Fixes:
1) Crashes in runner and file_utils
2) Binary strings being read in as payloads
Updates:
1) Clarified error messages in parser
2) Confusing variable names in test cases vs issues
Adds:
1) A `syntribos root` CLI sub command to display the current syntribos root dir
Change-Id: I22edf7a1f3d39724522aee88d08b00d299b67248
1) Allows for YAML body in request templates. If a content-type
is specified for a request template, Syntribos will validate the
body against the header. This is to prevent templates from silently
failing to parse and sending unintended data to the target.
2) Added extension to support basicauth
3) Lowered confidence ratings for various tests
Change-Id: I672b0e0aa3da1aa6dd7e9a8456da73f0a15759b7
This change:
1) rewrites the runner to spawn a thread pool for each template
and assigns a worker for each test case
2) makes the output colorized by default
3) makes minor changes to the output
Change-Id: I49906f5daaa339ca9429913680203c762a0ad9fe
Syntribos now allows the user to specify variables in their request
templates by reading from a meta.json file. This is part 1 of 3 of
the full effort, dealing primarily with the template parser itself.
Change-Id: Id41d331f595cd3bc32f085ef49cb5d1b16779a5c
During the first set of tests we did, it became clear that we
would need a way to test specific user provided string and check
them against user defined failure keys.
This test adds that functionality to the suite.
Change-Id: I53833c2ab11813d746d9fc97355adaf51eb6096e
Syntribos now downloads payloads as part of the initialization process, and
also can download payloads and templates as part of the 'syntribos download'
command.
Change-Id: I17501535e5fd341c2705e07e3797643dc2d4a7df
When syntribos attempts to download templates, it fails with
unicode error. This patch fixes it.
Closes-Bug: #1636609
Change-Id: Id62e9ed70d1b4501fe531587947c1f6d88bf034a
POC on loading payloads using remote URI. This is part of a larger
effort in packaging syntribos to ensure that the project would
work without much configuration post install from pypi.
Change-Id: Id61e840d4f49d5b6deb72bce2e8bcc0e1096fa52
Results are now formatted in the schema as defined here:
https://gist.github.com/cneill/a511451284a0c5f33295477150bd94d4
Furthermore, the json formatter is no longer responsible for the aggregation
of issues. Instead, this logic has been moved to the IssueTestResult class
Change-Id: Id39e122b2b4c1c9cafab09fdbc5d172dec012d22
The data file buffer-overflow.txt is never used, instead the string
generated in buffer_overflow.py is used for testing buffer overflow,
so the text file dependency is removed.
Change-Id: I4928926aa42b568502bd0b99b15b06d0667968ca
Adding a simple counter based id to tests to track them in debug
log and results log. Also, this patch improves the result output
like adding a progress bar and uniform test names..
Change-Id: Ib83181b25a0c18c7993f491cde98d73555b01404
- This removes FuzzRequest as a type of RequestObject. All requests are
now RequestObjects, and are parsed by the
syntribos.clients.http.parser
- Fuzzing a request is now done via
syntribos.tests.fuzz.datagen.fuzz_request()
- Moved _remove_attr_names and _remove_braces to the RequestObject
- Added unittests for fuzz datagen, http client models
Change-Id: Ib589c34ad80da58daab875d7383210d22d82d764
This updates the BTC/BFTC class methods based on the changes we agreed
on in our 7/13 meeting.
Details here: https://etherpad.openstack.org/p/syntribos-planning
Change-Id: I05e426ee1832385ec42d64ba930caea9ddd5374f
Removed data driven pass case and refactored data driven failure case
with a string presence check
Change-Id: I1abce36296676e2c7d4a3eacaf16c619b80199f1
Currently, no signals are printed with the output, so now, the slugs of signals
associated with each issue are now printed in the results output. We may
revisit this to add strengths and tags should they be needed in the future.
Change-Id: Ib58127a9d6bb296b9731668e957c15e5c2ef71f4
- Merges arguments.py and and existing config.py files into one file
- Removes dependencies on cafe.* config file / CLI parsing
- Adds "register_opts" to BTC to allow Tests to specify config options
- Moves us completely from cclogging to Python logging
Change-Id: I0d4a84563d54307c94c0064be429919f9d91d67b
- Removed unnecessary code from BTC
- Moved some components from BFTC to BTC
- Start using signals for all tests
- Renamed several variables in BTC for clarity
- Cleaned up BaseAuthTestCase somewhat
Change-Id: I3efc44b33aa4416e1f9853910485a8c5703a9057
Added SSL test case to check the returned response for http urls
over https urls
Implements blueprint test-transport-layer-security
Change-Id: I87eb6b075e5b528f0634500bc0ed2b52ff19e241
Extended the extend_class() method from BaseTestCase in BaseFuzzTestCase, as
only BaseFuzzTestCase should have fuzz_string and param_path as parameters to
the method.
Change-Id: If39629caed9d9659bb4c7c39eb8199b25610b5b1
Replaced `None` with `{}` in http/models.py
Removed urllib disable warnings.
Changed `sql_strings` to `bof_strings`
Removed `as` in import statement in runner.py
Removed non needed new line in arguments.py
Change-Id: I6f5285b446bd44054360ae7bfc6c1893c1341f03
We are currently using block quotes for license comments, which means
that Sphinx pulls this into every module, which is bad. Hash-prefixed
comments for licenses seem to be the standard for OpenStack as well.
Change-Id: Iabc60228c1201a960f672e1b0c7ab3c5312c9d8e
Implements: blueprint docstring-add-to-framework
This PR adds docstrings to a number of important components of
Syntribos, and adds this documentation to our Sphinx doc structure. It
also removes copyrights from __init__.py files with no other content,
in line with OpenStack style guidelines.
Set 2: Fixed PEP8 failure.
Change-Id: Ic57b31f451ec3ecf7f5b308da4544f808c9c9a5d
Implements: blueprint docstring-add-to-framework
Changes to the framework are only found in runner.py and base.py.
Tests are now no longer written as lists of assertions, which before meant that
it was impossible to access any variables used in the test itself after the
test was over. Instead, the register_issue method now adds the issue to
cls.failures, and will throw an AssertionError if there are any failures
reported to the test runner. This will allow us to do things like put the
failure string into the Issue description.
Change-Id: Ic3ca2ec48a6e1d99d56e605a2e0d0dc89158bc72
Implements: bp/framework-issue-creation
Registering an issue and testing that issue should be universal to
all test cases, not just fuzz test cases.
Change-Id: Idd09819475f68d99a8d0d491daac4e03e286a321