Comments (2)
marina-p
commented on June 9, 2024
Hello @SunithaShivananjaiah,
Generating tokens for RESTler is done through a custom script or program you provide, and the token can be passed to RESTler in several ways, as described in SettingsFile.md (see the 'Authentication' section). Below is an example Python script and settings which you can copy-paste into engine_settings.json to configure RESTler to use the auth token. In the data settings dictionary, specify any parameters you'd like to pass into the script (such as the client ID, and any additional settings to retrieve the secret).
"authentication": {
"token": {
"module": {
"file": "/path/to/auth.py",
"function": "acquire_token",
"data": {
"client_id": "<GUID>",
...
}
},
"token_refresh_interval": 300
},
def acquire_token(data, log):
token = gen_token(data) # implementation to retrieve the token
token_lines = [
"{'user1':{}}",
f"Authorization: {token}"
]
return "\n".join(token_lines)
Thanks,
Marina
from restler-fuzzer.
SunithaShivananjaiah
commented on June 9, 2024
Hi @marina-p,
Thank you for your input,
I had updated authentication info in engine-settings.json file as below and data file as below but am getting exception - "Cannot deserialize mutations dictionary: An exception occurred during deserialization: Newtonsoft.Json.JsonSerializationException: Could not find member"
Code snipet:
engine.settings.json
{
"per_resource_settings": {},
"max_combinations": 20,
"authentication": {
"token": {
"module": {
"file": "C:/restler_bin/restler/demo_server_config/acquire_token.py",
"function": "acquire_token",
"data": {
"client_id": "client_id",
"client_secret": "client_secret"
}
},
"token_refresh_interval": 600
}
}
}
dict.json:
{
"restler_fuzzable_string": [
"fuzzstring"
],
"restler_fuzzable_string_unquoted": [],
"restler_fuzzable_datetime": [
"2019-06-26T20:20:39+00:00"
],
"restler_fuzzable_datetime_unquoted": [],
"restler_fuzzable_date": [
"2019-06-26"
],
"restler_fuzzable_date_unquoted": [],
"restler_fuzzable_uuid4": [
"566048da-ed19-4cd3-8e0a-b7e0e1ec4d72"
],
"restler_fuzzable_uuid4_unquoted": [],
"restler_fuzzable_int": [
"1"
],
"restler_fuzzable_number": [
"1.23"
],
"restler_fuzzable_bool": [
"true"
],
"restler_fuzzable_object": [
"{ "fuzz": false }"
],
"restler_custom_payload": {},
"restler_custom_payload_unquoted": {},
"restler_custom_payload_uuid4_suffix": {},
"restler_custom_payload_header": {},
"restler_custom_payload_query": {},
"client_id": [
"8975382c86-3b8e-4600-861d-f9bf130fef6b"
],
"client_id1": [
"67882c86-3b8e-4600-861d-f9bf130fef6b"
],
"client_secret": [
"4m68QeJ5BsRSrbBYVGsdufeihsOgPJWtEF7"
],
"resource":
[
"67882c86-3b8e-4600-861d-f9bf130fef"
],
"grant_type": [
"client_credentials"
]
}
Used dummy data for posting here please check and leme know if any correction
Logs:
Cannot deserialize mutations dictionary: An exception occurred during deserialization: Newtonsoft.Json.JsonSerializationException: Could not find member 'client_id' on object of type 'MutationsDictionary'. Path 'client_id', line 35, position 16.
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateNewObject(JsonReader reader, JsonObjectContract objectContract, JsonProperty containerMember, JsonProperty containerProperty, String id, Boolean& createdFromNonDefaultCreator)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Restler.ResultsAnalyzer.Analyze.Main.dictionarySuffixes$cont@54(String dictionaryFilePath, Unit unitVar) in C:\Restler_Security_VSCode\restler-fuzzer\src\ResultsAnalyzer\Analyze\Main.fs:line 54
from restler-fuzzer.
Related Issues (20)
- Issue running RESTler image from docker hub (proc/1/stat error related)
- Fail to docker image on Ubuntu 2204
- Authentication Refresh Interval Enforcement HOT 1
- How to send request via proxy? HOT 1
- Wrong Content-Length if request contains a body
- Replay not using AUTHORIZATION TOKEN from token_refresh_command HOT 3
- incorrect error message for invalid file path with multiple Swagger files specified in config.json
- Plan for binary drops/official releases?
- Custom generator works only for the first request HOT 5
- Overlapping of Hosts in different json files HOT 1
- Fuzz-lean error,Cannot import grammar: 'NoneType' object has no attribute 'loader' HOT 2
- Unable to run the restler Build command from the Base repository HOT 3
- Add Authentication Bearer token HOT 4
- The number of requests in the command and testing summary is misleading when running partial number of endpoints
- [Feature Request] OpenAPI Spec 3.1 support
- InvalidValueChecker - 505 HTTP Version Not Supported from Jetty
- Call sequences are sometimes split across trace database files. Is it possible to prevent this from happening?
- How can I test and fuzz multiple examples? HOT 1
- refactor compiler configs so strict deserialization can be turned on HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from restler-fuzzer.