Merge pull request #1285 from WebFuzzing/externalEndpointURL

enable to override externalEndpointURL

Author: arcuri82

core/src/main/kotlin/org/evomaster/core/EMConfig.kt

@@ -2553,6 +2553,15 @@ class EMConfig {
             "Only available for JVM languages")
     var dtoForRequestPayload = false
 
+    @Cfg("Override the value of externalEndpointURL in auth configurations." +
+            " This is useful when the auth server is running locally on an ephemeral port, or when several instances" +
+            " are run in parallel, to avoid creating/modifying auth configuration files." +
+            " If what provided is a URL starting with 'http', then full replacement will occur." +
+            " Otherwise, the input will be treated as a 'hostname:port', and only that info will be updated (e.g.," +
+            " path element of the URL will not change).")
+    var overrideAuthExternalEndpointURL : String? = null
+
+
     fun getProbabilityUseDataPool() : Double{
         return if(blackBox){
             bbProbabilityUseDataPool

core/src/main/kotlin/org/evomaster/core/output/auth/TokenWriter.kt

@@ -54,8 +54,7 @@ object TokenWriter {
             if(k.token!!.headerPrefix.isNotEmpty()) {
                 lines.append("\"${k.token!!.headerPrefix}\"")
             }else{
-                if (format.isJavaScript() || format.isPython())
-                    lines.append("\"\"")
+                lines.append("\"\"")
             }
 
             if (!format.isPython()) {
@@ -66,7 +65,6 @@ object TokenWriter {
                 }
             }
 
-
             when{
                 format.isJavaOrKotlin() -> lines.append("given()")
                 format.isJavaScript() -> {
@@ -97,9 +95,12 @@ object TokenWriter {
                 lines.indented { lines.add("error => {console.log(error.response.body); throw Error(\"Auth failed.\")});") }
             } else if (format.isPython()) {
                 lines.add("${tokenName(k)} = ${tokenName(k)} + ${responseName(k)}.json()$path")
-            }else
+            }else if (format.isJavaOrKotlin()) {
                 lines.add(".then().extract().response().path(\"$path\")")
-
+                if(format.isKotlin()) {
+                    lines.append("!!")
+                }
+            }
             lines.appendSemicolon()
             lines.addEmpty()
 

core/src/main/kotlin/org/evomaster/core/problem/httpws/auth/EndpointCallLogin.kt

@@ -2,7 +2,9 @@ package org.evomaster.core.problem.httpws.auth
 
 import com.webfuzzing.commons.auth.LoginEndpoint
 import com.webfuzzing.commons.auth.PayloadUsernamePassword
+import org.apache.http.client.utils.URIBuilder
 import org.evomaster.core.Lazy
+import org.evomaster.core.config.ConfigProblemException
 import org.evomaster.core.problem.rest.data.ContentType
 import org.evomaster.core.problem.rest.data.HttpVerb
 import java.net.MalformedURLException
@@ -79,10 +81,43 @@ class EndpointCallLogin(
     }
 
     companion object {
-        fun fromDto(name: String, dto: LoginEndpoint) = EndpointCallLogin(
+        fun fromDto(name: String, dto: LoginEndpoint, externalEndpointURL: String? = null) = EndpointCallLogin(
             name = name,
             endpoint = dto.endpoint,
-            externalEndpointURL = dto.externalEndpointURL,
+            externalEndpointURL = if(externalEndpointURL != null){
+                if(externalEndpointURL.startsWith("http")){
+                    externalEndpointURL
+                } else if(dto.externalEndpointURL == null){
+                    /*
+                        if we are doing a partial replacement with hostname:port, but there is no
+                        origin URL, then there is nothing to do.
+                     */
+                    null
+                } else {
+                    val tokens = externalEndpointURL.split(":")
+                    if(tokens.size != 2){
+                        throw ConfigProblemException("Invalid hostname:port pair -> $externalEndpointURL")
+                    }
+                    val hostname = tokens[0]
+                    val port = try{
+                        tokens[1].toInt()
+                    } catch (e: NumberFormatException){
+                        throw ConfigProblemException("Invalid port number in hostname:port pair " +
+                                "-> $externalEndpointURL -> ${e.message}")
+                    }
+
+                    val builder = try{
+                        URIBuilder(dto.externalEndpointURL)
+                    } catch (e: MalformedURLException){
+                        throw ConfigProblemException("Invalid dto.externalEndpointURL -> ${e.message}")
+                    }
+                    builder.setHost(hostname)
+                    builder.setPort(port)
+                    builder.build().toString()
+                }
+            } else {
+                dto.externalEndpointURL
+            },
             payload = dto.payloadRaw ?:
                 dto.payloadUserPwd?.let { computePayload(it, ContentType.from(dto.contentType)) },
             headers = dto.headers?.map { AuthenticationHeader(it.name, it.value) } ?: emptyList(),

core/src/main/kotlin/org/evomaster/core/problem/httpws/auth/HttpWsAuthenticationInfo.kt

@@ -37,7 +37,11 @@ open class HttpWsAuthenticationInfo(
 
     companion object{
 
-        fun fromDto(dto: AuthenticationDto) : HttpWsAuthenticationInfo{
+        /**
+         * @param dto the DTO to convert into internal representation
+         * @param externalEndpointURL optionally override the value for externalEndpointURL in the DTO
+         */
+        fun fromDto(dto: AuthenticationDto, externalEndpointURL: String? = null) : HttpWsAuthenticationInfo{
 
             if (dto.name == null || dto.name.isBlank()) {
                 throw IllegalArgumentException("Missing name in authentication info")
@@ -57,7 +61,7 @@ open class HttpWsAuthenticationInfo(
 
             val endpointCallLogin = if(dto.loginEndpointAuth != null){
                 try {
-                    EndpointCallLogin.fromDto(dto.name, dto.loginEndpointAuth)
+                    EndpointCallLogin.fromDto(dto.name, dto.loginEndpointAuth, externalEndpointURL)
                 } catch (e: Exception){
                     throw IllegalArgumentException("Issue when parsing auth info for '${dto.name}': ${e.message}")
                 }

core/src/main/kotlin/org/evomaster/core/problem/httpws/service/HttpWsSampler.kt

@@ -95,7 +95,7 @@ abstract class HttpWsSampler<T> : ApiWsSampler<T>() where T : Individual{
     private fun handleAuthInfo(i: AuthenticationDto) {
 
         val auth = try{
-            HttpWsAuthenticationInfo.fromDto(i)
+            HttpWsAuthenticationInfo.fromDto(i, config.overrideAuthExternalEndpointURL)
         }catch (e: Exception){
             throw SutProblemException("Failed to parse auth info: " + e.message!!)
         }

docs/options.md

@@ -165,6 +165,7 @@ There are 3 types of options:
 |`nameWithQueryParameters`| __Boolean__. Specify if true boolean query parameters are included in the test case name. Used for test case naming disambiguation. Only valid for Action based naming strategy. *Default value*: `true`.|
 |`namingStrategy`| __Enum__. Specify the naming strategy for test cases. *Valid values*: `NUMBERED, ACTION`. *Default value*: `ACTION`.|
 |`outputExecutedSQL`| __Enum__. Whether to output executed sql info. *DEBUG option*. *Valid values*: `NONE, ALL_AT_END, ONCE_EXECUTED`. *Default value*: `NONE`.|
+|`overrideAuthExternalEndpointURL`| __String__. Override the value of externalEndpointURL in auth configurations. This is useful when the auth server is running locally on an ephemeral port, or when several instances are run in parallel, to avoid creating/modifying auth configuration files. If what provided is a URL starting with 'http', then full replacement will occur. Otherwise, the input will be treated as a 'hostname:port', and only that info will be updated (e.g., path element of the URL will not change). *Default value*: `null`.|
 |`populationSize`| __Int__. Define the population size in the search algorithms that use populations (e.g., Genetic Algorithms, but not MIO). *Constraints*: `min=1.0`. *Default value*: `30`.|
 |`probOfApplySQLActionToCreateResources`| __Double__. Specify a probability to apply SQL actions for preparing resources for REST Action. *Constraints*: `probability 0.0-1.0`. *Default value*: `0.1`.|
 |`probOfArchiveMutation`| __Double__. Specify a probability to enable archive-based mutation. *Constraints*: `probability 0.0-1.0`. *Default value*: `0.5`.|

e2e-tests/spring-rest-bb/src/main/kotlin/com/foo/rest/examples/bb/externalauth/ExternalAuthApplication.kt

