# LLM enhanced API testing


## Environment Setup  
Variables like paths and models should be declared here.  


In [1]:
'''
Set up the environment
'''

from datetime import datetime
import os

def create_output_folder():
    """
    Create a timestamped folder for the output files.
    """
    # TODO - need to rethink this
    # long version
    # timestamp = datetime.now().strftime("%Y%m%d-%H%M%S")
    # this will create a daily folder
    timestamp = datetime.now().strftime("%Y%m%d")
    folder_name = f"{project_name}-{timestamp}/"
    output_folder = os.path.join(output_base_path, folder_name)
    os.makedirs(output_folder, exist_ok=True)
    return output_folder

## File Paths
# API spec path
api_spec_path = "/m2-data/jupyterNotebooks/api/spec/openapi3Vampi.yml"
# base output folder path
# all generated files will be stored here
output_base_path = "/m2-data/jupyterNotebooks/api/test_runs/"
# Project name 
project_name = "vampi"
# project_name = "crapi"

#models
# model_name = "gemma2:9b"
code_model_name = "qwen2.5-coder:7b"
# code_model_name = "codellama:13b"    
# code_model_name = "codellama:latest" # 7b
# model_name = "llama3.1:latest"  #7b
# model_name = "deepseek-r1:14b"
model_name = "deepseek-r1:8b"
# model_name = "llama3.2:3b"
# model_name = "llama3.2:1b"
# model_name = "tinyllama:latest"


# test data setup
test_email_domain = "test.com"
base_test_username = "adb123"

# create a new folder for this run
# this is the base path appended w/ the project name and a daily timestamp
output_folder = create_output_folder()


## Validate and Parse the spec
  - Attempts best effort to parse the spec
  - Will not exit if the validation check fails. It will be logged

In [2]:
print(output_folder)

/m2-data/jupyterNotebooks/api/test_runs/vampi-20250204/


In [3]:
import os
import json
import yaml
from datetime import datetime
from openapi_spec_validator import validate_spec

# File paths
input_spec_path = "/m2-data/jupyterNotebooks/api/spec/openapi3Vampi.yml"
# output_base_path = "/m2-data/jupyterNotebooks/api/test_runs/"
# output_base_path = output_folder



def validate_openapi_spec(file_path, output_folder):
    """
    Validates the OpenAPI specification and attempts partial parsing on failure.

    Args:
        file_path (str): Path to the OpenAPI specification file.
        output_folder (str): Path to the output folder for logging.

    Returns:
        dict: The parsed OpenAPI specification (best effort), or an empty dict if parsing completely fails.
    """
    try:
        with open(file_path, 'r') as file:
            if file_path.endswith('.json'):
                spec = json.load(file)
            elif file_path.endswith(('.yaml', '.yml')):
                spec = yaml.safe_load(file)
            else:
                raise ValueError("Unsupported file format. Only JSON and YAML are allowed.")

        validate_spec(spec)
        print("OpenAPI spec validation successful.")
        return spec

    except (json.JSONDecodeError, yaml.YAMLError) as e:
        error_message = f"Failed to parse the specification file: {e}"
    except Exception as e:  # Generic handling for validation errors
        error_message = f"Validation error: {e}"

    # Log validation errors
    log_file = os.path.join(output_folder, "validation_errors.log")
    with open(log_file, 'w') as log:
        log.write(error_message)
    print(f"Validation failed. Errors logged to: {log_file}")

    # Attempt to return partial spec if possible
    try:
        with open(file_path, 'r') as file:
            if file_path.endswith('.json'):
                return json.load(file)
            elif file_path.endswith(('.yaml', '.yml')):
                return yaml.safe_load(file)
    except Exception as e:
        print(f"Unable to perform partial parsing: {e}")
        return {}

def parse_spec_details(spec):
    """
    Parses the OpenAPI specification to extract servers, endpoints, and additional metadata.

    Args:
        spec (dict): The OpenAPI specification.

    Returns:
        dict: A dictionary containing servers, endpoints, and useful metadata.
    """
    endpoints = []
    servers = spec.get('servers', [])
    info = spec.get('info', {})
    tags = spec.get('tags', [])
    security = spec.get('security', [])
    external_docs = spec.get('externalDocs', {})

    for path, methods in spec.get('paths', {}).items():
        for method, details in methods.items():
            endpoint_info = {
                "path": path,
                "method": method.upper(),
                "parameters": details.get("parameters", []),
                "requestBody": details.get("requestBody", {}).get("content", {}),
                "responses": details.get("responses", {})
            }
            endpoints.append(endpoint_info)

    return {
        "servers": servers,
        "info": info,
        "tags": tags,
        "security": security,
        "externalDocs": external_docs,
        "endpoints": endpoints
    }

def main():
    """
    Main function to validate and parse the OpenAPI spec, saving output to JSON files.
    """

    # Validate the spec
    spec = validate_openapi_spec(input_spec_path, output_folder)
    if not spec:
        print("Failed to validate or parse the OpenAPI spec. Exiting.")
        return

    # Parse spec details
    parsed_data = parse_spec_details(spec)

    # Save parsed data to a JSON file
    output_file = os.path.join(output_folder, "parsed_spec.json")
    with open(output_file, 'w') as file:
        json.dump(parsed_data, file, indent=4)

    print(f"Parsed specification details saved to: {output_file}")

if __name__ == "__main__":
    main()


OpenAPI spec validation successful.
Parsed specification details saved to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20250204/parsed_spec.json


## Look for endpoints to determine health

In [4]:
import json
import requests

# File paths
# base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{output_folder}parsed_spec.json"
health_endpoints_path = f"{output_folder}endpoints_health.json"
model_url = "http://localhost:11434/api/generate"  # Ollama API endpoint
# model_name = "qwen2.5-coder:7b"

def find_candidate_endpoints(parsed_spec):
    """
    Identify candidate heartbeat endpoints based on the criteria.

    Args:
        parsed_spec (dict): The parsed OpenAPI spec JSON content.

    Returns:
        list: A list of candidate endpoints with 200 OK responses and no parameters.
    """
    candidates = []
    endpoints = parsed_spec.get("endpoints", [])
    
    for endpoint in endpoints:
        # Check for 200 OK response
        responses = endpoint.get("responses", {})
        if "200" in responses:
            # Check for no parameters or requestBody
            if not endpoint.get("parameters") and not endpoint.get("requestBody"):
                candidates.append(endpoint)
    
    return candidates

def query_model_for_ranking(candidates, model_name="qwen2.5-coder:7b"):
    """
    Query the model to rank or refine candidate heartbeat endpoints.

    Args:
        candidates (list): A list of candidate endpoints.
        model_name (str): The name of the model to query.

    Returns:
        list: Ranked or refined list of heartbeat endpoints.
    """
    prompt = (
        "You are analyzing API endpoints. Based on the following candidates, rank the endpoints "
        "most likely to be a heartbeat endpoint, which typically returns 200 OK with no parameters. "
        "Return the top 3 most probable candidates as a JSON array.\n\n"
        f"Candidates:\n{json.dumps(candidates, indent=2)}\n\n"
    )
    payload = {
        "model": model_name,
        "prompt": prompt
    }

    try:
        # Stream the response for incremental output
        response = requests.post(model_url, json=payload, stream=True)
        response.raise_for_status()

        # Process the streamed response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                try:
                    # Decode each line and append to result
                    result += chunk.decode('utf-8')
                except Exception as decode_error:
                    print(f"Error decoding chunk: {decode_error}")

        # Attempt to extract JSON from the response
        try:
            # Locate and parse the JSON part of the response
            start_idx = result.find("[")  # Assuming JSON array starts with [
            end_idx = result.rfind("]") + 1  # Assuming JSON array ends with ]
            if start_idx != -1 and end_idx != -1:
                ranked_candidates = json.loads(result[start_idx:end_idx])
            else:
                raise ValueError("Could not locate JSON array in model response.")
            return ranked_candidates
        except json.JSONDecodeError as e:
            print(f"JSON parsing error: {e}")
            return candidates[:3]  # Fallback to the first 3 candidates

    except Exception as e:
        print(f"Error querying model: {e}")
        return candidates[:3]  # Fallback to the first 3 candidates

def save_health_endpoints(health_endpoints, file_path):
    """
    Save the selected health endpoints to a JSON file.

    Args:
        health_endpoints (list): The list of health endpoints.
        file_path (str): Path to save the JSON file.
    """
    try:
        with open(file_path, "w") as file:
            json.dump(health_endpoints, file, indent=4)
        print(f"Health endpoints saved to: {file_path}")
    except Exception as e:
        print(f"Failed to save health endpoints: {e}")

def main():
    """
    Main function to find, rank, and save heartbeat endpoint candidates.
    """
    # Load the parsed OpenAPI spec JSON file
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
    except Exception as e:
        print(f"Failed to load parsed spec: {e}")
        return

    # Find candidate endpoints
    candidates = find_candidate_endpoints(parsed_spec)

    if not candidates:
        print("No candidate heartbeat endpoints found.")
        return

    # Query the model for refined ranking
    ranked_candidates = query_model_for_ranking(candidates)

    # Save the top 3 candidates to a new JSON file
    save_health_endpoints(ranked_candidates[:3], health_endpoints_path)

    # Print the top 3 candidates
    print("Top 3 Heartbeat Endpoint Candidates:")
    for i, candidate in enumerate(ranked_candidates[:3], start=1):
        print(f"{i}. Path: {candidate.get('path')}, Method: {candidate.get('method')}")

if __name__ == "__main__":
    main()


JSON parsing error: Expecting value: line 1 column 2 (char 1)
Health endpoints saved to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20250204/endpoints_health.json
Top 3 Heartbeat Endpoint Candidates:
1. Path: /createdb, Method: GET
2. Path: /, Method: GET
3. Path: /users/v1, Method: GET


## run checks
  - Appends endpoints_health.json with up/down status

In [5]:
import json
import requests

# File paths
# base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{output_folder}parsed_spec.json"
health_endpoints_path = f"{output_folder}endpoints_health.json"

def get_base_url(parsed_spec_path):
    """
    Retrieve the base URL from the parsed OpenAPI spec.

    Args:
        parsed_spec_path (str): Path to the parsed OpenAPI spec file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to retrieve base URL: {e}")
    return ""

def run_health_checks(base_url, health_endpoints):
    """
    Test the provided health endpoints to determine if the application is running.

    Args:
        base_url (str): The base URL of the API.
        health_endpoints (list): A list of health endpoint definitions, each containing "path" and "method".

    Returns:
        dict: A dictionary with endpoint results, indicating if the application is up.
    """
    results = {}
    for endpoint in health_endpoints:
        path = endpoint.get("path")
        method = endpoint.get("method", "GET").upper()
        full_url = f"{base_url}{path}"  # Combine base URL and endpoint path

        try:
            # Send the request to the endpoint
            response = requests.request(method, full_url)
            
            # Check if the response status code is 200
            if response.status_code == 200:
                results[path] = "Application is UP"
            else:
                results[path] = f"Unexpected status code: {response.status_code}"

        except Exception as e:
            results[path] = f"Error: {e}"

    return results

def append_up_endpoints_to_file(up_endpoints, file_path):
    """
    Append the endpoints that are up to the existing endpoints_health.json file.

    Args:
        up_endpoints (list): A list of endpoints that are up.
        file_path (str): Path to the endpoints_health.json file.
    """
    try:
        with open(file_path, "r") as file:
            existing_data = json.load(file)
    except Exception:
        existing_data = []

    # Append the up endpoints
    existing_data.extend(up_endpoints)

    try:
        with open(file_path, "w") as file:
            json.dump(existing_data, file, indent=4)
        print(f"Up endpoints successfully appended to: {file_path}")
    except Exception as e:
        print(f"Failed to append up endpoints: {e}")

def main():
    """
    Main function to load health endpoints, run health checks, and update the endpoints file.
    """
    # Retrieve the base URL
    base_url = get_base_url(parsed_spec_path)
    if not base_url:
        print("Base URL not found. Cannot perform health checks.")
        return

    # Load the health endpoints JSON file
    try:
        with open(health_endpoints_path, "r") as file:
            health_endpoints = json.load(file)
    except Exception as e:
        print(f"Failed to load health endpoints: {e}")
        return

    # Run health checks
    results = run_health_checks(base_url, health_endpoints)

    # Filter endpoints that are up
    up_endpoints = [
        {"path": path, "method": health_endpoints[i].get("method", "GET")}
        for i, (path, status) in enumerate(results.items())
        if "Application is UP" in status
    ]

    # Append up endpoints to the file
    append_up_endpoints_to_file(up_endpoints, health_endpoints_path)

    # Print the results
    print("Health Check Results:")
    for path, status in results.items():
        print(f"{path}: {status}")

if __name__ == "__main__":
    main()


Up endpoints successfully appended to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20241229/endpoints_health.json
Health Check Results:
/createdb: Application is UP
/: Application is UP
/users/v1: Application is UP


## Check for 'up' endpoints

In [6]:
import json
import requests

# File paths
base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{output_folder}parsed_spec.json"
health_endpoints_path = f"{output_folder}endpoints_health.json"

def get_base_url(parsed_spec_path):
    """
    Retrieve the base URL from the parsed OpenAPI spec.

    Args:
        parsed_spec_path (str): Path to the parsed OpenAPI spec file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to retrieve base URL: {e}")
    return ""

def run_health_checks(base_url, health_endpoints):
    """
    Test the provided health endpoints to determine if the application is running.

    Args:
        base_url (str): The base URL of the API.
        health_endpoints (list): A list of health endpoint definitions, each containing "path" and "method".

    Returns:
        dict: A dictionary with endpoint results, indicating if the application is up.
    """
    results = {}
    for endpoint in health_endpoints:
        path = endpoint.get("path")
        method = endpoint.get("method", "GET").upper()
        full_url = f"{base_url}{path}"  # Combine base URL and endpoint path

        try:
            # Send the request to the endpoint
            response = requests.request(method, full_url)
            
            # Check if the response status code is 200
            if response.status_code == 200:
                results[path] = "Application is UP"
            else:
                results[path] = f"Unexpected status code: {response.status_code}"

        except Exception as e:
            results[path] = f"Error: {e}"

    return results

def append_up_endpoints_to_file(up_endpoints, file_path):
    """
    Append the endpoints that are up to the existing endpoints_health.json file.

    Args:
        up_endpoints (list): A list of endpoints that are up.
        file_path (str): Path to the endpoints_health.json file.
    """
    try:
        with open(file_path, "r") as file:
            existing_data = json.load(file)
    except Exception:
        existing_data = []

    # Append the up endpoints
    existing_data.extend(up_endpoints)

    try:
        with open(file_path, "w") as file:
            json.dump(existing_data, file, indent=4)
        print(f"Up endpoints successfully appended to: {file_path}")
    except Exception as e:
        print(f"Failed to append up endpoints: {e}")

def main():
    """
    Main function to load health endpoints, run health checks, and update the endpoints file.
    """
    # Retrieve the base URL
    base_url = get_base_url(parsed_spec_path)
    if not base_url:
        print("Base URL not found. Cannot perform health checks.")
        return

    # Load the health endpoints JSON file
    try:
        with open(health_endpoints_path, "r") as file:
            health_endpoints = json.load(file)
    except Exception as e:
        print(f"Failed to load health endpoints: {e}")
        return

    # Run health checks
    results = run_health_checks(base_url, health_endpoints)

    # Filter endpoints that are up
    up_endpoints = [
        {"path": path, "method": health_endpoints[i].get("method", "GET")}
        for i, (path, status) in enumerate(results.items())
        if "Application is UP" in status
    ]

    # Append up endpoints to the file
    append_up_endpoints_to_file(up_endpoints, health_endpoints_path)

    # Print the results
    print("Health Check Results:")
    for path, status in results.items():
        print(f"{path}: {status}")

if __name__ == "__main__":
    main()


Up endpoints successfully appended to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20241229/endpoints_health.json
Health Check Results:
/createdb: Application is UP
/: Application is UP
/users/v1: Application is UP


## Determine User Registration Endpoints

## debug mode

In [7]:
'''
import json
import requests

# File paths
base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{base_path}parsed_spec.json"
user_reg_endpoint_path = f"{base_path}endpoint_user_reg.json"
model_url = "http://localhost:11434/api/generate"  # Ollama API endpoint
# model_name = "qwen2.5-coder:7b"
model_name = "tinyllama:latest"


def find_user_registration_endpoint(parsed_spec, model_name=model_name):
    """
    Use the LLM to determine a user registration endpoint from the parsed OpenAPI spec.

    Args:
        parsed_spec (dict): The parsed OpenAPI spec JSON content.
        model_name (str): The name of the LLM model to query.

    Returns:
        dict: The identified user registration endpoint.
    """
    # Pre-filter relevant data
    endpoints = parsed_spec.get("endpoints", [])
    relevant_endpoints = []

    for endpoint in endpoints:
        path = endpoint.get("path")
        method = endpoint.get("method")
        request_body = endpoint.get("requestBody", {}).get("application/json", {}).get("schema", {})
        fields = request_body.get("properties", {})

        # Debug: Log the endpoint and fields being evaluated
        print(f"Debug: Evaluating endpoint {path} {method}")
        print(f"Debug: Fields found -> {fields}")

        # Check for the required fields
        if all(key in fields for key in ["username", "password", "email"]):
            relevant_endpoints.append({
                "path": path,
                "method": method.upper(),
                "fields": list(fields.keys())
            })

    # Debug: Log the relevant endpoints identified during pre-filtering
    print(f"Debug: Relevant endpoints after filtering -> {json.dumps(relevant_endpoints, indent=2)}")

    if not relevant_endpoints:
        print("No endpoints with user registration fields found in pre-filtering.")
        return {}

    # Updated prompt for the LLM
    prompt = (
        "From the following API paths and their fields, identify the most likely user registration endpoint. "
        "A user registration endpoint typically accepts input fields like 'username', 'email', and 'password' "
        "and returns a success response upon creating a new user. Return the result as a JSON object with keys "
        "'path' and 'method'.\n\n"
        f"Endpoints:\n{json.dumps(relevant_endpoints, indent=2)}\n\n"
    )
    payload = {
        "model": model_name,
        "prompt": prompt
    }

    try:
        # Query the model
        response = requests.post(model_url, json=payload, stream=True)
        response.raise_for_status()

        # Process the streamed response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                try:
                    # Decode each line and append to result
                    result += chunk.decode('utf-8')
                except Exception as decode_error:
                    print(f"Error decoding chunk: {decode_error}")

        # Debug: Log raw result from LLM
        print(f"Debug: Raw result from LLM -> {result}")

        # Attempt to parse the JSON response
        try:
            endpoint = json.loads(result)
            if "path" in endpoint and "method" in endpoint:
                return endpoint
            else:
                raise ValueError("Response does not contain valid 'path' and 'method'.")
        except json.JSONDecodeError as e:
            print(f"JSON parsing error: {e}")
            print("Raw model response:", result)
            return {}

    except Exception as e:
        print(f"Error querying model: {e}")
        return {}


def save_user_registration_endpoint(endpoint, file_path):
    """
    Save the identified user registration endpoint to a JSON file.

    Args:
        endpoint (dict): The user registration endpoint.
        file_path (str): Path to save the JSON file.
    """
    try:
        with open(file_path, "w") as file:
            json.dump(endpoint, file, indent=4)
        print(f"User registration endpoint saved to: {file_path}")
    except Exception as e:
        print(f"Failed to save user registration endpoint: {e}")

def main():
    """
    Main function to analyze the spec and save the user registration endpoint.
    """
    # Load the parsed OpenAPI spec JSON file
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
    except Exception as e:
        print(f"Failed to load parsed spec: {e}")
        return

    # Use the LLM to find the user registration endpoint
    user_registration_endpoint = find_user_registration_endpoint(parsed_spec, model_name)

    if not user_registration_endpoint:
        print("No user registration endpoint identified.")
        return

    # Save the identified endpoint to a JSON file
    save_user_registration_endpoint(user_registration_endpoint, user_reg_endpoint_path)

if __name__ == "__main__":
    main()
'''

'\nimport json\nimport requests\n\n# File paths\nbase_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"\nparsed_spec_path = f"{base_path}parsed_spec.json"\nuser_reg_endpoint_path = f"{base_path}endpoint_user_reg.json"\nmodel_url = "http://localhost:11434/api/generate"  # Ollama API endpoint\n# model_name = "qwen2.5-coder:7b"\nmodel_name = "tinyllama:latest"\n\n\ndef find_user_registration_endpoint(parsed_spec, model_name=model_name):\n    """\n    Use the LLM to determine a user registration endpoint from the parsed OpenAPI spec.\n\n    Args:\n        parsed_spec (dict): The parsed OpenAPI spec JSON content.\n        model_name (str): The name of the LLM model to query.\n\n    Returns:\n        dict: The identified user registration endpoint.\n    """\n    # Pre-filter relevant data\n    endpoints = parsed_spec.get("endpoints", [])\n    relevant_endpoints = []\n\n    for endpoint in endpoints:\n        path = endpoint.get("path")\n        method = endpoint.get("method")\n      

## Debug - WIP

In [8]:
'''
import json
import requests

# File paths
# base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{output_folder}parsed_spec.json"
user_reg_endpoint_path = f"{output_folder}endpoint_user_reg.json"
model_url = "http://localhost:11434/api/generate"  # Ollama API endpoint
# model_name = "qwen2.5-coder:7b"
# model_name = "tinyllama:latest"


def find_user_registration_endpoint(parsed_spec, model_name=model_name):
    """
    Use the LLM to determine a user registration endpoint from the parsed OpenAPI spec.

    Args:
        parsed_spec (dict): The parsed OpenAPI spec JSON content.
        model_name (str): The name of the LLM model to query.

    Returns:
        dict: The identified user registration endpoint.
    """
    # Pre-filter relevant data
    endpoints = parsed_spec.get("endpoints", [])
    relevant_endpoints = []

    for endpoint in endpoints:
        path = endpoint.get("path")
        method = endpoint.get("method")
        request_body = endpoint.get("requestBody", {}).get("application/json", {}).get("schema", {})
        fields = request_body.get("properties", {})

        # Check for the required fields
        if all(key in fields for key in ["username", "password", "email"]):
            relevant_endpoints.append({
                "path": path,
                "method": method.upper(),
                "fields": list(fields.keys())
            })

    # Debug: Log the relevant endpoints
    print(f"Debug: Relevant endpoints after filtering -> {json.dumps(relevant_endpoints, indent=2)}")

    if not relevant_endpoints:
        print("No endpoints with user registration fields found in pre-filtering.")
        return {}

    # Updated prompt for the LLM
    prompt = (
        "From the following API paths and their fields, identify the most likely user registration endpoint. "
        "A user registration endpoint typically accepts input fields like 'username', 'email', and 'password' "
        "and returns a success response upon creating a new user. Return the result as a JSON object with keys "
        "'path' and 'method'.\n\n"
        f"Endpoints:\n{json.dumps(relevant_endpoints, indent=2)}\n\n"
    )
    payload = {
        "model": model_name,
        "prompt": prompt
    }

    try:
        # Query the model
        response = requests.post(model_url, json=payload, stream=True)
        response.raise_for_status()

        # Process the streamed response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                try:
                    # Decode each line and append to result
                    result += chunk.decode('utf-8')
                except Exception as decode_error:
                    print(f"Error decoding chunk: {decode_error}")

        # Attempt to parse the JSON response
        try:
            endpoint = json.loads(result)
            if "path" in endpoint and "method" in endpoint:
                print("Debug: LLM successfully identified endpoint.")
                return endpoint
            else:
                raise ValueError("Response does not contain valid 'path' and 'method'.")
        except json.JSONDecodeError as e:
            print(f"JSON parsing error: {e}")
            print("Raw model response:", result)

    except Exception as e:
        print(f"Error querying model: {e}")

    # Fallback to the first relevant endpoint
    print("Debug: Falling back to pre-filtered endpoint.")
    return relevant_endpoints[0] if relevant_endpoints else {}

def save_user_registration_endpoint(endpoint, file_path):
    """
    Save the identified user registration endpoint to a JSON file.

    Args:
        endpoint (dict): The user registration endpoint.
        file_path (str): Path to save the JSON file.
    """
    try:
        with open(file_path, "w") as file:
            json.dump(endpoint, file, indent=4)
        print(f"User registration endpoint saved to: {file_path}")
    except Exception as e:
        print(f"Failed to save user registration endpoint: {e}")

def main():
    """
    Main function to analyze the spec and save the user registration endpoint.
    """
    # Load the parsed OpenAPI spec JSON file
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
    except Exception as e:
        print(f"Failed to load parsed spec: {e}")
        return

    # Use the LLM to find the user registration endpoint
    user_registration_endpoint = find_user_registration_endpoint(parsed_spec, model_name)

    if not user_registration_endpoint:
        print("No user registration endpoint identified.")
        return

    # Save the identified endpoint to a JSON file
    save_user_registration_endpoint(user_registration_endpoint, user_reg_endpoint_path)
    print("User registration endpoint successfully identified and saved.")

if __name__ == "__main__":
    main()
'''

'\nimport json\nimport requests\n\n# File paths\n# base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"\nparsed_spec_path = f"{output_folder}parsed_spec.json"\nuser_reg_endpoint_path = f"{output_folder}endpoint_user_reg.json"\nmodel_url = "http://localhost:11434/api/generate"  # Ollama API endpoint\n# model_name = "qwen2.5-coder:7b"\n# model_name = "tinyllama:latest"\n\n\ndef find_user_registration_endpoint(parsed_spec, model_name=model_name):\n    """\n    Use the LLM to determine a user registration endpoint from the parsed OpenAPI spec.\n\n    Args:\n        parsed_spec (dict): The parsed OpenAPI spec JSON content.\n        model_name (str): The name of the LLM model to query.\n\n    Returns:\n        dict: The identified user registration endpoint.\n    """\n    # Pre-filter relevant data\n    endpoints = parsed_spec.get("endpoints", [])\n    relevant_endpoints = []\n\n    for endpoint in endpoints:\n        path = endpoint.get("path")\n        method = endpoint.get("meth

## Final Determine User Reg script
Determine API endpoints for user registration

In [9]:
import json
import requests

# File paths
# base_path = "/m2-data/jupyterNotebooks/api/test_runs/vampi-1/"
parsed_spec_path = f"{output_folder}parsed_spec.json"
user_reg_endpoint_path = f"{output_folder}endpoint_user_reg.json"
model_url = "http://localhost:11434/api/generate"  # Ollama API endpoint
model_name = "qwen2.5-coder:7b"
# model_name = "tinyllama:latest"



def find_user_registration_endpoint(parsed_spec, model_name=model_name):
    """
    Use the LLM to determine a user registration endpoint from the parsed OpenAPI spec.

    Args:
        parsed_spec (dict): The parsed OpenAPI spec JSON content.
        model_name (str): The name of the LLM model to query.

    Returns:
        dict: The identified user registration endpoint.
    """
    # Pre-filter relevant data
    endpoints = parsed_spec.get("endpoints", [])
    relevant_endpoints = []

    for endpoint in endpoints:
        path = endpoint.get("path")
        method = endpoint.get("method")
        request_body = endpoint.get("requestBody", {}).get("application/json", {}).get("schema", {})
        fields = request_body.get("properties", {})

        # Check for the required fields
        if all(key in fields for key in ["username", "password", "email"]):
            relevant_endpoints.append({
                "path": path,
                "method": method.upper(),
                "fields": list(fields.keys())
            })

    if not relevant_endpoints:
        print("No endpoints with user registration fields found in pre-filtering.")
        return {}

    # Updated prompt for the LLM
    prompt = (
        "From the following API paths and their fields, identify the most likely user registration endpoint. "
        "A user registration endpoint typically accepts input fields like 'username', 'email', and 'password' "
        "and returns a success response upon creating a new user. Return the result as a JSON object with keys "
        "'path' and 'method'.\n\n"
        f"Endpoints:\n{json.dumps(relevant_endpoints, indent=2)}\n\n"
    )
    payload = {
        "model": model_name,
        "prompt": prompt
    }

    try:
        # Query the model
        print("query LLM")
        print("model : ", model_name)
        print("prompt: ", prompt)
        response = requests.post(model_url, json=payload, stream=True)
        response.raise_for_status()

        # Process the streamed response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                try:
                    # Decode each line and append to result
                    result += chunk.decode('utf-8')
                except Exception:
                    pass

        # Attempt to parse the JSON response
        try:
            endpoint = json.loads(result)
            if "path" in endpoint and "method" in endpoint:
                return endpoint
        except json.JSONDecodeError:
            pass

    except Exception:
        pass

    # Fallback to the first relevant endpoint
    if relevant_endpoints:
        print("Fallback: Using the first pre-filtered endpoint.")
    return relevant_endpoints[0] if relevant_endpoints else {}

def save_user_registration_endpoint(endpoint, file_path):
    """
    Save the identified user registration endpoint to a JSON file.

    Args:
        endpoint (dict): The user registration endpoint.
        file_path (str): Path to save the JSON file.
    """
    try:
        with open(file_path, "w") as file:
            json.dump(endpoint, file, indent=4)
        print(f"User registration endpoint saved to: {file_path}")
    except Exception as e:
        print(f"Failed to save user registration endpoint: {e}")

def main():
    """
    Main function to analyze the spec and save the user registration endpoint.
    """
    # Load the parsed OpenAPI spec JSON file
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
    except Exception as e:
        print(f"Failed to load parsed spec: {e}")
        return

    # Use the LLM to find the user registration endpoint
    user_registration_endpoint = find_user_registration_endpoint(parsed_spec, model_name)

    if not user_registration_endpoint:
        print("No user registration endpoint identified.")
        return

    # Save the identified endpoint to a JSON file
    save_user_registration_endpoint(user_registration_endpoint, user_reg_endpoint_path)
    print("User registration endpoint successfully identified and saved.")

if __name__ == "__main__":
    main()


query LLM
model :  qwen2.5-coder:7b
prompt:  From the following API paths and their fields, identify the most likely user registration endpoint. A user registration endpoint typically accepts input fields like 'username', 'email', and 'password' and returns a success response upon creating a new user. Return the result as a JSON object with keys 'path' and 'method'.

Endpoints:
[
  {
    "path": "/users/v1/register",
    "method": "POST",
    "fields": [
      "username",
      "password",
      "email"
    ]
  }
]


Fallback: Using the first pre-filtered endpoint.
User registration endpoint saved to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20241229/endpoint_user_reg.json
User registration endpoint successfully identified and saved.


## Register Users

In [5]:
import json
import requests
import random
import string

# Configurations
domain_name = "test.com"  # Initial domain name for email addresses
num_users_to_create = 3  # Initial number of users to create

# File paths
user_reg_endpoint_path = f"{output_folder}endpoint_user_reg.json"
registered_users_path = f"{output_folder}registered_user_accounts.json"
parsed_spec_path = f"{output_folder}parsed_spec.json"

def load_base_url():
    """
    Load the base URL from the parsed OpenAPI spec JSON file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def generate_random_string(length=8):
    """
    Generate a random string of given length.

    Args:
        length (int): Length of the string.

    Returns:
        str: Randomly generated string.
    """
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

def generate_user_data():
    """
    Generate a dictionary with user registration data.

    Returns:
        dict: A dictionary containing user registration fields and values.
    """
    username = generate_random_string()
    password = generate_random_string(12)  # Longer password for security
    email = f"{username}@{domain_name}"
    return {
        "username": username,
        "password": password,
        "email": email
    }

def load_user_registration_endpoint():
    """
    Load the user registration endpoint from the JSON file.

    Returns:
        dict: The user registration endpoint details.
    """
    try:
        with open(user_reg_endpoint_path, "r") as file:
            return json.load(file)
    except Exception as e:
        print(f"Failed to load user registration endpoint: {e}")
        return {}

def save_registered_users(users):
    """
    Save the registered user account details to a JSON file.

    Args:
        users (list): A list of registered user account details.
    """
    try:
        with open(registered_users_path, "w") as file:
            json.dump(users, file, indent=4)
        print(f"Registered users saved to: {registered_users_path}")
    except Exception as e:
        print(f"Failed to save registered users: {e}")

def register_users(endpoint, base_url, num_users):
    """
    Register users using the specified endpoint.

    Args:
        endpoint (dict): The user registration endpoint.
        base_url (str): The base URL of the API.
        num_users (int): Number of users to create.

    Returns:
        list: A list of dictionaries containing user account details and registration status.
    """
    path = endpoint.get("path", "")
    method = endpoint.get("method", "POST").upper()

    if not base_url or not path:
        print("Invalid user registration endpoint configuration.")
        return []

    url = f"{base_url}{path}"
    users = []

    for _ in range(num_users):
        user_data = generate_user_data()
        try:
            response = requests.request(method, url, json=user_data)
            status = "Success" if response.status_code == 200 else f"Failed ({response.status_code})"
            user_data["registration_status"] = status
        except Exception as e:
            user_data["registration_status"] = f"Error: {e}"
        users.append(user_data)

    return users

def main():
    """
    Main function to create users.
    """
    # Load the base URL
    base_url = load_base_url()
    if not base_url:
        print("No base URL found. Exiting.")
        return

    # Load the user registration endpoint
    endpoint = load_user_registration_endpoint()
    if not endpoint:
        print("No user registration endpoint found. Exiting.")
        return

    # Register users
    registered_users = register_users(endpoint, base_url, num_users_to_create)

    # Save the registered users to a file
    save_registered_users(registered_users)

if __name__ == "__main__":
    main()


Failed to load base URL: [Errno 2] No such file or directory: '/m2-data/jupyterNotebooks/api/test_runs/crapi-20250101/parsed_spec.json'
No base URL found. Exiting.


### V2

Store request/response JSON values

In [11]:
import json
import requests
import random
import string

# Configurations
domain_name = "test.com"  # Initial domain name for email addresses
num_users_to_create = 3  # Initial number of users to create

# File paths
user_reg_endpoint_path = f"{output_folder}endpoint_user_reg.json"
registered_users_path = f"{output_folder}registered_user_accounts.json"
parsed_spec_path = f"{output_folder}parsed_spec.json"

def load_base_url():
    """
    Load the base URL from the parsed OpenAPI spec JSON file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def generate_random_string(length=8):
    """
    Generate a random string of given length.

    Args:
        length (int): Length of the string.

    Returns:
        str: Randomly generated string.
    """
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

def generate_user_data():
    """
    Generate a dictionary with user registration data.

    Returns:
        dict: A dictionary containing user registration fields and values.
    """
    username = generate_random_string()
    password = generate_random_string(12)  # Longer password for security
    email = f"{username}@{domain_name}"
    return {
        "username": username,
        "password": password,
        "email": email
    }

def load_user_registration_endpoint():
    """
    Load the user registration endpoint from the JSON file.

    Returns:
        dict: The user registration endpoint details.
    """
    try:
        with open(user_reg_endpoint_path, "r") as file:
            return json.load(file)
    except Exception as e:
        print(f"Failed to load user registration endpoint: {e}")
        return {}

def save_registered_users(users):
    """
    Save the registered user account details to a JSON file.

    Args:
        users (list): A list of registered user account details.
    """
    try:
        with open(registered_users_path, "w") as file:
            json.dump(users, file, indent=4)
        print(f"Registered users saved to: {registered_users_path}")
    except Exception as e:
        print(f"Failed to save registered users: {e}")

def register_users(endpoint, base_url, num_users):
    """
    Register users using the specified endpoint.

    Args:
        endpoint (dict): The user registration endpoint.
        base_url (str): The base URL of the API.
        num_users (int): Number of users to create.

    Returns:
        list: A list of dictionaries containing user account details, request payloads, and responses.
    """
    path = endpoint.get("path", "")
    method = endpoint.get("method", "POST").upper()

    if not base_url or not path:
        print("Invalid user registration endpoint configuration.")
        return []

    url = f"{base_url}{path}"
    users = []

    for _ in range(num_users):
        user_data = generate_user_data()
        try:
            response = requests.request(method, url, json=user_data)
            status = "Success" if response.status_code == 200 else f"Failed ({response.status_code})"
            users.append({
                "request": user_data,
                "response": response.json() if response.headers.get("Content-Type") == "application/json" else response.text,
                "registration_status": status
            })
        except Exception as e:
            users.append({
                "request": user_data,
                "response": str(e),
                "registration_status": f"Error: {e}"
            })

    return users

def main():
    """
    Main function to create users.
    """
    # Load the base URL
    base_url = load_base_url()
    if not base_url:
        print("No base URL found. Exiting.")
        return

    # Load the user registration endpoint
    endpoint = load_user_registration_endpoint()
    if not endpoint:
        print("No user registration endpoint found. Exiting.")
        return

    # Register users
    registered_users = register_users(endpoint, base_url, num_users_to_create)

    # Save the registered users to a file
    save_registered_users(registered_users)

if __name__ == "__main__":
    main()


Registered users saved to: /m2-data/jupyterNotebooks/api/test_runs/vampi-20241229/registered_user_accounts.json


## LLM - Get User Based Endpoints

In [12]:
import json
import yaml
import requests

# File paths
api_spec_path = f"/m2-data/jupyterNotebooks/api/spec/openapi3Vampi.json"  
# api_spec_path = f"/m2-data/jupyterNotebooks/api/spec/openapi3Vampi.yml"  
llm_results_path = f"{output_folder}llm_user_endpoints.json"


# LLM configuration
llm_url = "http://localhost:11434/api/generate"  # Ollama API endpoint
prompt_task = (
    "Analyze the following OpenAPI specification to identify user-related endpoints that require authentication. "
    "Focus on endpoints related to users, such as account management, authentication, or profile operations. "
    "For each endpoint, specify the HTTP method, path, and whether it requires authentication based on the spec's details."
)


def load_openapi_spec(file_path):
    """
    Load the OpenAPI spec from a YAML or JSON file.

    Args:
        file_path (str): Path to the OpenAPI spec file.

    Returns:
        dict: The OpenAPI spec content.
    """
    try:
        with open(file_path, "r") as file:
            if file_path.endswith(".yml") or file_path.endswith(".yaml"):
                return yaml.safe_load(file)
            elif file_path.endswith(".json"):
                return json.load(file)
    except Exception as e:
        print(f"Failed to load OpenAPI spec: {e}")
        return {}

def query_llm_for_user_endpoints(openapi_spec, llm_url, prompt_task):
    """
    Query the LLM to analyze the OpenAPI spec for user-related endpoints requiring authentication.

    Args:
        openapi_spec (dict): The OpenAPI spec content.
        llm_url (str): The LLM API endpoint.
        prompt_task (str): The task description for the LLM.

    Returns:
        dict: The LLM's analysis results.
    """
    prompt = (
        f"{prompt_task}\\n\\n"
        f"OpenAPI Spec:\\n{json.dumps(openapi_spec, indent=2)}\\n\\n"
        "Return the results as a JSON object with fields: path, method, and requires_authentication."
    )
    payload = {
        "model": model_name,
        "prompt": prompt
    }
    print("model : ", model_name)
    print("prompt : ", prompt)

    try:
        response = requests.post(llm_url, json=payload, stream=True)
        response.raise_for_status()

        # Stream and assemble the response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                result += chunk.decode('utf-8')

        # Debug: Print raw response for troubleshooting
        print(f"Raw LLM Response: {result}")

        # Attempt to parse the JSON response
        return json.loads(result)
    except json.JSONDecodeError as e:
        print(f"JSON parsing error: {e}")
        print(f"Raw LLM Response: {result}")
        return {}
    except Exception as e:
        print(f"Error querying LLM: {e}")
        return {}

def save_llm_results(results, file_path):
    """
    Save the LLM results to a JSON file.

    Args:
        results (dict): The LLM's analysis results.
        file_path (str): Path to save the JSON file.
    """
    try:
        with open(file_path, "w") as file:
            json.dump(results, file, indent=4)
        print(f"LLM results saved to: {file_path}")
    except Exception as e:
        print(f"Failed to save LLM results: {e}")

def main():
    """
    Main function to analyze the OpenAPI spec with an LLM.
    """
    # Load the OpenAPI spec
    openapi_spec = load_openapi_spec(api_spec_path)
    if not openapi_spec:
        print("No OpenAPI spec loaded. Exiting.")
        return

    # Query the LLM for user-related endpoints
    llm_results = query_llm_for_user_endpoints(openapi_spec, llm_url, prompt_task)

    # Save the LLM's analysis results
    save_llm_results(llm_results, llm_results_path)

if __name__ == "__main__":
    main()


model :  qwen2.5-coder:7b
prompt :  Analyze the following OpenAPI specification to identify user-related endpoints that require authentication. Focus on endpoints related to users, such as account management, authentication, or profile operations. For each endpoint, specify the HTTP method, path, and whether it requires authentication based on the spec's details.\n\nOpenAPI Spec:\n{
  "openapi": "3.0.1",
  "info": {
    "title": "VAmPI",
    "description": "OpenAPI v3 specs for VAmPI",
    "version": "0.1"
  },
  "servers": [
    {
      "url": "http://172.18.0.3:5000"
    }
  ],
  "components": {
    "securitySchemes": {
      "bearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT",
        "x-bearerInfoFunc": "models.user_model.User.decode_auth_token"
      }
    }
  },
  "paths": {
    "/createdb": {
      "get": {
        "tags": [
          "db-init"
        ],
        "summary": "Creates and populates the database with dummy data",
      

## Script based user endpoint generation

In [47]:
import json
import yaml


def load_openapi_spec():
    """
    Load OpenAPI specification from the provided spec file.

    Returns:
        dict: Parsed OpenAPI specification.
    """
    try:
        with open(api_spec_path, "r") as file:
            if api_spec_path.endswith(('.yml', '.yaml')):
                return yaml.safe_load(file)
            else:
                return json.load(file)
    except Exception as e:
        print(f"Error loading OpenAPI spec: {e}")
    return {}

def extract_endpoints_with_fields(openapi_spec):
    """
    Extract endpoints with detailed required fields from the OpenAPI spec.

    Args:
        openapi_spec (dict): Parsed OpenAPI specification.

    Returns:
        list: A list of endpoint dictionaries with paths, methods, and required fields.
    """
    endpoints = []
    paths = openapi_spec.get("paths", {})

    for path, methods in paths.items():
        for method, details in methods.items():
            endpoint_info = {
                "path": path,
                "method": method.upper(),
                "parameters": {},
            }

            # Extract parameters from requestBody
            request_body = details.get("requestBody", {}).get("content", {}).get("application/json", {})
            schema = request_body.get("schema", {}).get("properties", {})

            if schema:
                for field, field_details in schema.items():
                    endpoint_info["parameters"][field] = field_details.get("example", "")

            endpoints.append(endpoint_info)

    return endpoints

def save_programmatic_endpoints(endpoints):
    """
    Save extracted endpoints to the programmatic_user_endpoints.json file.

    Args:
        endpoints (list): List of endpoint dictionaries.
    """
    try:
        with open(f"{output_folder}programmatic_user_endpoints.json", "w") as file:
            json.dump(endpoints, file, indent=4)
        print(f"Saved programmatic endpoints to {output_folder}programmatic_user_endpoints.json")
    except Exception as e:
        print(f"Error saving programmatic endpoints: {e}")

def main():
    """
    Main function to generate programmatic endpoints.
    """
    openapi_spec = load_openapi_spec()
    if not openapi_spec:
        print("OpenAPI spec could not be loaded. Exiting.")
        return

    endpoints = extract_endpoints_with_fields(openapi_spec)
    if not endpoints:
        print("No endpoints found in the OpenAPI spec. Exiting.")
        return

    save_programmatic_endpoints(endpoints)

if __name__ == "__main__":
    main()


Saved programmatic endpoints to /m2-data/jupyterNotebooks/api/test_runs/vampi-20241229/programmatic_user_endpoints.json


## Get User Tokens

In [18]:
'''
only looks for 'token

import json
import requests

# File paths
registered_users_path = f"{output_folder}registered_user_accounts.json"
parsed_spec_path = f"{output_folder}parsed_spec.json"

def load_registered_users():
    """
    Load the registered user accounts from the JSON file.

    Returns:
        list: A list of registered user accounts.
    """
    try:
        with open(registered_users_path, "r") as file:
            return json.load(file)
    except Exception as e:
        print(f"Failed to load registered user accounts: {e}")
        return []

def load_base_url():
    """
    Load the base URL from the parsed OpenAPI spec JSON file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def save_registered_users(users):
    """
    Save the updated registered user accounts to the JSON file.

    Args:
        users (list): A list of updated registered user accounts.
    """
    try:
        with open(registered_users_path, "w") as file:
            json.dump(users, file, indent=4)
        print(f"Updated registered users saved to: {registered_users_path}")
    except Exception as e:
        print(f"Failed to save registered user accounts: {e}")

def login_user(base_url, username, password):
    login_endpoint = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(login_endpoint, json=payload)
        print(f"Response Status Code: {response.status_code}")
        print(f"Response Body: {response.text}")
        if response.status_code == 200:
            return response.json().get("token")
        else:
            print(f"Login failed for user {username}: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in user {username}: {e}")
    return None


def update_tokens():
    """
    Update the tokens for all users in the registered user accounts file.
    """
    users = load_registered_users()
    if not users:
        print("No registered users found. Exiting.")
        return

    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    for user in users:
        user_data = user.get("request", {})
        username = user_data.get("username")
        password = user_data.get("password")

        if not username or not password:
            print(f"Missing information for user: {user}. Skipping.")
            continue

        token = login_user(base_url, username, password)
        print(token)
        if token:
            user["token"] = token
        else:
            print(f"Failed to update token for user: {username}")

    save_registered_users(users)

if __name__ == "__main__":
    update_tokens()
'''

Response Status Code: 200
Response Body: {"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MDI4NjEsImlhdCI6MTczNTUwMjgwMSwic3ViIjoibTk2a3RmZTcifQ.xOMV_zSyQ0xlrPVzJoUm8VBNCyMjTBvnnDPf9TBoYZE", "message": "Successfully logged in.", "status": "success"}
None
Failed to update token for user: m96ktfe7
Response Status Code: 200
Response Body: {"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MDI4NjEsImlhdCI6MTczNTUwMjgwMSwic3ViIjoiMHo2ZHVoOGYifQ.ec-EYp9jRLXU-tGKpNJT96GSWH9-8AZFcO2Vaznj2J0", "message": "Successfully logged in.", "status": "success"}
None
Failed to update token for user: 0z6duh8f
Response Status Code: 200
Response Body: {"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MDI4NjEsImlhdCI6MTczNTUwMjgwMSwic3ViIjoiaHF0Y3Q5MDUifQ.CXhOAKgq-mTgz87HhWd7BIXRgJF3I3951Di7YbyiCCg", "message": "Successfully logged in.", "status": "success"}
None
Failed to update token for user: hqtct905
Updated registered users saved to: /m2-data/jupyt

### ID Token via Script

In [27]:
import json
import requests

# File paths
parsed_spec_path = f"{output_folder}parsed_spec.json"
registered_users_path = f"{output_folder}registered_user_accounts.json"

def load_base_url():
    """
    Load the base URL from the parsed OpenAPI spec JSON file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def login_user(base_url, username, password):
    """
    Log in a user to obtain a JWT token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        dict: The full response JSON from the login API.
    """
    login_endpoint = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(login_endpoint, json=payload)
        if response.status_code == 200:
            return response.json()
        else:
            print(f"Login failed: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in: {e}")
    return {}

def identify_token_field(response_json):
    """
    Dynamically identify the token field in the login response.

    Args:
        response_json (dict): The response JSON from the login API.

    Returns:
        tuple: The field name and token value if identified, None otherwise.
    """
    for key, value in response_json.items():
        if "token" in key.lower() and isinstance(value, str):
            return key, value
    return None, None

def main():
    """
    Main function to log in and identify the token field dynamically.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    # Load a user from the registered user accounts
    try:
        with open(registered_users_path, "r") as file:
            users = json.load(file)
            if not users:
                print("No users found in the registered user accounts file.")
                return

            # Use the first successfully registered user
            valid_users = [user for user in users if user.get("registration_status") == "Success"]
            if not valid_users:
                print("No valid registered users found.")
                return

            user = valid_users[0]
            username = user["request"]["username"]
            password = user["request"]["password"]
    except Exception as e:
        print(f"Error loading users: {e}")
        return

    # Log in the user
    response_json = login_user(base_url, username, password)

    # Check if login was successful
    if response_json.get("status", "").lower() != "success":
        print(f"Login failed. Response: {response_json}")
        return

    # Identify the token field
    field_name, token = identify_token_field(response_json)
    if token:
        print(f"Identified token field dynamically: {field_name} -> {token}")
    else:
        print(f"Token field not found in response: {response_json}")

if __name__ == "__main__":
    main()


Identified token field dynamically: auth_token -> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MDQ0OTYsImlhdCI6MTczNTUwNDQzNiwic3ViIjoibTk2a3RmZTcifQ.EZfKQD7rCMj6T6F7dfE-nUnA4OtaArqHvxVHf6TSOU4


### LLM Assisted Token ID

In [26]:
import json
import requests

# File paths
parsed_spec_path = f"{output_folder}parsed_spec.json"
registered_users_path = f"{output_folder}registered_user_accounts.json"

# LLM configuration
llm_url = "http://localhost:11434/api/generate"

def load_base_url():
    """
    Load the base URL from the parsed OpenAPI spec JSON file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(parsed_spec_path, "r") as file:
            parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def login_user(base_url, username, password):
    """
    Log in a user to obtain a JWT token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        dict: The full response JSON from the login API.
    """
    login_endpoint = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(login_endpoint, json=payload)
        if response.status_code == 200:
            return response.json()
        else:
            print(f"Login failed: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in: {e}")
    return {}

def query_llm_for_token_field(response_json):
    """
    Query the LLM to identify the token field in the response JSON.

    Args:
        response_json (dict): The response JSON from the login API.

    Returns:
        dict: A dictionary containing the field name and token value.
    """
    prompt = (
        "Analyze the following JSON response from a login API call to identify the field that contains the "
        "authentication token. Return the name of the field and its value as a JSON object with keys 'field_name' and 'token'.\n\n"
        f"Response JSON:\n{json.dumps(response_json, indent=2)}"
    )

    payload = {
        "model": model_name,
        "prompt": prompt
    }

    try:
        response = requests.post(llm_url, json=payload, stream=True)
        response.raise_for_status()

        # Stream and assemble the response incrementally
        result = ""
        for chunk in response.iter_lines():
            if chunk:
                result += chunk.decode('utf-8')

        # Parse the LLM result as JSON
        return json.loads(result.strip())
    except Exception as e:
        print(f"Error querying LLM: {e}")
    return {}

def main():
    """
    Main function to log in and identify the token field using an LLM.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    # Load a user from the registered user accounts
    try:
        with open(registered_users_path, "r") as file:
            users = json.load(file)
            if not users:
                print("No users found in the registered user accounts file.")
                return

            # Use the first successfully registered user
            valid_users = [user for user in users if user.get("registration_status") == "Success"]
            if not valid_users:
                print("No valid registered users found.")
                return

            user = valid_users[0]
            username = user["request"]["username"]
            password = user["request"]["password"]
    except Exception as e:
        print(f"Error loading users: {e}")
        return

    # Log in the user
    response_json = login_user(base_url, username, password)

    # Check if login was successful
    if response_json.get("status", "").lower() != "success":
        print(f"Login failed. Response: {response_json}")
        return

    # Query the LLM for the token field
    token_info = query_llm_for_token_field(response_json)
    if token_info:
        field_name = token_info.get("field_name")
        token = token_info.get("token")
        print(f"Identified token field using LLM: {field_name} -> {token}")
    else:
        print(f"LLM could not identify token field in response: {response_json}")

if __name__ == "__main__":
    main()


Error querying LLM: Extra data: line 1 column 105 (char 104)
LLM could not identify token field in response: {'auth_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MDQzMTAsImlhdCI6MTczNTUwNDI1MCwic3ViIjoibTk2a3RmZTcifQ.kl_FoV23B-mdn3ADFAf9L56wlNaY6hYDoy13B2Q8Zms', 'message': 'Successfully logged in.', 'status': 'success'}


### ID Token field via API Spec
Updates the registered_user_accounts.json file.

In [37]:
import json
import yaml
import requests

def load_base_url():
    """
    Load the base URL from the OpenAPI spec file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(api_spec_path, "r") as file:
            if api_spec_path.endswith(('.yml', '.yaml')):
                parsed_spec = yaml.safe_load(file)
            else:
                parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def login_user(base_url, username, password):
    """
    Log in a user to obtain a JWT token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        dict: The full response JSON from the login API.
    """
    login_endpoint = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(login_endpoint, json=payload)
        if response.status_code == 200:
            return response.json()
        else:
            print(f"Login failed: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in: {e}")
    return {}

def identify_token_field(response_json):
    """
    Dynamically identify the token field in the login response.

