Merge pull request #32 from rmaskell/master

Strategy to send all params in one request
KissPeter · Feb 9, 2020 · 4d83d68 · 4d83d68
2 parents 5bf12e1 + d108889
commit 4d83d68
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 25 deletions.
diff --git a/apifuzzer/fuzzer_target.py b/apifuzzer/fuzzer_target.py
@@ -271,8 +271,10 @@ def transmit(self, **kwargs):
                 kwargs['data'] = self.fix_data(kwargs.get('data'))
             if query_params is not None:
                 request_url = '{}{}'.format(request_url, query_params)
-            self.logger.info('Request URL : {}'.format(request_url))
             method = kwargs['method']
+            self.logger.info('Request URL : {} {}'.format(method, request_url))
+            if kwargs.get('data') is not None:
+                self.logger.info('Request data:{}'.format(json.dumps(dict(kwargs.get('data')))))
             if isinstance(method, Bits):
                 method = method.tobytes()
             if isinstance(method, bytes):
@@ -371,25 +373,15 @@ def expand_path_variables(self, url, path_parameters):
             self.logger.warn('Path_parameters {} does not in the desired format,received: {}'
                              .format(path_parameters, type(path_parameters)))
             return url
-        _temporally_url_list = list()
+        formattedUrl = url
         for path_key, path_value in path_parameters.items():
             self.logger.debug('Processing: path_key: {} , path_variable: {}'.format(path_key, path_value))
             path_parameter = container_name_to_param(path_key)
             url_path_paramter = '{%PATH_PARAM%}'.replace('%PATH_PARAM%', path_parameter)
-            splitter = '(%PATH_PARAM%)'.replace('%PATH_PARAM%', url_path_paramter)
-            url_list = re.split(splitter, url)
-            self.logger.debug('URL split: {} with: {}'.format(url_list, splitter))
-            if len(url_list) == 1:
+            tmpUrl = formattedUrl.replace(url_path_paramter, path_value)
+            if (tmpUrl == formattedUrl):
                 self.logger.warn('{} was not in the url: {}, adding it'.format(url_path_paramter, url))
-                url_list.extend(['/', url_path_paramter])
-            for url_part in url_list:
-                self.logger.debug('Processing url part: {}'.format(url_part))
-                if url_part == url_path_paramter:
-                    self.logger.debug('Replace path parameter marker ({}) with fuzz value: {}'
-                                      .format(url_path_paramter, path_value))
-                    _temporally_url_list.append(path_value)
-                else:
-                    _temporally_url_list.append(url_part)
-        _url = "".join(_temporally_url_list)
-        self.logger.info('Compiled url in {}, out: {}'.format(url, _url))
-        return _url.replace("{", "").replace("}", "").replace("+", "/")
+                tmpUrl += '&{}={}'.format(path_parameter,path_value)
+            formattedUrl = tmpUrl
+        self.logger.info('Compiled url in {}, out: {}'.format(url, formattedUrl))
+        return formattedUrl.replace("{", "").replace("}", "").replace("+", "/")
diff --git a/apifuzzer/swagger_template_generator.py b/apifuzzer/swagger_template_generator.py
@@ -32,11 +32,12 @@ def process_api_resources(self):
             normalized_url = self.normalize_url(resource)
             for method in self.api_resources['paths'][resource].keys():
                 self.logger.info('Resource: {} Method: {}'.format(resource, method))
+                template_container_name = '{}|{}'.format(normalized_url, method)
+                template = BaseTemplate(name=template_container_name)
+                template.url = normalized_url
+                template.method = method.upper()
+                self.logger.debug('Resource: {} Method: {}'.format(resource, method))
                 for param in self.api_resources['paths'][resource][method].get('parameters', {}):
-                    template_container_name = '{}|{}|{}'.format(normalized_url, method, param.get('name'))
-                    template = BaseTemplate(name=template_container_name)
-                    template.url = normalized_url
-                    template.method = method.upper()
                     type = param.get('type')
                     format = param.get('format')
                     if format is not None:
@@ -47,12 +48,11 @@ def process_api_resources(self):
                         fuzzer_type = None
                     fuzz_type = get_fuzz_type_by_param_type(fuzzer_type)
                     sample_data = get_sample_data_by_type(param.get('type'))
-
                     # get parameter placement(in): path, query, header, cookie
                     # get parameter type: integer, string
                     # get format if present
                     param_type = param.get('in')
-                    param_name = template_container_name
+                    param_name = '{}|{}'.format(template_container_name, param.get('name'))
                     self.logger.debug('Resource: {} Method: {} Parameter: {}, Parameter type: {}, Sample data: {},'
                                       'Param name: {}'
                                       .format(resource, method, param, param_type, sample_data, param_name))
@@ -68,7 +68,7 @@ def process_api_resources(self):
                         template.data.append(fuzz_type(name=param_name, value=transform_data_to_bytes(sample_data)))
                     else:
                         self.logger.error('Can not parse a definition from swagger.json: %s', param)
-                    self.templates.append(template)
+                self.templates.append(template)
 
     def compile_base_url(self, alternate_url):
         """