WebFuzzing/EvoMaster

Auth problem in black-box testing

painsAgains opened this issue · 2 comments

painsAgains commented

If there are stacktraces of the errors, please paste them here.
When I use--header0 option, I got some problem

java.lang.reflect.InvocationTargetException: invokedynamic: method=public void org.evomaster.core.problem.rest.service.AbstractRestSampler.initialize(), target=org.evomaster.core.problem.rest.service.RestSampler@1e6308a9
        at com.netflix.governator.lifecycle.LifecycleMethods.methodInvoke(LifecycleMethods.java:316)
        at com.netflix.governator.lifecycle.LifecycleMethods.methodInvoke(LifecycleMethods.java:298)
        at com.netflix.governator.lifecycle.LifecycleManager.startInstance(LifecycleManager.java:266)
        at com.netflix.governator.lifecycle.LifecycleManager.add(LifecycleManager.java:175)
        at com.netflix.governator.guice.InternalLifecycleModule.onProvision(InternalLifecycleModule.java:81)
        at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:117)
        at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:66)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:93)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:296)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
        at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:60)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
        at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186)
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:113)
        at com.google.inject.internal.InjectorImpl.createChildInjector(InjectorImpl.java:239)
        at com.netflix.governator.guice.LifecycleInjector.createChildInjector(LifecycleInjector.java:331)
        at com.netflix.governator.guice.LifecycleInjector.createInjector(LifecycleInjector.java:411)
        at com.netflix.governator.guice.LifecycleInjector.createInjector(LifecycleInjector.java:352)
        at org.evomaster.core.Main$Companion.init(Main.kt:284)
        at org.evomaster.core.Main$Companion.initAndRun(Main.kt:138)
        at org.evomaster.core.Main$Companion.main(Main.kt:71)
        at org.evomaster.core.Main.main(Main.kt)
Caused by: java.lang.StringIndexOutOfBoundsException: begin 0, end -1, length 0
        at java.base/java.lang.String.checkBoundsBeginEnd(String.java:3319)
        at java.base/java.lang.String.substring(String.java:1874)
        at org.evomaster.core.problem.httpws.service.HttpWsSampler.addAuthFromConfig(HttpWsSampler.kt:82)
        at org.evomaster.core.problem.rest.service.AbstractRestSampler.initForBlackBox(AbstractRestSampler.kt:165)
        at org.evomaster.core.problem.rest.service.AbstractRestSampler.initialize(AbstractRestSampler.kt:45)
        at com.netflix.governator.lifecycle.LifecycleMethods.methodInvoke(LifecycleMethods.java:313)
        ... 26 common frames omitted

but when I run EM without --header0 option,it can work properly
Other important info:

  • version of EvoMaster (EM) used
    1.3.0
  • how EM is run (eg, if from JAR or from one of its OS installers)
    JAR
  • version of applicable runtimes (eg, JVM, NodeJS and .Net). For Java, can paste the output of java --version
    openjdk 11.0.18 2023-01-17
    OpenJDK Runtime Environment (build 11.0.18+10-post-Ubuntu-0ubuntu120.04.1)
    OpenJDK 64-Bit Server VM (build 11.0.18+10-post-Ubuntu-0ubuntu120.04.1, mixed mode, sharing)
  • command-line options used to run EM
    java -jar evomaster.jar --blackBox true --bbSwaggerUrl xxx --outputFormat JAVA_JUNIT_4 --outputFolder gitlab --bbTargetUrl http://xxxi --maxTime 10m --header0 "Authorization: Bearer xxx"
arcuri82 commented

hi,

there were some bugs in the past, which have now been fixed. 1.3.0 is an old version. please check with latest 1.6.0

painsAgains commented

ok, I will try

  • 👍1