    Args:
        response_json (dict): The response JSON from the login API.

    Returns:
        tuple: The field name and token value if identified, None otherwise.
    """
    for key, value in response_json.items():
        if "token" in key.lower() and isinstance(value, str):
            return key, value
    return None, None

def update_token_field_name(field_name):
    """
    Update the token field name in the registered users JSON file.

    Args:
        field_name (str): The name of the token field.
    """
    try:
        with open(registered_users_path, "r") as file:
            data = json.load(file)

        # Add the token_field globally
        if isinstance(data, list):
            data = {"token_field": field_name, "users": data}
        else:
            data["token_field"] = field_name

        with open(registered_users_path, "w") as file:
            json.dump(data, file, indent=4)
        print(f"Updated token field name in user JSON: {field_name}")
    except Exception as e:
        print(f"Failed to update token field name: {e}")


def main():
    """
    Main function to log in and identify the token field dynamically.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    # Load a user from the registered user accounts
    try:
        with open(registered_users_path, "r") as file:
            users = json.load(file)
            if not users:
                print("No users found in the registered user accounts file.")
                return

            # Use the first successfully registered user
            valid_users = [user for user in users if user.get("registration_status") == "Success"]
            if not valid_users:
                print("No valid registered users found.")
                return

            user = valid_users[0]
            username = user["request"]["username"]
            password = user["request"]["password"]
    except Exception as e:
        print(f"Error loading users: {e}")
        return

    # Log in the user
    response_json = login_user(base_url, username, password)

    # Check if login was successful
    if response_json.get("status", "").lower() != "success":
        print(f"Login failed. Response: {response_json}")
        return

    # Identify the token field
    field_name, token = identify_token_field(response_json)
    if token:
        print(f"Identified token field dynamically: {field_name} -> {token}")
        update_token_field_name(field_name)
    else:
        print(f"Token field not found in response: {response_json}")

if __name__ == "__main__":
    main()


Identified token field dynamically: auth_token -> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MTMwNDksImlhdCI6MTczNTUxMjk4OSwic3ViIjoibTk2a3RmZTcifQ.CqVeE0TcCICHx_eQQch354uBQwhuCkuCSAVb70Y_KsA
Updated token field name in user JSON: auth_token


## Generate Tokens
Generate and add tokens to the registered_user_accounts.json file

In [50]:
import json
import requests

def load_base_url():
    """
    Load the base URL from the OpenAPI spec file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(api_spec_path, "r") as file:
            if api_spec_path.endswith(('.yml', '.yaml')):
                parsed_spec = yaml.safe_load(file)
            else:
                parsed_spec = json.load(file)
            servers = parsed_spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Failed to load base URL: {e}")
    return ""

def login_user(base_url, username, password):
    """
    Log in a user to obtain a JWT token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        dict: The full response JSON from the login API.
    """
    login_endpoint = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(login_endpoint, json=payload)
        if response.status_code == 200:
            return response.json()
        else:
            print(f"Login failed: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in: {e}")
    return {}

def identify_token_field(response_json):
    """
    Dynamically identify the token field in the login response.

    Args:
        response_json (dict): The response JSON from the login API.

    Returns:
        tuple: The field name and token value if identified, None otherwise.
    """
    for key, value in response_json.items():
        if "token" in key.lower() and isinstance(value, str):
            return key, value
    return None, None

def update_users_with_tokens(base_url):
    """
    Update the registered users JSON file with tokens for all users.

    Args:
        base_url (str): The base URL of the API.
    """
    try:
        with open(registered_users_path, "r") as file:
            data = json.load(file)

        token_field = data.get("token_field")
        users = data.get("users", [])

        if not users:
            print("No users found in the registered user accounts file.")
            return

        for user in users:
            if user.get("registration_status") != "Success":
                continue

            username = user.get("request", {}).get("username")
            password = user.get("request", {}).get("password")

            if not username or not password:
                print(f"Missing username or password for user: {user}")
                continue

            # Log in the user
            response_json = login_user(base_url, username, password)

            # Check if login was successful
            if response_json.get("status", "").lower() != "success":
                print(f"Login failed for user {username}. Response: {response_json}")
                continue

            # Identify the token field
            field_name, token = identify_token_field(response_json)
            if token:
                print(f"Generated token for {username}: {token}")
                user[token_field] = token
            else:
                print(f"Token field not found for user {username}. Response: {response_json}")

        # Save the updated users file
        data["users"] = users
        with open(registered_users_path, "w") as file:
            json.dump(data, file, indent=4)
        print("Updated registered users JSON file with tokens.")

    except json.JSONDecodeError as e:
        print(f"Error decoding JSON file: {e}")
    except Exception as e:
        print(f"Failed to update users with tokens: {e}")

def main():
    """
    Main function to update users with tokens.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    update_users_with_tokens(base_url)

if __name__ == "__main__":
    main()


Generated token for m96ktfe7: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzU1MTY3ODEsImlhdCI6MTczNTUxNjcyMSwic3ViIjoibTk2a3RmZTcifQ.PyatNWbslTJk0B8_2LnTgDK0TNM2NaQgdHhuQAOVOLM
Login failed for user 0z6duh8f. Response: {'status': 'fail', 'message': 'Username or Password Incorrect!'}
Login failed for user hqtct905. Response: {'status': 'fail', 'message': 'Username or Password Incorrect!'}
Updated registered users JSON file with tokens.


## Generate User Traffic

In [56]:
import json
import requests
import yaml
import uuid

def load_registered_users():
    """
    Load all registered users from the JSON file.

    Returns:
        dict: The full content of the registered users JSON file.
    """
    try:
        with open(f"{output_folder}registered_user_accounts.json", "r") as file:
            return json.load(file)
    except Exception as e:
        print(f"Error loading registered users: {e}")
    return {"users": [], "token_field": "auth_token"}

def save_registered_users(data):
    """
    Save updated registered users back to the JSON file.

    Args:
        data (dict): The updated content of the registered users JSON file.
    """
    try:
        with open(f"{output_folder}registered_user_accounts.json", "w") as file:
            json.dump(data, file, indent=4)
        print("Updated registered users JSON file.")
    except Exception as e:
        print(f"Error saving registered users: {e}")

def create_new_user(base_url):
    """
    Create a new user using the registration endpoint.

    Args:
        base_url (str): The base URL of the API.

    Returns:
        dict: The new user's credentials and registration status.
    """
    username = f"user_{uuid.uuid4().hex[:8]}"
    email = f"{username}@test.com"
    password = "TestPassword123!"

    url = f"{base_url}/users/v1/register"
    payload = {"username": username, "email": email, "password": password}

    try:
        response = requests.post(url, json=payload)
        if response.status_code == 200:
            print(f"User {username} registered successfully.")
            return {
                "request": payload,
                "response": response.json(),
                "registration_status": "Success"
            }
        else:
            print(f"Failed to register user {username}: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error registering user {username}: {e}")

    return {
        "request": payload,
        "response": {},
        "registration_status": "Failed"
    }

def login_user(base_url, username, password):
    """
    Log in a user and retrieve their token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        str: The authentication token, if successful.
    """
    url = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(url, json=payload)
        if response.status_code == 200:
            response_json = response.json()
            token_field = next((key for key in response_json if "token" in key.lower()), None)
            if token_field:
                print(f"User {username} logged in successfully.")
                return response_json[token_field]
        else:
            print(f"Login failed for user {username}: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in user {username}: {e}")

    return None

def send_request(base_url, endpoint, user):
    """
    Send an authenticated request to an endpoint.

    Args:
        base_url (str): The base URL of the API.
        endpoint (dict): The endpoint information (path, method, parameters).
        user (dict): The registered user data (credentials and token).

