Conversation
| } | ||
|
|
||
| // otherwise compare entire bodies | ||
| return bodyBefore != bodyAfter |
There was a problem hiding this comment.
i think we should return a false here, as otherwise too prone to false positives due to non-deterministic fields
| /** | ||
| * Compare only the fields that were sent in the PUT/PATCH request. | ||
| * Returns true if any of those fields changed between before and after GET responses. | ||
| */ |
There was a problem hiding this comment.
add comment stating this only works where the payload is a JSON object matching the resource structure. it will not work for cases like JSON Patch RFC6902
| internal fun hasChangedModifiedFields( | ||
| bodyBefore: String, | ||
| bodyAfter: String, | ||
| fieldNames: Set<String> |
There was a problem hiding this comment.
to avoid flakiness, i think we should pass as well the bodyModify, and do check on that
|
|
||
| if(!jsonBefore.isJsonObject || !jsonAfter.isJsonObject){ | ||
| // not JSON objects, fallback to full comparison | ||
| return bodyBefore != bodyAfter |
There was a problem hiding this comment.
return false. see previous explanations
| val valueAfter = objAfter.get(field) | ||
|
|
||
| if(valueBefore != valueAfter){ | ||
| return true |
There was a problem hiding this comment.
besides being different from valueBefore, we should make sure that valueAfter is equal to valueModify
There was a problem hiding this comment.
hmmmm, maybe this is too broad. should narrow down. the modification might be just partial. eg, the PUT/PATCH might change 2 fields, and only 1 is applied before failure. or it is a JSON Merge Patch, and only a subset of fields is present. so, valueModify == valueAfter is incorrect. we should check, field by filed, if what is different between valueBefore and valueAfter is equal in valueModify. For example, for each field x, if valueBefore.x != valueAfter.x then we need to make sure valueAfter.x = valueModify.x
There was a problem hiding this comment.
also, add comment that this would be done to deal with possible flakiness issues
| return false | ||
| } catch (e: Exception) { | ||
| // JSON parsing failed, fallback to full comparison | ||
| return bodyBefore != bodyAfter |
|
|
||
| /** | ||
| * Checking bugs like: | ||
| * POST|PUT /X 2xx (create resource) |
There was a problem hiding this comment.
this first call is not strictly necessary. resources could be already existing or created with database insertions
| * | ||
| * If a PUT/PATCH fails with 4xx, it should have no side-effects. | ||
| * A GET before and after should return the same resource state. | ||
| */ |
There was a problem hiding this comment.
add to comment that we need to take into account the non-determinism of the fields, eg like timestamps and UUIDs
| return@forEach | ||
| } | ||
|
|
||
| // among those, find one that also has a successful creation step |
There was a problem hiding this comment.
thanks. after reading this code i realized there are quite a few edge cases we need to handle. code here needs to be changed. i update the algorithm description in notes.txt
| private fun extractRequestBody(modify: RestCallAction): String? { | ||
| val bodyParam = modify.parameters.find { it is BodyParam } as BodyParam? | ||
| ?: return null | ||
| return bodyParam.getValueAsPrintableString(mode = GeneUtils.EscapeMode.JSON) |
There was a problem hiding this comment.
why JSON? is the code here making the assumption that only JSON is involved? in EvoMaster we technically support other formats as well, like url-encoded and XML. unless there are some issues in checking them, we should support them as well. if not, need to clarify here and put checks on JSON. in BodyParam, recall the presence of contentTypeGene
There was a problem hiding this comment.
Now, we support XML and URL-encoded, too.
| if(!StatusGroup.G_4xx.isInGroup(resModify.getStatusCode())) { | ||
| return false | ||
| } | ||
|
|
There was a problem hiding this comment.
if we are only dealing with JSON, add a check here, and leave a TODO comment for other formats
| ): Boolean { | ||
|
|
||
| try { | ||
| val jsonBefore = JsonParser.parseString(bodyBefore) |
There was a problem hiding this comment.
we shall not use GSON any more in EvoMaster, it has way too many problems. should rather use Jackson, eg see use and comments in JSON_FORMATTER
There was a problem hiding this comment.
I used OutputFormatter for this. And also added XML support and a new function named readFields. I can read a property with that function.
| } | ||
|
|
||
| if(!config.isEnabledFaultCategory(ExperimentalFaultCategory.HTTP_SIDE_EFFECTS_FAILED_MODIFICATION)) { | ||
| LoggingUtil.uniqueUserInfo("Skipping experimental security test for repeated PUT after CREATE, as it has been disabled via configuration") |
There was a problem hiding this comment.
are these loggins really necessary? wouldn't this always be printed until this oracle is promoted from experimental?
| val valueAfter = objAfter.get(field) | ||
|
|
||
| if(valueBefore != valueAfter){ | ||
| return true |
There was a problem hiding this comment.
hmmmm, maybe this is too broad. should narrow down. the modification might be just partial. eg, the PUT/PATCH might change 2 fields, and only 1 is applied before failure. or it is a JSON Merge Patch, and only a subset of fields is present. so, valueModify == valueAfter is incorrect. we should check, field by filed, if what is different between valueBefore and valueAfter is equal in valueModify. For example, for each field x, if valueBefore.x != valueAfter.x then we need to make sure valueAfter.x = valueModify.x
| val getDef = actionDefinitions.find { it.verb == HttpVerb.GET && it.path.isEquivalent(path) } | ||
| ?: return | ||
|
|
||
| // T: smallest clean individual ending with GET 2xx (no prior PUT/PATCH on same path) |
There was a problem hiding this comment.
any specific reason to enforce no prior? for example, what if:
- PUT /data/42 -> 201 (created)
- GET /data/42 -> 200
- PATCH /data/42 -> 4xx (failed with partial modifications)
would we still be able to handle to find those cases?
| val valueAfter = objAfter.get(field) | ||
|
|
||
| if(valueBefore != valueAfter){ | ||
| return true |
There was a problem hiding this comment.
also, add comment that this would be done to deal with possible flakiness issues
| * PUT|PATCH /path [k] | ||
| * GET /path (same auth) | ||
| */ | ||
| private fun addGetAroundFailedModification( |
There was a problem hiding this comment.
i don't understand this function... what is it for? was it for: otherwise: normal case (eg 400 and 409). find a 4xx PUT/PATCH action, copy it, and add it after the GET with same auth? if so, it is not doing this
There was a problem hiding this comment.
you are right. I updated the algorithm and split it into two pieces: 404 cases and others.
|
|
||
| runTestHandlingFlakyAndCompilation( | ||
| "FailedModificationEM", | ||
| 2000 |
There was a problem hiding this comment.
do you really need so many iterations for this kind of E2E test?
|
|
||
| runTestHandlingFlakyAndCompilation( | ||
| "FailedModificationForbiddenEM", | ||
| 3000 |
There was a problem hiding this comment.
I updated all of them with the minimum number of iterations they required.
2 participants
No description provided.