@@ -0,0 +1,53 @@
+package com.foo.rest.examples.bb.externalauth
+
+import org.evomaster.e2etests.utils.CoveredTargets
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.MediaType
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.*
+import javax.servlet.http.HttpServletResponse
+
+@RestController
+@RequestMapping(path = ["/api/externalauth"])
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+open class ExternalAuthApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(ExternalAuthApplication::class.java, *args)
+        }
+    }
+
+
+    @PostMapping(path = ["/login1"], consumes = [MediaType.APPLICATION_JSON_VALUE])
+    open fun login(@RequestBody login : LoginDto, response : HttpServletResponse) : ResponseEntity<Map<String, String>> {
+        if(login.username == "foo" && login.password == "123"){
+            return ResponseEntity.ok(mapOf("access_token" to "token1"))
+        }
+        return ResponseEntity.status(401).build()
+    }
+
+    @PostMapping(path = ["/login2"], consumes = [MediaType.APPLICATION_JSON_VALUE])
+    open fun login2(@RequestBody login : LoginDto, response : HttpServletResponse) : ResponseEntity<Map<String, String>> {
+        if(login.username == "foo" && login.password == "123"){
+            return ResponseEntity.ok(mapOf("access_token" to "token2"))
+        }
+        return ResponseEntity.status(401).build()
+    }
+
+    @GetMapping(path = ["/check"])
+    open fun check(@RequestHeader("Authorization") authorization: String?) : ResponseEntity<String> {
+
+        if(authorization.isNullOrEmpty()){
+            return ResponseEntity.status(401).build()
+        }
+        if(authorization == "token1" || authorization == "token2") {
+            CoveredTargets.cover("token1")
+            return ResponseEntity.ok(authorization)
+        }
+        return ResponseEntity.status(401).build()
+    }
+}

e2e-tests/spring-rest-bb/src/main/kotlin/com/foo/rest/examples/bb/externalauth/LoginDto.kt

@@ -0,0 +1,6 @@
+package com.foo.rest.examples.bb.externalauth
+
+class LoginDto(
+        var username: String? = null,
+        var password: String? = null
+)

e2e-tests/spring-rest-bb/src/test/kotlin/com/foo/rest/examples/bb/externalauth/ExternalAuthController.kt

@@ -0,0 +1,16 @@
+package com.foo.rest.examples.bb.externalauth
+
+import com.foo.rest.examples.bb.SpringController
+import org.evomaster.client.java.controller.problem.ProblemInfo
+import org.evomaster.client.java.controller.problem.RestProblem
+
+class ExternalAuthController : SpringController(ExternalAuthApplication::class.java) {
+
+    override fun getProblemInfo(): ProblemInfo {
+        return RestProblem(
+            "http://localhost:$sutPort/v3/api-docs",
+            listOf("/api/externalauth/login1","/api/externalauth/login2")
+        )
+    }
+
+}

e2e-tests/spring-rest-bb/src/test/kotlin/org/evomaster/e2etests/spring/rest/bb/externalauth/BBExternalAuthEMTest.kt

@@ -0,0 +1,48 @@
+package org.evomaster.e2etests.spring.rest.bb.externalauth
+
+import com.foo.rest.examples.bb.externalauth.ExternalAuthController
+import org.evomaster.core.output.OutputFormat
+import org.evomaster.core.problem.rest.data.HttpVerb
+import org.evomaster.e2etests.spring.rest.bb.SpringTestBase
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.BeforeAll
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.EnumSource
+
+class BBExternalAuthEMTest : SpringTestBase() {
+
+    companion object {
+        @BeforeAll
+        @JvmStatic
+        fun init() {
+            initClass(ExternalAuthController())
+        }
+    }
+
+    @ParameterizedTest
+    @EnumSource
+    fun testBlackBoxOutput(outputFormat: OutputFormat) {
+
+        executeAndEvaluateBBTest(
+            outputFormat,
+            "externalauth",
+            20,
+            3,
+            listOf("token1")
+        ){ args: MutableList<String> ->
+
+            setOption(args, "configPath", "src/test/resources/config/external_auth.yaml")
+            setOption(args, "endpointFocus", "/api/externalauth/check")
+            val uri = java.net.URI(baseUrlOfSut)
+            val port = uri.port
+
+            setOption(args, "overrideAuthExternalEndpointURL", "localhost:$port")
+
+            val solution = initAndRun(args)
+
+            assertTrue(solution.individuals.size >= 1)
+            assertHasAtLeastOne(solution, HttpVerb.GET, 200, "/api/externalauth/check", "token1")
+            assertNone(solution, HttpVerb.GET, 200, "/api/externalauth/check", "token2")
+        }
+    }
+}