From 8584a39e062bfc821db04c1e4e3ccf5ee4bccc63 Mon Sep 17 00:00:00 2001 From: Madalin Ilie Date: Tue, 24 May 2022 23:11:12 +0300 Subject: [PATCH] Refactor behaviour for Abugidas Fuzzers to not expect fail by default Abugidas only contain one control char, while other characters are valid. This refactoring assumes the Fuzzer will only expect 4XX when the fuzzed value does not match the supplied regex --- ...sInStringFieldsSanitizeValidateFuzzer.java | 28 +++++------ ...sInStringFieldsValidateSanitizeFuzzer.java | 7 +-- ...tInStringFieldsSanitizeValidateFuzzer.java | 25 +++------- .../fuzzer/fields/base/BaseFieldsFuzzer.java | 17 +++++-- .../base/ExpectOnly2XXBaseFieldsFuzzer.java | 2 - .../generator/simple/StringGenerator.java | 2 +- .../cats/model/CommonWithinMethods.java | 3 +- .../endava/cats/model/FuzzingStrategy.java | 2 +- .../endava/cats/model/util/PayloadUtils.java | 4 +- ...tringFieldsSanitizeValidateFuzzerTest.java | 46 +++++++++++++++---- ...tringFieldsValidateSanitizeFuzzerTest.java | 13 ------ ...tringFieldsSanitizeValidateFuzzerTest.java | 6 +-- ...tringFieldsValidateSanitizeFuzzerTest.java | 4 +- .../headers/ZalgoTextInHeadersFuzzerTest.java | 2 +- 14 files changed, 82 insertions(+), 79 deletions(-) diff --git a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java index 58f777a02..510a7f5d7 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzer.java @@ -3,7 +3,8 @@ import com.endava.cats.annotations.FieldFuzzer; import com.endava.cats.annotations.SanitizeAndValidate; import com.endava.cats.args.FilesArguments; -import com.endava.cats.fuzzer.fields.base.InvisibleCharsBaseTrimValidateFuzzer; +import com.endava.cats.fuzzer.fields.base.ExpectOnly2XXBaseFieldsFuzzer; +import com.endava.cats.http.ResponseCodeFamily; import com.endava.cats.io.ServiceCaller; import com.endava.cats.model.CommonWithinMethods; import com.endava.cats.model.FuzzingData; @@ -14,14 +15,12 @@ import io.swagger.v3.oas.models.media.Schema; import javax.inject.Singleton; -import java.util.Collections; import java.util.List; -import java.util.stream.Collectors; @Singleton @FieldFuzzer @SanitizeAndValidate -public class AbugidasInStringFieldsSanitizeValidateFuzzer extends InvisibleCharsBaseTrimValidateFuzzer { +public class AbugidasInStringFieldsSanitizeValidateFuzzer extends ExpectOnly2XXBaseFieldsFuzzer { protected AbugidasInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { super(sc, lr, cu, cp); @@ -29,11 +28,7 @@ protected AbugidasInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCas @Override public List getFieldFuzzingStrategy(FuzzingData data, String fuzzedField) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); - return PayloadUtils.getAbugidasChars() - .stream() - .map(abugidasChar -> CommonWithinMethods.getTextBasedOnMaxSize(fuzzedFieldSchema, abugidasChar)) - .collect(Collectors.toList()); + return CommonWithinMethods.getFuzzingStrategies(data, fuzzedField, PayloadUtils.getAbugidasChars(), true); } @Override @@ -42,12 +37,19 @@ protected String typeOfDataSentToTheService() { } @Override - public List getInvisibleChars() { - return