Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] A way to avoid sending \x00 in headers from securitySchemes #1562

Closed
2 tasks done
roukmoute opened this issue Jul 18, 2022 · 1 comment · Fixed by #1904
Closed
2 tasks done

[BUG] A way to avoid sending \x00 in headers from securitySchemes #1562

roukmoute opened this issue Jul 18, 2022 · 1 comment · Fixed by #1904
Assignees
@Stranger6667
Labels
Type: Feature New functionalities or enhancements
Milestone
3.22

Comments

@roukmoute
Copy link

roukmoute commented Jul 18, 2022
edited

Checklist

Describe the bug

Hi,

To Reproduce
Steps to reproduce the behavior:

  1. Run this command:
docker run --network=host -v $PWD:/api -w /api schemathesis/schemathesis:stable run --checks all openapi.json --base-url=http://localhost:8080 --endpoint=/api/test --method=DELETE --hypothesis-max-examples=1
  1. See error

I can't handle it from my application because it was stopped by Nginx.

=================================== FAILURES ===================================
____________________________ DELETE /api/test [P] _____________________________
1. Received a response with a status code, which is not defined in the schema: 400

Declared status codes: 202, 404

Headers         : {'FOO-BAR': '\x00', 'User-Agent': 'schemathesis/3.15.6', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Schemathesis-TestCaseId': '85485ba4cac64d5cacee44e52b51d1d7', 'Content-Type': 'application/json', 'Content-Length': '12'}

----------

Response status: 400
Response payload: `<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>
`

Run this cURL command to reproduce this failure: 

    curl -X DELETE -H 'Accept: */*' -H 'Accept-Encoding: gzip, deflate' -H 'Connection: keep-alive' -H 'Content-Length: 12' -H 'Content-Type: application/json' -H 'User-Agent: schemathesis/3.15.6' -H 'X-Schemathesis-TestCaseId: 85485ba4cac64d5cacee44e52b51d1d7' -H 'FOO-BAR: ' http://localhost:8006/api/test

=================================== SUMMARY ====================================

Performed checks:
    not_a_server_error                              12 / 12 passed          PASSED 
    status_code_conformance                         9 / 12 passed           FAILED 
    content_type_conformance                        12 / 12 passed          PASSED 
    response_headers_conformance                    12 / 12 passed          PASSED 
    response_schema_conformance                     12 / 12 passed          PASSED 

============================== 1 failed in 9.76s ===============================

If possible, please post a minimal version of your API schema that cause this behavior:

{
  "openapi": "3.0.3",
  "paths": {
    "/api/test": {
      "delete": {
        "operationId": "deleteId",
        "summary": "Remove file",
        "description": "Remove a specific file",
        "security": [
          {
            "FOOBAR": []
          }
        ]
      }
    }
  },
  "components": {
    "securitySchemes": {
      "FOOBAR": {
        "type": "apiKey",
        "in": "header",
        "name": "FOO-BAR"
      }
    }
  }
}

Expected behavior

A valid status code.
I know it's come from apiKey FOOBAR, because if I remove it, it works:

DELETE /api/test .                                                       [100%]

=================================== SUMMARY ====================================

Performed checks:
    not_a_server_error                              1 / 1 passed          PASSED 
    status_code_conformance                         1 / 1 passed          PASSED 
    content_type_conformance                        1 / 1 passed          PASSED 
    response_headers_conformance                    1 / 1 passed          PASSED 
    response_schema_conformance                     1 / 1 passed          PASSED 

============================== 1 passed in 1.09s ===============================

Environment (please complete the following information):

  • OS: Linux
  • Schemathesis version: schemathesis, version 3.15.6
  • Spec version: Open API 3.0.3

Additional context

I've searched for a fix from Nginx, but I don't find it.
Do you have any idea how can I fix that?
Perhaps by do not testing this kind of char from a config schemathesis file?
@roukmoute roukmoute added Status: Needs Triage Requires initial assessment to categorize and prioritize Type: Bug Errors or unexpected behavior labels Jul 18, 2022
@Zac-HD Zac-HD mentioned this issue Feb 20, 2023
Closed
@Stranger6667 Stranger6667 added this to the 3.21 milestone Oct 9, 2023
@Stranger6667 Stranger6667 removed the Status: Needs Triage Requires initial assessment to categorize and prioritize label Oct 11, 2023
@Stranger6667
Copy link
Member

Extremely long overdue, but in Schemathesis 3.21 I will integrate the recent changes from Hypothesis and make this configurable. Additionally, we may consider more helpful error messages when it happens + document this behavior in our docs.

@Stranger6667 Stranger6667 removed the Type: Bug Errors or unexpected behavior label Oct 11, 2023
@Stranger6667 Stranger6667 changed the title [BUG] send \x00 in header from securitySchemes with Nginx [BUG] A way to avoid sending \x00 in headers from securitySchemes Oct 11, 2023
@Stranger6667 Stranger6667 added the Type: Feature New functionalities or enhancements label Oct 11, 2023
Stranger6667 added a commit that referenced this issue Nov 29, 2023
@Stranger6667
feat: A way to control what characters are used for string generation
2ee6053 
Ref: #1142, #1286, #1562, #1668
Stranger6667 added a commit that referenced this issue Nov 29, 2023
@Stranger6667
feat: A way to control what characters are used for string generation
9912192 
Ref: #1142, #1286, #1562, #1668
@Stranger6667 Stranger6667 mentioned this issue Nov 29, 2023
Merged
Stranger6667 added a commit that referenced this issue Nov 29, 2023
@Stranger6667
feat: A way to control what characters are used for string generation
0ccd191 
Ref: #1142, #1286, #1562, #1668
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Stranger6667 Stranger6667

Labels
Type: Feature New functionalities or enhancements
Projects
None yet
Milestone
3.22
Development

Successfully merging a pull request may close this issue.

feat: A way to control what characters are used for string generation schemathesis/schemathesis
2 participants
@Stranger6667 @roukmoute