNotADiscriminator(fuzzedField) && fuzzedFieldSchema.getEnum() == null && !isRefDataField; + } + + @Override + public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { + return ResponseCodeFamily.FOURXX; } @Override - public FuzzingStrategy concreteFuzzStrategy() { - return FuzzingStrategy.replace(); + public String description() { + return "iterate through each field and send " + typeOfDataSentToTheService(); } } diff --git a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java index 20bd9fe66..4204329ae 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java @@ -18,11 +18,6 @@ protected AbugidasInStringFieldsValidateSanitizeFuzzer(ServiceCaller sc, TestCas super(sc, lr, cu, cp); } - @Override - public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { - return ResponseCodeFamily.FOURXX; - } - @Override public ResponseCodeFamily getExpectedHttpCodeWhenRequiredFieldsAreFuzzed() { return ResponseCodeFamily.FOURXX; @@ -32,5 +27,5 @@ public ResponseCodeFamily getExpectedHttpCodeWhenRequiredFieldsAreFuzzed() { public ResponseCodeFamily getExpectedHttpCodeWhenOptionalFieldsAreFuzzed() { return ResponseCodeFamily.FOURXX; } - + } \ No newline at end of file diff --git a/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java index b67f852b7..28fb8665c 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java @@ -3,24 +3,21 @@ import com.endava.cats.annotations.FieldFuzzer; import com.endava.cats.annotations.SanitizeAndValidate; import com.endava.cats.args.FilesArguments; -import com.endava.cats.fuzzer.fields.base.InvisibleCharsBaseTrimValidateFuzzer; +import com.endava.cats.fuzzer.fields.base.ExpectOnly2XXBaseFieldsFuzzer; import com.endava.cats.io.ServiceCaller; import com.endava.cats.model.FuzzingData; import com.endava.cats.model.FuzzingStrategy; import com.endava.cats.model.util.PayloadUtils; import com.endava.cats.report.TestCaseListener; import com.endava.cats.util.CatsUtil; -import io.swagger.v3.oas.models.media.Schema; -import org.springframework.util.CollectionUtils; import javax.inject.Singleton; -import java.util.Collections; import java.util.List; @Singleton @FieldFuzzer @SanitizeAndValidate -public class ZalgoTextInStringFieldsSanitizeValidateFuzzer extends InvisibleCharsBaseTrimValidateFuzzer { +public class ZalgoTextInStringFieldsSanitizeValidateFuzzer extends ExpectOnly2XXBaseFieldsFuzzer { protected ZalgoTextInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { super(sc, lr, cu, cp); @@ -31,26 +28,18 @@ protected String typeOfDataSentToTheService() { return "values containing zalgo text"; } - @Override - public List getInvisibleChars() { - return Collections.emptyList(); - } - - @Override - public FuzzingStrategy concreteFuzzStrategy() { - return FuzzingStrategy.replace(); - } - @Override public List getFieldFuzzingStrategy(FuzzingData data, String fuzzedField) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); return List.of(FuzzingStrategy.prefix().withData(PayloadUtils.getZalgoText())); } @Override public boolean isFuzzingPossibleSpecificToFuzzer(FuzzingData data, String fuzzedField, FuzzingStrategy fuzzingStrategy) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); + return testCaseListener.isFieldNotADiscriminator(fuzzedField); + } - return CollectionUtils.isEmpty(fuzzedFieldSchema.getEnum()); + @Override + public String description() { + return "iterate through each field and send " + typeOfDataSentToTheService(); } } \ No newline at end of file diff --git a/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java index a9575655d..64328814b 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java @@ -32,8 +32,8 @@ public abstract class BaseFieldsFuzzer implements Fuzzer { public static final String CATS_REMOVE_FIELD = "cats_remove_field"; protected final CatsUtil catsUtil; protected final PrettyLogger logger = PrettyLoggerFactory.getLogger(getClass()); - final FilesArguments filesArguments; - final TestCaseListener testCaseListener; + protected final TestCaseListener testCaseListener; + protected final FilesArguments filesArguments; private final ServiceCaller serviceCaller; protected BaseFieldsFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { @@ -166,7 +166,18 @@ private boolean isFuzzedValueMatchingPattern(Object fieldValue, FuzzingData data } Pattern pattern = Pattern.compile(fieldSchema.getPattern()); - return fieldValue == null || pattern.matcher(String.valueOf(fieldValue)).matches(); + return fieldValue == null || pattern.matcher(this.sanitizeString(fieldValue)).matches(); + } + + /** + * We need to sanitize the fuzzed value before matching it to the pattern as APIs are expected to + * also sanitize data before validating it. + * + * @param fieldValue the initial fuzzed value + * @return the initial value with unicode control chars removed + */ + private String sanitizeString(Object fieldValue) { + return String.valueOf(fieldValue).replaceAll("\\p{C}", ""); } private boolean hasMinValue(FuzzingData data, String fuzzedField) { diff --git a/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java index 2be2b2d8e..24ef96379 100755 --- a/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java @@ -26,6 +26,4 @@ public ResponseCodeFamily getExpectedHttpCodeWhenOptionalFieldsAreFuzzed() { public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { return ResponseCodeFamily.TWOXX; } - - } diff --git a/src/main/java/com/endava/cats/generator/simple/StringGenerator.java b/src/main/java/com/endava/cats/generator/simple/StringGenerator.java index 9f9ad455d..9f6645a88 100755 --- a/src/main/java/com/endava/cats/generator/simple/StringGenerator.java +++ b/src/main/java/com/endava/cats/generator/simple/StringGenerator.java @@ -54,7 +54,7 @@ private static String generateUsingRgxGenerator(String pattern, int min, int max } public static String composeString(String initial, int min, int max) { - String trimmed = initial.trim().replaceAll("[\\p{Z}]+", "") + "A"; + String trimmed = initial.trim().replaceAll("[\\p{Z}]+", "") + initial.charAt(0); if (trimmed.length() < min) { return composeString(trimmed + trimmed, min, max); } else if (trimmed.length() > max) { diff --git a/src/main/java/com/endava/cats/model/CommonWithinMethods.java b/src/main/java/com/endava/cats/model/CommonWithinMethods.java index 3d536656a..bff62c38c 100644 --- a/src/main/java/com/endava/cats/model/CommonWithinMethods.java +++ b/src/main/java/com/endava/cats/model/CommonWithinMethods.java @@ -32,7 +32,8 @@ public static List getFuzzingStrategies(FuzzingData data, Strin public static String insertInTheMiddle(String value, String whatToInsert, boolean insertWithoutReplace) { int position = value.length() / 2; - return value.substring(0, position - (insertWithoutReplace ? 0 : 1)) + whatToInsert + value.substring(position + (insertWithoutReplace ? 0 : 1)); + int whatToInsertLength = Math.min(value.length(), whatToInsert.length()); + return value.substring(0, position - (insertWithoutReplace ? 0 : whatToInsertLength / 2)) + whatToInsert + value.substring(position + (insertWithoutReplace ? 0 : whatToInsertLength / 2)); } public static FuzzingStrategy getTextBasedOnMaxSize(Schema fuzzedFieldSchema, String text) { diff --git a/src/main/java/com/endava/cats/model/FuzzingStrategy.java b/src/main/java/com/endava/cats/model/FuzzingStrategy.java index f326afae1..876bb0d74 100644 --- a/src/main/java/com/endava/cats/model/FuzzingStrategy.java +++ b/src/main/java/com/endava/cats/model/FuzzingStrategy.java @@ -23,7 +23,7 @@ */ public abstract class FuzzingStrategy { private static final Pattern ALL = Pattern.compile("^[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]*$"); - private static final Pattern WITHIN = Pattern.compile("[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+"); + private static final Pattern WITHIN = Pattern.compile("([\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+|జ్ఞ\u200Cా|স্র\u200Cু)"); protected Object data; diff --git a/src/main/java/com/endava/cats/model/util/PayloadUtils.java b/src/main/java/com/endava/cats/model/util/PayloadUtils.java index eabddfa40..ab9614189 100644 --- a/src/main/java/com/endava/cats/model/util/PayloadUtils.java +++ b/src/main/java/com/endava/cats/model/util/PayloadUtils.java @@ -149,7 +149,7 @@ public static String getBadPayload() { } public static String getZalgoText() { - return ZALGO_TEXT.replace(" ",""); + return ZALGO_TEXT.replace(" ", ""); } public static List getLargeValuesStrategy(int largeStringsSize) { @@ -160,6 +160,4 @@ public static List getLargeValuesStrategy(int largeStringsSize) } return Collections.singletonList(FuzzingStrategy.replace().withData(markLargeString(StringUtils.repeat(generatedValue, payloadSize + 1)))); } - - } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java index f8a6566fc..38c3ae5fb 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java @@ -11,11 +11,13 @@ import io.swagger.v3.oas.models.media.Schema; import io.swagger.v3.oas.models.media.StringSchema; import org.assertj.core.api.Assertions; +import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; import java.util.HashMap; +import java.util.List; import java.util.Map; @QuarkusTest @@ -23,12 +25,13 @@ class AbugidasInStringFieldsSanitizeValidateFuzzerTest { private final CatsUtil catsUtil = new CatsUtil(null); private AbugidasInStringFieldsSanitizeValidateFuzzer abugidasCharsInStringFieldsSanitizeValidateFuzzer; + private FilesArguments filesArguments; @BeforeEach void setup() { ServiceCaller serviceCaller = Mockito.mock(ServiceCaller.class); TestCaseListener testCaseListener = Mockito.mock(TestCaseListener.class); - FilesArguments filesArguments = Mockito.mock(FilesArguments.class); + filesArguments = Mockito.mock(FilesArguments.class); abugidasCharsInStringFieldsSanitizeValidateFuzzer = new AbugidasInStringFieldsSanitizeValidateFuzzer(serviceCaller, testCaseListener, catsUtil, filesArguments); Mockito.when(testCaseListener.isFieldNotADiscriminator(Mockito.anyString())).thenReturn(true); Mockito.when(testCaseListener.isFieldNotADiscriminator("pet#type")).thenReturn(false); @@ -36,28 +39,51 @@ void setup() { @Test void shouldProperlyOverrideSuperClassMethods() { - FuzzingData data = Mockito.mock(FuzzingData.class); - Map reqTypes = new HashMap<>(); - reqTypes.put("field", new StringSchema()); - Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); + FuzzingData data = mockFuzzingData(); FuzzingStrategy fuzzingStrategy = abugidasCharsInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0); Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name()); Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("జ్ఞ\u200Cా"); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.description()).isNotNull(); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull(); } + @NotNull + private FuzzingData mockFuzzingData() { + FuzzingData data = Mockito.mock(FuzzingData.class); + Map reqTypes = new HashMap<>(); + StringSchema petAge = new StringSchema(); + petAge.setEnum(List.of("1", "2")); + reqTypes.put("field", new StringSchema()); + reqTypes.put("pet#number", new StringSchema()); + reqTypes.put("pet#age", petAge); + Mockito.when(data.getPath()).thenReturn("/test"); + Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); + return data; + } + @Test void shouldNotFuzzIfDiscriminatorField() { - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#type", null)).isFalse(); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#type", null)).isFalse(); } @Test void shouldFuzzIfNotDiscriminatorField() { - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#number", null)).isTrue(); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#number", null)).isTrue(); + } + + @Test + void shouldNotFuzzIfRefDataField() { + Map refData = Map.of("field", "test"); + Mockito.when(filesArguments.getRefData("/test")).thenReturn(refData); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "field", null)).isFalse(); + } + + @Test + void shouldNotFuzzWhenEnum() { + Map refData = Map.of("field", "test"); + Mockito.when(filesArguments.getRefData("/test")).thenReturn(refData); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#age", null)).isFalse(); } } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java index f8022896b..f20ddb849 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java @@ -45,20 +45,7 @@ void shouldProperlyOverrideSuperClassMethods() { Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenOptionalFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenRequiredFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.description()).isNotNull(); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.typeOfDataSentToTheService()).isNotNull(); - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - - } - - @Test - void shouldNotFuzzIfDiscriminatorField() { - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#type", null)).isFalse(); - } - - @Test - void shouldFuzzIfNotDiscriminatorField() { - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#number", null)).isTrue(); } } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java index 439e18a1f..c3f418ee2 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java @@ -41,13 +41,11 @@ void shouldProperlyOverrideSuperClassMethods() { reqTypes.put("field", new StringSchema()); Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0); - Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name()); + Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.prefix().name()); - Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a"); + Assertions.assertThat(fuzzingStrategy.getData().toString()).contains(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ".replace(" ", "")); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.description()).isNotNull(); - Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull(); } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java index b4dd37dd7..306bc2e73 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java @@ -41,14 +41,12 @@ void shouldProperlyOverrideSuperClassMethods() { Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsValidateSanitizeFuzzer.getFieldFuzzingStrategy(data, "field").get(0); - Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a̶͖̐͆͑́͆̓͗͆̏̑̈́̾͛̎̂̒̄̏̍͌͛̀́̄̓̍̐͂̀́̈́̂͐̕̕̕̚͘͠͝͠t̵̨̢̨͙̪̼͚͖̲̻̞̦̤̲̖͚̟̯͔̬̜̬͖̺͎̼̬̞̱̳͚͔͎̩̩̩̲̗̩̊̽̈́̔̀̍͒̓̂͐̾̆̐̒̄͂͒̽̾̔͊̒̀͗̿̈́͆͆̂͆̈́̋̏͊̉͌̒̏̓̑͛̉͘͜͜͜͝͝͠͠s̶"); + Assertions.assertThat(fuzzingStrategy.getData().toString()).contains(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ".replace(" ", "")); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenOptionalFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenRequiredFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); - Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.description()).isNotNull(); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.typeOfDataSentToTheService()).isNotNull(); - Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); } @Test diff --git a/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java index af768c37e..ad733f45e 100644 --- a/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java @@ -32,6 +32,6 @@ void shouldHaveAllMethodsOverridden() { @Test void shouldGetZalgoTextAsPayload() { Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy()).hasSize(1); - Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy().get(0).getData()).isEqualTo("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a̶͖̐͆͑́͆̓͗͆̏̑̈́̾͛̎̂̒̄̏̍͌͛̀́̄̓̍̐͂̀́̈́̂͐̕̕̕̚͘͠͝͠t̵̨̢̨͙̪̼͚͖̲̻̞̦̤̲̖͚̟̯͔̬̜̬͖̺͎̼̬̞̱̳͚͔͎̩̩̩̲̗̩̊̽̈́̔̀̍͒̓̂͐̾̆̐̒̄͂͒̽̾̔͊̒̀͗̿̈́͆͆̂͆̈́̋̏͊̉͌̒̏̓̑͛̉͘͜͜͜͝͝͠͠ş̶̨̢̧̛̛̱̜͈͓̗͍͈̰̱͔̥͙̺̤̠̩̮́̋̒͗̌̔̄̓̓͐̇̾̀́̓̆͗̂̐͊̓̓́̀͌̐̒̆̏̐͐̌̀́̈́̑̄͛̔̌͘̚̕͜͠ͅ ̸̡̡̧̡̨̧̧̯͚̥̙͉̲̠͚̼̤̹̹̳͕̙͔̺̥̼̙̙͚̳̰͕̤͕̀͒̈́̆̆̅̀̑̋̾͒̈́̅͌̀͑͋͋̎͂͂̄̑̆͒̃̓́̂̈́̑̄͝į̴̬͙͕̤͎͇̹̮̯̞̦̱̠̤̖̣̆͊̀̀̓͛͗͛̈͂̌̉̊͐̆̈̉͂͌̊́̉̋͘̚̚͜͝͝ș̷̡̛̛̮̲̥͙̞̤̘̉͛͗̿͂̏͛̾̂̂̄͗́̈́́̅̄̇̈́͗̀̂̈̉̐͑̏̒̈́͗̆͆̆̆͐̀͋̋͌̚̚͝͝ ̴̧̢̛̥̼̘̬̮͚͙̙̳͇̣̬̓̽̃̇̅͆͌̓̒̾͌̒͋͆́̓͛̔͛͒̉̔̏̔̂͐͛͗̾̎͂̏̋͘̚͝͝ç̵̡̧̛̛̟̩̲̲̲̫̺͎͎̘͎̘̱̭̬̗̎̾̏̂̏͑͊̾̎̂̉̊̉̐̓̾͒̓̓̒̔̽̄́͋̀̈́́̓̏͑͗̂̂̈́̒̚͘̕͘͝͠͝ͅͅͅơ̶̛̩̫̊̿̇͊͆́̅̈̽̆̓͛̌͐̍̀͒̐͑̀̎̀̀̉̑͛̔͋́̀͂̈̐̾̊̓͑̔͐̚̕͝͝͝͝͠ô̷̡̧̧̨̢̱͈̠̬̤̪̖̘͍̥̝͍̺̠̮̫̺̳͚͈͕̞̯̳̩̗̜̺̜̠͔̖̥͆͛͑́̆͛͐̓̒͊̊͑̽̄̐͊̓̃̚͜͜͝l"); + Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy().get(0).getData()).isEqualTo(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ̷̨̢̧̢̡̨̛͕̯̭̹͖̮̘̤̩̥̟̖͈̯̠̖͈̜͈̥̫͔̘̭͉͎͇̤̦̯͙̹̠̼̮͕̲̖̟̲̦̣͇̳͖̳̭͇͓̭͌̓̀̅̋̋̀̈́̎̄͛̾̊͐̎̉̏͊͐̑͊͒̐̔̏̔̋̑̌͆̏̀̉͆̆́̓̆̉̀̒̆̆̉̀̂̎̈̔͗̔̕̕͘̕̚̚̕͘͜͝͝͝͝͝͠ͅ ̷̧̡̥͈͓͙͈̫͙͎͈̻̔̊̎̏̑̒̐̐̆̉̍͠͝͝ ̴̡̛̛͓͎͇̘͈͇̱̟̠̳͇̬̺̲̭̪̬̼̝̠̙̹̩̱̪͔͉͎̱͚͍̬͈̤͈͙͖̝̲̦̞̺̟̟̺͇̳͈̠̘̺̪̱̮̉̀̍̏̐̃̅̐̊̾͆̐͋͊̿̉̆̾͊̀͊͒͌̀͛̎́́͂̐͂̎͛̆͜͜͜͠ͅ ̶̧̧͖̻̥̝̺̼̙̫̩̹̣̲̩̲͍̺̘͕̤͉̹̥͉̮̮̟̘̥̺̯̗̠͈̬͚̦̦͚̫̫̦̉́̾̀̅͋̋̇̕̕͜͜͝ͅͅ ̶̧̛̛̝̟̤̬̙͔̻͙͚̹̣̳̳͔̥̘̠̗̦̠͚͎̖̮̳̗̥̫͚̯̬̩̎́̽͒̋̓̀͂̈́̓́̎͐͊͒̎͒͌̿̿̔͐̈́͑̊̄̓̎͐̓̓̍͘̕̚̚͜͜ ̶̢̡̡̨̡̡̘̫̫̠̟̻̳̻͈̲̖͚͇̼̩̥̥͎̥̯͚̞̘̼̞͍̮̗͈̱͚͙̠͔̞̮̱̭͍͍̪̲̜͓͍̣̯̲̠̲̤̅͊̑̇̆́̈́̓̿̄̐̓̐͐́͛̆͜͝͝͝͠ͅ ̶̧̡̨̧̡̧̥̥̱̪͇̞̭͙͚͔̜̠͓͈̞͈̣̹̝̩̦̟̻̰͙̯̼̜̞̮̬̝͚̺̟͎̻̱̙̦̜̭̲̰͎̳̣̈͜͜͜ͅ ̸̹̟̯̝͚̪̼͓͕͕̹͖̣̠͓̫͇͚͔̼̊́͑̊̊̅͗͠ͅ".replace(" ", "")); } }