    Returns:
        tuple: A tuple containing the request payload and the response JSON.
    """
    path = endpoint["path"]

    # Replace path variables with user data
    for key, value in user.items():
        placeholder = f"{{{key}}}"
        if placeholder in path:
            path = path.replace(placeholder, value)

    url = f"{base_url}{path}"
    headers = {"Authorization": f"Bearer {user['token']}"}
    method = endpoint.get("method", "GET").upper()
    parameters = endpoint.get("parameters", {}).copy()

    # Populate dynamic fields with user data
    for field in parameters:
        if field in user:
            parameters[field] = user[field]

    try:
        if method == "GET":
            response = requests.get(url, headers=headers, params=parameters)
            # troubleshooting
            print(f"Raw Response: {response.text}")
            return parameters, response.json()
        elif method == "POST":
            response = requests.post(url, headers=headers, json=parameters)
            return parameters, response.json()
        elif method == "PUT":
            response = requests.put(url, headers=headers, json=parameters)
            return parameters, response.json()
        elif method == "DELETE":
            response = requests.delete(url, headers=headers, json=parameters)
            return parameters, response.json()
        else:
            print(f"Unsupported method: {method}")
    except Exception as e:
        print(f"Error sending request to {url}: {e}")
    return parameters, None

def generate_traffic():
    """
    Generate traffic for user endpoints and save requests and responses.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    # Create a new user
    registered_users = load_registered_users()
    new_user_data = create_new_user(base_url)
    if new_user_data["registration_status"] != "Success":
        print("Failed to create a new user. Exiting.")
        return

    # Add the new user to the registered users file
    registered_users["users"].append(new_user_data)

    # Log in the new user
    new_user = new_user_data["request"]
    new_user["token"] = login_user(base_url, new_user["username"], new_user["password"])

    if not new_user["token"]:
        print("Failed to log in the new user. Exiting.")
        return

    save_registered_users(registered_users)

    # Load programmatic endpoints
    endpoints = load_programmatic_endpoints()
    if not endpoints:
        print("No user endpoints found in the programmatic endpoints file. Exiting.")
        return

    traffic_data = []

    for endpoint in endpoints:
        request_payload, response_payload = send_request(base_url, endpoint, new_user)
        if response_payload is not None:
            traffic_data.append({
                "endpoint": endpoint["path"],
                "method": endpoint["method"],
                "request": request_payload,
                "response": response_payload
            })

    # Save the traffic data
    try:
        with open(f"{output_folder}user_requests_responses.json", "w") as file:
            json.dump(traffic_data, file, indent=4)
        print(f"Saved user requests and responses to {output_folder}user_requests_responses.json")
    except Exception as e:
        print(f"Error saving user requests and responses: {e}")

if __name__ == "__main__":
    generate_traffic()


User user_bd3c528c registered successfully.
User user_bd3c528c logged in successfully.
Updated registered users JSON file.
Raw Response: { "message": "Database populated." }
Raw Response: { "message": "VAmPI the Vulnerable API", "help": "VAmPI is a vulnerable on purpose API. It was created in order to evaluate the efficiency of third party tools in identifying vulnerabilities in APIs but it can also be used in learning/teaching purposes.", "vulnerable":0}
Raw Response: {
  "users": [
    {
      "email": "mail1@mail.com",
      "username": "name1"
    },
    {
      "email": "mail2@mail.com",
      "username": "name2"
    },
    {
      "email": "admin@mail.com",
      "username": "admin"
    }
  ]
}

Raw Response: {
  "users": [
    {
      "admin": false,
      "email": "mail1@mail.com",
      "password": "pass1",
      "username": "name1"
    },
    {
      "admin": false,
      "email": "mail2@mail.com",
      "password": "pass2",
      "username": "name2"
    },
    {
      "admin

## try 2

In [4]:
import json
import requests
import yaml
import uuid

def load_registered_users():
    """
    Load all registered users from the JSON file.

    Returns:
        dict: The full content of the registered users JSON file.
    """
    try:
        with open(f"{output_folder}registered_user_accounts.json", "r") as file:
            return json.load(file)
    except Exception as e:
        print(f"Error loading registered users: {e}")
    return {"users": [], "token_field": "auth_token"}

def save_registered_users(data):
    """
    Save updated registered users back to the JSON file.

    Args:
        data (dict): The updated content of the registered users JSON file.
    """
    try:
        with open(f"{output_folder}registered_user_accounts.json", "w") as file:
            json.dump(data, file, indent=4)
        print("Updated registered users JSON file.")
    except Exception as e:
        print(f"Error saving registered users: {e}")

def create_new_user(base_url):
    """
    Create a new user using the registration endpoint.

    Args:
        base_url (str): The base URL of the API.

    Returns:
        dict: The new user's credentials and registration status.
    """
    username = f"user_{uuid.uuid4().hex[:8]}"
    email = f"{username}@test.com"
    password = "TestPassword123!"

    url = f"{base_url}/users/v1/register"
    payload = {"username": username, "email": email, "password": password}

    try:
        response = requests.post(url, json=payload)
        if response.status_code == 200:
            print(f"User {username} registered successfully.")
            return {
                "request": payload,
                "response": response.json(),
                "registration_status": "Success"
            }
        else:
            print(f"Failed to register user {username}: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error registering user {username}: {e}")

    return {
        "request": payload,
        "response": {},
        "registration_status": "Failed"
    }

def login_user(base_url, username, password):
    """
    Log in a user and retrieve their token.

    Args:
        base_url (str): The base URL of the API.
        username (str): The username of the user.
        password (str): The password of the user.

    Returns:
        str: The authentication token, if successful.
    """
    url = f"{base_url}/users/v1/login"
    payload = {"username": username, "password": password}

    try:
        response = requests.post(url, json=payload)
        if response.status_code == 200:
            response_json = response.json()
            token_field = next((key for key in response_json if "token" in key.lower()), None)
            if token_field:
                print(f"User {username} logged in successfully.")
                return response_json[token_field]
        else:
            print(f"Login failed for user {username}: {response.status_code}, {response.text}")
    except Exception as e:
        print(f"Error logging in user {username}: {e}")

    return None

def send_request(base_url, endpoint, user):
    """
    Send an authenticated request to an endpoint.

    Args:
        base_url (str): The base URL of the API.
        endpoint (dict): The endpoint information (path, method, parameters).
        user (dict): The registered user data (credentials and token).

    Returns:
        tuple: A tuple containing the request payload and the response JSON.
    """
    path = endpoint["path"]

    # Replace path variables with user data
    for key, value in user.items():
        placeholder = f"{{{key}}}"
        if placeholder in path:
            path = path.replace(placeholder, value)

    url = f"{base_url}{path}"
    headers = {"Authorization": f"Bearer {user['token']}"}
    method = endpoint.get("method", "GET").upper()
    parameters = endpoint.get("parameters", {}).copy()

    # Populate dynamic fields with user data
    for field in parameters:
        if field in user:
            parameters[field] = user[field]

    try:
        if method == "GET":
            response = requests.get(url, headers=headers, params=parameters)
            return parameters, response.json()
        elif method == "POST":
            response = requests.post(url, headers=headers, json=parameters)
            return parameters, response.json()
        elif method == "PUT":
            response = requests.put(url, headers=headers, json=parameters)
            return parameters, response.json()
        elif method == "DELETE":
            response = requests.delete(url, headers=headers, json=parameters)
            return parameters, response.json()
        else:
            print(f"Unsupported method: {method}")
    except Exception as e:
        print(f"Error sending request to {url}: {e}")
    return parameters, None

def load_base_url():
    """
    Load the base URL from the OpenAPI spec file.

    Returns:
        str: The base URL of the API.
    """
    try:
        with open(api_spec_path, "r") as file:
            if api_spec_path.endswith(('.yml', '.yaml')):
                spec = yaml.safe_load(file)
            else:
                spec = json.load(file)
            servers = spec.get("servers", [])
            if servers and "url" in servers[0]:
                return servers[0]["url"]
    except Exception as e:
        print(f"Error loading base URL from spec: {e}")
    return ""

def generate_traffic():
    """
    Generate traffic for user endpoints and save requests and responses.
    """
    base_url = load_base_url()
    if not base_url:
        print("Base URL not found. Exiting.")
        return

    # Create a new user
    registered_users = load_registered_users()
    new_user_data = create_new_user(base_url)
    if new_user_data["registration_status"] != "Success":
        print("Failed to create a new user. Exiting.")
        return

    # Add the new user to the registered users file
    registered_users["users"].append(new_user_data)

    # Log in the new user
    new_user = new_user_data["request"]
    new_user["token"] = login_user(base_url, new_user["username"], new_user["password"])

    if not new_user["token"]:
        print("Failed to log in the new user. Exiting.")
        return

    save_registered_users(registered_users)

    # Load programmatic endpoints
    endpoints = load_programmatic_endpoints()
    if not endpoints:
        print("No user endpoints found in the programmatic endpoints file. Exiting.")
        return

    traffic_data = []

    for endpoint in endpoints:
        request_payload, response_payload = send_request(base_url, endpoint, new_user)
        if response_payload is not None:
            traffic_data.append({
                "endpoint": endpoint["path"],
                "method": endpoint["method"],
                "request": request_payload,
                "response": response_payload
            })

    # Save the traffic data
    try:
        with open(f"{output_folder}user_requests_responses.json", "w") as file:
            json.dump(traffic_data, file, indent=4)
        print(f"Saved user requests and responses to {output_folder}user_requests_responses.json")
    except Exception as e:
        print(f"Error saving user requests and responses: {e}")

if __name__ == "__main__":
    generate_traffic()


User user_264733b1 registered successfully.
User user_264733b1 logged in successfully.
Updated registered users JSON file.


NameError: name 'load_programmatic_endpoints' is not defined