Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with OAS file using restest-cli.jar #271

Open
henning410 opened this issue May 14, 2024 · 3 comments
Open

Problem with OAS file using restest-cli.jar #271

henning410 opened this issue May 14, 2024 · 3 comments

Comments

@henning410
Copy link

I run the command:
java -jar ./target/restest-cli.jar -o /home/user/Desktop/vulnerable-nestjs-app/api.yaml
and get the following error:

2024-05-14 10:54:27 INFO  CreateTestConf:58 - Test configuration file generated in path /home/user/Desktop/vulnerable-nestjs-app/testConf.yaml
File copied successfully.
File updated successfully.
2024-05-14 10:54:27 INFO  RESTestLoader:197 - Loading configuration parameter values
2024-05-14 10:54:27 INFO  RESTestLoader:200 - Generator: RT
2024-05-14 10:54:27 INFO  RESTestLoader:203 - OAS path: /home/user/Desktop/vulnerable-nestjs-app/api.yaml
2024-05-14 10:54:27 INFO  RESTestLoader:206 - Test configuration path: /home/user/Desktop/vulnerable-nestjs-app/testConf.yaml
2024-05-14 10:54:27 INFO  RESTestLoader:209 - Target dir for test classes: src/generation/java/restassured
2024-05-14 10:54:27 INFO  RESTestLoader:212 - Experiment name: restassured
2024-05-14 10:54:27 INFO  RESTestLoader:217 - Experiment execution: true
2024-05-14 10:54:27 INFO  RESTestLoader:222 - Allure reports: true
2024-05-14 10:54:27 INFO  RESTestLoader:226 - Allure reports path: target/allure-reports
2024-05-14 10:54:27 INFO  RESTestLoader:235 - Proxy: null
2024-05-14 10:54:27 INFO  RESTestLoader:239 - Check test cases: false
2024-05-14 10:54:27 INFO  RESTestLoader:242 - Test class name: RESTestExperiment
2024-05-14 10:54:27 INFO  RESTestLoader:245 - Package name: restest
2024-05-14 10:54:27 INFO  RESTestLoader:249 - Number of test cases per operation: 10
2024-05-14 10:54:27 INFO  RESTestLoader:253 - Max number of test cases: -1
2024-05-14 10:54:27 INFO  RESTestLoader:257 - Time delay: -1
2024-05-14 10:54:27 INFO  RESTestLoader:261 - Input data reloading  (CBT): 100
2024-05-14 10:54:27 INFO  RESTestLoader:265 - Max input test data (CBT): 1000
2024-05-14 10:54:27 INFO  RESTestLoader:269 - Input coverage: false
2024-05-14 10:54:27 INFO  RESTestLoader:273 - Output coverage: false
2024-05-14 10:54:27 INFO  RESTestLoader:277 - CSV statistics: true
2024-05-14 10:54:27 INFO  RESTestLoader:281 - Delete previous results: true
2024-05-14 10:54:27 INFO  RESTestLoader:285 - Similarity metric: LEVENSHTEIN
2024-05-14 10:54:27 INFO  RESTestLoader:289 - Number of candidates: 100
2024-05-14 10:54:27 INFO  RESTestLoader:293 - Faulty ratio: 0.1
2024-05-14 10:54:27 INFO  RESTestLoader:297 - Faulty dependency ratio: 0.5
2024-05-14 10:54:27 INFO  RESTestRunner:45 - Generating RESTest workflow...
2024-05-14 10:54:27 INFO  RESTestRunner:73 - Running workflow (generation -> execution -> reporting)...
2024-05-14 10:54:27 INFO  RESTestWorkflow:99 - Generating tests
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "io.swagger.v3.oas.models.media.Schema.getType()" is null
        at es.us.isa.restest.inputs.stateful.BodyGenerator.generateStatefulObjectNode(BodyGenerator.java:106)
        at es.us.isa.restest.inputs.stateful.BodyGenerator.nextValue(BodyGenerator.java:81)
        at es.us.isa.restest.inputs.stateful.BodyGenerator.nextValueAsString(BodyGenerator.java:217)
        at es.us.isa.restest.inputs.stateful.BodyGenerator.nextValueAsString(BodyGenerator.java:226)
        at es.us.isa.restest.generators.AbstractTestCaseGenerator.generateRandomValidTestCase(AbstractTestCaseGenerator.java:272)
        at es.us.isa.restest.generators.RandomTestCaseGenerator.generateNextTestCase(RandomTestCaseGenerator.java:64)
        at es.us.isa.restest.generators.RandomTestCaseGenerator.generateOperationTestCases(RandomTestCaseGenerator.java:42)
        at es.us.isa.restest.generators.AbstractTestCaseGenerator.generate(AbstractTestCaseGenerator.java:247)
        at es.us.isa.restest.generators.AbstractTestCaseGenerator.generate(AbstractTestCaseGenerator.java:165)
        at es.us.isa.restest.generators.AbstractTestCaseGenerator.generate(AbstractTestCaseGenerator.java:221)
        at es.us.isa.restest.runners.RESTestWorkflow.testGeneration(RESTestWorkflow.java:101)
        at es.us.isa.restest.runners.RESTestWorkflow.run(RESTestWorkflow.java:63)
        at es.us.isa.restest.runners.RESTestRunner.run(RESTestRunner.java:74)
        at es.us.isa.restest.cli.RESTestCLI.cli(RESTestCLI.java:130)
        at es.us.isa.restest.cli.RESTestCLI.main(RESTestCLI.java:36)
@josgarmar31
Copy link
Collaborator

Could you provide me with the OAS specification you are using?

