WaiChan8
diff --git a/‎usecases/web_api_testing/__init__.py‎
Lines changed: 2 additions & 2 deletions b/‎usecases/web_api_testing/__init__.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎usecases/web_api_testing/prompt_engineer.py‎
Lines changed: 12 additions & 24 deletions b/‎usecases/web_api_testing/prompt_engineer.py‎
Lines changed: 12 additions & 24 deletions
diff --git a/‎usecases/web_api_testing/simple_openapi_documentation.py‎
Lines changed: 139 additions & 0 deletions b/‎usecases/web_api_testing/simple_openapi_documentation.py‎
Lines changed: 139 additions & 0 deletions
diff --git a/‎usecases/web_api_testing/simple_web_testing.py‎ renamed to ‎usecases/web_api_testing/simple_web_api_testing.py‎
Lines changed: 36 additions & 25 deletions b/‎usecases/web_api_testing/simple_web_testing.py‎ renamed to ‎usecases/web_api_testing/simple_web_api_testing.py‎
Lines changed: 36 additions & 25 deletions
@@ -1,2 +1,2 @@
-from .simple_web_testing import SimpleWebAPITesting
-
+from .simple_web_api_testing import SimpleWebAPITesting
+from .simple_openapi_documentation import SimpleWebAPIDocumentation
@@ -1,19 +1,18 @@
-
+from openai.types.chat import ChatCompletionMessage
 
 from utils import openai
 
 class PromptEngineer(object):
     '''Prompt engineer that creates prompts of different types'''
 
-    def __init__(self, strategy, api_key, host, flag_format_description, history):
+    def __init__(self, strategy, api_key,  history):
         """
         Initializes the PromptEngineer with a specific strategy and API key.
 
         Args:
             strategy (PromptStrategy): The prompt engineering strategy to use.
             api_key (str): The API key for OpenAI.
-            host (str): The host for OpenAI API.
-            flag_format_description (str): Description format for flag.
+
             history (dict, optional): The history of chats. Defaults to None.
 
         Attributes:
@@ -32,8 +31,7 @@ def __init__(self, strategy, api_key, host, flag_format_description, history):
         openai.api_key = self.api_key
         self.round = 0
 
-        self.host = host
-        self.flag_format_description = flag_format_description
+
 
         # Initialize prompt history
         self._prompt_history = history
@@ -56,8 +54,10 @@ def generate_prompt(self):
         # Directly call the method using the strategy mapping
         prompt_func = self.strategies.get(self.strategy)
         if prompt_func:
-            prompt = prompt_func()
-            self._prompt_history[self.round]["content"] = prompt
+            print(f'prompt history:{self._prompt_history[self.round]}')
+            if not isinstance(self._prompt_history[self.round],ChatCompletionMessage ):
+                prompt = prompt_func()
+                self._prompt_history[self.round]["content"] = prompt
             self.round = self.round +1
             return self._prompt_history
             #self.get_response(prompt)
@@ -86,21 +86,6 @@ def get_response(self, prompt):
 
         return response_text
 
-    def generate_initial_prompt(self):
-        """
-        Generates the initial prompt history based on OpenAPI specification.
-
-        Returns:
-            None
-        """
-        self._prompt_history.append(
-            {
-                "role": "system",
-                "content": f"You are a senior penetration tester, having received a new project of testing a website at {self.host}."
-                           f"Your goal is first to explore the website, building up your knowledge about its parts and inner workings, and then try to plan and execute possible exploitations.\n"
-                           f"Make sure to take lots of notes about the pages you visit, so that you can later more easily work through the page.\n"
-                           f"Do not brute-force anything, all information that you might need can be found on the webserver.\n"
-                           f"THE MOST IMPORTANT THING TO DO IS, that if you see a flag ({self.flag_format_description}), you should submit it immediately."})
 
 
     def in_context_learning(self):
@@ -124,10 +109,13 @@ def chain_of_thought(self):
         Returns:
             str: The generated prompt.
         """
+        previous_prompt = self._prompt_history[self.round]["content"]
         chain_of_thought_steps = [
             "Let's think step by step." # zero shot prompt
         ]
-        return "\n".join([self._prompt_history[self.round]["content"]] + chain_of_thought_steps)
+        #if previous_prompt == "Not a valid flag":
+        #    return previous_prompt
+        return "\n".join([previous_prompt] + chain_of_thought_steps)
 
