Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fuzzing found errors #91

Closed
vityaman opened this issue Apr 26, 2024 · 0 comments · Fixed by #98
Closed

Fix fuzzing found errors #91

vityaman opened this issue Apr 26, 2024 · 0 comments · Fixed by #98
Labels
bug Something isn't working

Comments

@vityaman
Copy link
Member

vityaman commented Apr 26, 2024
edited
Loading

From EvoMaster:

lms-botalka     | ru.vityaman.lms.botalka.app.spring.api.http.error.InvalidPromotionRequestStatus: Invalid promotion request status: Can't change promotion request statusto NEW
lms-botalka     |       at ru.vityaman.lms.botalka.app.spring.api.http.endpoint.PromotionHttpApi.promotionRequestIdPatch$suspendImpl(PromotionHttpApi.kt:30) ~[!/:0.0.1]

From Cats:

lms-botalka     | 2024-04-26T09:11:38.843Z ERROR 1 --- [botalka] [tor-tcp-epoll-2] a.w.r.e.AbstractErrorWebExceptionHandler : [8a0318bf-42272]  500 Server Error for HTTP POST "/api/v1/homework"
lms-botalka     | 
lms-botalka     | org.jooq.exception.DataException: SQL [insert into "lms"."homework" ("title", "description", "max_score", "publication_moment", "deadline_moment") values ($1, $2, $3, cast($4 as timestamp(6) with time zone), cast($5 as timestamp(6) with time zone)) returning "lms"."homework"."id", "lms"."homework"."title", "lms"."homework"."description", "lms"."homework"."max_score", "lms"."homework"."publication_moment", "lms"."homework"."deadline_moment", "lms"."homework"."creation_moment"]; timestamp out of range: "226749769-04-03 14:24:57+00"

From schemathesis:

======================= Schemathesis test session starts =======================
Schema location: http://lms-botalka:8080/openapi/api.yml
Base URL: http://lms-botalka:8080/api/v1
Specification version: Open API 3.0.3
Random seed: 217290859497029819202444950971775257466
Workers: 1
Collected API operations: 9
Collected API links: 0
API probing: SUCCESS
Schema analysis: SKIP

GET /api/v1/monitoring/ping .                                             [ 11%]
POST /api/v1/homework F                                                   [ 22%]
GET /api/v1/homework/{homework_id}/workspace/{student_id}/event F         [ 33%]
POST /api/v1/homework/{homework_id}/workspace/{student_id}/event F        [ 44%]
GET /api/v1/rating/grades .                                               [ 55%]
GET /api/v1/user/{id} F                                                   [ 66%]
POST /api/v1/user .                                                       [ 77%]
POST /api/v1/promotion/request F                                          [ 88%]
PATCH /api/v1/promotion/request/{id} F                                    [100%]

=================================== FAILURES ===================================
____________________________ POST /api/v1/homework _____________________________
1. Test Case ID: 9fB8qb

- Response violates schema

    'code' is a required property

    Schema:

        {
            "type": "object",
            "properties": {
                "code": {
                    "type": "integer",
                    "format": "int32",
                    "description": "HTTP Status Code",
                    "example": 400
                },
                "status": {
                    "type": "string",
                    "description": "HTTP Status Description",
                    "example": "Bad Request"
                },
                "message": {
                    "type": "string",
                    "description": "Detailed Message",
                    "example": "Username must contain only latin letter"
                }
            // Output truncated...
        }

    Value:

        {
            "timestamp": "2024-04-26T18:15:28.039+00:00",
            "path": "/api/v1/homework",
            "status": 400,
            "error": "Bad Request",
            "requestId": "8be666d5-245"
        }

[400] Bad Request:

    `{"timestamp":"2024-04-26T18:15:28.039+00:00","path":"/api/v1/homework","status":400,"error":"Bad Request","requestId":"8be666d5-245"}`

Reproduce with: 

    curl -X POST -H 'Content-Type: application/json' -d '{"deadline_moment": "2000-01-01T00:00:00Z", "description": "", "max_score": 0, "publication_moment": "2000-01-01T00:00:00+19:00", "title": ""}' http://lms-botalka:8080/api/v1/homework

_______ GET /api/v1/homework/{homework_id}/workspace/{student_id}/event ________
1. Test Case ID: iyi7z3

- Undocumented HTTP status code

    Received: 400
    Documented: 200, 404

[400] Bad Request:

    `{"code":400,"status":"Bad Request","message":"Unique id must be a positive, got 0"}`

Reproduce with: 

    curl -X GET http://lms-botalka:8080/api/v1/homework/0/workspace/0/event

_______ POST /api/v1/homework/{homework_id}/workspace/{student_id}/event _______
1. Test Case ID: Hv4tNo

- Response violates schema

    'code' is a required property

    Schema:

        {
            "type": "object",
            "properties": {
                "code": {
                    "type": "integer",
                    "format": "int32",
                    "description": "HTTP Status Code",
                    "example": 400
                },
                "status": {
                    "type": "string",
                    "description": "HTTP Status Description",
                    "example": "Bad Request"
                },
                "message": {
                    "type": "string",
                    "description": "Detailed Message",
                    "example": "Username must contain only latin letter"
                }
            // Output truncated...
        }

    Value:

        {
            "timestamp": "2024-04-26T18:15:29.632+00:00",
            "path": "/api/v1/homework/143/workspace/124/event",
            "status": 400,
            "error": "Bad Request",
            "requestId": "8be666d5-259"
        }

[400] Bad Request:

    `{"timestamp":"2024-04-26T18:15:29.632+00:00","path":"/api/v1/homework/143/workspace/124/event","status":400,"error":"Bad Request","requestId":"8be666d5-259"}`

Reproduce with: 

    curl -X POST -H 'producer_id: 124' -H 'Content-Type: application/json' -d '{"kind": "comment"}' http://lms-botalka:8080/api/v1/homework/143/workspace/124/event

____________________________ GET /api/v1/user/{id} _____________________________
1. Test Case ID: 1H2UBP

- Undocumented HTTP status code

    Received: 400
    Documented: 200, 404

[400] Bad Request:

    `{"code":400,"status":"Bad Request","message":"Unique id must be a positive, got 0"}`

Reproduce with: 

    curl -X GET http://lms-botalka:8080/api/v1/user/0

________________________ POST /api/v1/promotion/request ________________________
1. Test Case ID: S4DCZa

- Undocumented HTTP status code

    Received: 400
    Documented: 200, 404, 409

[400] Bad Request:

    `{"code":400,"status":"Bad Request","message":"Unique id must be a positive, got 0"}`

Reproduce with: 

    curl -X POST -H 'user_id: 0' -H 'Content-Type: application/json' -d '{"role": "student"}' http://lms-botalka:8080/api/v1/promotion/request

_____________________ PATCH /api/v1/promotion/request/{id} _____________________
1. Test Case ID: EvdwDi

- Server error

- Undocumented HTTP status code

    Received: 500
    Documented: 204, 404, 409

[500] Internal Server Error:

    `{"timestamp":"2024-04-26T18:15:36.126+00:00","path":"/api/v1/promotion/request/342","status":500,"error":"Internal Server Error","requestId":"8be666d5-393"}`

Reproduce with: 

    curl -X PATCH -H 'Content-Type: application/json' -d '{"status": "new"}' http://lms-botalka:8080/api/v1/promotion/request/342

=================================== SUMMARY ====================================

Performed checks:
    not_a_server_error                              311 / 312 passed          FAILED 
    status_code_conformance                         278 / 312 passed          FAILED 
    content_type_conformance                        312 / 312 passed          PASSED 
    response_headers_conformance                    312 / 312 passed          PASSED 
    response_schema_conformance                     241 / 312 passed          FAILED 

Note: Use the 'X-Schemathesis-TestCaseId' header to correlate test case ids from failure messages with server logs for debugging.

Note: To replicate these test failures, rerun with `--hypothesis-seed=217290859497029819202444950971775257466`

Tip: Use the `--report` CLI option to visualize test results via Schemathesis.io.
We run additional conformance checks on reports from public repos.

========================= 3 passed, 6 failed in 14.24s =========================
@vityaman vityaman added the bug Something isn't working label Apr 26, 2024
@vityaman vityaman changed the title Unhandled exceptions from fuzzer Unhandled InvalidPromotionRequestStatusException from fuzzer Apr 26, 2024
@vityaman vityaman changed the title Unhandled InvalidPromotionRequestStatusException from fuzzer Fix fuzzing found errors Apr 26, 2024
@vityaman vityaman mentioned this issue Apr 26, 2024
Merged
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed 500 on PATCH /promotion/id
f918acc
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed 500 on POST /homework
c9de90b
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Catching invalid timestamp at json
acd75c1
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed Undocumented HTTP status code
cbfe02d
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed Response violates schema with code 400
7553ef0
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed Undocumented HTTP status code 400
b1ca49b
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed Undocumented HTTP status code 400
1fb646b
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed Undocumented HTTP status code 400
285a0b7
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed exception handling
c9ea84b
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed homework score range
dbe4239
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed invalid json input output
8f0f4c8
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Removed unused handlers
ecf2f4c
@vityaman vityaman linked a pull request Apr 30, 2024 that will close this issue
#91 Fixed fuzzed errors #98
Merged
vityaman added a commit that referenced this issue Apr 30, 2024
@vityaman
#91 Fixed fuzzed errors (#98)
bdf3db5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#91 Fixed fuzzed errors vityaman-edu/lms
1 participant
@vityaman