Merge remote-tracking branch 'origin/modules_infra_v2_basic_modules' …

…into modules_infra_v2_basic_modules
danielvladco · Apr 11, 2022 · c0c119b · c0c119b
2 parents a405007 + 849f5da
commit c0c119b
Show file tree

Hide file tree

Showing 14 changed files with 1,223 additions and 43 deletions.
diff --git a/backend/pkg/backend/fake.go b/backend/pkg/backend/fake.go
@@ -97,6 +97,7 @@ func putProvidedSpecLocally(root string) {
 	putProvidedSpecLocallyImp(root, "provided_spec.json", 1)
 	putProvidedSpecLocallyImp(root, "petstorev2.json", 2)
 	putProvidedSpecLocallyImp(root, "petstorev2.json", 3)
+	putProvidedSpecLocallyImp(root, "solarsys.json", 4)
 }
 
 func putProvidedSpecLocallyImp(root string, specfile string, apiID int) {

diff --git a/backend/pkg/modules/internal/fuzzer/fuzzer.go b/backend/pkg/modules/internal/fuzzer/fuzzer.go
@@ -11,6 +11,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	"github.com/sirupsen/logrus"
 
@@ -213,13 +214,13 @@ func (p *pluginFuzzer) EventNotify(ctx context.Context, event *core.Event) {
 *
  */
 
-func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *string) (string, error) {
+func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *string) error {
 
 	// Retreive the API (it will give the endpoint and the port)
 	api, err := p.model.GetApi(ctx, uint(apiId))
 	if err != nil {
 		Errorf("[Fuzzer] FuzzTarget():: can't retreive API (%v) \n", apiId)
-		return "", nil
+		return &NotFoundError{msg: ""}
 	}
 
 	Logf("[Fuzzer] FuzzTarget():: API_id (%v) => API (%v) for service (%v)\n", apiId, api, service)
@@ -228,6 +229,12 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st
 	serviceToTest := api.name
 	if service != nil {
 		serviceToTest = *service
+		sp := strings.Split(serviceToTest, ".")
+		if len(sp) > 2 {
+			Logf("[Fuzzer] FuzzTarget():: Service is bad formated (%v). Fuzz aborted!\n", service)
+			// Retur an n error
+			return &InvalidParameterError{}
+		}
 	}
 	sURI := fmt.Sprintf("http://%s:%v", serviceToTest, api.port)
 
@@ -236,7 +243,7 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st
 	err = p.model.StartApiFuzzing(uint(apiId))
 	if err != nil {
 		Errorf("[Fuzzer] FuzzTarget():: can't start fuzzing for API (%v) \n", apiId)
-		return "", nil
+		return &FuzzerError{}
 	}
 
 	if p.config.deploymentType == "kubernetes" && p.k8sClient != nil {
@@ -246,10 +253,11 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st
 	} else if p.config.deploymentType == "fake" {
 		go FakeTriggerFuzzingJob(context.TODO(), p.model, p.config.testTraceFile, uint(apiId), sURI)
 	} else {
-		return "", fmt.Errorf("Unknown deployment type: '%v'", p.config.deploymentType)
+		return &NotSupportedError{fmt.Sprintf("Unknown deployment type: '%v'", p.config.deploymentType)}
 	}
 
-	return "f6f611fe-ec52-4539-9d60-4452642f1f70", nil
+	// Success
+	return nil
 }
 
 type pluginFuzzerHTTPHandler struct {
@@ -269,11 +277,37 @@ func (*pluginFuzzerHTTPHandler) GetVersion(w http.ResponseWriter, r *http.Reques
 // Launch a fuzzing for an API
 //
 func (p *pluginFuzzerHTTPHandler) FuzzTarget(w http.ResponseWriter, r *http.Request, apiId uint32, params FuzzTargetParams) {
+
 	Logf("[Fuzzer] HTTP FuzzTarget called for ApiId={%v}, and service to test (%v)\n", apiId, params.Service)
-	jobId, err := p.fuzzer.FuzzTarget(r.Context(), apiId, params.Service)
-	if err == nil {
-		io.WriteString(w, "{\"fuzzingJob\": \""+jobId+"\"}")
+
+	err := p.fuzzer.FuzzTarget(r.Context(), apiId, params.Service)
+
+	if err != nil {
+		w.Header().Set("Content-Type", "application/json")
+		switch e := err.(type) {
+		case *NotFoundError:
+			w.WriteHeader(http.StatusNotFound)
+			io.WriteString(w, "{}")
+		case *InvalidParameterError:
+			w.WriteHeader(http.StatusBadRequest)
+			io.WriteString(w, "{}")
+		case *FuzzerError:
+			w.WriteHeader(http.StatusInternalServerError)
+			io.WriteString(w, "{}")
+		case *NotSupportedError:
+			w.WriteHeader(http.StatusBadRequest)
+			io.WriteString(w, "{}")
+		default:
+			Logf("[Fuzzer] unexpected error={%v}\n", e)
+			w.WriteHeader(http.StatusInternalServerError)
+			io.WriteString(w, "{}")
+		}
+		return
 	}
+
+	// Success
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusNoContent)
 }
 
 //

diff --git a/backend/pkg/modules/internal/fuzzer/fuzzererrors.go b/backend/pkg/modules/internal/fuzzer/fuzzererrors.go
@@ -1 +1,47 @@
 package fuzzer
+
+import "fmt"
+
+/*
+*  Error used when an object does not exists on the system
+ */
+type NotFoundError struct {
+	msg string
+}
+
+func (e *NotFoundError) Error() string {
+	return fmt.Sprintf("Not found error: %v", e.msg)
+}
+
+/*
+*  Error used when action is impossible because nor enough parameters of invalid parameter
+ */
+type InvalidParameterError struct {
+	msg string
+}
+
+func (e *InvalidParameterError) Error() string {
+	return fmt.Sprintf("Invalid parameter error: %v", e.msg)
+}
+
+/*
+*  General error
+ */
+type FuzzerError struct {
+	msg string
+}
+
+func (e *FuzzerError) Error() string {
+	return fmt.Sprintf("General Fuzzer error: %v", e.msg)
+}
+
+/*
+*  Error for an usupported action/parameter
+ */
+type NotSupportedError struct {
+	msg string
+}
+
+func (e *NotSupportedError) Error() string {
+	return fmt.Sprintf("Not supported action or parameter: %v", e.msg)
+}
diff --git a/backend/pkg/modules/internal/fuzzer/openapi.yaml b/backend/pkg/modules/internal/fuzzer/openapi.yaml
@@ -67,24 +67,23 @@ paths:
           schema:
             type: integer
             format: uint32
-        - name: service
+        - name: namespace
           in: query
-          description: Service to test
+          description: namespace for the service to test
           required: false
           schema:
             type: string
       responses:
-        '200':
-          description: FuzzOrderAccepted
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  fuzzingJob:
-                    type: string
-                    description: Identifier of the queued fuzzing job
-                    example: "f6f611fe-ec52-4539-9d60-4452642f1f70"
+        '204':
+          description: Successful Response
+        '404':
+          description: Service not found
+          schema:
+            type: 'string'
+        '400':
+          description: Bad formated namespace
+          schema:
+            type: 'string'
 
   /updateStatus/{apiId}:
     parameters: