Instead of syntribos taking in ``--custom_install_root` during init and
``--syntribos-custom_root`` during run, which sometimes led to the custom root
option not being set correctly, the redundant config options have been
deprecated.
Change-Id: I95f4d345fe8a8608ff6d1daaf06ff49912917a3f
Fixes:
1) Crashes in runner and file_utils
2) Binary strings being read in as payloads
Updates:
1) Clarified error messages in parser
2) Confusing variable names in test cases vs issues
Adds:
1) A `syntribos root` CLI sub command to display the current syntribos root dir
Change-Id: I22edf7a1f3d39724522aee88d08b00d299b67248
1) Allows for YAML body in request templates. If a content-type
is specified for a request template, Syntribos will validate the
body against the header. This is to prevent templates from silently
failing to parse and sending unintended data to the target.
2) Added extension to support basicauth
3) Lowered confidence ratings for various tests
Change-Id: I672b0e0aa3da1aa6dd7e9a8456da73f0a15759b7
This change:
1) rewrites the runner to spawn a thread pool for each template
and assigns a worker for each test case
2) makes the output colorized by default
3) makes minor changes to the output
Change-Id: I49906f5daaa339ca9429913680203c762a0ad9fe
Before, a meta variable of the form "application/|type|" would
throw an error, now you can specify |type| as a metavar.
Change-Id: I0f9ba4635cdd6e2886d7f2f5e1ce2ab5b8dc2330
The i18n team has decided not to translate the logs because it
seems like it not very useful; operators prefer to have them in
English so that they can search for those strings on the internet.
Change-Id: I84b1a2397f424430ed332aa7d4d874379abd0357
In py35 syntribos init failed with unicode error,
this patch fixes that. This issue was in the file
type checking code. Now syntribos will try to
extract the remote `tar.gz` file downloaded and
if it fails, then the absolute path is returned.
Change-Id: I6cd5f6951d42a6230635af4c0afec9e8d88c117a
Closes-Bug: #1680022
As the templates have been moved to official repo, changing the
default URL in config to reflect the same.
Change-Id: If1050470947248f6c46a33bcaf1054dad3431b62
Running syntribos throws an error due to nits in the i18n
patch. This patch fixes the errors in runner.py and result.py.
Change-Id: Ic1c041f586e4f556fd1c1e30b6dc3f3dcd0284fe
Adding cross site tracing test to syntribos. This vulnerability
can be exploited only if there are existing xss vulnerabilities
in the app.
Moving "checks" that deals specificially with header data to
"header" directory.
Change-Id: I7b4b40ca54a95628e9b6d55963b5e159e6862a45
Syntribos now allows the user to specify variables in their request
templates by reading from a meta.json file. This is part 1 of 3 of
the full effort, dealing primarily with the template parser itself.
Change-Id: Id41d331f595cd3bc32f085ef49cb5d1b16779a5c
Changing six.iteritems(kwargs) to kwargs.items() to improve
readability of code and reduce the use of python package six
Change-Id: I7460c0274b790efcd53ee9d1c0bc538effb950dd
The latest change introduced a bug to syntribos init. It crashed on
line 282 when CONF.config_file and CONF.config_dir returns list but
str expected. This patch fixes it.
Closes-Bug: 1648562
Change-Id: Ib83dd03a500613843abadc5dcbfd9a9c477f8503
As payloads have been uploaded to the official repo, this change
updates the remote uri for payloads.
Change-Id: I074f1568e17e3b6192c439f1fcb3de98095ba351
Messages displayed for some exceptions are too vague and have
stack traces, cleaning up a few messages and the way they are
handled.
Change-Id: I7b134844e8a9cfa21a119cd5b5b6c37871d0381a
Adding ReDoS test to syntribos. ReDos was earlier merged with
string_validation test, as ReDoS is a pure test in itself, adding
the same.
Change-Id: I04b2c80486d897eef2764223e2ba0f4433bc9144
There is a possibility for the json parser to reach depth limit
and crash. This test checks for that and raises an issue if the
parser crashes.
Change-Id: I2ecb77e2e9aef2379321142d608eb714b33d970a
During the first set of tests we did, it became clear that we
would need a way to test specific user provided string and check
them against user defined failure keys.
This test adds that functionality to the suite.
Change-Id: I53833c2ab11813d746d9fc97355adaf51eb6096e
In Python 3 __ne__ by default delegates to __eq__ and inverts the
result, but in Python 2 they urge you to define __ne__ when you
define __eq__ for it to work properly [1].There are no implied
relationships among the comparison operators. The truth of x==y
does not imply that x!=y is false. Accordingly, when defining __eq__(),
one should also define __ne__() so that the operators will behave as expected.
[1]https://docs.python.org/2/reference/datamodel.html#object.__ne__
Change-Id: I48a2e8a6bafd183037fb5f67fd77728072890d53
The bug is due to the fact that sometimes when using os.getlogin(),
Python is calling the system getlogin() function and returns a strerror
"No such file or dir", thus failing to get the login name.
Change-Id: I4156325d7435c69943b2bb736bd1ec7b4d060db4
Closes-Bug: #1640850