 
 
 
@@ -0,0 +1,139 @@
+import time
+from dataclasses import dataclass, field
+from typing import List, Any, Union, Dict
+
+from openai.types.chat import ChatCompletionMessageParam, ChatCompletionMessage
+from capabilities import Capability
+from capabilities.capability import capabilities_to_action_model
+from capabilities.http_request import HTTPRequest
+from capabilities.record_note import RecordNote
+from capabilities.submit_flag import SubmitFlag
+from usecases.web_api_testing.prompt_engineer import PromptEngineer, PromptStrategy
+from utils import LLMResult, tool_message, ui
+from utils.configurable import parameter
+from utils.openai.openai_lib import OpenAILib
+from rich.panel import Panel
+from usecases import use_case
+from usecases.usecase.roundbased import RoundBasedUseCase
+import pydantic_core
+
+Prompt = List[Union[ChatCompletionMessage, ChatCompletionMessageParam]]
+Context = Any
+
+
+@use_case("simple_web_api_documentation", "Minimal implementation of a web api documentation use case")
+@dataclass
+class SimpleWebAPIDocumentation(RoundBasedUseCase):
+    llm: OpenAILib
+    host: str = parameter(desc="The host to test", default="https://jsonplaceholder.typicode.com")
+    _prompt_history: Prompt = field(default_factory=list)
+    _context: Context = field(default_factory=lambda: {"notes": list()})
+    _capabilities: Dict[str, Capability] = field(default_factory=dict)
+    _all_http_methods_found: bool = False
+    # Parameter specifying the pattern description for expected HTTP methods in the API response
+    http_method_description: str = parameter(
+        desc="Pattern description for expected HTTP methods in the API response",
+        default="A string that represents an HTTP method (e.g., 'GET', 'POST', etc.)."
+    )
+
+    # Parameter specifying the template used to format HTTP methods in API requests
+    http_method_template: str = parameter(
+        desc="Template used to format HTTP methods in API requests. The {method} placeholder will be replaced by actual HTTP method names.",
+        default="{method} request"
+    )
+
+    # Parameter specifying the expected HTTP methods as a comma-separated list
+    http_methods: str = parameter(
+        desc="Comma-separated list of HTTP methods expected to be used in the API response.",
+        default="GET,POST,PUT,PATCH,DELETE"
+    )
+    def init(self):
+        super().init()
+        self._prompt_history.append(
+            {
+                "role": "system",
+                "content": f"You're tasked with documenting the REST APIs of a website hosted at {self.host}. "
+                           f"Your main goal is to comprehensively explore the APIs endpoints and responses, and then document your findings in form of a OpenAPI specification."
+                           f" This thorough documentation will facilitate analysis later on.\n"
+                           f"Maintain meticulousness in documenting your observations as you traverse the APIs. This will streamline the documentation process.\n"
+                           f"Avoid resorting to brute-force methods. All essential information should be accessible through the API endpoints.\n"
+
+            })
+        self.prompt_engineer = PromptEngineer(
+                                              strategy=PromptStrategy.CHAIN_OF_THOUGHT,
+                                              api_key=self.llm.api_key,
+                                              history=self._prompt_history)
+
+        self._context["host"] = self.host
+        sett = set(self.http_method_template.format(method=method) for method in self.http_methods.split(","))
+        self._capabilities = {
+            "submit_http_method": SubmitFlag(self.http_method_description,
+                                             sett,
+                                             success_function=self.all_http_methods_found),
+            "http_request": HTTPRequest(self.host),
+            "record_note": RecordNote(self._context["notes"]),
+        }
+
+    def all_http_methods_found(self):
+        self.console.print(Panel("All HTTP methods found! Congratulations!", title="system"))
+        self._all_http_methods_found = True
+
+    def perform_round(self, turn: int):
+
+
+        with self.console.status("[bold green]Asking LLM for a new command..."):
+            # generate prompt
+            prompt = self.prompt_engineer.generate_prompt()
+
+            tic = time.perf_counter()
+            response, completion = self.llm.instructor.chat.completions.create_with_completion(model=self.llm.model,
+                                                                                               messages=prompt,
+                                                                                               response_model=capabilities_to_action_model(
+                                                                                                   self._capabilities))
+            toc = time.perf_counter()
+
+            message = completion.choices[0].message
+
+            tool_call_id = message.tool_calls[0].id
+            command = pydantic_core.to_json(response).decode()
+            self.console.print(Panel(command, title="assistant"))
+
+            self._prompt_history.append(message)
+            content = completion.choices[0].message.content
+
+            #print(f'message:{message}')
+            answer = LLMResult(content, str(prompt),
+                               content, toc - tic, completion.usage.prompt_tokens,
+                               completion.usage.completion_tokens)
+            #print(f'answer: {answer}')
+
+        with self.console.status("[bold green]Executing that command..."):
+            result = response.execute()
+
+            self.console.print(Panel(result, title="tool"))
+            result_str = self.parse_http_status_line(result)
+            self._prompt_history.append(tool_message(result_str, tool_call_id))
+
+        self.log_db.add_log_query(self._run_id, turn, command, result, answer)
+        return self._all_http_methods_found
+
+    def parse_http_status_line(self, status_line):
+        if status_line is None or status_line == "Not a valid flag":
+            return status_line
+        else:
+            # Split the status line into components
+            parts = status_line.split(' ', 2)
+
+            # Check if the parts are at least three in number
+            if len(parts) >= 3:
+                protocol = parts[0]  # e.g., "HTTP/1.1"
+                status_code = parts[1]  # e.g., "200"
+                status_message = parts[2].split("\r\n")[0]  # e.g., "OK"
+                print(f'status code:{status_code}, status msg:{status_message}')
+                return str(status_code +" " + status_message  )
+            else:
+                raise ValueError("Invalid HTTP status line")
+
+
+
+
@@ -20,55 +20,65 @@
 Prompt = List[Union[ChatCompletionMessage, ChatCompletionMessageParam]]
 Context = Any
 
-@use_case("simple_web_api_testing",  "Minimal implementation of a web api testing use case")
+
+@use_case("simple_web_api_testing", "Minimal implementation of a web api testing use case")
 @dataclass
 class SimpleWebAPITesting(RoundBasedUseCase):
     llm: OpenAILib
-    host: str = parameter(desc="The host to test", default="https://api.restful-api.dev/objects")
-    flag_format_description: str = parameter(desc="Description of the flag provided to the LLM",
-                                             default="a string starting with 'FLAG.' and ending with '.GALF'")
-    flag_template: str = parameter(desc="The template of the flags, whereby {flag} is replaced with the flags",
-                                   default="FLAG.{flag}.GALF")
-    flags: str = parameter(desc="A comma (,) separated list of flags to find",
-                           default="hostname,dir,username,rootfile,secretfile,adminpass")
+    host: str = parameter(desc="The host to test", default="https://api.restful-api.dev")
+    # Parameter specifying the pattern description for expected HTTP methods in the API response
+    http_method_description: str = parameter(
+        desc="Pattern description for expected HTTP methods in the API response",
+        default="A string that represents an HTTP method (e.g., 'GET', 'POST', etc.)."
+    )
+
+    # Parameter specifying the template used to format HTTP methods in API requests
+    http_method_template: str = parameter(
+        desc="Template used to format HTTP methods in API requests. The {method} placeholder will be replaced by actual HTTP method names.",
+        default="{method} request"
+    )
+
+    # Parameter specifying the expected HTTP methods as a comma-separated list
+    http_methods: str = parameter(
+        desc="Comma-separated list of HTTP methods expected to be used in the API response.",
+        default="GET,POST,PUT,DELETE"
+    )
 
     _prompt_history: Prompt = field(default_factory=list)
     _context: Context = field(default_factory=lambda: {"notes": list()})
     _capabilities: Dict[str, Capability] = field(default_factory=dict)
-    _all_flags_found: bool = False
+    _all_http_methods_found: bool = False
 
     def init(self):
         super().init()
         self._prompt_history.append(
             {
                 "role": "system",
-                "content": f"You are a senior penetration tester, having received a new project of testing a website at {self.host}."
-                           f"Your goal is first to explore the website, building up your knowledge about its parts and inner workings, and then try to plan and execute possible exploitations.\n"
-                           f"Make sure to take lots of notes about the pages you visit, so that you can later more easily work through the page.\n"
-                           f"Do not brute-force anything, all information that you might need can be found on the webserver.\n"
-                           f"THE MOST IMPORTANT THING TO DO IS, that if you see a flag ({self.flag_format_description}), you should submit it immediately."})
-        self.prompt_engineer = PromptEngineer(host = self.host,
-                                              flag_format_description = self.flag_format_description,
-                                              strategy=PromptStrategy.CHAIN_OF_THOUGHT,
+                "content": f"You're a seasoned API tester tasked with evaluating the REST APIs of a website hosted at {self.host}. Your primary objective is to thoroughly explore the APIs, understanding their endpoints, parameters, and responses, and then devise and execute potential exploits.\n"
+                           f"Be diligent in documenting your findings as you navigate through the APIs. This will streamline your analysis process later on.\n"
+                           f"Avoid resorting to brute-force tactics. All necessary information can be obtained from the API endpoints themselves.\n"
+                           f"Remember, if you encounter a http methods ({self.http_method_description}), promptly submit it as it is of utmost importance."
+            })
+        self.prompt_engineer = PromptEngineer(strategy=PromptStrategy.CHAIN_OF_THOUGHT,
                                               api_key=self.llm.api_key,
                                               history=self._prompt_history)
 
         self._context["host"] = self.host
+        sett = set(self.http_method_template.format(method=method) for method in self.http_methods.split(","))
         self._capabilities = {
-            "submit_flag": SubmitFlag(self.flag_format_description,
-                                      set(self.flag_template.format(flag=flag) for flag in self.flags.split(",")),
-                                      success_function=self.all_flags_found),
+            "submit_http_method": SubmitFlag(self.http_method_description,
+                                      sett,
+                                      success_function=self.all_http_methods_found),
             "http_request": HTTPRequest(self.host),
             "record_note": RecordNote(self._context["notes"]),
         }
 
-    def all_flags_found(self):
-        self.console.print(Panel("All flags found! Congratulations!", title="system"))
-        self._all_flags_found = True
+    def all_http_methods_found(self):
+        self.console.print(Panel("All HTTP methods found! Congratulations!", title="system"))
+        self._all_http_methods_found = True
 
     def perform_round(self, turn: int):
         with self.console.status("[bold green]Asking LLM for a new command..."):
-
             # generate prompt
             prompt = self.prompt_engineer.generate_prompt()
             print(f'Prompt:{prompt}')
@@ -84,6 +94,7 @@ def perform_round(self, turn: int):
             tool_call_id = message.tool_calls[0].id
             command = pydantic_core.to_json(response).decode()
             self.console.print(Panel(command, title="assistant"))
+            print(f'message: {message}')
             self._prompt_history.append(message)
 
             answer = LLMResult(completion.choices[0].message.content, str(prompt),
@@ -96,4 +107,4 @@ def perform_round(self, turn: int):
             self._prompt_history.append(tool_message(result, tool_call_id))
 
         self.log_db.add_log_query(self._run_id, turn, command, result, answer)
-        return self._all_flags_found
+        return self._all_http_methods_found