Comments (6)
Since you run locally, we just fake a keyvault. After running raft_local.py local init
command you will have some folders created, and one of them is secrets
Create a file named authtemplateapi
with no extension (in screenshot RaftServicePrincipal
file stores MSAL credentials for running raft on raft samples), and place your authentication data in there.
from rest-api-fuzz-testing.
Hi stishkin!
That is exactly what i did, does the format for the auth file look ok? (exept my masked values)
{
"client": "xxxx",
"tenant": "xxxx",
"secret": "xxxx",
"scopes": ["xxxx/.default"],
"authorityUri" : "https://localhost",
"audience" : "xxxx"
}
/Jonas
from rest-api-fuzz-testing.
Hi @Ncedia
I think I see what the issue is. In you job config:
"authenticationMethod": {
"MSAL": "authtemplateapi"
},
you also need to include what secrets you import. So your job config should have keyVaultSecrets
section. This is the same behavior across local job deployments or Azure job deployments.
"keyVaultSecrets": [ "authtemplateapi" ],
"authenticationMethod": {
"MSAL": "authtemplateapi"
},
from rest-api-fuzz-testing.
Yes, I had missed to add the "keyVaultSecrets" attribute :-), and now the script is passing the auth configuration as an environment variable to the container. But something gets wrong with the docker command as soon as I add the "keyVaultSecrets" attribute:
"toolName": "RESTler",
"outputFolder": "restler-logs",
"keyVaultSecrets": ["authtemplateapi"],
"authenticationMethod": {
"MSAL": "authtemplateapi"
},
C:\Fuzzing\rest-api-fuzz-testing\cli>python raft_local.py job create --file templateapi.json
{'testTasks': {'targetConfiguration': {'apiSpecifications': ['https://xxxx/swagger/v1/swagger.json'], 'endpoint': 'https://xxxx'}, 'tasks': [{'toolName': 'RESTler', 'outputFolder': 'restler-logs', 'keyVaultSecrets': ['authtemplateapi'], 'authenticationMethod': {'MSAL': 'authtemplateapi'}, 'toolConfiguration': {'tasks': [{'task': 'compile'}, {'task': 'Fuzz', 'runConfiguration': {'Duration': '00:10:00'}}]}}, {'toolName': 'ZAP', 'outputFolder': 'zap-logs'}]}}
creating job a5680a87-84b1-4593-bf11-029744659458
------------------------ Job results: C:\Fuzzing\rest-api-fuzz-testing\cli\local\storage\a5680a87-84b1-4593-bf11-029744659458
v4.latest: Pulling from restapifuzztesting/agent-utilities
Digest: sha256:83eed4832d9904f65b4f5620c96f2f906118cb3af4c08b88bc9622d3b091bfc5
Status: Image is up to date for mcr.microsoft.com/restapifuzztesting/agent-utilities:v4.latest
mcr.microsoft.com/restapifuzztesting/agent-utilities:v4.latest
Running docker with command : run -d -t --no-healthcheck --privileged --user="root" --name raft-agent-utilities-a5680a87-84b1-4593-bf11-029744659458 --network host --mount type=bind,source="C:\Fuzzing\rest-api-fuzz-testing\cli\raft-tools",target="/raft-tools",readonly --mount type=bind,source="C:\Fuzzing\rest-api-fuzz-testing\cli\local\events_sink\a5680a87-84b1-4593-bf11-029744659458",target="/raft-events-sink" --env ASPNETCORE_URLS="http://:8085" --env RAFT_authtemplateapi="{
"client": "xxxx",
"tenant": "xxxx",
"secret": "xxxx",
"audience" : "xxxx"
}" mcr.microsoft.com/restapifuzztesting/agent-utilities:v4.latest
Job finished, cleaning up job containers
------------------------ Job results: C:\Fuzzing\rest-api-fuzz-testing\cli\local\storage\a5680a87-84b1-4593-bf11-029744659458
Traceback (most recent call last):
File "C:\Fuzzing\rest-api-fuzz-testing\cli\raft_local.py", line 830, in
run(vars(args))
File "C:\Fuzzing\rest-api-fuzz-testing\cli\raft_local.py", line 755, in run
cli.new_job(job_config, args.get('jobStatusWebhookUrl'), args.get('bugFoundWebhookUrl'))
File "C:\Fuzzing\rest-api-fuzz-testing\cli\raft_local.py", line 644, in new_job
agent_utils, agent_utils_endpoint, agent_utils_port = self.start_agent_utils(bridge_name, job_id,
File "C:\Fuzzing\rest-api-fuzz-testing\cli\raft_local.py", line 284, in start_agent_utils
out = docker(cmd)
File "C:\Fuzzing\rest-api-fuzz-testing\cli\raft_local.py", line 51, in docker
raise RaftLocalCliDockerException(stderr, args)
main.RaftLocalCliDockerException: args: run -d -t --no-healthcheck --privileged --user="root" --name raft-agent-utilities-a5680a87-84b1-4593-bf11-029744659458 --network host --mount type=bind,source="C:\Fuzzing\rest-api-fuzz-testing\cli\raft-tools",target="/raft-tools",readonly --mount type=bind,source="C:\Fuzzing\rest-api-fuzz-testing\cli\local\events_sink\a5680a87-84b1-4593-bf11-029744659458",target="/raft-events-sink" --env ASPNETCORE_URLS="http://:8085" --env RAFT_authtemplateapi="{
"client": "xxxx",
"tenant": "xxxx",
"secret": "xxxx",
"audience" : "xxxx"
}" mcr.microsoft.com/restapifuzztesting/agent-utilities:v4.latest
std error: "docker run" requires at least 1 argument.
See 'docker run --help'.
/Jonas
from rest-api-fuzz-testing.
I don't know what is the reason - but your docker command is missing a script as a last parameter to the docker run
command. That script is called task-run.sh
and it is generated in the work folder for your run.
Are you using latest version of RAFT CLI ?
py .\raft_local.py --help
usage: raft_local.py [-h] {local,job} ...
RAFT-Local CLI 4.1
positional arguments:
{local,job}
optional arguments:
-h, --help show this help message and exit
Were there any manual modifications were done to raft_local.py ?
I see your environment variable that is used for authentication does not have any escape character around quotes (which supposed to be added automatically by raft_local.py script) see:
def env_variable(self, name, value):
function
from rest-api-fuzz-testing.
@Ncedia - hi, we figured out what's the issue is.
Can you make a one-liner out of your value in the secret file ? So the json blob has no new lines.
That will solve the issue.
from rest-api-fuzz-testing.
Related Issues (20)
- Schemathesis ModuleNotFoundError: No module named 'six' HOT 1
- Schemathesis Unhandled authentication configuration {'TxtToken'} HOT 1
- RESTler engine failed HOT 9
- Using Examples in RESTler HOT 6
- [v4] Token authentication error HOT 6
- Add option to disable certificate validation HOT 1
- RESTler sample using examples HOT 1
- Error copying examples to workdir HOT 4
- AWS deployment HOT 1
- RESTler token settings HOT 1
- Certificates import HOT 2
- Incorrect parameter name in error message.
- ZAP wrong endpoint URL HOT 5
- Authentication on API specification directory HOT 2
- Deployment fails with "list index out of range" error HOT 1
- Add CLI version check with server
- Deployment Fails with "Invalid start byte" error HOT 8
- Support of certificate based authentication in RAFT for Restler HOT 2
- examples files HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rest-api-fuzz-testing.