Merge branch 'fix/more-types' into feat/remove-dto-deps

Author: agusaldasoro

README.md

@@ -1,7 +1,7 @@
 # EvoMaster: A Tool For Automatically Generating System-Level Test Cases
 
 
-![](docs/img/carl-cerstrand-136810_compressed.jpg  "Photo by Carl Cerstrand on Unsplash")
+[//]: # (![](docs/img/carl-cerstrand-136810_compressed.jpg  "Photo by Carl Cerstrand on Unsplash"))
 
 [![Maven Central](https://img.shields.io/maven-central/v/org.evomaster/evomaster-client-java.svg?label=Maven%20Central)](https://central.sonatype.com/artifact/org.evomaster/evomaster-client-java)
 [![javadoc](https://javadoc.io/badge2/org.evomaster/evomaster-client-java-controller/javadoc.svg)](https://javadoc.io/doc/org.evomaster/evomaster-client-java-controller)
@@ -12,8 +12,14 @@
 [![Github All Releases](https://img.shields.io/github/downloads/WebFuzzing/evomaster/total.svg)](https://github.com/WebFuzzing/EvoMaster/releases)
 
 
+
 ### Summary
 
+[//]: # (<div style="float: left; margin-right: 15px; margin-bottom: 10px;">)
+<img align="left" src="docs/img/em_mascot.png" alt="AI-generated mascot, with Bing" width="100" />
+
+[//]: # (</div>)
+
 _EvoMaster_ ([www.evomaster.org](http://evomaster.org)) is the first (2016) open-source AI-driven tool
 that automatically *generates* system-level test cases
 for web/enterprise applications.

core-parent/pom.xml

@@ -72,6 +72,14 @@
                 <artifactId>overlay-jvm</artifactId>
                 <version>0.2.0</version>
             </dependency>
+
+
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-csv</artifactId>
+                <version>1.14.1</version>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 </project>

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/base/FailModificationApplication.kt

@@ -0,0 +1,148 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.base
+
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PatchMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+@RequestMapping(path = ["/api/resources"])
+@RestController
+open class FailModificationApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(FailModificationApplication::class.java, *args)
+        }
+
+        private val data = mutableMapOf<Int, ResourceData>()
+        private val dataAlreadyExists = mutableMapOf<Int, ResourceData>()
+
+        fun reset(){
+            data.clear()
+            dataAlreadyExists.clear()
+            dataAlreadyExists[0] = ResourceData("existing", 42)
+        }
+    }
+
+    data class ResourceData(
+        var name: String,
+        var value: Int
+    )
+
+    data class UpdateRequest(
+        val name: String,
+        val value: Int
+    )
+
+
+    @PostMapping(path = ["/empty"])
+    open fun create(@RequestBody body: ResourceData): ResponseEntity<ResourceData> {
+        val id = data.size + 1
+        data[id] = body.copy()
+        return ResponseEntity.status(201).body(data[id])
+    }
+
+    @GetMapping(path = ["/empty/{id}"])
+    open fun get(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PutMapping(path = ["/empty/{id}"])
+    open fun put(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // bug: modifies data even though it will return 4xx
+        if(body.name != null) {
+            resource.name = body.name
+        }
+        if(body.value != null) {
+            resource.value = body.value
+        }
+
+        // returns 400 Bad Request, but the data was already modified above
+        return ResponseEntity.status(400).body("Invalid request")
+    }
+
+    @PatchMapping(path = ["/empty/{id}"])
+    open fun patch(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // correct: validation first, reject without modifying
+        if(body.name == null && body.value == null) {
+            return ResponseEntity.status(400).body("No fields to update")
+        }
+
+        // correct: does NOT modify data, just returns 4xx
+        return ResponseEntity.status(403).body("Forbidden")
+    }
+
+    // pre-populated resource to test that it is not modified by failed PUT
+
+    @PostMapping(path = ["/notempty"])
+    open fun createnotempty(@RequestBody body: ResourceData): ResponseEntity<ResourceData> {
+        val id = dataAlreadyExists.size + 1
+        dataAlreadyExists[id] = body.copy()
+        return ResponseEntity.status(201).body(dataAlreadyExists[id])
+    }
+
+    @GetMapping(path = ["/notempty/{id}"])
+    open fun getnotempty(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PutMapping(path = ["/notempty/{id}"])
+    open fun putnotempty(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        resource.name = body.name
+        resource.value = body.value
+
+        // returns 400 Bad Request, but the data was already modified above
+        return ResponseEntity.status(400).body("Invalid request")
+    }
+
+    @PatchMapping(path = ["/notempty/{id}"])
+    open fun patchnotempty(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // correct: validation first, reject without modifying
+        return ResponseEntity.status(400).body("No fields to update")
+
+        // correct: does NOT modify data, just returns 4xx
+        return ResponseEntity.status(403).body("Forbidden")
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/forbidden/FailModificationForbiddenApplication.kt

@@ -0,0 +1,78 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.forbidden
+
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+@RequestMapping("/api/resources")
+@RestController
+open class FailModificationForbiddenApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(FailModificationForbiddenApplication::class.java, *args)
+        }
+
+        val USERS = setOf("FOO", "BAR")
+
+        private val data = mutableMapOf<Int, ResourceData>()
+
+        fun reset() {
+            data.clear()
+        }
+    }
+
+    data class ResourceData(
+        val name: String,
+        var value: String
+    )
+
+    data class UpdateRequest(
+        val value: String
+    )
+
+    private fun isValidUser(auth: String?) = auth != null && USERS.contains(auth)
+
+    @PostMapping
+    open fun create(
+        @RequestHeader(value = "Authorization", required = false) auth: String?,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<ResourceData> {
+        if (!isValidUser(auth)) return ResponseEntity.status(401).build()
+        val id = data.size + 1
+        data[id] = ResourceData(name = auth!!, value = body.value)
+        return ResponseEntity.status(201).body(data[id])
+    }
+
+    @GetMapping("/{id}")
+    open fun get(
+        @RequestHeader(value = "Authorization", required = false) auth: String?,
+        @PathVariable("id") id: Int
+    ): ResponseEntity<ResourceData> {
+        if (!isValidUser(auth)) return ResponseEntity.status(401).build()
+        val resource = data[id] ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PatchMapping("/{id}")
+    open fun patch(
+        @RequestHeader(value = "Authorization", required = false) auth: String?,
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+        if (!isValidUser(auth)) return ResponseEntity.status(401).build()
+
+        val resource = data[id] ?: return ResponseEntity.status(404).build()
+
+        // BUG: side-effect before ownership check
+        resource.value = body.value
+
+        if (resource.name != auth) return ResponseEntity.status(403).build()
+        return ResponseEntity.status(200).build()
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/notfound/FailModificationNotFoundApplication.kt

@@ -0,0 +1,52 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.notfound
+
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+
+
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+@RequestMapping("/api/resources")
+@RestController
+open class FailModificationNotFoundApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(FailModificationNotFoundApplication::class.java, *args)
+        }
+
+        private val data = mutableMapOf<Int, ResourceData>()
+
+        fun reset() {
+            data.clear()
+        }
+    }
+
+    data class ResourceData(val name: String, val value: Int)
+
+    data class UpdateRequest(val name: String, val value: Int)
+
+
+    @GetMapping("/{id}")
+    open fun get(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = data[id] ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.ok(resource)
+    }
+
+    @PutMapping("/{id}")
+    open fun put(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+        if (!data.containsKey(id)) {
+            // BUG: stores the resource before returning 404
+            data[id] = ResourceData(body.name, body.value)
+            return ResponseEntity.status(404).build()
+        }
+        data[id] = ResourceData(body.name, body.value)
+        return ResponseEntity.ok().build()
+    }
+}