Skip to content

sqli test case generator #1407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
omursahin wants to merge 6 commits into
base: master
Choose a base branch
from
Open

sqli test case generator #1407

omursahin wants to merge 6 commits into from

Conversation

@omursahin
Copy link
Collaborator

@omursahin omursahin commented Dec 18, 2025 

    /**
    * Calls:
    * 1 - (200) POST:/api/sqli/body/vulnerable
    * 2 - (200) POST:/api/sqli/body/vulnerable
    * Found 1 potential fault of type-code 200
    */
    @Test @Timeout(60)
    fun test_3_postOnVulnerableVulnerableToSQLInjection()  {
        
        
        // res_0_ms stores the start time in milliseconds
        val res_0_ms = System.currentTimeMillis()
        
        given().accept("*/*")
                .header("x-EMextraHeader123", "")
                .contentType("application/json")
                .body(" { " + 
                    " \"password\": \"_EM_107_XYZ_\", " + 
                    " \"username\": \"_EM_108_XYZ_\" " + 
                    " } ")
                .post("${baseUrlOfSut}/api/sqli/body/vulnerable?EMextraParam123=_EM_109_XYZ_")
                .then()
                .statusCode(200)
                .assertThat()
                .contentType("text/plain")
                .body(containsString("MATCHED: 0"))
        
        // res_2_ms stores the total execution time in milliseconds
        val res_2_ms = System.currentTimeMillis() - res_0_ms
        
        // Note: No SQL Injection vulnerability detected in this call. Expected response time (sqliBaselineMaxResponseTimeMs) should be less than 2000 ms.
        assertTrue(res_2_ms < 2000);
        
        
        // res_3_ms stores the start time in milliseconds
        val res_3_ms = System.currentTimeMillis()
        
        // Fault200. SQL Injection (SQLi). null.
        given().accept("*/*")
                .header("x-EMextraHeader123", "")
                .contentType("application/json")
                .body(" { " + 
                    " \"password\": \"_EM_2_XYZ_\u0027 OR (select pg_sleep(5.50)) IS NULL-- -\", " + 
                    " \"username\": \"_EM_3_XYZ_\u0027 OR (select pg_sleep(5.50)) IS NULL-- -\" " + 
                    " } ")
                .post("${baseUrlOfSut}/api/sqli/body/vulnerable?EMextraParam123=_EM_4_XYZ_%27+OR+%28select+pg_sleep%285.50%29%29+IS+NULL--+-")
                .then()
                .statusCode(200)
                .assertThat()
                .contentType("text/plain")
                .body(containsString("MATCHED: 0"))
        
        // res_5_ms stores the total execution time in milliseconds
        val res_5_ms = System.currentTimeMillis() - res_3_ms
        
        // Note: SQL Injection vulnerability detected in this call. Expected response time (sqliInjectedSleepDurationMs) should be greater than 5500 ms.
        assertTrue(res_5_ms > 5500);
    }

@omursahin omursahin requested a review from arcuri82 December 18, 2025 11:17
arcuri82
arcuri82 requested changes Dec 19, 2025
View reviewed changes
core/src/main/kotlin/org/evomaster/core/output/service/GraphQLTestCaseWriter.kt
if (ind.individual is GraphQLIndividual) {
ind.evaluatedMainActions().forEachIndexed { index, a ->
handleSingleCall(a, index, ind.fitness, lines, testCaseName, testSuitePath, baseUrlOfSut)
handleSingleCall(a, index, ind.fitness, lines, testCaseName, testSuitePath, baseUrlOfSut, false)
Copy link
Collaborator

@arcuri82 arcuri82 Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need 1 E2E under core-tests/e2e-tests/spring/spring-rest-bb to make sure the generation of tests works fine for all test output formats

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arcuri82 arcuri82 arcuri82 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@omursahin @arcuri82