@henning410
Copy link
Author

Sure, here:

---
openapi: 3.0.0
paths:
  "/isAlive":
    head:
      operationId: AppController_checkServerStatus
      summary: Check if app is alive
      parameters: []
      responses:
        '200':
          description: App is alive
  "/testStatusCodes":
    get:
      operationId: AppController_testStatusCodes
      summary: Check if fuzzer recognizes wrong status codes
      parameters: []
      responses:
        '200':
          description: 200 is returned
        '400':
          description: 400 is returned
  "/person":
    post:
      operationId: PersonController_createUser
      summary: Create new person
      parameters: []
      requestBody:
        required: true
        description: Person to insert
        content:
          application/json:
            schema:
              "$ref": "#/components/schemas/CreatePersonDto"
      responses:
        '201':
          description: Person has been successfully created.
        '400':
          description: Bad Request, some fileds are missing
        '403':
          description: Username already exists
        '500':
          description: Error creating user
      tags:
      - person
  "/person/{id}":
    put:
      operationId: PersonController_updateUser
      summary: Update a person
      parameters:
      - name: id
        required: true
        in: path
        description: ID of the person
        example: 1
        schema:
          type: number
      requestBody:
        required: true
        description: Person to update
        content:
          application/json:
            schema:
              example:
                username: NewUserName
      responses:
        '302':
          description: Return the updated person
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Person"
        '400':
          description: Id is in wrong format.
        '404':
          description: Person not found
      tags:
      - person
    delete:
      operationId: PersonController_remove
      summary: Delete a person by ID
      parameters:
      - name: id
        required: true
        in: path
        example: 1
        description: Person ID
        schema:
          type: number
      responses:
        '200':
          description: The person has been successfully deleted
        '400':
          description: Id is in wrong format.
        '404':
          description: Person not found.
      tags:
      - person
  "/login":
    get:
      operationId: LoginController_login
      summary: Login user with username and password
      parameters:
      - name: username
        required: true
        in: query
        description: Username of person
        example: john_doe
        schema:
          type: string
      - name: password
        required: true
        in: query
        description: Password of person
        example: password1234
        schema:
          type: string
      responses:
        '200':
          description: Login successfull
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Person"
        '401':
          description: Login credentials wrong
      tags:
      - login
  "/persons":
    get:
      operationId: PersonsController_getAllUser
      summary: Get all persons
      parameters: []
      responses:
        '200':
          description: Return all persons
          content:
            application/json:
              schema:
                type: array
                items:
                  "$ref": "#/components/schemas/Person"
      tags:
      - persons
  "/persons/{id}":
    get:
      operationId: PersonsController_getUser
      summary: Get person by ID
      parameters:
      - name: id
        required: true
        in: path
        example: 1
        description: ID of the person
        schema:
          type: number
      responses:
        '200':
          description: Return the person with the specific ID
          content:
            application/json:
              schema:
                "$ref": "#/components/schemas/Person"
        '400':
          description: Id is in wrong format.
        '404':
          description: Person not found
      tags:
      - persons
info:
  title: Vulnerable ToDo app
  description: This API is vulnerable to SQL injection
  version: '1.0'
  contact: {}
tags:
- name: person
  description: ''
- name: persons
  description: ''
- name: login
  description: ''
servers:
- url: http://localhost:3000/
  description: Local environment
components:
  schemas:
    CreatePersonDto:
      type: object
      properties:
        username:
          type: string
          example: john_doe
          description: The username of the person
        email:
          type: string
          example: john@example.com
          description: The email address of the person
        password:
          type: string
          example: password1234
          description: The password of the person
      required:
      - username
      - email
      - password
    Person:
      type: object
      properties:
        id:
          type: number
          example: 1
          description: ID of the user
        username:
          type: string
          example: henning
          description: Username of the user
        email:
          type: string
          example: test@test.de
          description: Email of the user
        password:
          type: string
          example: '1234'
          description: Password of the user
      required:
      - id
      - username
      - email
      - password

@josgarmar31
Copy link
Collaborator

Good afternoon,

I apologize for the delay in our response. We are currently investigating the cause of the reported error and are working to find a solution as quickly as possible. We appreciate your patience and understanding during this process.

Thank you very much for your cooperation and for waiting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants