fix: EmptyJsonFuzzer and EmptyBodyFuzzer should expect 2XX or 4XX depending on required fields being defined in the contract

Author: en-milie

src/main/java/com/endava/cats/fuzzer/http/BaseHttpWithPayloadSimpleFuzzer.java

@@ -4,10 +4,11 @@
 import com.endava.cats.fuzzer.executor.SimpleExecutor;
 import com.endava.cats.fuzzer.executor.SimpleExecutorContext;
 import com.endava.cats.http.HttpMethod;
+import com.endava.cats.http.ResponseCodeFamily;
 import com.endava.cats.http.ResponseCodeFamilyPredefined;
-import com.endava.cats.util.JsonUtils;
 import com.endava.cats.model.FuzzingData;
 import com.endava.cats.util.ConsoleUtils;
+import com.endava.cats.util.JsonUtils;
 import io.github.ludovicianul.prettylogger.PrettyLogger;
 import io.github.ludovicianul.prettylogger.PrettyLoggerFactory;
 
@@ -35,7 +36,7 @@ public void fuzz(FuzzingData data) {
 
         simpleExecutor.execute(
                 SimpleExecutorContext.builder()
-                        .expectedResponseCode(ResponseCodeFamilyPredefined.FOURXX)
+                        .expectedResponseCode(this.getExpectedResponseCode(data))
                         .fuzzingData(data)
                         .logger(logger)
                         .replaceRefData(false)
@@ -47,6 +48,16 @@ public void fuzz(FuzzingData data) {
         );
     }
 
+    /**
+     * By default, expect a 4XX response. This can be overridden by subclasses to expect other response codes.
+     *
+     * @param data the data to fuzz
+     * @return the expected response code family for the fuzzing operation
+     */
+    protected ResponseCodeFamily getExpectedResponseCode(FuzzingData data) {
+        return ResponseCodeFamilyPredefined.FOURXX;
+    }
+
     @Override
     public String toString() {
         return ConsoleUtils.sanitizeFuzzerName(this.getClass().getSimpleName());

src/main/java/com/endava/cats/fuzzer/http/EmptyBodyFuzzer.java

@@ -2,6 +2,8 @@
 
 import com.endava.cats.annotations.HttpFuzzer;
 import com.endava.cats.fuzzer.executor.SimpleExecutor;
+import com.endava.cats.http.ResponseCodeFamily;
+import com.endava.cats.http.ResponseCodeFamilyPredefined;
 import com.endava.cats.model.FuzzingData;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
@@ -33,6 +35,14 @@ protected String getPayload(FuzzingData data) {
         return "";
     }
 
+    @Override
+    protected ResponseCodeFamily getExpectedResponseCode(FuzzingData data) {
+        if (data.getAllRequiredFields().isEmpty()) {
+            return ResponseCodeFamilyPredefined.TWOXX;
+        }
+        return super.getExpectedResponseCode(data);
+    }
+
     @Override
     public String description() {
         return "send a request with a empty string body";

src/main/java/com/endava/cats/fuzzer/http/EmptyJsonBodyFuzzer.java

@@ -2,6 +2,8 @@
 
 import com.endava.cats.annotations.HttpFuzzer;
 import com.endava.cats.fuzzer.executor.SimpleExecutor;
+import com.endava.cats.http.ResponseCodeFamily;
+import com.endava.cats.http.ResponseCodeFamilyPredefined;
 import com.endava.cats.model.FuzzingData;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
@@ -33,8 +35,21 @@ protected String getPayload(FuzzingData data) {
         return "{}";
     }
 
+    @Override
+    protected ResponseCodeFamily getExpectedResponseCode(FuzzingData data) {
+        if (doesNotHaveRequiredFieldsInRoot(data)) {
+            return ResponseCodeFamilyPredefined.TWOXX;
+        }
+        return super.getExpectedResponseCode(data);
+    }
+
     @Override
     public String description() {
         return "send a request with a empty json body";
     }
+
+
+    private boolean doesNotHaveRequiredFieldsInRoot(FuzzingData data) {
+        return data.getAllRequiredFields().stream().allMatch(field -> field.contains("#"));
+    }
 }

src/test/java/com/endava/cats/fuzzer/http/EmptyBodyFuzzerTest.java

@@ -14,6 +14,8 @@
 import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
 import org.mockito.Mockito;
 import org.springframework.test.util.ReflectionTestUtils;
 
@@ -42,17 +44,22 @@ void shouldNotRunForEmptyPayload() {
         Mockito.verifyNoInteractions(testCaseListener);
     }
 
-    @Test
-    void givenAHttpMethodWithPayload_whenApplyingTheMalformedJsonFuzzer_thenTheResultsAreCorrectlyReported() {
-        FuzzingData data = FuzzingData.builder().method(HttpMethod.POST).reqSchema(new StringSchema()).requestContentTypes(List.of("application/json")).responseCodes(Set.of("400")).build();
+    @ParameterizedTest
+    @CsvSource({"FOURXX,true", "TWOXX,false"})
+    void givenAHttpMethodWithPayload_whenApplyingTheMalformedJsonFuzzer_thenTheResultsAreCorrectlyReported(ResponseCodeFamilyPredefined responseCodeFamily, boolean required) {
+        FuzzingData data = FuzzingData.builder().method(HttpMethod.POST).reqSchema(new StringSchema())
+                .requestContentTypes(List.of("application/json"))
+                .allRequiredFields(required ? List.of("required") : List.of())
+                .responseCodes(Set.of("400")).build();
         ReflectionTestUtils.setField(data, "processedPayload", "{\"id\": 1}");
 
+
         CatsResponse catsResponse = CatsResponse.builder().body("{}").responseCode(400).build();
         Mockito.when(serviceCaller.call(Mockito.any())).thenReturn(catsResponse);
         Mockito.doNothing().when(testCaseListener).reportResult(Mockito.any(), Mockito.eq(data), Mockito.any(), Mockito.any(), Mockito.anyBoolean());
 
         emptyBodyFuzzer.fuzz(data);
-        Mockito.verify(testCaseListener, Mockito.times(1)).reportResult(Mockito.any(), Mockito.eq(data), Mockito.eq(catsResponse), Mockito.eq(ResponseCodeFamilyPredefined.FOURXX), Mockito.anyBoolean(), Mockito.eq(true));
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResult(Mockito.any(), Mockito.eq(data), Mockito.eq(catsResponse), Mockito.eq(responseCodeFamily), Mockito.anyBoolean(), Mockito.eq(true));
     }
 
     @Test

src/test/java/com/endava/cats/fuzzer/http/EmptyJsonBodyFuzzerTest.java

@@ -14,6 +14,8 @@
 import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
 import org.mockito.Mockito;
 import org.springframework.test.util.ReflectionTestUtils;
 
@@ -42,17 +44,21 @@ void shouldNotRunForEmptyPayload() {
         Mockito.verifyNoInteractions(testCaseListener);
     }
 
-    @Test
-    void givenAHttpMethodWithPayload_whenApplyingTheMalformedJsonFuzzer_thenTheResultsAreCorrectlyReported() {
-        FuzzingData data = FuzzingData.builder().method(HttpMethod.POST).reqSchema(new StringSchema()).requestContentTypes(List.of("application/json")).responseCodes(Set.of("400")).build();
+    @ParameterizedTest
+    @CsvSource({"FOURXX,true", "TWOXX,false"})
+    void givenAHttpMethodWithPayload_whenApplyingTheMalformedJsonFuzzer_thenTheResultsAreCorrectlyReported(ResponseCodeFamilyPredefined responseCodeFamily, boolean required) {
+        FuzzingData data = FuzzingData.builder().method(HttpMethod.POST).reqSchema(new StringSchema())
+                .requestContentTypes(List.of("application/json"))
+                .allRequiredFields(required ? List.of("field") : List.of())
+                .responseCodes(Set.of("400")).build();
         ReflectionTestUtils.setField(data, "processedPayload", "{\"id\": 1}");
 
         CatsResponse catsResponse = CatsResponse.builder().body("{}").responseCode(400).build();
         Mockito.when(serviceCaller.call(Mockito.any())).thenReturn(catsResponse);
         Mockito.doNothing().when(testCaseListener).reportResult(Mockito.any(), Mockito.eq(data), Mockito.any(), Mockito.any(), Mockito.anyBoolean());
 
         emptyJsonBodyFuzzer.fuzz(data);
-        Mockito.verify(testCaseListener, Mockito.times(1)).reportResult(Mockito.any(), Mockito.eq(data), Mockito.eq(catsResponse), Mockito.eq(ResponseCodeFamilyPredefined.FOURXX), Mockito.anyBoolean(), Mockito.eq(true));
+        Mockito.verify(testCaseListener, Mockito.times(1)).reportResult(Mockito.any(), Mockito.eq(data), Mockito.eq(catsResponse), Mockito.eq(responseCodeFamily), Mockito.anyBoolean(), Mockito.eq(true));
     }
 
     @Test