Merge pull request #1429 from WebFuzzing/phg/objectMapper-v2

Add ObjectMapper unescaping ASCII control characters when using DTOs

Author: arcuri82

core/src/main/kotlin/org/evomaster/core/output/dto/DtoOutput.kt

@@ -1,6 +1,5 @@
 package org.evomaster.core.output.dto
 
-import org.evomaster.core.output.Lines
 import org.evomaster.core.output.OutputFormat
 import java.nio.file.Path
 
@@ -12,12 +11,14 @@ import java.nio.file.Path
 interface DtoOutput {
 
     /**
+     * Writes a DTO class in the corresponding [org.evomaster.core.output.OutputFormat].
+     *
+     * @param outputFormat under which the java class must be written
      * @param testSuitePath under which the java class must be written
      * @param testSuitePackage under which the java class must be written
-     * @param outputFormat forwarded to the [Lines] helper class and for setting the .java extension in the generated file
      * @param dtoClass to be written to filesystem
      */
-    fun writeClass(testSuitePath: Path, testSuitePackage: String, outputFormat: OutputFormat, dtoClass: DtoClass)
+    fun writeClass(outputFormat: OutputFormat, testSuitePath: Path, testSuitePackage: String, dtoClass: DtoClass)
 
     /**
      * @param dtoName that will be instantiated for payload

core/src/main/kotlin/org/evomaster/core/output/dto/DtoWriter.kt

@@ -49,24 +49,13 @@ class DtoWriter(
 
     fun write(testSuitePath: Path, testSuitePackage: String, solution: Solution<*>) {
         calculateDtos(solution)
+        val dtoOutput = when {
+            outputFormat.isJava() -> JavaDtoOutput()
+            outputFormat.isKotlin() -> KotlinDtoOutput()
+            else -> throw IllegalStateException("$outputFormat output format does not support DTOs as request payloads.")
+        }
         dtoCollector.forEach {
-            when {
-                outputFormat.isJava() -> JavaDtoOutput().writeClass(
-                    testSuitePath,
-                    testSuitePackage,
-                    outputFormat,
-                    it.value
-                )
-
-                outputFormat.isKotlin() -> KotlinDtoOutput().writeClass(
-                    testSuitePath,
-                    testSuitePackage,
-                    outputFormat,
-                    it.value
-                )
-
-                else -> throw IllegalStateException("$outputFormat output format does not support DTOs as request payloads.")
-            }
+            dtoOutput.writeClass(outputFormat, testSuitePath, testSuitePackage, it.value)
         }
     }
 

core/src/main/kotlin/org/evomaster/core/output/dto/JavaDtoOutput.kt

@@ -8,7 +8,7 @@ import java.nio.file.Path
 
 class JavaDtoOutput: JvmDtoOutput() {
 
-    override fun writeClass(testSuitePath: Path, testSuitePackage: String, outputFormat: OutputFormat, dtoClass: DtoClass) {
+    override fun writeClass(outputFormat: OutputFormat, testSuitePath: Path, testSuitePackage: String, dtoClass: DtoClass) {
         val dtoFilename = TestSuiteFileName(appendDtoPackage(dtoClass.name))
         val lines = Lines(outputFormat)
         setPackage(lines, testSuitePackage)
@@ -81,4 +81,5 @@ class JavaDtoOutput: JvmDtoOutput() {
             lines.addEmpty()
         }
     }
+
 }

core/src/main/kotlin/org/evomaster/core/output/dto/KotlinDtoOutput.kt

@@ -7,7 +7,7 @@ import java.nio.file.Path
 
 class KotlinDtoOutput: JvmDtoOutput() {
 
-    override fun writeClass(testSuitePath: Path, testSuitePackage: String, outputFormat: OutputFormat, dtoClass: DtoClass) {
+    override fun writeClass(outputFormat: OutputFormat, testSuitePath: Path, testSuitePackage: String, dtoClass: DtoClass) {
         val dtoFilename = TestSuiteFileName(appendDtoPackage(dtoClass.name))
         val lines = Lines(outputFormat)
         setPackage(lines, testSuitePackage)

core/src/main/kotlin/org/evomaster/core/output/service/HttpWsTestCaseWriter.kt

@@ -11,6 +11,7 @@ import org.evomaster.core.output.auth.CookieWriter
 import org.evomaster.core.output.auth.TokenWriter
 import org.evomaster.core.output.dto.DtoCall
 import org.evomaster.core.output.dto.GeneToDto
+import org.evomaster.core.output.formatter.OutputFormatter
 import org.evomaster.core.problem.enterprise.EnterpriseActionGroup
 import org.evomaster.core.problem.externalservice.httpws.HttpExternalServiceAction
 import org.evomaster.core.problem.httpws.HttpWsAction
@@ -123,8 +124,7 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
 
     private fun writeDto(call: HttpWsAction, lines: Lines): String {
         val bodyParam = call.parameters.find { p -> p is BodyParam } as BodyParam?
-        if (bodyParam != null && bodyParam.isJson()) {
-
+        if (bodyParam != null && bodyParam.isJson() && payloadIsValidJson(bodyParam)) {
             val primaryGene = bodyParam.primaryGene()
             val choiceGene = primaryGene.getWrappedGene(ChoiceGene::class.java)
             val actionName = call.getName()
@@ -147,6 +147,15 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
         return ""
     }
 
+    /*
+     * Control characters break JSON and transform it into an invalid payload. If there's any invalid character
+     * then we'll avoid using DTOs and have the payload in the test case be represented by the raw JSON string.
+     */
+    private fun payloadIsValidJson(bodyParam: BodyParam): Boolean {
+        val json = bodyParam.getValueAsPrintableString(mode = GeneUtils.EscapeMode.JSON, targetFormat = format)
+        return OutputFormatter.JSON_FORMATTER.isValid(json)
+    }
+
     private fun generateDtoCall(gene: Gene, actionName: String, lines: Lines): DtoCall {
         val geneToDto = GeneToDto(format)
 

core/src/test/kotlin/org/evomaster/core/output/formatter/OutputFormatterTest.kt

@@ -151,5 +151,19 @@ class OutputFormatterTest {
         assertFalse(isValid)
     }
 
+    @Test
+    fun testInvalidJsonWithAsciiControlCharacter() {
+        val json = " {\"s0\":\"This is a long string\", \"s1\":\"This isa long string\", \"s2\":\"_EM_3149_XYZ_\"} "
+        val isValid = OutputFormatter.JSON_FORMATTER.isValid(json)
+        assertFalse(isValid)
+    }
+
+    @Test
+    fun testValidJsonWithEscapedAsciiControlCharacter() {
+        val json = " {\"s0\":\"This is a long string\", \"s1\":\"This is\\u001Fa long string\", \"s2\":\"_EM_3149_XYZ_\"} "
+        val isValid = OutputFormatter.JSON_FORMATTER.isValid(json)
+        assertTrue(isValid)
+    }
+
 
 }