Collections.emptyList(); + public boolean isFuzzingPossibleSpecificToFuzzer(FuzzingData data, String fuzzedField, FuzzingStrategy fuzzingStrategy) { + Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); + boolean isRefDataField = filesArguments.getRefData(data.getPath()).get(fuzzedField) != null; + return testCaseListener.isFieldNotADiscriminator(fuzzedField) && fuzzedFieldSchema.getEnum() == null && !isRefDataField; + } + + @Override + public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { + return ResponseCodeFamily.FOURXX; } @Override - public FuzzingStrategy concreteFuzzStrategy() { - return FuzzingStrategy.replace(); + public String description() { + return "iterate through each field and send " + typeOfDataSentToTheService(); } } diff --git a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java index 20bd9fe66..4204329ae 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzer.java @@ -18,11 +18,6 @@ protected AbugidasInStringFieldsValidateSanitizeFuzzer(ServiceCaller sc, TestCas super(sc, lr, cu, cp); } - @Override - public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { - return ResponseCodeFamily.FOURXX; - } - @Override public ResponseCodeFamily getExpectedHttpCodeWhenRequiredFieldsAreFuzzed() { return ResponseCodeFamily.FOURXX; @@ -32,5 +27,5 @@ public ResponseCodeFamily getExpectedHttpCodeWhenRequiredFieldsAreFuzzed() { public ResponseCodeFamily getExpectedHttpCodeWhenOptionalFieldsAreFuzzed() { return ResponseCodeFamily.FOURXX; } - + } \ No newline at end of file diff --git a/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java index b67f852b7..28fb8665c 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzer.java @@ -3,24 +3,21 @@ import com.endava.cats.annotations.FieldFuzzer; import com.endava.cats.annotations.SanitizeAndValidate; import com.endava.cats.args.FilesArguments; -import com.endava.cats.fuzzer.fields.base.InvisibleCharsBaseTrimValidateFuzzer; +import com.endava.cats.fuzzer.fields.base.ExpectOnly2XXBaseFieldsFuzzer; import com.endava.cats.io.ServiceCaller; import com.endava.cats.model.FuzzingData; import com.endava.cats.model.FuzzingStrategy; import com.endava.cats.model.util.PayloadUtils; import com.endava.cats.report.TestCaseListener; import com.endava.cats.util.CatsUtil; -import io.swagger.v3.oas.models.media.Schema; -import org.springframework.util.CollectionUtils; import javax.inject.Singleton; -import java.util.Collections; import java.util.List; @Singleton @FieldFuzzer @SanitizeAndValidate -public class ZalgoTextInStringFieldsSanitizeValidateFuzzer extends InvisibleCharsBaseTrimValidateFuzzer { +public class ZalgoTextInStringFieldsSanitizeValidateFuzzer extends ExpectOnly2XXBaseFieldsFuzzer { protected ZalgoTextInStringFieldsSanitizeValidateFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { super(sc, lr, cu, cp); @@ -31,26 +28,18 @@ protected String typeOfDataSentToTheService() { return "values containing zalgo text"; } - @Override - public List getInvisibleChars() { - return Collections.emptyList(); - } - - @Override - public FuzzingStrategy concreteFuzzStrategy() { - return