Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: [Fix] Truncate large payload data in the findings of the API Scan #7

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

WIP: [Fix] Truncate large payload data in the findings of the API Scan #7

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions syntribos/tests/fuzz/base_fuzz.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,48 @@ def extend_class(cls, new_name, fuzz_string, param_path, kwargs):
new_cls.param_path = param_path
return new_cls

def sanitize_value(self, value):
if len(value) > 500:
value = (
f"{value[:250]}...({len(value)} chars)...{value[-250:]}"
)
return value

def sanitize_list_values(self, _list):
for i in range(len(_list)):
if isinstance(_list[i], dict):
_list[i] = self.sanitize_dict_values(_list[i])
elif isinstance(_list[i], list):
_list[i] = self.sanitize_list_values(_list[i])
else:
_list[i] = self.sanitize_value(_list[i])
return _list

def sanitize_dict_values(self, _dict):
if not isinstance(_dict, dict):
return _dict
for key, value in _dict.items():
if isinstance(value, dict):
_dict[key] = self.sanitize_dict_values(value)
elif isinstance(value, list):
_dict[key] = self.sanitize_list_values(value)
else:
_dict[key] = self.sanitize_value(value)
return _dict

def santize_payload_request(self):
if self.test_req is None:
return
self.sanitize_dict_values(self.test_req.headers)
self.sanitize_dict_values(self.test_req.params)
if self.test_req.data is not None:
if isinstance(self.test_req.data, dict):
self.sanitize_dict_values(self.test_req.data)
elif isinstance(self.test_req.data, list):
self.sanitize_list_values(self.test_req.data)
else:
self.test_req.data = self.sanitize_value(self.test_req.data)

def register_issue(self, defect_type, severity, confidence, description, failed_strings=None):
"""Adds an issue to the test's list of issues

Expand All @@ -194,6 +236,7 @@ def register_issue(self, defect_type, severity, confidence, description, failed_
confidence=confidence,
description=description)

self.santize_payload_request()
issue.request = self.test_req
issue.response = self.test_resp
issue.template_path = self.template_path
Expand Down