Skip to content

Merge web api testing development #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 89 commits into from
May 14, 2025
Merged

Merge web api testing development #114

Show file tree
Hide file tree
Changes from 88 commits
Commits
Show all changes
89 commits
Select commit Hold shift + click to select a range
856a402
Uploaded changes in branch
Jul 16, 2024
1d1d777
Merge remote-tracking branch 'refs/remotes/origin/development' into w…
DianaStrauss Sep 3, 2024
923d6ec
fixed shortening of prompt
DianaStrauss Sep 3, 2024
234e6ef
Merge remote-tracking branch 'refs/remotes/origin/development' into w…
DianaStrauss Sep 3, 2024
629489a
Merged development into web_api_testing
DianaStrauss Sep 3, 2024
64699e3
Fixed shorten prompt bug from merge
DianaStrauss Sep 3, 2024
c141954
Updated Tree of thought so that documentation works like chain of tho…
DianaStrauss Oct 8, 2024
3dc2c4b
Implemented in-context learning for documentation
DianaStrauss Oct 15, 2024
53e5c42
refined openapi generation
DianaStrauss Oct 16, 2024
ea8795b
Updated Tree of thought so that documentation works like chain of tho…
DianaStrauss Oct 16, 2024
4409f4b
Updated Tree of thought so that documentation works like chain of tho…
DianaStrauss Oct 16, 2024
8ef5f8b
Adjusted to only record valid information of rest api
DianaStrauss Oct 23, 2024
8eb5048
optimized prompt generation
DianaStrauss Oct 24, 2024
294ca7c
Added configs for documentation and testing
DianaStrauss Oct 25, 2024
98b510f
Added way of retrieving spotify token
DianaStrauss Oct 25, 2024
975ae85
Refactored code to work with spotify benchmark
DianaStrauss Nov 11, 2024
c70a23b
Refined test cases
DianaStrauss Nov 13, 2024
1fbb37b
Added new security endpoint for testing
DianaStrauss Nov 13, 2024
6fa891d
Added new security endpoint for testing
DianaStrauss Nov 13, 2024
86f8b06
Added more testing information for documentation testing and pentesting
DianaStrauss Nov 15, 2024
cee0726
Added evaluations
DianaStrauss Nov 16, 2024
e210104
Refactored code to be more understandable
DianaStrauss Nov 18, 2024
e228cd8
Added evaluation to documentation
DianaStrauss Nov 18, 2024
3b4b4c4
Refactored code
DianaStrauss Nov 19, 2024
2908860
Restructured testing
DianaStrauss Nov 20, 2024
b1f01dc
Refactored code
DianaStrauss Nov 22, 2024
22e64ff
Refactored code so that more endpoints are found
DianaStrauss Nov 25, 2024
b103831
Refactored code to be clearer
DianaStrauss Nov 28, 2024
e4bbdfa
Added owasp config file and owas openapi sepc
DianaStrauss Dec 2, 2024
f5ef612
Fixed some small bgs
DianaStrauss Dec 4, 2024
c6d33fe
Adjusted test cases to get better analysis
DianaStrauss Dec 4, 2024
96a400d
Added setup for automatic testing
DianaStrauss Dec 5, 2024
b0162fc
refactored test cases
DianaStrauss Dec 5, 2024
3e50596
refactored test cases
DianaStrauss Dec 6, 2024
9306dc6
refactored test cases
DianaStrauss Dec 6, 2024
0f8f445
Refactored tree of thought prompt
DianaStrauss Dec 8, 2024
b62bb01
adjusted gitignore
DianaStrauss Dec 11, 2024
dd0c17e
Refactored classification of endpoints
DianaStrauss Dec 11, 2024
1af2564
Adjusted test cases for better testing
DianaStrauss Dec 12, 2024
340280e
made continuous testing easier
DianaStrauss Dec 12, 2024
04ebcfa
Adjusted prompts to be more tailored
DianaStrauss Dec 15, 2024
1ff5fa2
Refactored and adjusted code to work also for crapi benchmark
DianaStrauss Dec 20, 2024
