diff --git a/backend/pkg/backend/fake.go b/backend/pkg/backend/fake.go index 87ed5be87..f8a3b223d 100644 --- a/backend/pkg/backend/fake.go +++ b/backend/pkg/backend/fake.go @@ -97,6 +97,7 @@ func putProvidedSpecLocally(root string) { putProvidedSpecLocallyImp(root, "provided_spec.json", 1) putProvidedSpecLocallyImp(root, "petstorev2.json", 2) putProvidedSpecLocallyImp(root, "petstorev2.json", 3) + putProvidedSpecLocallyImp(root, "solarsys.json", 4) } func putProvidedSpecLocallyImp(root string, specfile string, apiID int) { diff --git a/backend/pkg/modules/internal/fuzzer/fuzzer.go b/backend/pkg/modules/internal/fuzzer/fuzzer.go index 811ba20f1..5eb0def42 100644 --- a/backend/pkg/modules/internal/fuzzer/fuzzer.go +++ b/backend/pkg/modules/internal/fuzzer/fuzzer.go @@ -11,6 +11,7 @@ import ( "os" "path/filepath" "strconv" + "strings" "github.com/sirupsen/logrus" @@ -213,13 +214,13 @@ func (p *pluginFuzzer) EventNotify(ctx context.Context, event *core.Event) { * */ -func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *string) (string, error) { +func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *string) error { // Retreive the API (it will give the endpoint and the port) api, err := p.model.GetApi(ctx, uint(apiId)) if err != nil { Errorf("[Fuzzer] FuzzTarget():: can't retreive API (%v) \n", apiId) - return "", nil + return &NotFoundError{msg: ""} } Logf("[Fuzzer] FuzzTarget():: API_id (%v) => API (%v) for service (%v)\n", apiId, api, service) @@ -228,6 +229,12 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st serviceToTest := api.name if service != nil { serviceToTest = *service + sp := strings.Split(serviceToTest, ".") + if len(sp) > 2 { + Logf("[Fuzzer] FuzzTarget():: Service is bad formated (%v). Fuzz aborted!\n", service) + // Retur an n error + return &InvalidParameterError{} + } } sURI := fmt.Sprintf("http://%s:%v", serviceToTest, api.port) @@ -236,7 +243,7 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st err = p.model.StartApiFuzzing(uint(apiId)) if err != nil { Errorf("[Fuzzer] FuzzTarget():: can't start fuzzing for API (%v) \n", apiId) - return "", nil + return &FuzzerError{} } if p.config.deploymentType == "kubernetes" && p.k8sClient != nil { @@ -246,10 +253,11 @@ func (p *pluginFuzzer) FuzzTarget(ctx context.Context, apiId uint32, service *st } else if p.config.deploymentType == "fake" { go FakeTriggerFuzzingJob(context.TODO(), p.model, p.config.testTraceFile, uint(apiId), sURI) } else { - return "", fmt.Errorf("Unknown deployment type: '%v'", p.config.deploymentType) + return &NotSupportedError{fmt.Sprintf("Unknown deployment type: '%v'", p.config.deploymentType)} } - return "f6f611fe-ec52-4539-9d60-4452642f1f70", nil + // Success + return nil } type pluginFuzzerHTTPHandler struct { @@ -269,11 +277,37 @@ func (*pluginFuzzerHTTPHandler) GetVersion(w http.ResponseWriter, r *http.Reques // Launch a fuzzing for an API // func (p *pluginFuzzerHTTPHandler) FuzzTarget(w http.ResponseWriter, r *http.Request, apiId uint32, params FuzzTargetParams) { + Logf("[Fuzzer] HTTP FuzzTarget called for ApiId={%v}, and service to test (%v)\n", apiId, params.Service) - jobId, err := p.fuzzer.FuzzTarget(r.Context(), apiId, params.Service) - if err == nil { - io.WriteString(w, "{\"fuzzingJob\": \""+jobId+"\"}") + + err := p.fuzzer.FuzzTarget(r.Context(), apiId, params.Service) + + if err != nil { + w.Header().Set("Content-Type", "application/json") + switch e := err.(type) { + case *NotFoundError: + w.WriteHeader(http.StatusNotFound) + io.WriteString(w, "{}") + case *InvalidParameterError: + w.WriteHeader(http.StatusBadRequest) + io.WriteString(w, "{}") + case *FuzzerError: + w.WriteHeader(http.StatusInternalServerError) + io.WriteString(w, "{}") + case *NotSupportedError: + w.WriteHeader(http.StatusBadRequest) + io.WriteString(w, "{}") + default: + Logf("[Fuzzer] unexpected error={%v}\n", e) + w.WriteHeader(http.StatusInternalServerError) + io.WriteString(w, "{}") + } + return } + + // Success + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusNoContent) } // diff --git a/backend/pkg/modules/internal/fuzzer/fuzzererrors.go b/backend/pkg/modules/internal/fuzzer/fuzzererrors.go index fd20bccc7..b2a758bf5 100644 --- a/backend/pkg/modules/internal/fuzzer/fuzzererrors.go +++ b/backend/pkg/modules/internal/fuzzer/fuzzererrors.go @@ -1 +1,47 @@ package fuzzer + +import "fmt" + +/* +* Error used when an object does not exists on the system + */ +type NotFoundError struct { + msg string +} + +func (e *NotFoundError) Error() string { + return fmt.Sprintf("Not found error: %v", e.msg) +} + +/* +* Error used when action is impossible because nor enough parameters of invalid parameter + */ +type InvalidParameterError struct { + msg string +} + +func (e *InvalidParameterError) Error() string { + return fmt.Sprintf("Invalid parameter error: %v", e.msg) +} + +/* +* General error + */ +type FuzzerError struct { + msg string +} + +func (e *FuzzerError) Error() string { + return fmt.Sprintf("General Fuzzer error: %v", e.msg) +} + +/* +* Error for an usupported action/parameter + */ +type NotSupportedError struct { + msg string +} + +func (e *NotSupportedError) Error() string { + return fmt.Sprintf("Not supported action or parameter: %v", e.msg) +} diff --git a/backend/pkg/modules/internal/fuzzer/openapi.yaml b/backend/pkg/modules/internal/fuzzer/openapi.yaml index 66c452a65..0f8bfe79d 100644 --- a/backend/pkg/modules/internal/fuzzer/openapi.yaml +++ b/backend/pkg/modules/internal/fuzzer/openapi.yaml @@ -67,24 +67,23 @@ paths: schema: type: integer format: uint32 - - name: service + - name: namespace in: query - description: Service to test + description: namespace for the service to test required: false schema: type: string responses: - '200': - description: FuzzOrderAccepted - content: - application/json: - schema: - type: object - properties: - fuzzingJob: - type: string - description: Identifier of the queued fuzzing job - example: "f6f611fe-ec52-4539-9d60-4452642f1f70" + '204': + description: Successful Response + '404': + description: Service not found + schema: + type: 'string' + '400': + description: Bad formated namespace + schema: + type: 'string' /updateStatus/{apiId}: parameters: diff --git a/backend/pkg/test/provided_spec/solarsys.json b/backend/pkg/test/provided_spec/solarsys.json new file mode 100755 index 000000000..b34cddafa --- /dev/null +++ b/backend/pkg/test/provided_spec/solarsys.json @@ -0,0 +1,986 @@ +{ + "swagger": "2.0", + "info": { + "contact": { + "email": "ataldir@cisco.com", + "name": "Axel Taldir" + }, + "description": "Simple flask-backed API showing some example API endpoints for debugging features.", + "license": { + "name": "Apache 2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0.html" + }, + "title": "Planets Demo API", + "version": "0.0.1" + }, + "host": "localhost:5001", + "basePath": "/", + "schemes": [ + "http" + ], + "paths": { + "/": { + "get": { + "produces": [ + "application/json" + ], + "parameters": [], + "responses": { + "200": { + "description": "Hello words", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [], + "description": "Hello word!", + "operationId": "hello", + "summary": "Hello word!" + } + }, + "/planet/{id}": { + "delete": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Planets in a list" + }, + "500": { + "description": "the planet at position can't be deleted", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "planets" + ], + "description": "delete one planet", + "operationId": "planet.delete_planet", + "summary": "delete one planet at position", + "x-scn-model": [ + { + "description": "This method deletes object 'planet' with parameter 'petId'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_DELETE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + }, + "get": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Planets in a list", + "schema": { + "$ref": "#/definitions/planet" + } + }, + "204": { + "description": "No planet at position", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "planets" + ], + "description": "Get the data relating to one planet", + "operationId": "planet.get_planet", + "summary": "Fetch one planet by id", + "x-scn-model": [ + { + "description": "This method retreives object 'planet' with parameter 'planetPos'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_READ", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + }, + "put": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/planet" + } + } + ], + "responses": { + "200": { + "description": "The planets that has been updated", + "schema": { + "$ref": "#/definitions/planet" + } + }, + "204": { + "description": "No planet at position", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "planets" + ], + "description": "The data relating to one planet", + "operationId": "planet.update_planet", + "summary": "Update a planet identified by its position", + "x-scn-model": [ + { + "description": "This method update object 'planet' with parameter 'planetPos'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_UPDATE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + } + }, + "/planets": { + "get": { + "produces": [ + "application/json" + ], + "parameters": [], + "responses": { + "200": { + "description": "Planets in a list", + "schema": { + "items": { + "$ref": "#/definitions/planet" + }, + "type": "array" + } + } + }, + "tags": [ + "planets" + ], + "description": "Returns a list of all the planets that are stored in the system.", + "operationId": "planet.get_planet_list", + "summary": "List all planets" + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/planet" + } + } + ], + "responses": { + "200": { + "description": "planet creation response", + "schema": { + "$ref": "#/definitions/planet" + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/error" + } + } + }, + "tags": [ + "planets" + ], + "description": "Creates a new planet", + "operationId": "planet.add_planet", + "summary": "Creates a new planet", + "x-scn-model": [ + { + "description": "This method creates object 'planet'", + "last_modification": "2021-10-20T14:29:46.491807", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_CREATE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + } + }, + "/solarsys": { + "get": { + "produces": [ + "application/json" + ], + "parameters": [], + "responses": { + "200": { + "description": "list of solar system", + "schema": { + "items": { + "$ref": "#/definitions/solarsys" + }, + "type": "array" + } + } + }, + "tags": [ + "solarsys" + ], + "description": "Returns a list of all solar systems that are stored in the system.", + "operationId": "solarsys.get_solar_system_list", + "summary": "List all solar systems" + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/solarsys" + } + } + ], + "responses": { + "200": { + "description": "Solar system creation response", + "schema": { + "$ref": "#/definitions/solarsys" + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/error" + } + } + }, + "tags": [ + "solarsys" + ], + "description": "Creates a new solar system", + "operationId": "solarsys.add_solar_system", + "summary": "Creates a new solar system", + "x-scn-model": [ + { + "description": "This method creates object 'solarSys'", + "last_modification": "2021-10-20T14:29:46.491807", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_CREATE", + "value": [ + "components", + "schemas", + "solarSys" + ], + "version": "0.0.1" + } + ] + } + }, + "/solarsys/{id}": { + "delete": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Succeded to delete the solar system " + }, + "404": { + "description": "No solar system with this id", + "schema": { + "$ref": "#/definitions/message" + } + }, + "500": { + "description": "the solar system at position can't be deleted", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "solarsys" + ], + "description": "delete one solar system", + "operationId": "solarsys.delete_solar_system", + "summary": "delete one solar system", + "x-scn-model": [ + { + "description": "This method deletes object 'solarSys' with parameter 'id'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_DELETE", + "value": [ + "components", + "schemas", + "solarSys" + ], + "version": "0.0.1" + } + ] + }, + "get": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Solar system object", + "schema": { + "$ref": "#/definitions/solarsys" + } + }, + "204": { + "description": "No solar system with this id", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "solarsys" + ], + "description": "Get the data relating to one solar system", + "operationId": "solarsys.get_solar_system", + "summary": "Fetch one solar system by id", + "x-scn-model": [ + { + "description": "This method retreives object 'solarSys' with parameter 'id'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_READ", + "value": [ + "components", + "schemas", + "solarSys" + ], + "version": "0.0.1" + } + ] + }, + "put": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/solarsys" + } + } + ], + "responses": { + "200": { + "description": "The solar system object that has been updated", + "schema": { + "$ref": "#/definitions/solarsys" + } + }, + "204": { + "description": "No solar system with this id", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "solarsys" + ], + "description": "The data relating to one solar system", + "operationId": "solarsys.update_solar_system", + "summary": "Update a solar system", + "x-scn-model": [ + { + "description": "This method update object 'solarSys' with parameter 'id'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_UPDATE", + "value": [ + "components", + "schemas", + "solarSys" + ], + "version": "0.0.1" + } + ] + } + }, + "/star/{id}": { + "delete": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Planets in a list" + }, + "500": { + "description": "the planet at position can't be deleted", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "planets" + ], + "description": "delete one planet", + "operationId": "star.delete_star", + "summary": "delete one planet at position", + "x-scn-model": [ + { + "description": "This method deletes object 'planet' with parameter 'petId'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_DELETE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + }, + "get": { + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Planets in a list", + "schema": { + "$ref": "#/definitions/planet" + } + }, + "404": { + "description": "No planet at position", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "stars" + ], + "description": "Get the data relating to one planet", + "operationId": "star.get_star", + "summary": "Fetch one planet by position", + "x-scn-model": [ + { + "description": "This method retreives object 'planet' with parameter 'planetPos'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_READ", + "value": [ + "components", + "schemas", + "star" + ], + "version": "0.0.1" + } + ] + }, + "put": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "format": "uuid", + "in": "path", + "name": "id", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/star" + } + } + ], + "responses": { + "200": { + "description": "The star that has been updated", + "schema": { + "$ref": "#/definitions/star" + } + }, + "204": { + "description": "No planet at position", + "schema": { + "$ref": "#/definitions/message" + } + } + }, + "tags": [ + "stars" + ], + "description": "The data relating to one planet", + "operationId": "star.update_star", + "summary": "Update a planet identified by its position", + "x-scn-model": [ + { + "description": "This method update object 'planet' with parameter 'planetPos'", + "last_modification": "2021-10-20T14:29:46.492130", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_UPDATE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + } + }, + "/stars": { + "get": { + "produces": [ + "application/json" + ], + "parameters": [], + "responses": { + "200": { + "description": "Planets in a list", + "schema": { + "items": { + "$ref": "#/definitions/star" + }, + "type": "array" + } + } + }, + "tags": [ + "stars" + ], + "description": "Returns a list of all the planets that are stored in the system.", + "operationId": "star.get_star_list", + "summary": "List all planets" + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "body", + "name": "body", + "required": true, + "schema": { + "$ref": "#/definitions/star" + } + } + ], + "responses": { + "200": { + "description": "planet creation response", + "schema": { + "$ref": "#/definitions/star" + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/error" + } + } + }, + "tags": [ + "stars" + ], + "description": "Creates a new planet", + "operationId": "star.add_star", + "summary": "Creates a new planet", + "x-scn-model": [ + { + "description": "This method creates object 'star'", + "last_modification": "2021-10-20T14:29:46.491807", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "CRUD_CREATE", + "value": [ + "components", + "schemas", + "planet" + ], + "version": "0.0.1" + } + ] + } + } + }, + "definitions": { + "error": { + "properties": { + "message": { + "description": "description of the error", + "example": "Id already exists", + "type": "string" + } + }, + "type": "object" + }, + "message": { + "properties": { + "message": { + "description": "description of the message", + "example": "Hello words!", + "type": "string" + } + }, + "type": "object" + }, + "planet": { + "description": "Formal description of a Planet in a SolarSys", + "properties": { + "id": { + "description": "Unique Indentifier of the planet", + "example": "Saturn", + "format": "uuid", + "type": "string" + }, + "moons": { + "description": "Number of moons, according to NASA", + "example": 1, + "type": "number" + }, + "name": { + "description": "Name of the planet", + "example": "Saturn", + "type": "string" + }, + "orbital_radius": { + "description": "Orbital radius from the sun in UA", + "example": 1.2, + "type": "number" + }, + "star_id": { + "description": "Reference to the Star", + "format": "uuid", + "title": "Star Identifier", + "type": "string" + } + }, + "required": [ + "name", + "orbital_radius", + "moons", + "star_id" + ], + "type": "object", + "x-scn-model": [ + { + "description": "The probable identifier of this Object is 'id'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "IDENTIFIER", + "value": "id", + "version": "0.0.1" + } + ] + }, + "solarsys": { + "description": "Formal description of a Solar system object", + "properties": { + "identifier": { + "description": "Unique Solar system identifier", + "format": "uuid", + "title": "Solar system Identifier", + "type": "string" + }, + "name": { + "description": "Name of the solar system", + "example": "Sol", + "title": "Name", + "type": "string" + }, + "x": { + "description": "Polar to cartesian coordinates in AL", + "example": 62, + "title": "Coordinates", + "type": "number" + }, + "y": { + "description": "Polar to cartesian coordinates in AL", + "example": 62, + "title": "Coordinates", + "type": "number" + }, + "z": { + "description": "Polar to cartesian coordinates in AL", + "example": 62, + "title": "Coordinates", + "type": "number" + } + }, + "required": [ + "name", + "x", + "y", + "z" + ], + "type": "object", + "x-scn-model": [ + { + "description": "The probable identifier of this Object is 'identifier'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "IDENTIFIER", + "value": "identifier", + "version": "0.0.1" + } + ] + }, + "star": { + "description": "Formal description of a Star object", + "properties": { + "id": { + "description": "Unique Star Identifier", + "format": "uuid", + "title": "Star Identifier", + "type": "string" + }, + "name": { + "description": "Name of the star", + "example": "Saturn", + "title": "Name", + "type": "string" + }, + "orbital_radius": { + "description": "Orbital radius from the system centroid", + "example": 1.2, + "type": "number" + }, + "solarsys_id": { + "description": "Reference to the Solar system", + "format": "uuid", + "title": "Solar system Identifier", + "type": "string" + } + }, + "required": [ + "name", + "solarsys_id", + "orbital_radius" + ], + "type": "object", + "x-scn-model": [ + { + "description": "The probable identifier of this Object is 'id'", + "last_modification": "2021-10-20T14:29:46.492385", + "review": { + "last_reviewed_at": null, + "question": "Is it correct ?", + "state": "NOT_REVIEWED" + }, + "type": "IDENTIFIER", + "value": "id", + "version": "0.0.1" + } + ] + } + }, + "tags": [ + { + "description": "Manage planets in solar sys", + "name": "planets" + }, + { + "description": "Manage solar system", + "name": "solarsys" + }, + { + "description": "Manage stars in a solar system", + "name": "stars" + } + ], + "x-components": { + "requestBodies": {} + } + } \ No newline at end of file diff --git a/backend/pkg/test/trace_files/solarsys_get_star.json b/backend/pkg/test/trace_files/solarsys_get_star.json new file mode 100644 index 000000000..78760b185 --- /dev/null +++ b/backend/pkg/test/trace_files/solarsys_get_star.json @@ -0,0 +1,60 @@ +{ + "destinationAddress": "localhost:5001", + "request": { + "common": { + "headers": [ + { + "key": "host", + "value": "localhost:5001" + }, + { + "key": "user-agent", + "value": "curl/7.35.0" + }, + { + "key": "accept", + "value": "text/plain" + }, + { + "key": "x-forwarded-proto", + "value": "http" + }, + { + "key": "x-request-id", + "value": "c44c2e8d-8f97-99c7-97ab-8ce59d7d70c3" + } + ] + }, + "method": "GET", + "path": "/star/1" + }, + "requestID": "afd3d070-e880-48e0-b00e-a4bd17f53c29", + "response": { + "common": { + "headers": [ + { + "key": "host", + "value": "localhost:5001" + }, + { + "key": "user-agent", + "value": "curl/7.35.0" + }, + { + "key": "accept", + "value": "text/plain" + }, + { + "key": "x-forwarded-proto", + "value": "http" + }, + { + "key": "x-request-id", + "value": "c44c2e8d-8f97-99c7-97ab-8ce59d7d70c3" + } + ] + }, + "statusCode": "200" + }, + "sourceAddress": "10.116.207.197:8000" +} diff --git a/ui/src/components/RiskTag/index.js b/ui/src/components/RiskTag/index.js index f390edace..ecf60c038 100644 --- a/ui/src/components/RiskTag/index.js +++ b/ui/src/components/RiskTag/index.js @@ -4,7 +4,11 @@ import './risk-tag.scss'; const ALERT_RISKS = { INFO: {value: "INFO", label: "Info"}, - WARN: {value: "WARN", label: "Warn"} + WARN: {value: "WARN", label: "Warn"}, + LOW: {value: "LOW", label: "Low"}, + MEDIUM: {value: "MEDIUM", label: "Medium"}, + HIGH: {value: "HIGH", label: "High"}, + CRITICAL: {value: "CRITICAL", label: "Critical"} } const RiskTag = ({risk, label}) => { diff --git a/ui/src/components/RiskTag/risk-tag.scss b/ui/src/components/RiskTag/risk-tag.scss index e04d6c184..1b0faee97 100644 --- a/ui/src/components/RiskTag/risk-tag.scss +++ b/ui/src/components/RiskTag/risk-tag.scss @@ -18,4 +18,20 @@ background-color: $color-risk-unknown; color: white; } + &.low { + background-color: $color-risk-low; + color: white; + } + &.medium { + background-color: $color-risk-medium; + color: white; + } + &.high { + background-color: $color-risk-high; + color: white; + } + &.critical { + background-color: $color-risk-critical; + color: white; + } } \ No newline at end of file diff --git a/ui/src/modules/fuzzer/FindingsTable.js b/ui/src/modules/fuzzer/FindingsTable.js index e6fd394f3..88fb2c4d0 100644 --- a/ui/src/modules/fuzzer/FindingsTable.js +++ b/ui/src/modules/fuzzer/FindingsTable.js @@ -33,9 +33,6 @@ const FindingsTable = ({inventoryId, inventoryName}) => { } ], []); - console.log("FindingsTable(): inventoryId="+inventoryId); - console.log("FindingsTable(): inventoryName="+inventoryName); - const history = useHistory(); return ( @@ -49,7 +46,7 @@ const FindingsTable = ({inventoryId, inventoryName}) => { url={`/modules/fuzzer/findings/${inventoryId}`} defaultSortBy={[{ id: "name", desc: true }]} //onLineClick={({id}) => history.push(`${basePath}/${type}/${id}`)} - noResultsTitle={`findings for APIs ${inventoryId}`} + noResultsTitle={`findings for API '${inventoryName}'`} /> ) diff --git a/ui/src/modules/fuzzer/TestOverview.js b/ui/src/modules/fuzzer/TestOverview.js index 3660bc041..3144b1a2c 100644 --- a/ui/src/modules/fuzzer/TestOverview.js +++ b/ui/src/modules/fuzzer/TestOverview.js @@ -14,7 +14,7 @@ import VulnerabilityCounts from './VulnerabilityCounts'; const TestOverview = ({backUrl}) => { const {startTime, inventoryId} = useParams(); - const specUrl = `modules/fuzzer/tests/${inventoryId}`; + const specUrl = `modules/fuzzer/report/${inventoryId}/${startTime}`; const [report, setReport] = useState(); const [{loading, data}] = useFetch(specUrl); const [testDetails, setTestDetails] = useState(); @@ -24,14 +24,10 @@ const TestOverview = ({backUrl}) => { useEffect(() => { if (data) { - const {items} = data || {}; - const test = items.filter((r) => r.starttime === parseInt(startTime)); - if (test) { - const {report: topLevelReport} = test[0] || {}; - const {report} = topLevelReport || {report:[]}; - const formattedReport = Object.keys(report).map((k) => report[k]); - setReport({ items: formattedReport }); - } + const {report: topLevelReport} = data || {}; + const {report} = topLevelReport || {report:[]}; + const formattedReport = Object.keys(report).map((k) => report[k]); + setReport({ items: formattedReport }); } },[data, startTime]); diff --git a/ui/src/modules/fuzzer/TestsTable.js b/ui/src/modules/fuzzer/TestsTable.js index 3bb9dfe52..9ddd7a29f 100644 --- a/ui/src/modules/fuzzer/TestsTable.js +++ b/ui/src/modules/fuzzer/TestsTable.js @@ -6,7 +6,6 @@ import { isNull } from 'lodash'; import Icon, { ICON_NAMES } from 'components/Icon'; import Modal from 'components/Modal'; import Table from 'components/Table'; -import VulnerabilityIcon from 'components/VulnerabilityIcon'; import Button from 'components/Button'; import LineLoader from 'components/LineLoader'; import DownloadJsonButton from 'components/DownloadJsonButton'; @@ -99,10 +98,27 @@ const TestsTable = ({inventoryId, inventoryName}) => { const [doFuzzAction, setDoFuzzAction] = useState(null); const closeResetConfirmationModal = () => setDoFuzzAction(null); + const [serviceName, setServiceName] = useState(inventoryName.split(".")[0]); + const [namespace, setNamespace] = useState( inventoryName.split(".").length>1 ? inventoryName.split(".")[1] : "" ); + const [serviceToTest, setServiceToTest] = useState(serviceName); + + function namespaceCheck(namespacestr) { + + if( namespacestr.indexOf(".") >= 0 ) { + alert("Invalid namespace. No '.' allowed."); + setNamespace(""); + setServiceToTest(serviceName); + return + } + + setNamespace(namespacestr); + setServiceToTest(serviceName + (namespacestr.length>0 ? "."+namespacestr : "")); + } + function DoFuzz(apiID) { closeResetConfirmationModal(); - fetch("/api/modules/fuzzer/fuzz/"+apiID) + fetch("/api/modules/fuzzer/fuzz/"+apiID+"?service="+serviceToTest) .then(res => res.text()) .then( (result) => { @@ -112,7 +128,6 @@ const TestsTable = ({inventoryId, inventoryName}) => { console.log("Fuzzing error: " + error); } ) - } const history = useHistory(); @@ -122,7 +137,11 @@ const TestsTable = ({inventoryId, inventoryName}) => {
-
+
+ +
For service namespace:
+ {namespaceCheck(event.target.value)}}/> +
{ data={data} defaultSortBy={[{ id: "name", desc: true }]} onLineClick={({ report, starttime }) => history.push(`${url}/${starttime}`)} - noResultsTitle={`tests for APIs ${inventoryId}`} + noResultsTitle={`tests for API '${inventoryName}'`} refreshTimestamp={refreshTimestamp} /> {!isNull(doFuzzAction) && { if (m.type === type) { accum.push(m); } - return accum; }, []); }; diff --git a/ui/src/utils/scss_variables.module.scss b/ui/src/utils/scss_variables.module.scss index a123cec33..e7adf0cad 100644 --- a/ui/src/utils/scss_variables.module.scss +++ b/ui/src/utils/scss_variables.module.scss @@ -38,7 +38,10 @@ $color-status-violet: #721BD5; $color-status-blue: #30749E; //risk colors: +$color-risk-critical: $color-error-dark; $color-risk-high: $color-error; +$color-risk-medium: $color-warning-dark; +$color-risk-low: $color-warning; $color-risk-unknown: $color-status-blue; :export { @@ -57,6 +60,9 @@ $color-risk-unknown: $color-status-blue; color-warning-dark: $color-warning-dark; color-success: $color-success; + color-risk-critical: $color-risk-critical; color-risk-high: $color-risk-high; + color-risk-medium: $color-risk-medium; + color-risk-low: $color-risk-low; color-risk-unknown: $color-risk-unknown; }