Merge pull request #1382 from WebFuzzing/ssrf-test-assertions

Utility function for SSRF Assertions in test writers

Author: arcuri82

core/src/main/kotlin/org/evomaster/core/output/service/HttpWsTestCaseWriter.kt

@@ -827,7 +827,7 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
             lines.indented {
                 lines.add("get(\"${verifier.stub}\")")
                 lines.indented {
-                    lines.add(".withMetadata(Metadata.metadata().attr(\"ssrf\", \"${action.getName()}\"))")
+                    lines.add(".withMetadata(Metadata.metadata().attr(SSRF_METADATA_TAG, \"${action.getName()}\"))")
                     lines.add(".atPriority(1)")
                     lines.add(".willReturn(")
                     lines.indented {
@@ -857,21 +857,14 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
     }
 
     private fun handleCallbackVerifierRequests(lines: Lines, action: Action, verifier: ActionStubMapping, assertTrue: Boolean) {
+        val verifierHasReceivedRequestsCheck = "verifierHasReceivedRequests(${verifier.getVerifierName()}, \"${action.getName()}\")"
         if (assertTrue) {
             lines.addSingleCommentLine("Verifying that the request is successfully made to HttpCallbackVerifier after test execution.")
-            lines.add("assertTrue(${verifier.getVerifierName()}")
+            lines.addStatement("assertTrue($verifierHasReceivedRequestsCheck)")
         } else {
             lines.addSingleCommentLine("Verifying that there are no requests made to HttpCallbackVerifier before test execution.")
-            lines.add("assertFalse(${verifier.getVerifierName()}")
+            lines.addStatement("assertFalse($verifierHasReceivedRequestsCheck)")
         }
-        lines.indented {
-            if (format.isKotlin()) {
-                lines.add(".allServeEvents")
-                lines.add(".filter { it.wasMatched && it.stubMapping.metadata != null }")
-                lines.add(".any { it.stubMapping.metadata.getString(\"ssrf\") == \"${action.getName()}\" }")
-            }
-        }
-        lines.add(")")
     }
 
 }

core/src/main/kotlin/org/evomaster/core/output/service/TestSuiteWriter.kt

@@ -643,6 +643,7 @@ class TestSuiteWriter {
             if (config.ssrf && solution.hasSsrfFaults()) {
                 httpCallbackVerifier.getActionVerifierMappings().forEach { v ->
                     addStatement("private static WireMockServer ${v.getVerifierName()}", lines)
+                    addStatement("private static final String SSRF_METADATA_TAG = \"SSRF\"", lines)
                 }
             }
 
@@ -674,7 +675,9 @@ class TestSuiteWriter {
             if (config.ssrf && solution.hasSsrfFaults()) {
                 httpCallbackVerifier.getActionVerifierMappings().forEach { v ->
                     addStatement("private lateinit var ${v.getVerifierName()}: WireMockServer", lines)
+                    addStatement("private const val SSRF_METADATA_TAG: String = \"SSRF\" ", lines)
                 }
+                assertionUtilFunctionForSSRF(lines, config.outputFormat)
             }
 
             if(config.problemType == EMConfig.ProblemType.WEBFRONTEND){
@@ -1036,6 +1039,10 @@ class TestSuiteWriter {
 
         initTestMethod(solution, lines, testSuiteFileName)
         lines.addEmpty(2)
+
+        if (config.ssrf && solution.hasSsrfFaults() && config.outputFormat.isJavaOrKotlin()) {
+            assertionUtilFunctionForSSRF(lines, config.outputFormat)
+        }
     }
 
 
@@ -1144,4 +1151,37 @@ class TestSuiteWriter {
             .toList()
     }
 
+    private fun assertionUtilFunctionForSSRF(lines: Lines, format: OutputFormat) {
+        lines.addEmpty(1)
+
+        val methodComment = "Method to verify whether the HttpCallbackVerifier has received any requests."
+        when {
+            format.isKotlin() -> {
+                lines.addSingleCommentLine(methodComment)
+                lines.add("fun verifierHasReceivedRequests(verifier: WireMockServer, actionName: String) : Boolean")
+            }
+            format.isJava() -> {
+                lines.startCommentBlock()
+                lines.addBlockCommentLine(methodComment)
+                lines.endCommentBlock()
+                lines.add("public static boolean verifierHasReceivedRequests(WireMockServer verifier, String actionName)")
+            }
+        }
+        lines.block {
+            lines.add("return verifier")
+            lines.indented {
+                if (format.isKotlin()) {
+                    lines.add(".allServeEvents")
+                    lines.add(".filter { it.wasMatched && it.stubMapping.metadata != null }")
+                    lines.add(".any { it.stubMapping.metadata.getString(SSRF_METADATA_TAG) == actionName }")
+                }
+                if (format.isJava()) {
+                    lines.add(".getAllServeEvents()")
+                    lines.add(".stream().filter( r -> r.getWasMatched() && r.getStubMapping().getMetadata() != null)")
+                    lines.add(".anyMatch( r -> r.getStubMapping().getMetadata().getString(SSRF_METADATA_TAG).equals(actionName));")
+                }
+            }
+        }
+    }
+
 }