RestFuzz - an API tester
December 8, 2015 · View on GitHub
Features
- Support REST json based API
- Requires a description of methods inputs/outputs
- Randomly generate inputs
- Outputs/inputs of type resources are collected and reused
- Health monitoring extract traceback from logs
Usage example
This unit test output shows example of randomly generated api call. A fake API is used, no actual request is performed::
$ python restfuzz/tests/test_fuzzer.py
A demo server and description is also included::
restfuzz --api demo/demo.yaml
A typical fuzzing session goes like this:
restfuzz --api ./api/network.yaml --health ./tools/health_localhost.py --db ./neutron_ ./tools/read_dump.py --stats ./neutron_*
Based on the method that always failed, or weird return code
$ ./tools/read_dump.py --name faulty_method ./samples/neutron_*
Returns all the call from this method
Looks for inconsistent cloud behavior using another account and then
$ ./tools/read_dump.py ./samples/* | grep "bad_uuid"