FuzzingStrategy.replace(); - } - @Override public List getFieldFuzzingStrategy(FuzzingData data, String fuzzedField) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); return List.of(FuzzingStrategy.prefix().withData(PayloadUtils.getZalgoText())); } @Override public boolean isFuzzingPossibleSpecificToFuzzer(FuzzingData data, String fuzzedField, FuzzingStrategy fuzzingStrategy) { - Schema fuzzedFieldSchema = data.getRequestPropertyTypes().get(fuzzedField); + return testCaseListener.isFieldNotADiscriminator(fuzzedField); + } - return CollectionUtils.isEmpty(fuzzedFieldSchema.getEnum()); + @Override + public String description() { + return "iterate through each field and send " + typeOfDataSentToTheService(); } } \ No newline at end of file diff --git a/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java index a9575655d..64328814b 100644 --- a/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/base/BaseFieldsFuzzer.java @@ -32,8 +32,8 @@ public abstract class BaseFieldsFuzzer implements Fuzzer { public static final String CATS_REMOVE_FIELD = "cats_remove_field"; protected final CatsUtil catsUtil; protected final PrettyLogger logger = PrettyLoggerFactory.getLogger(getClass()); - final FilesArguments filesArguments; - final TestCaseListener testCaseListener; + protected final TestCaseListener testCaseListener; + protected final FilesArguments filesArguments; private final ServiceCaller serviceCaller; protected BaseFieldsFuzzer(ServiceCaller sc, TestCaseListener lr, CatsUtil cu, FilesArguments cp) { @@ -166,7 +166,18 @@ private boolean isFuzzedValueMatchingPattern(Object fieldValue, FuzzingData data } Pattern pattern = Pattern.compile(fieldSchema.getPattern()); - return fieldValue == null || pattern.matcher(String.valueOf(fieldValue)).matches(); + return fieldValue == null || pattern.matcher(this.sanitizeString(fieldValue)).matches(); + } + + /** + * We need to sanitize the fuzzed value before matching it to the pattern as APIs are expected to + * also sanitize data before validating it. + * + * @param fieldValue the initial fuzzed value + * @return the initial value with unicode control chars removed + */ + private String sanitizeString(Object fieldValue) { + return String.valueOf(fieldValue).replaceAll("\\p{C}", ""); } private boolean hasMinValue(FuzzingData data, String fuzzedField) { diff --git a/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java b/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java index 2be2b2d8e..24ef96379 100755 --- a/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java +++ b/src/main/java/com/endava/cats/fuzzer/fields/base/ExpectOnly2XXBaseFieldsFuzzer.java @@ -26,6 +26,4 @@ public ResponseCodeFamily getExpectedHttpCodeWhenOptionalFieldsAreFuzzed() { public ResponseCodeFamily getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern() { return ResponseCodeFamily.TWOXX; } - - } diff --git a/src/main/java/com/endava/cats/generator/simple/StringGenerator.java b/src/main/java/com/endava/cats/generator/simple/StringGenerator.java index 9f9ad455d..9f6645a88 100755 --- a/src/main/java/com/endava/cats/generator/simple/StringGenerator.java +++ b/src/main/java/com/endava/cats/generator/simple/StringGenerator.java @@ -54,7 +54,7 @@ private static String generateUsingRgxGenerator(String pattern, int min, int max } public static String composeString(String initial, int min, int max) { - String trimmed = initial.trim().replaceAll("[\\p{Z}]+", "") + "A"; + String trimmed = initial.trim().replaceAll("[\\p{Z}]+", "") + initial.charAt(0); if (trimmed.length() < min) { return composeString(trimmed + trimmed, min, max); } else if (trimmed.length() > max) { diff --git a/src/main/java/com/endava/cats/model/CommonWithinMethods.java b/src/main/java/com/endava/cats/model/CommonWithinMethods.java index 3d536656a..bff62c38c 100644 --- a/src/main/java/com/endava/cats/model/CommonWithinMethods.java +++ b/src/main/java/com/endava/cats/model/CommonWithinMethods.java @@ -32,7 +32,8 @@ public static List getFuzzingStrategies(FuzzingData data, Strin public static String insertInTheMiddle(String value, String whatToInsert, boolean insertWithoutReplace) { int position = value.length() / 2; - return value.substring(0, position - (insertWithoutReplace ? 0 : 1)) + whatToInsert + value.substring(position + (insertWithoutReplace ? 0 : 1)); + int whatToInsertLength = Math.min(value.length(), whatToInsert.length()); + return value.substring(0, position - (insertWithoutReplace ? 0 : whatToInsertLength / 2)) + whatToInsert + value.substring(position + (insertWithoutReplace ? 0 : whatToInsertLength / 2)); } public static FuzzingStrategy getTextBasedOnMaxSize(Schema fuzzedFieldSchema, String text) { diff --git a/src/main/java/com/endava/cats/model/FuzzingStrategy.java b/src/main/java/com/endava/cats/model/FuzzingStrategy.java index f326afae1..876bb0d74 100644 --- a/src/main/java/com/endava/cats/model/FuzzingStrategy.java +++ b/src/main/java/com/endava/cats/model/FuzzingStrategy.java @@ -23,7 +23,7 @@ */ public abstract class FuzzingStrategy { private static final Pattern ALL = Pattern.compile("^[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]*$"); - private static final Pattern WITHIN = Pattern.compile("[\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+"); + private static final Pattern WITHIN = Pattern.compile("([\\p{C}\\p{Z}\\p{So}\\p{Sk}\\p{M}]+|జ్ఞ\u200Cా|স্র\u200Cু)"); protected Object data; diff --git a/src/main/java/com/endava/cats/model/util/PayloadUtils.java b/src/main/java/com/endava/cats/model/util/PayloadUtils.java index eabddfa40..ab9614189 100644 --- a/src/main/java/com/endava/cats/model/util/PayloadUtils.java +++ b/src/main/java/com/endava/cats/model/util/PayloadUtils.java @@ -149,7 +149,7 @@ public static String getBadPayload() { } public static String getZalgoText() { - return ZALGO_TEXT.replace(" ",""); + return ZALGO_TEXT.replace(" ", ""); } public static List getLargeValuesStrategy(int largeStringsSize) { @@ -160,6 +160,4 @@ public static List getLargeValuesStrategy(int largeStringsSize) } return Collections.singletonList(FuzzingStrategy.replace().withData(markLargeString(StringUtils.repeat(generatedValue, payloadSize + 1)))); } - - } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java index f8a6566fc..38c3ae5fb 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsSanitizeValidateFuzzerTest.java @@ -11,11 +11,13 @@ import io.swagger.v3.oas.models.media.Schema; import io.swagger.v3.oas.models.media.StringSchema; import org.assertj.core.api.Assertions; +import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; import java.util.HashMap; +import java.util.List; import java.util.Map; @QuarkusTest @@ -23,12 +25,13 @@ class AbugidasInStringFieldsSanitizeValidateFuzzerTest { private final CatsUtil catsUtil = new CatsUtil(null); private AbugidasInStringFieldsSanitizeValidateFuzzer abugidasCharsInStringFieldsSanitizeValidateFuzzer; + private FilesArguments filesArguments; @BeforeEach void setup() { ServiceCaller serviceCaller = Mockito.mock(ServiceCaller.class); TestCaseListener testCaseListener = Mockito.mock(TestCaseListener.class); - FilesArguments filesArguments = Mockito.mock(FilesArguments.class); + filesArguments = Mockito.mock(FilesArguments.class); abugidasCharsInStringFieldsSanitizeValidateFuzzer = new AbugidasInStringFieldsSanitizeValidateFuzzer(serviceCaller, testCaseListener, catsUtil, filesArguments); Mockito.when(testCaseListener.isFieldNotADiscriminator(Mockito.anyString())).thenReturn(true); Mockito.when(testCaseListener.isFieldNotADiscriminator("pet#type")).thenReturn(false); @@ -36,28 +39,51 @@ void setup() { @Test void shouldProperlyOverrideSuperClassMethods() { - FuzzingData data = Mockito.mock(FuzzingData.class); - Map reqTypes = new HashMap<>(); - reqTypes.put("field", new StringSchema()); - Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); + FuzzingData data = mockFuzzingData(); FuzzingStrategy fuzzingStrategy = abugidasCharsInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0); Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name()); Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("జ్ఞ\u200Cా"); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.description()).isNotNull(); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull(); } + @NotNull + private FuzzingData mockFuzzingData() { + FuzzingData data = Mockito.mock(FuzzingData.class); + Map reqTypes = new HashMap<>(); + StringSchema petAge = new StringSchema(); + petAge.setEnum(List.of("1", "2")); + reqTypes.put("field", new StringSchema()); + reqTypes.put("pet#number", new StringSchema()); + reqTypes.put("pet#age", petAge); + Mockito.when(data.getPath()).thenReturn("/test"); + Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); + return data; + } + @Test void shouldNotFuzzIfDiscriminatorField() { - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#type", null)).isFalse(); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#type", null)).isFalse(); } @Test void shouldFuzzIfNotDiscriminatorField() { - Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#number", null)).isTrue(); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#number", null)).isTrue(); + } + + @Test + void shouldNotFuzzIfRefDataField() { + Map refData = Map.of("field", "test"); + Mockito.when(filesArguments.getRefData("/test")).thenReturn(refData); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "field", null)).isFalse(); + } + + @Test + void shouldNotFuzzWhenEnum() { + Map refData = Map.of("field", "test"); + Mockito.when(filesArguments.getRefData("/test")).thenReturn(refData); + Assertions.assertThat(abugidasCharsInStringFieldsSanitizeValidateFuzzer.isFuzzingPossibleSpecificToFuzzer(mockFuzzingData(), "pet#age", null)).isFalse(); } } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java index f8022896b..f20ddb849 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/AbugidasInStringFieldsValidateSanitizeFuzzerTest.java @@ -45,20 +45,7 @@ void shouldProperlyOverrideSuperClassMethods() { Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenOptionalFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenRequiredFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.description()).isNotNull(); Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.typeOfDataSentToTheService()).isNotNull(); - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - - } - - @Test - void shouldNotFuzzIfDiscriminatorField() { - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#type", null)).isFalse(); - } - - @Test - void shouldFuzzIfNotDiscriminatorField() { - Assertions.assertThat(abugidasInStringFieldsValidateSanitizeFuzzer.isFuzzingPossibleSpecificToFuzzer(null, "pet#number", null)).isTrue(); } } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java index 439e18a1f..c3f418ee2 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsSanitizeValidateFuzzerTest.java @@ -41,13 +41,11 @@ void shouldProperlyOverrideSuperClassMethods() { reqTypes.put("field", new StringSchema()); Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsSanitizeValidateFuzzer.getFieldFuzzingStrategy(data, "field").get(0); - Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.replace().name()); + Assertions.assertThat(fuzzingStrategy.name()).isEqualTo(FuzzingStrategy.prefix().name()); - Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a"); + Assertions.assertThat(fuzzingStrategy.getData().toString()).contains(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ".replace(" ", "")); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.TWOXX); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.description()).isNotNull(); - Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); - Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(zalgoTextInStringFieldsSanitizeValidateFuzzer.typeOfDataSentToTheService()).isNotNull(); } diff --git a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java index b4dd37dd7..306bc2e73 100644 --- a/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/fields/ZalgoTextInStringFieldsValidateSanitizeFuzzerTest.java @@ -41,14 +41,12 @@ void shouldProperlyOverrideSuperClassMethods() { Mockito.when(data.getRequestPropertyTypes()).thenReturn(reqTypes); FuzzingStrategy fuzzingStrategy = zalgoTextInStringFieldsValidateSanitizeFuzzer.getFieldFuzzingStrategy(data, "field").get(0); - Assertions.assertThat(fuzzingStrategy.getData().toString()).contains("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a̶͖̐͆͑́͆̓͗͆̏̑̈́̾͛̎̂̒̄̏̍͌͛̀́̄̓̍̐͂̀́̈́̂͐̕̕̕̚͘͠͝͠t̵̨̢̨͙̪̼͚͖̲̻̞̦̤̲̖͚̟̯͔̬̜̬͖̺͎̼̬̞̱̳͚͔͎̩̩̩̲̗̩̊̽̈́̔̀̍͒̓̂͐̾̆̐̒̄͂͒̽̾̔͊̒̀͗̿̈́͆͆̂͆̈́̋̏͊̉͌̒̏̓̑͛̉͘͜͜͜͝͝͠͠s̶"); + Assertions.assertThat(fuzzingStrategy.getData().toString()).contains(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ".replace(" ", "")); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenFuzzedValueNotMatchesPattern()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenOptionalFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getExpectedHttpCodeWhenRequiredFieldsAreFuzzed()).isEqualTo(ResponseCodeFamily.FOURXX); - Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.getInvisibleChars()).isEmpty(); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.description()).isNotNull(); Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.typeOfDataSentToTheService()).isNotNull(); - Assertions.assertThat(zalgoTextInStringFieldsValidateSanitizeFuzzer.concreteFuzzStrategy().name()).isEqualTo(FuzzingStrategy.replace().name()); } @Test diff --git a/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java b/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java index af768c37e..ad733f45e 100644 --- a/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java +++ b/src/test/java/com/endava/cats/fuzzer/headers/ZalgoTextInHeadersFuzzerTest.java @@ -32,6 +32,6 @@ void shouldHaveAllMethodsOverridden() { @Test void shouldGetZalgoTextAsPayload() { Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy()).hasSize(1); - Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy().get(0).getData()).isEqualTo("c̷̨̛̥̬͉̘̬̻̩͕͚̦̺̻͓̳͇̲̭̝̙̟̈́̉̐͂͒̆͂̿͌̑͐̌̇̈́̾̉̆̀̅̓͛͋̈̄͊̈̄̎̃̒͂̓̊̌̎̌̃́̅͊̏͘͘͘̕̕͘͠͝a̶͖̐͆͑́͆̓͗͆̏̑̈́̾͛̎̂̒̄̏̍͌͛̀́̄̓̍̐͂̀́̈́̂͐̕̕̕̚͘͠͝͠t̵̨̢̨͙̪̼͚͖̲̻̞̦̤̲̖͚̟̯͔̬̜̬͖̺͎̼̬̞̱̳͚͔͎̩̩̩̲̗̩̊̽̈́̔̀̍͒̓̂͐̾̆̐̒̄͂͒̽̾̔͊̒̀͗̿̈́͆͆̂͆̈́̋̏͊̉͌̒̏̓̑͛̉͘͜͜͜͝͝͠͠ş̶̨̢̧̛̛̱̜͈͓̗͍͈̰̱͔̥͙̺̤̠̩̮́̋̒͗̌̔̄̓̓͐̇̾̀́̓̆͗̂̐͊̓̓́̀͌̐̒̆̏̐͐̌̀́̈́̑̄͛̔̌͘̚̕͜͠ͅ ̸̡̡̧̡̨̧̧̯͚̥̙͉̲̠͚̼̤̹̹̳͕̙͔̺̥̼̙̙͚̳̰͕̤͕̀͒̈́̆̆̅̀̑̋̾͒̈́̅͌̀͑͋͋̎͂͂̄̑̆͒̃̓́̂̈́̑̄͝į̴̬͙͕̤͎͇̹̮̯̞̦̱̠̤̖̣̆͊̀̀̓͛͗͛̈͂̌̉̊͐̆̈̉͂͌̊́̉̋͘̚̚͜͝͝ș̷̡̛̛̮̲̥͙̞̤̘̉͛͗̿͂̏͛̾̂̂̄͗́̈́́̅̄̇̈́͗̀̂̈̉̐͑̏̒̈́͗̆͆̆̆͐̀͋̋͌̚̚͝͝ ̴̧̢̛̥̼̘̬̮͚͙̙̳͇̣̬̓̽̃̇̅͆͌̓̒̾͌̒͋͆́̓͛̔͛͒̉̔̏̔̂͐͛͗̾̎͂̏̋͘̚͝͝ç̵̡̧̛̛̟̩̲̲̲̫̺͎͎̘͎̘̱̭̬̗̎̾̏̂̏͑͊̾̎̂̉̊̉̐̓̾͒̓̓̒̔̽̄́͋̀̈́́̓̏͑͗̂̂̈́̒̚͘̕͘͝͠͝ͅͅͅơ̶̛̩̫̊̿̇͊͆́̅̈̽̆̓͛̌͐̍̀͒̐͑̀̎̀̀̉̑͛̔͋́̀͂̈̐̾̊̓͑̔͐̚̕͝͝͝͝͠ô̷̡̧̧̨̢̱͈̠̬̤̪̖̘͍̥̝͍̺̠̮̫̺̳͚͈͕̞̯̳̩̗̜̺̜̠͔̖̥͆͛͑́̆͛͐̓̒͊̊͑̽̄̐͊̓̃̚͜͜͝l"); + Assertions.assertThat(zalgoTextInHeadersFuzzer.fuzzStrategy().get(0).getData()).isEqualTo(" ̵̡̡̢̡̨̨̢͚̬̱̤̰̗͉͚̖͙͎͔͔̺̳͕̫̬͚̹͖̬̭̖̪̗͕̜̣̥̣̼͍͉̖͍̪͈̖͚̙͛͒͂̎̊̿̀̅̈͌͋̃̾̈̾̇͛͌͘͜͜͠͝ͅͅͅ ̷͕̗̇͛̅̀̑̇̈͗͌͛̐̀͆̐̊̅̋̈́̂̈́̈́͑̓͂͂̌̈́̽͌͐̐͂͐̈́̍̂͗̂͘͠͝͝͝ͅ ̷̨̢̧̢̡̨̛͕̯̭̹͖̮̘̤̩̥̟̖͈̯̠̖͈̜͈̥̫͔̘̭͉͎͇̤̦̯͙̹̠̼̮͕̲̖̟̲̦̣͇̳͖̳̭͇͓̭͌̓̀̅̋̋̀̈́̎̄͛̾̊͐̎̉̏͊͐̑͊͒̐̔̏̔̋̑̌͆̏̀̉͆̆́̓̆̉̀̒̆̆̉̀̂̎̈̔͗̔̕̕͘̕̚̚̕͘͜͝͝͝͝͝͠ͅ ̷̧̡̥͈͓͙͈̫͙͎͈̻̔̊̎̏̑̒̐̐̆̉̍͠͝͝ ̴̡̛̛͓͎͇̘͈͇̱̟̠̳͇̬̺̲̭̪̬̼̝̠̙̹̩̱̪͔͉͎̱͚͍̬͈̤͈͙͖̝̲̦̞̺̟̟̺͇̳͈̠̘̺̪̱̮̉̀̍̏̐̃̅̐̊̾͆̐͋͊̿̉̆̾͊̀͊͒͌̀͛̎́́͂̐͂̎͛̆͜͜͜͠ͅ ̶̧̧͖̻̥̝̺̼̙̫̩̹̣̲̩̲͍̺̘͕̤͉̹̥͉̮̮̟̘̥̺̯̗̠͈̬͚̦̦͚̫̫̦̉́̾̀̅͋̋̇̕̕͜͜͝ͅͅ ̶̧̛̛̝̟̤̬̙͔̻͙͚̹̣̳̳͔̥̘̠̗̦̠͚͎̖̮̳̗̥̫͚̯̬̩̎́̽͒̋̓̀͂̈́̓́̎͐͊͒̎͒͌̿̿̔͐̈́͑̊̄̓̎͐̓̓̍͘̕̚̚͜͜ ̶̢̡̡̨̡̡̘̫̫̠̟̻̳̻͈̲̖͚͇̼̩̥̥͎̥̯͚̞̘̼̞͍̮̗͈̱͚͙̠͔̞̮̱̭͍͍̪̲̜͓͍̣̯̲̠̲̤̅͊̑̇̆́̈́̓̿̄̐̓̐͐́͛̆͜͝͝͝͠ͅ ̶̧̡̨̧̡̧̥̥̱̪͇̞̭͙͚͔̜̠͓͈̞͈̣̹̝̩̦̟̻̰͙̯̼̜̞̮̬̝͚̺̟͎̻̱̙̦̜̭̲̰͎̳̣̈͜͜͜ͅ ̸̹̟̯̝͚̪̼͓͕͕̹͖̣̠͓̫͇͚͔̼̊́͑̊̊̅͗͠ͅ".replace(" ", "")); } }