-
Notifications
You must be signed in to change notification settings - Fork 5
/
README
56 lines (40 loc) · 1.66 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
RestFuzz - an API tester
========================
Features
--------
* Support REST json based API
* Requires a description of methods inputs/outputs
* Randomly generate inputs
* Outputs/inputs of type resources are collected and reused
* Health monitoring extract traceback from logs
Usage example
-------------
This unit test output shows example of randomly generated api call. A fake API is used, no actual request is performed::
$ python restfuzz/tests/test_fuzzer.py
A demo server and description is also included::
$ python demo/demo_server.py
$ restfuzz --api demo/demo.yaml
A typical fuzzing session goes like this:
$ ./tools/packstack_prep.sh
$ restfuzz --api ./api/network.yaml --health ./tools/health_localhost.py --db ./neutron_$(date '+%s')
... ^C
$ ./tools/read_dump.py --stats ./neutron_*
# Based on the method that always failed, or weird return code
$ ./tools/read_dump.py --name faulty_method ./samples/neutron_*
# Returns all the call from this method
# Looks for inconsistent cloud behavior using another account and then
$ ./tools/read_dump.py ./samples/* | grep "bad_uuid"
Todo
----
* includes https://github.com/minimaxir/big-list-of-naughty-strings
Bugs reported
-------------
* https://bugs.launchpad.net/neutron/+bug/1471957
* https://bugs.launchpad.net/neutron/+bug/1471959
* https://bugs.launchpad.net/neutron/+bug/1471966
* https://bugs.launchpad.net/neutron/+bug/1472242
* https://bugs.launchpad.net/neutron/+bug/1472243
* https://bugs.launchpad.net/designate/+bug/1473210
* https://bugs.launchpad.net/designate/+bug/1473212
* https://bugs.launchpad.net/designate/+bug/1473518
* https://bugs.launchpad.net/neutron/+bug/1486565