Skip to content

redhat-cip/restfuzz

Repository files navigation

RestFuzz - an API tester
========================

Features
--------
* Support REST json based API
* Requires a description of methods inputs/outputs
* Randomly generate inputs
* Outputs/inputs of type resources are collected and reused
* Health monitoring extract traceback from logs

Usage example
-------------

This unit test output shows example of randomly generated api call. A fake API is used, no actual request is performed::

  $ python restfuzz/tests/test_fuzzer.py

A demo server and description is also included::

  $ python demo/demo_server.py
  $ restfuzz --api demo/demo.yaml

A typical fuzzing session goes like this:

  $ ./tools/packstack_prep.sh
  $ restfuzz --api ./api/network.yaml --health ./tools/health_localhost.py --db ./neutron_$(date '+%s')
  ... ^C
  $ ./tools/read_dump.py --stats ./neutron_*
  # Based on the method that always failed, or weird return code
  $ ./tools/read_dump.py --name faulty_method ./samples/neutron_*
  # Returns all the call from this method

  # Looks for inconsistent cloud behavior using another account and then
  $ ./tools/read_dump.py ./samples/* | grep "bad_uuid"


Todo
----
* includes https://github.com/minimaxir/big-list-of-naughty-strings


Bugs reported
-------------

* https://bugs.launchpad.net/neutron/+bug/1471957
* https://bugs.launchpad.net/neutron/+bug/1471959
* https://bugs.launchpad.net/neutron/+bug/1471966
* https://bugs.launchpad.net/neutron/+bug/1472242
* https://bugs.launchpad.net/neutron/+bug/1472243

* https://bugs.launchpad.net/designate/+bug/1473210
* https://bugs.launchpad.net/designate/+bug/1473212
* https://bugs.launchpad.net/designate/+bug/1473518

* https://bugs.launchpad.net/neutron/+bug/1486565

Releases

No releases published

Packages

No packages published