-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can RestTestGen detect wrong status codes? #22
Comments
Hello! Often, specifications are incomplete, and, in most cases, they do not provide any output schema information or just the schema for the 200/201 responses. For this reason, we decided not to implement such a check because it would raise a lot of false positives. Nevertheless, I believe that such a check can be implemented in a subclass of Thanks! Davide |
Thank you for your quick reply. Okay, your explanation makes sense. To avoid a lot of false positives, I may be able to implement an option in my version to disable or enable this type of detection. |
Let me implement it for you. I'll be back in 5. |
Here is it! Please note:
Let me know if it works!
|
Mmm, that's strange! Could you share the OpenAPI specification you are using so I can check what's going on with a debugger? Thanks. |
Sure, here |
Hello! I've checked with the debugger and I can see that RTG ignores responses without a schema. In particular, in your specification you only define a status code and a description for responses, without defining a schema. To quickly fix this, I would suggest to add some kind of schemas (empty or fake) to your specification, while I fix the OpenAPI parser to take into account also responses without a defined schema. Hope this helps! Best, |
Ah okay, that sounds understandable. That helps me a lot, I will change my OAS. Thank you very much for your efforts! Best regards |
Thank you! In the next release, I plan to fix the parser to include responses with empty schemas, and I will include the so-called Davude |
I have some test API with endpoint GET
/testStatusCode
. In the OAS is defined, that this endpoint will return 200 or 400 status code. Instead, I implemented my API to always return 403. Other fuzzers can detect this difference between real status code and specified status code as bug. What about RestTestGen? Is this possible? Or is it already implemented and I just don't get the information out of the results?Thanks for your great work so far :)
The text was updated successfully, but these errors were encountered: