Implemented, tested

2026-05-10 01:43:49 +02:00 · 2019-11-07 10:21:27 +01:00
parent 0adec73c08
commit 4f3a8e2542
5 changed files with 23 additions and 0 deletions
--- a/fuzzer/src/configuration_manager.py
+++ b/fuzzer/src/configuration_manager.py
@@ -38,6 +38,10 @@ class ConfigurationManager:
    def _get_payloads_to_json_primitives_mapping():
        return ConfigurationManager.config["payloads_to_json_primitives_mapping"] if "payloads_to_json_primitives_mapping" in ConfigurationManager.config else None

+    @staticmethod
+    def are_non_required_attributes_in_requests():
+        return ConfigurationManager.config["are_non_required_attributes_in_requests"] if "are_non_required_attributes_in_requests" in ConfigurationManager.config else True
+
    @staticmethod
    def get_receive_timeout():
        return ConfigurationManager.config["receive_timeout"]
--- a/fuzzer/src/request_build_helper.py
+++ b/fuzzer/src/request_build_helper.py
@@ -58,9 +58,12 @@ class RequestBuildHelper(object):

    @staticmethod
    def _generate_additional_query_parameters(uri_parameters, already_used_parameters, id_generator, fuzzable):
+        are_non_required_attributes_in_requests = ConfigurationManager.are_non_required_attributes_in_requests()
        for uri_parameter in uri_parameters:
            parameter_name = uri_parameter["Name"]
            if parameter_name not in already_used_parameters and uri_parameter["Location"] == "Query":
+                if uri_parameter["Required"] is False and are_non_required_attributes_in_requests is False:
+                    break
                prefix = "?" if "?" not in s_render().decode('ascii', 'ignore') else "&"
                name = "URI attribute, default value: " + parameter_name + ", id: " + next(id_generator)
                s_http_string(prefix + parameter_name + "=", fuzzable=False, encoding=EncodingTypes.ascii, name=name)
--- a/fuzzer/src/unit_tests/request_build_helper_tests.py
+++ b/fuzzer/src/unit_tests/request_build_helper_tests.py
@@ -68,6 +68,20 @@ class RequestBuilderHelperTests(unittest.TestCase):
        uri = s_render().decode('utf8', 'ignore')
        self.assertEqual('/api/endpoint?id=1&attr=2', uri)

+    def test_generate_uri_single_non_required_query_parameter_is_not_in_uri(self):
+        ConfigurationManager.config = {
+            "are_non_required_attributes_in_requests": False
+        }
+
+        uri_parameters = [
+            {'Name': 'id', 'Required': False, 'ExampleValue': '1', 'Type': 'string', 'Format': None, 'Location': 'Query'},
+        ]
+
+        RequestBuildHelper.generate_uri('/api/endpoint', uri_parameters)
+
+        uri = s_render().decode('utf8', 'ignore')
+        self.assertEqual('/api/endpoint', uri)
+
    def test_generate_uri_combined_parameters(self):
        ConfigurationManager.config = {
            "fixed_url_attributes": {