4dca56d
Cleaned up code
DianaStrauss Jan 9, 2025
5535eb0
Refactored test cases for better vulnerability coverage
DianaStrauss Jan 30, 2025
4ea54fc
Refactored code
DianaStrauss Feb 7, 2025
bf3395b
Added test case
DianaStrauss Feb 17, 2025
1aba1b7
adjusted report
Feb 19, 2025
b4e683b
Refactored code
DianaStrauss Mar 17, 2025
285ca9e
Anonymized readme
Mar 17, 2025
90f4028
Cleaned up code from prints and unnecessary code
DianaStrauss Mar 25, 2025
f9e09b5
Merge remote-tracking branch 'origin/web-api-testing' into web-api-te…
DianaStrauss Mar 25, 2025
b0c2b8b
Merge remote-tracking branch 'origin/development' into merge_web_api_…
DianaStrauss Apr 7, 2025
01ee69e
Adjusted code to work with web_api_testing
DianaStrauss Apr 7, 2025
32b73ab
Refactored code for better readability and testing
DianaStrauss Apr 13, 2025
303baf6
added configuration handler to better test
DianaStrauss Apr 13, 2025
4276f0f
Adjusted test of prompt engineer
DianaStrauss Apr 13, 2025
40f4ff1
Adjusted code for test
DianaStrauss Apr 13, 2025
c6b7ecd
Adjusted code and tests
Apr 14, 2025
44710f3
Adjusted tests and refactored code for better readability
Apr 14, 2025
a695971
Added test cases for pentesting information and test handler + refact…
DianaStrauss Apr 17, 2025
6f05e75
Removed unnecessary prints and added documentation
DianaStrauss Apr 22, 2025
ac58b5a
Removed unnecessary comments
DianaStrauss Apr 22, 2025
02c861f
Fixed Linter issue
DianaStrauss Apr 22, 2025
3a22053
Fixed test imports for pipeline
DianaStrauss Apr 22, 2025
0d34191
Added needed dependencies to pyproject.toml
DianaStrauss Apr 22, 2025
970b72d
Added needed dependencies to pyproject.toml
DianaStrauss Apr 22, 2025
4366132
Added needed dependencies to pyproject.toml
DianaStrauss Apr 22, 2025
9d16710
Removed test case that breaks pipeline
DianaStrauss Apr 22, 2025
9b78c6c
Adjusted init for test_handler
DianaStrauss Apr 22, 2025
9ea050b
Added needed dependencies to pyproject.toml
DianaStrauss Apr 22, 2025
424c989
Merge branch 'development' into merge_web_api_testing_development
DianaStrauss Apr 22, 2025
dbfef99
Added missing dependency
DianaStrauss Apr 22, 2025
696e395
Added missing dependency
DianaStrauss Apr 22, 2025
5e3b112
Added imports in __init__
DianaStrauss Apr 22, 2025
a6653ad
Added files
DianaStrauss Apr 22, 2025
ca17dd0
Moved config files to proper locatin
DianaStrauss Apr 22, 2025
e1b70ab
Merge branch 'development' into merge_web_api_testing_development
DianaStrauss May 13, 2025
78b681d
fixed syntax error in .toml
DianaStrauss May 13, 2025
8ae94fb
Fix linting
DianaStrauss May 13, 2025
9c4842f
Fix linting
DianaStrauss May 13, 2025
4d5122f
Fixed wrong import
DianaStrauss May 13, 2025
600ed43
Fixed import in testing
DianaStrauss May 13, 2025
f33c154
Fixed input variables
DianaStrauss May 13, 2025
e1c8cb4
Fixed input variables
DianaStrauss May 13, 2025
be0ff19
Fixed input variables
DianaStrauss May 13, 2025
985d740
Removed helper files
DianaStrauss May 14, 2025
19afc59
Fixed typo in parsed_information.py name
DianaStrauss May 14, 2025
b5f5688
Fixed typo in parsed_information.py name
DianaStrauss May 14, 2025
f748d5f
Update src/hackingBuddyGPT/usecases/web_api_testing/documentation/par…
DianaStrauss May 14, 2025
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,10 @@ scripts/mac_ansible_hosts.ini
scripts/mac_ansible_id_rsa
scripts/mac_ansible_id_rsa.pub
.aider*

src/hackingBuddyGPT/usecases/web_api_testing/documentation/openapi_spec/
src/hackingBuddyGPT/usecases/web_api_testing/documentation/reports/
src/hackingBuddyGPT/usecases/web_api_testing/retrieve_spotify_token.py
config/my_configs/*
config/configs/*
config/configs/
12 changes: 8 additions & 4 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,15 @@ dependencies = [
'uvicorn[standard] == 0.30.6',
'dataclasses_json == 0.6.7',
'websockets == 13.1',
'langchain-community',
'langchain-openai',
'pandas',
'faker',
'fpdf',
'langchain_core',
'langchain_community',
'langchain_chroma',
'langchain_openai',
'markdown',
'chromadb',
'langchain-chroma',
]

[project.urls]
Expand All @@ -69,7 +73,7 @@ where = ["src"]
pythonpath = "src"
addopts = ["--import-mode=importlib"]
[project.optional-dependencies]
testing = ['pytest', 'pytest-mock']
testing = ['pytest', 'pytest-mock', 'pandas', 'faker', 'langchain_core']
dev = [
'ruff',
]
Expand Down
11 changes: 2 additions & 9 deletions src/hackingBuddyGPT/capabilities/http_request.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,11 @@ def __call__(
body_is_base64: Optional[bool] = False,
headers: Optional[Dict[str, str]] = None,
) -> str:

if body is not None and body_is_base64:
body = base64.b64decode(body).decode()
if self.host[-1] != "/":
if self.host[-1] != "/" and not path.startswith("/"):
path = "/" + path
resp = self._client.request(
Copy link
Member

@andreashappe andreashappe Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am confused looking at the diff.. now we're not doing this outgoing call anymore? Was it superficial before?
method,
self.host + path,
params=query,
data=body,
headers=headers,
allow_redirects=self.follow_redirects,
)
try:
resp = self._client.request(
method,
Expand Down
25 changes: 25 additions & 0 deletions src/hackingBuddyGPT/capabilities/parsed_information.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
from dataclasses import dataclass, field
from typing import Dict, Any, List, Tuple
from hackingBuddyGPT.capabilities import Capability


from dataclasses import dataclass, field
from typing import Any, Dict, List, Tuple

@dataclass
class ParsedInformation(Capability):
status_code: str
reason_phrase: Dict[str, Any] = field(default_factory=dict)
headers: Dict[str, Any] = field(default_factory=dict)
response_body: Dict[str, Any] = field(default_factory=dict)
registry: List[Tuple[str, str, str, str]] = field(default_factory=list)

def describe(self) -> str:
"""
Returns a description of the test case.
"""
return f"Parsed information for {self.status_code}, reason_phrase: {self.reason_phrase}, headers: {self.headers}, response_body: {self.response_body} "
def __call__(self, status_code: str, reason_phrase: str, headers: str, response_body:str) -> dict:
self.registry.append((status_code, response_body, headers,response_body))

return {"status_code": status_code, "reason_phrase": reason_phrase, "headers": headers, "response_body": response_body}
22 changes: 22 additions & 0 deletions src/hackingBuddyGPT/capabilities/python_test_case.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@

from hackingBuddyGPT.capabilities import Capability


from dataclasses import dataclass, field
from typing import Any, Dict, List, Tuple

@dataclass
class PythonTestCase(Capability):
description: str
input: Dict[str, Any] = field(default_factory=dict)
expected_output: Dict[str, Any] = field(default_factory=dict)
registry: List[Tuple[str, dict, dict]] = field(default_factory=list)

def describe(self) -> str:
"""
Returns a description of the test case.
"""
return f"Test Case: {self.description}\nInput: {self.input}\nExpected Output: {self.expected_output}"
def __call__(self, description: str, input: dict, expected_output: dict) -> dict:
self.registry.append((description, input, expected_output))
return {"description": description, "input": input, "expected_output": expected_output}
4 changes: 4 additions & 0 deletions src/hackingBuddyGPT/usecases/web_api_testing/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,6 @@
from .simple_openapi_documentation import SimpleWebAPIDocumentation
from .simple_web_api_testing import SimpleWebAPITesting
from . import response_processing
from . import documentation
from . import prompt_generation
from . import testing
Loading