├── .gitattributes ├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── LICENSE ├── README.md ├── gpt3 api └── handler.py ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── java │ └── tech │ │ └── noetzold │ │ └── APItester │ │ ├── ApiTesterApplication.java │ │ ├── adapter │ │ └── RAWebMvcConfigurer.java │ │ ├── controller │ │ ├── AutomatedRequestsController.java │ │ ├── FullPerformanceTestController.java │ │ ├── TestDeleteRequisitionController.java │ │ ├── TestGetRequisitionController.java │ │ ├── TestPostRequisitionController.java │ │ ├── TestPutRequisitionController.java │ │ └── UserController.java │ │ ├── data │ │ └── DetalheUsuarioData.java │ │ ├── model │ │ ├── CompleteRequest.java │ │ ├── DefaultRequest.java │ │ ├── FullPerformanceTest.java │ │ ├── PerformanceResult.java │ │ ├── Result.java │ │ ├── TestDeleteRequisition.java │ │ ├── TestGetRequisition.java │ │ ├── TestPostRequisition.java │ │ ├── TestPutRequisition.java │ │ └── User.java │ │ ├── repository │ │ ├── CompleteRequestRepository.java │ │ ├── FullPerformanceTestRepository.java │ │ ├── ResultRepository.java │ │ ├── TestDeleteRequisitionRepository.java │ │ ├── TestGetRequisitionRepository.java │ │ ├── TestPostRequisitionRepository.java │ │ ├── TestPutRequisitionRepository.java │ │ └── UserRepository.java │ │ ├── security │ │ ├── JWTAutenticarFilter.java │ │ ├── JWTConfiguracao.java │ │ └── JWTValidarFilter.java │ │ ├── service │ │ ├── CompleteRequestService.java │ │ ├── DetalheUsuarioServiceImpl.java │ │ ├── FullPerformanceTestService.java │ │ ├── ResultService.java │ │ ├── TestDeleteRequisitionService.java │ │ ├── TestGetRequisitionService.java │ │ ├── TestPostRequisitionService.java │ │ ├── TestPutRequisitionService.java │ │ └── UserService.java │ │ ├── tests │ │ ├── BaseTest.java │ │ ├── CommandInjectionTest.java │ │ ├── DataValidationTest.java │ │ ├── PerformanceTest.java │ │ ├── SecurityTest.java │ │ ├── SendToGPT3.java │ │ ├── SqlInjectionTest.java │ │ └── XssTest.java │ │ └── util │ │ ├── QueryStringParser.java │ │ ├── TEST_TYPE.java │ │ └── TokenApp.java └── resources │ └── application.properties └── test └── java └── tech └── noetzold └── APItester └── ApiTesterApplicationTests.java /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DarlanNoetzold/API-tester/ec4541b72bf18e84420562ab229e3ef3b2f07985/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Darlan Noetzold 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # API-tester 2 | This application is an API created to test other APIs, with security, performance and automated tests. 3 | 4 | ## Development: 5 | * Java was used with SpringBoot; 6 | * For security, a token system was implemented as a login; 7 | * There are individual tests for POST, GET, DELETE and PUT requests; 8 | * Each test request made will be saved in a PostgreSQL database; 9 | * RestAssured was used to make requests with a Web Template. 10 | 11 | ## Project: 12 | * The project has some features related to request testing; 13 | * For security testing there are SQL Injection, Command Injection, XSS Injection, weak passwords and data validation tests; 14 | * There is an integration with GPT-3 to check for API problems; 15 | * It is possible to carry out performance tests with several parallel requests; 16 | * It is also possible to automate tests, causing the application to send several requests to different endpoints; 17 | * In these automated tests it is possible to define variables that are fed with responses from other requests, facilitating automation. 18 | 19 | ## Postman documentation: 20 | [Click here](https://documenter.getpostman.com/view/16000387/2s93XsZnC7) to view an initial doc of requests for the API. 21 | 22 | --- 23 | ⭐️ From [DarlanNoetzold](https://github.com/DarlanNoetzold) 24 | -------------------------------------------------------------------------------- /gpt3 api/handler.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request 2 | import openai 3 | import os 4 | 5 | app = Flask(__name__) 6 | 7 | 8 | @app.route('/gptTest', methods=['POST']) 9 | def gpt_tests(): 10 | test_json = request.get_json() 11 | url = test_json['url'] 12 | typeReq = test_json['typeReq'] 13 | body = test_json['body'] 14 | params = test_json['params'] 15 | headers = test_json['headers'] 16 | openai.api_key = test_json['apyKey'] 17 | 18 | text = 'Teste a API com a url ' + url + ' com o tipo de requisição ' + typeReq 19 | 20 | if body != '': 21 | text += ' com o body ' + body 22 | if params != '': 23 | text += ' com os parametros ' + params 24 | if headers != '': 25 | text += ' com os headers ' + headers 26 | 27 | response = openai.Completion.create(model="text-davinci-003", prompt=text, temperature=0.6, max_tokens=4000) 28 | 29 | for i in response.choices: 30 | response[i] = i.text 31 | 32 | return response.to_json(orient='records') 33 | 34 | 35 | if __name__ == '__main__': 36 | port = os.environ.get('PORT', 5000) 37 | app.run(host='0.0.0.0', port=port) 38 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # https://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /usr/local/etc/mavenrc ] ; then 40 | . /usr/local/etc/mavenrc 41 | fi 42 | 43 | if [ -f /etc/mavenrc ] ; then 44 | . /etc/mavenrc 45 | fi 46 | 47 | if [ -f "$HOME/.mavenrc" ] ; then 48 | . "$HOME/.mavenrc" 49 | fi 50 | 51 | fi 52 | 53 | # OS specific support. $var _must_ be set to either true or false. 54 | cygwin=false; 55 | darwin=false; 56 | mingw=false 57 | case "`uname`" in 58 | CYGWIN*) cygwin=true ;; 59 | MINGW*) mingw=true;; 60 | Darwin*) darwin=true 61 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 62 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 63 | if [ -z "$JAVA_HOME" ]; then 64 | if [ -x "/usr/libexec/java_home" ]; then 65 | export JAVA_HOME="`/usr/libexec/java_home`" 66 | else 67 | export JAVA_HOME="/Library/Java/Home" 68 | fi 69 | fi 70 | ;; 71 | esac 72 | 73 | if [ -z "$JAVA_HOME" ] ; then 74 | if [ -r /etc/gentoo-release ] ; then 75 | JAVA_HOME=`java-config --jre-home` 76 | fi 77 | fi 78 | 79 | if [ -z "$M2_HOME" ] ; then 80 | ## resolve links - $0 may be a link to maven's home 81 | PRG="$0" 82 | 83 | # need this for relative symlinks 84 | while [ -h "$PRG" ] ; do 85 | ls=`ls -ld "$PRG"` 86 | link=`expr "$ls" : '.*-> \(.*\)$'` 87 | if expr "$link" : '/.*' > /dev/null; then 88 | PRG="$link" 89 | else 90 | PRG="`dirname "$PRG"`/$link" 91 | fi 92 | done 93 | 94 | saveddir=`pwd` 95 | 96 | M2_HOME=`dirname "$PRG"`/.. 97 | 98 | # make it fully qualified 99 | M2_HOME=`cd "$M2_HOME" && pwd` 100 | 101 | cd "$saveddir" 102 | # echo Using m2 at $M2_HOME 103 | fi 104 | 105 | # For Cygwin, ensure paths are in UNIX format before anything is touched 106 | if $cygwin ; then 107 | [ -n "$M2_HOME" ] && 108 | M2_HOME=`cygpath --unix "$M2_HOME"` 109 | [ -n "$JAVA_HOME" ] && 110 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 111 | [ -n "$CLASSPATH" ] && 112 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 113 | fi 114 | 115 | # For Mingw, ensure paths are in UNIX format before anything is touched 116 | if $mingw ; then 117 | [ -n "$M2_HOME" ] && 118 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 119 | [ -n "$JAVA_HOME" ] && 120 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 121 | fi 122 | 123 | if [ -z "$JAVA_HOME" ]; then 124 | javaExecutable="`which javac`" 125 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 126 | # readlink(1) is not available as standard on Solaris 10. 127 | readLink=`which readlink` 128 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 129 | if $darwin ; then 130 | javaHome="`dirname \"$javaExecutable\"`" 131 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 132 | else 133 | javaExecutable="`readlink -f \"$javaExecutable\"`" 134 | fi 135 | javaHome="`dirname \"$javaExecutable\"`" 136 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 137 | JAVA_HOME="$javaHome" 138 | export JAVA_HOME 139 | fi 140 | fi 141 | fi 142 | 143 | if [ -z "$JAVACMD" ] ; then 144 | if [ -n "$JAVA_HOME" ] ; then 145 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 146 | # IBM's JDK on AIX uses strange locations for the executables 147 | JAVACMD="$JAVA_HOME/jre/sh/java" 148 | else 149 | JAVACMD="$JAVA_HOME/bin/java" 150 | fi 151 | else 152 | JAVACMD="`\\unset -f command; \\command -v java`" 153 | fi 154 | fi 155 | 156 | if [ ! -x "$JAVACMD" ] ; then 157 | echo "Error: JAVA_HOME is not defined correctly." >&2 158 | echo " We cannot execute $JAVACMD" >&2 159 | exit 1 160 | fi 161 | 162 | if [ -z "$JAVA_HOME" ] ; then 163 | echo "Warning: JAVA_HOME environment variable is not set." 164 | fi 165 | 166 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 167 | 168 | # traverses directory structure from process work directory to filesystem root 169 | # first directory with .mvn subdirectory is considered project base directory 170 | find_maven_basedir() { 171 | 172 | if [ -z "$1" ] 173 | then 174 | echo "Path not specified to find_maven_basedir" 175 | return 1 176 | fi 177 | 178 | basedir="$1" 179 | wdir="$1" 180 | while [ "$wdir" != '/' ] ; do 181 | if [ -d "$wdir"/.mvn ] ; then 182 | basedir=$wdir 183 | break 184 | fi 185 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 186 | if [ -d "${wdir}" ]; then 187 | wdir=`cd "$wdir/.."; pwd` 188 | fi 189 | # end of workaround 190 | done 191 | echo "${basedir}" 192 | } 193 | 194 | # concatenates all lines of a file 195 | concat_lines() { 196 | if [ -f "$1" ]; then 197 | echo "$(tr -s '\n' ' ' < "$1")" 198 | fi 199 | } 200 | 201 | BASE_DIR=`find_maven_basedir "$(pwd)"` 202 | if [ -z "$BASE_DIR" ]; then 203 | exit 1; 204 | fi 205 | 206 | ########################################################################################## 207 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 208 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 209 | ########################################################################################## 210 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 211 | if [ "$MVNW_VERBOSE" = true ]; then 212 | echo "Found .mvn/wrapper/maven-wrapper.jar" 213 | fi 214 | else 215 | if [ "$MVNW_VERBOSE" = true ]; then 216 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 217 | fi 218 | if [ -n "$MVNW_REPOURL" ]; then 219 | jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 220 | else 221 | jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 222 | fi 223 | while IFS="=" read key value; do 224 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 225 | esac 226 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 227 | if [ "$MVNW_VERBOSE" = true ]; then 228 | echo "Downloading from: $jarUrl" 229 | fi 230 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 231 | if $cygwin; then 232 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` 233 | fi 234 | 235 | if command -v wget > /dev/null; then 236 | if [ "$MVNW_VERBOSE" = true ]; then 237 | echo "Found wget ... using wget" 238 | fi 239 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 240 | wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 241 | else 242 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 243 | fi 244 | elif command -v curl > /dev/null; then 245 | if [ "$MVNW_VERBOSE" = true ]; then 246 | echo "Found curl ... using curl" 247 | fi 248 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 249 | curl -o "$wrapperJarPath" "$jarUrl" -f 250 | else 251 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f 252 | fi 253 | 254 | else 255 | if [ "$MVNW_VERBOSE" = true ]; then 256 | echo "Falling back to using Java to download" 257 | fi 258 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 259 | # For Cygwin, switch paths to Windows format before running javac 260 | if $cygwin; then 261 | javaClass=`cygpath --path --windows "$javaClass"` 262 | fi 263 | if [ -e "$javaClass" ]; then 264 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 265 | if [ "$MVNW_VERBOSE" = true ]; then 266 | echo " - Compiling MavenWrapperDownloader.java ..." 267 | fi 268 | # Compiling the Java class 269 | ("$JAVA_HOME/bin/javac" "$javaClass") 270 | fi 271 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 272 | # Running the downloader 273 | if [ "$MVNW_VERBOSE" = true ]; then 274 | echo " - Running MavenWrapperDownloader.java ..." 275 | fi 276 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 277 | fi 278 | fi 279 | fi 280 | fi 281 | ########################################################################################## 282 | # End of extension 283 | ########################################################################################## 284 | 285 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 286 | if [ "$MVNW_VERBOSE" = true ]; then 287 | echo $MAVEN_PROJECTBASEDIR 288 | fi 289 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 290 | 291 | # For Cygwin, switch paths to Windows format before running java 292 | if $cygwin; then 293 | [ -n "$M2_HOME" ] && 294 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 295 | [ -n "$JAVA_HOME" ] && 296 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 297 | [ -n "$CLASSPATH" ] && 298 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 299 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 300 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 301 | fi 302 | 303 | # Provide a "standardized" way to retrieve the CLI args that will 304 | # work with both Windows and non-Windows executions. 305 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 306 | export MAVEN_CMD_LINE_ARGS 307 | 308 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 309 | 310 | exec "$JAVACMD" \ 311 | $MAVEN_OPTS \ 312 | $MAVEN_DEBUG_OPTS \ 313 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 314 | "-Dmaven.home=${M2_HOME}" \ 315 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 316 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 317 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM https://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* 50 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 124 | 125 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 127 | ) 128 | 129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 131 | if exist %WRAPPER_JAR% ( 132 | if "%MVNW_VERBOSE%" == "true" ( 133 | echo Found %WRAPPER_JAR% 134 | ) 135 | ) else ( 136 | if not "%MVNW_REPOURL%" == "" ( 137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 138 | ) 139 | if "%MVNW_VERBOSE%" == "true" ( 140 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 141 | echo Downloading from: %DOWNLOAD_URL% 142 | ) 143 | 144 | powershell -Command "&{"^ 145 | "$webclient = new-object System.Net.WebClient;"^ 146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 148 | "}"^ 149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ 150 | "}" 151 | if "%MVNW_VERBOSE%" == "true" ( 152 | echo Finished downloading %WRAPPER_JAR% 153 | ) 154 | ) 155 | @REM End of extension 156 | 157 | @REM Provide a "standardized" way to retrieve the CLI args that will 158 | @REM work with both Windows and non-Windows executions. 159 | set MAVEN_CMD_LINE_ARGS=%* 160 | 161 | %MAVEN_JAVA_EXE% ^ 162 | %JVM_CONFIG_MAVEN_PROPS% ^ 163 | %MAVEN_OPTS% ^ 164 | %MAVEN_DEBUG_OPTS% ^ 165 | -classpath %WRAPPER_JAR% ^ 166 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ 167 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 168 | if ERRORLEVEL 1 goto error 169 | goto end 170 | 171 | :error 172 | set ERROR_CODE=1 173 | 174 | :end 175 | @endlocal & set ERROR_CODE=%ERROR_CODE% 176 | 177 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost 178 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 179 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" 180 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" 181 | :skipRcPost 182 | 183 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 184 | if "%MAVEN_BATCH_PAUSE%"=="on" pause 185 | 186 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% 187 | 188 | cmd /C exit /B %ERROR_CODE% 189 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 2.6.4 9 | 10 | 11 | tech.noetzold 12 | API-tester 13 | 0.0.1-SNAPSHOT 14 | API-tester 15 | Demo project for Spring Boot 16 | 17 | 11 18 | 19 | 20 | 21 | javax.servlet 22 | javax.servlet-api 23 | 3.0.1 24 | provided 25 | 26 | 27 | org.springframework.boot 28 | spring-boot-starter-data-jpa 29 | 30 | 31 | org.springframework.boot 32 | spring-boot-starter-web 33 | 34 | 35 | 36 | org.springframework.boot 37 | spring-boot-devtools 38 | runtime 39 | true 40 | 41 | 42 | org.projectlombok 43 | lombok 44 | true 45 | 46 | 47 | org.postgresql 48 | postgresql 49 | runtime 50 | 51 | 52 | com.auth0 53 | java-jwt 54 | 3.16.0 55 | 56 | 57 | org.springframework.boot 58 | spring-boot-starter-test 59 | test 60 | 61 | 62 | org.junit.jupiter 63 | junit-jupiter 64 | RELEASE 65 | 66 | 67 | javax.validation 68 | validation-api 69 | 2.0.1.Final 70 | 71 | 72 | org.springframework.boot 73 | spring-boot-starter-security 74 | 75 | 76 | org.springdoc 77 | springdoc-openapi-ui 78 | 1.6.6 79 | 80 | 81 | org.springdoc 82 | springdoc-openapi-security 83 | 1.6.6 84 | 85 | 86 | org.springframework.amqp 87 | spring-amqp 88 | 2.1.9.RELEASE 89 | 90 | 91 | 92 | com.rabbitmq 93 | amqp-client 94 | 5.15.0 95 | 96 | 97 | org.springframework.boot 98 | spring-boot-starter-data-redis-reactive 99 | 100 | 101 | org.springdoc 102 | springdoc-openapi-data-rest 103 | 1.6.6 104 | 105 | 106 | io.rest-assured 107 | rest-assured 108 | 4.4.0 109 | 110 | 111 | org.springframework.boot 112 | spring-boot-starter-test 113 | test 114 | 115 | 116 | org.junit.vintage 117 | junit-vintage-engine 118 | 119 | 120 | 121 | 122 | io.rest-assured 123 | spring-mock-mvc 124 | test 125 | 126 | 127 | 128 | 129 | 130 | 131 | org.springframework.boot 132 | spring-boot-maven-plugin 133 | 134 | 135 | 136 | org.projectlombok 137 | lombok 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/ApiTesterApplication.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 7 | import org.springframework.security.crypto.password.PasswordEncoder; 8 | 9 | @SpringBootApplication 10 | public class ApiTesterApplication { 11 | 12 | public static void main(String[] args) { 13 | SpringApplication.run(ApiTesterApplication.class, args); 14 | } 15 | 16 | @Bean 17 | public PasswordEncoder getPasswordEncoder() { 18 | BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(); 19 | return encoder; 20 | } 21 | 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/adapter/RAWebMvcConfigurer.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.adapter; 2 | 3 | import org.springframework.context.annotation.Configuration; 4 | import org.springframework.data.domain.PageRequest; 5 | import org.springframework.data.web.PageableHandlerMethodArgumentResolver; 6 | import org.springframework.web.method.support.HandlerMethodArgumentResolver; 7 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; 8 | 9 | import java.util.List; 10 | 11 | @Configuration 12 | public class RAWebMvcConfigurer implements WebMvcConfigurer { 13 | @Override 14 | public void addArgumentResolvers(List resolvers) { 15 | PageableHandlerMethodArgumentResolver pageHandler = new PageableHandlerMethodArgumentResolver(); 16 | pageHandler.setFallbackPageable(PageRequest.of(0,5)); 17 | resolvers.add(pageHandler); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/AutomatedRequestsController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import io.restassured.RestAssured; 4 | import io.restassured.path.json.JsonPath; 5 | import io.restassured.response.Response; 6 | import io.restassured.specification.RequestSpecification; 7 | import org.springframework.beans.factory.annotation.Autowired; 8 | import org.springframework.web.bind.annotation.PostMapping; 9 | import org.springframework.web.bind.annotation.RequestBody; 10 | import org.springframework.web.bind.annotation.RequestMapping; 11 | import org.springframework.web.bind.annotation.RestController; 12 | import tech.noetzold.APItester.model.CompleteRequest; 13 | import tech.noetzold.APItester.service.CompleteRequestService; 14 | import tech.noetzold.APItester.service.ResultService; 15 | import tech.noetzold.APItester.service.UserService; 16 | import tech.noetzold.APItester.util.QueryStringParser; 17 | 18 | import java.util.HashMap; 19 | import java.util.List; 20 | import java.util.Map; 21 | import java.util.regex.Matcher; 22 | import java.util.regex.Pattern; 23 | 24 | @RestController 25 | @RequestMapping("/automated") 26 | public class AutomatedRequestsController { 27 | 28 | @Autowired 29 | CompleteRequestService completeRequestService; 30 | 31 | @Autowired 32 | ResultService resultService; 33 | 34 | @Autowired 35 | UserService userService; 36 | 37 | @PostMapping("/test/list") 38 | public void testPerformanceEndpointList(@RequestBody List fullPerformanceTests) { 39 | Map variableMap = new HashMap<>(); 40 | 41 | for (CompleteRequest fullPerformanceTest : fullPerformanceTests) { 42 | String requestBody = replaceVariables(fullPerformanceTest.getBody(), variableMap); 43 | String requestHeaders = replaceVariables(fullPerformanceTest.getHeaders(), variableMap); 44 | Map headers = QueryStringParser.parseQueryString(requestHeaders); 45 | 46 | String requestUrl = replaceVariables(fullPerformanceTest.getUrl(), variableMap); 47 | 48 | RequestSpecification requestSpec = RestAssured.given() 49 | .headers(headers) 50 | .body(requestBody); 51 | 52 | Response response; 53 | String method = fullPerformanceTest.getMethod(); 54 | if (method.equalsIgnoreCase("get")) { 55 | response = requestSpec.when().get(requestUrl); 56 | } else if (method.equalsIgnoreCase("post")) { 57 | response = requestSpec.when().post(requestUrl); 58 | } else if (method.equalsIgnoreCase("put")) { 59 | response = requestSpec.when().put(requestUrl); 60 | } else if (method.equalsIgnoreCase("delete")) { 61 | response = requestSpec.when().delete(requestUrl); 62 | }else{ 63 | response = requestSpec.when().post(requestUrl); 64 | } 65 | 66 | String responseBody = response.getBody().asString(); 67 | try { 68 | variableMap.putAll(new JsonPath(responseBody).getMap("")); 69 | }catch (Exception exception){ 70 | variableMap.put("token", responseBody); 71 | } 72 | } 73 | } 74 | 75 | private static T replaceVariables(T input, Map variableMap) { 76 | if (input == null) { 77 | return null; 78 | } 79 | String str = input.toString(); 80 | if (str.isEmpty()) { 81 | return input; 82 | } 83 | 84 | Pattern pattern = Pattern.compile("\\{\\{([^}]+)\\}\\}"); 85 | Matcher matcher = pattern.matcher(str); 86 | 87 | StringBuffer sb = new StringBuffer(); 88 | while (matcher.find()) { 89 | String varName = matcher.group(1); 90 | Object varValue = variableMap.get(varName); 91 | String replacement = (varValue != null) ? varValue.toString() : ""; 92 | matcher.appendReplacement(sb, Matcher.quoteReplacement(replacement)); 93 | } 94 | matcher.appendTail(sb); 95 | return (T) sb.toString(); 96 | } 97 | 98 | 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/FullPerformanceTestController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import com.fasterxml.jackson.core.type.TypeReference; 4 | import com.fasterxml.jackson.databind.ObjectMapper; 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.data.domain.Page; 7 | import org.springframework.data.domain.Pageable; 8 | import org.springframework.http.*; 9 | import org.springframework.security.core.context.SecurityContextHolder; 10 | import org.springframework.web.bind.annotation.*; 11 | import tech.noetzold.APItester.model.*; 12 | import tech.noetzold.APItester.service.FullPerformanceTestService; 13 | import tech.noetzold.APItester.service.ResultService; 14 | import tech.noetzold.APItester.service.UserService; 15 | import tech.noetzold.APItester.tests.*; 16 | import tech.noetzold.APItester.util.QueryStringParser; 17 | 18 | import javax.servlet.http.HttpServletRequest; 19 | import javax.servlet.http.HttpServletResponse; 20 | import java.util.*; 21 | 22 | @RestController 23 | @RequestMapping("/performance") 24 | public class FullPerformanceTestController { 25 | 26 | @Autowired 27 | FullPerformanceTestService fullPerformanceTestService; 28 | 29 | @Autowired 30 | ResultService resultService; 31 | 32 | @Autowired 33 | UserService userService; 34 | 35 | @GetMapping("/getByUser/{login}") 36 | public ResponseEntity> getAllByUser(HttpServletRequest request, HttpServletResponse response, Pageable pageable, @PathVariable("login") String login) { 37 | return new ResponseEntity<>(fullPerformanceTestService.findByUser(pageable, login), HttpStatus.OK); 38 | } 39 | 40 | @DeleteMapping("remove/{id}") 41 | public void remove(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") Integer id) { 42 | fullPerformanceTestService.deleteFullPerformanceById(id); 43 | } 44 | 45 | @PostMapping("/test") 46 | public ResponseEntity testPerformanceEndpoint(@RequestBody FullPerformanceTest fullPerformanceTest) { 47 | 48 | fullPerformanceTest.setResult(callPerformanceTestByRequestType(fullPerformanceTest)); 49 | 50 | fullPerformanceTest.setDate_request(Calendar.getInstance()); 51 | 52 | fullPerformanceTest.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 53 | 54 | FullPerformanceTest fullPerformanceTestResponse = fullPerformanceTestService.saveService(fullPerformanceTest); 55 | 56 | return ResponseEntity.status(HttpStatus.OK).body(fullPerformanceTestResponse); 57 | } 58 | 59 | private List callPerformanceTestByRequestType(FullPerformanceTest fullPerformanceTest){ 60 | List testsResults = new ArrayList<>(); 61 | try { 62 | Map headers = QueryStringParser.parseQueryString(fullPerformanceTest.getHeaders()); 63 | 64 | fullPerformanceTest.setMethod(fullPerformanceTest.getMethod().toUpperCase()); 65 | if("POST".equals(fullPerformanceTest.getMethod())){ 66 | TestPostRequisition testPostRequisition = new TestPostRequisition(); 67 | testPostRequisition.setBody(fullPerformanceTest.getBody()); 68 | testPostRequisition.setUrl(fullPerformanceTest.getUrl()); 69 | testPostRequisition.setHeaders(fullPerformanceTest.getHeaders()); 70 | testPostRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 71 | 72 | PerformanceTest performanceTest = new PerformanceTest(testPostRequisition); 73 | TypeReference> typeRef = new TypeReference<>() {}; 74 | ObjectMapper objectMapper = new ObjectMapper(); 75 | Map body = objectMapper.readValue(fullPerformanceTest.getBody(), typeRef); 76 | 77 | List performanceTestResults = performanceTest.runPostTests(1, fullPerformanceTest.getNumReq(), body, headers); 78 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 79 | }else if("GET".equals(fullPerformanceTest.getMethod())){ 80 | TestGetRequisition testGetRequisition = new TestGetRequisition(); 81 | testGetRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 82 | testGetRequisition.setHeaders(fullPerformanceTest.getHeaders()); 83 | testGetRequisition.setParameters(fullPerformanceTest.getParameters()); 84 | testGetRequisition.setUrl(fullPerformanceTest.getUrl()); 85 | PerformanceTest performanceTest = new PerformanceTest(testGetRequisition); 86 | 87 | Map parameters = QueryStringParser.parseQueryString(testGetRequisition.getParameters()); 88 | 89 | List performanceTestResults = performanceTest.runGetTests(1, fullPerformanceTest.getNumReq(),parameters, headers); 90 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 91 | }else if("PUT".equals(fullPerformanceTest.getMethod())){ 92 | TestPutRequisition testPutRequisition = new TestPutRequisition(); 93 | testPutRequisition.setBody(fullPerformanceTest.getBody()); 94 | testPutRequisition.setUrl(fullPerformanceTest.getUrl()); 95 | testPutRequisition.setHeaders(fullPerformanceTest.getHeaders()); 96 | testPutRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 97 | 98 | PerformanceTest performanceTest = new PerformanceTest(testPutRequisition); 99 | TypeReference> typeRef = new TypeReference<>() {}; 100 | ObjectMapper objectMapper = new ObjectMapper(); 101 | Map body = objectMapper.readValue(fullPerformanceTest.getBody(), typeRef); 102 | 103 | List performanceTestResults = performanceTest.runPutTests(1, fullPerformanceTest.getNumReq(), body, headers); 104 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 105 | }else if("DELETE".equals(fullPerformanceTest.getMethod())){ 106 | TestDeleteRequisition testDeleteRequisition = new TestDeleteRequisition(); 107 | testDeleteRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 108 | testDeleteRequisition.setHeaders(fullPerformanceTest.getHeaders()); 109 | testDeleteRequisition.setParameters(fullPerformanceTest.getParameters()); 110 | testDeleteRequisition.setUrl(fullPerformanceTest.getUrl()); 111 | PerformanceTest performanceTest = new PerformanceTest(testDeleteRequisition); 112 | 113 | Map parameters = QueryStringParser.parseQueryString(testDeleteRequisition.getParameters()); 114 | 115 | List performanceTestResults = performanceTest.runGetTests(1, fullPerformanceTest.getNumReq(),parameters, headers); 116 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 117 | } 118 | 119 | return testsResults; 120 | }catch (Exception e){ 121 | e.printStackTrace(); 122 | } 123 | 124 | return testsResults; 125 | } 126 | } 127 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/TestDeleteRequisitionController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import io.restassured.RestAssured; 4 | import io.restassured.specification.RequestSpecification; 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.data.domain.Page; 7 | import org.springframework.data.domain.Pageable; 8 | import org.springframework.http.HttpStatus; 9 | import org.springframework.http.ResponseEntity; 10 | import org.springframework.security.core.context.SecurityContextHolder; 11 | import org.springframework.web.bind.annotation.*; 12 | import tech.noetzold.APItester.model.Result; 13 | import tech.noetzold.APItester.model.TestDeleteRequisition; 14 | import tech.noetzold.APItester.service.ResultService; 15 | import tech.noetzold.APItester.service.TestDeleteRequisitionService; 16 | import tech.noetzold.APItester.service.UserService; 17 | import tech.noetzold.APItester.tests.*; 18 | import tech.noetzold.APItester.util.QueryStringParser; 19 | 20 | import javax.servlet.http.HttpServletRequest; 21 | import javax.servlet.http.HttpServletResponse; 22 | import java.util.ArrayList; 23 | import java.util.List; 24 | import java.util.Map; 25 | 26 | @RestController 27 | @RequestMapping("/delete") 28 | public class TestDeleteRequisitionController { 29 | @Autowired 30 | TestDeleteRequisitionService testDeleteRequisitionService; 31 | 32 | @Autowired 33 | ResultService resultService; 34 | 35 | @Autowired 36 | UserService userService; 37 | 38 | @DeleteMapping("/getByUser/{login}") 39 | public ResponseEntity> getAllByUser(HttpServletRequest request, HttpServletResponse response, Pageable pageable, @PathVariable("login") String login) { 40 | return new ResponseEntity<>(testDeleteRequisitionService.findByUser(pageable, login), HttpStatus.OK); 41 | } 42 | 43 | @DeleteMapping("remove/{id}") 44 | public void remove(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") Integer id) { 45 | testDeleteRequisitionService.deleteDeleteRequisitionById(id); 46 | } 47 | 48 | @PostMapping("/test") 49 | public ResponseEntity testDeleteEndpoint( 50 | @RequestBody TestDeleteRequisition testDeleteRequisition) { 51 | String url = testDeleteRequisition.getUrl(); 52 | Map parameters = QueryStringParser.parseQueryString(testDeleteRequisition.getParameters()); 53 | Map headers = QueryStringParser.parseQueryString(testDeleteRequisition.getHeaders()); 54 | 55 | RequestSpecification request = RestAssured.given() 56 | .urlEncodingEnabled(false); 57 | 58 | if (!headers.isEmpty()) { 59 | request.headers(headers); 60 | } 61 | 62 | if (!parameters.isEmpty()) { 63 | request.params(parameters); 64 | } 65 | 66 | testDeleteRequisition.setResult(callTestsAndReturnResults(request,url,parameters, testDeleteRequisition, headers)); 67 | 68 | testDeleteRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 69 | 70 | testDeleteRequisitionService.saveService(testDeleteRequisition); 71 | 72 | return ResponseEntity.status(HttpStatus.OK).body(testDeleteRequisition); 73 | } 74 | 75 | private List callTestsAndReturnResults(RequestSpecification request, String url, Map params, TestDeleteRequisition testDeleteRequisition, Map headers){ 76 | List testsResults = new ArrayList<>(); 77 | 78 | SecurityTest securityTest = new SecurityTest(); 79 | testsResults.add(resultService.saveService(securityTest.testDeleteSecureResponse(request, url))); 80 | 81 | SqlInjectionTest sqlInjectionTest = new SqlInjectionTest(); 82 | testsResults.add(resultService.saveService(sqlInjectionTest.testDeleteSqlInjection(url, request, params))); 83 | 84 | CommandInjectionTest commandInjectionTest = new CommandInjectionTest(); 85 | testsResults.add(resultService.saveService(commandInjectionTest.testDeleteCommandInjection(url, request, params))); 86 | 87 | XssTest xssTest = new XssTest(); 88 | testsResults.add(resultService.saveService(xssTest.testDeleteXss(url, request, params))); 89 | 90 | DataValidationTest dataValidationTest = new DataValidationTest(); 91 | testsResults.add(resultService.saveService(dataValidationTest.testDeleteDataValidation(url, request, params))); 92 | 93 | SendToGPT3 sendToGPT3Test = new SendToGPT3(testDeleteRequisition); 94 | testsResults.add(resultService.saveService(sendToGPT3Test.doGptDeleteTest())); 95 | 96 | PerformanceTest performanceTest = new PerformanceTest(testDeleteRequisition); 97 | List performanceTestResults = performanceTest.runDeleteTests(1, 100, params, headers); 98 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 99 | 100 | return testsResults; 101 | 102 | } 103 | } 104 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/TestGetRequisitionController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | 4 | import io.restassured.RestAssured; 5 | import io.restassured.specification.RequestSpecification; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.data.domain.Page; 8 | import org.springframework.data.domain.Pageable; 9 | import org.springframework.http.HttpStatus; 10 | import org.springframework.http.ResponseEntity; 11 | import org.springframework.security.core.context.SecurityContextHolder; 12 | import org.springframework.web.bind.annotation.*; 13 | 14 | import java.util.*; 15 | 16 | import tech.noetzold.APItester.model.TestGetRequisition; 17 | import tech.noetzold.APItester.model.Result; 18 | import tech.noetzold.APItester.service.TestGetRequisitionService; 19 | import tech.noetzold.APItester.service.ResultService; 20 | import tech.noetzold.APItester.service.UserService; 21 | import tech.noetzold.APItester.tests.*; 22 | import tech.noetzold.APItester.util.QueryStringParser; 23 | 24 | import javax.servlet.http.HttpServletRequest; 25 | import javax.servlet.http.HttpServletResponse; 26 | 27 | @RestController 28 | @RequestMapping("/get") 29 | public class TestGetRequisitionController { 30 | 31 | @Autowired 32 | TestGetRequisitionService testGetRequisitionService; 33 | 34 | @Autowired 35 | ResultService resultService; 36 | 37 | @Autowired 38 | UserService userService; 39 | 40 | @GetMapping("/getByUser/{login}") 41 | public ResponseEntity> getAllByUser(HttpServletRequest request, HttpServletResponse response, Pageable pageable, @PathVariable("login") String login) { 42 | return new ResponseEntity<>(testGetRequisitionService.findByUser(pageable, login), HttpStatus.OK); 43 | } 44 | 45 | @DeleteMapping("remove/{id}") 46 | public void remove(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") Integer id) { 47 | testGetRequisitionService.deleteGetRequisitionById(id); 48 | } 49 | 50 | @PostMapping("/test") 51 | public ResponseEntity testGetEndpoint( 52 | @RequestBody TestGetRequisition testGetRequisition) { 53 | String url = testGetRequisition.getUrl(); 54 | Map parameters = QueryStringParser.parseQueryString(testGetRequisition.getParameters()); 55 | Map headers = QueryStringParser.parseQueryString(testGetRequisition.getHeaders()); 56 | 57 | RequestSpecification request = RestAssured.given() 58 | .urlEncodingEnabled(false); 59 | 60 | if (!headers.isEmpty()) { 61 | request.headers(headers); 62 | } 63 | 64 | if (!parameters.isEmpty()) { 65 | request.params(parameters); 66 | } 67 | 68 | testGetRequisition.setResult(callTestsAndReturnResults(request,url,parameters, testGetRequisition, headers)); 69 | 70 | testGetRequisition.setUser(userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString())); 71 | 72 | testGetRequisitionService.saveService(testGetRequisition); 73 | 74 | return ResponseEntity.status(HttpStatus.OK).body(testGetRequisition); 75 | } 76 | 77 | private List callTestsAndReturnResults(RequestSpecification request, String url, Map params, TestGetRequisition testGetRequisition, Map headers){ 78 | List testsResults = new ArrayList<>(); 79 | 80 | SecurityTest securityTest = new SecurityTest(); 81 | testsResults.add(resultService.saveService(securityTest.testGetSecureResponse(request, url))); 82 | 83 | SqlInjectionTest sqlInjectionTest = new SqlInjectionTest(); 84 | testsResults.add(resultService.saveService(sqlInjectionTest.testGetSqlInjection(url, request, params))); 85 | 86 | CommandInjectionTest commandInjectionTest = new CommandInjectionTest(); 87 | testsResults.add(resultService.saveService(commandInjectionTest.testGetCommandInjection(url, request, params))); 88 | 89 | XssTest xssTest = new XssTest(); 90 | testsResults.add(resultService.saveService(xssTest.testGetXss(url, request, params))); 91 | 92 | DataValidationTest dataValidationTest = new DataValidationTest(); 93 | testsResults.add(resultService.saveService(dataValidationTest.testGetDataValidation(url, request, params))); 94 | 95 | SendToGPT3 sendToGPT3Test = new SendToGPT3(testGetRequisition); 96 | testsResults.add(resultService.saveService(sendToGPT3Test.doGptGetTest())); 97 | 98 | PerformanceTest performanceTest = new PerformanceTest(testGetRequisition); 99 | List performanceTestResults = performanceTest.runGetTests(1, 100, params, headers); 100 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 101 | 102 | return testsResults; 103 | 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/TestPostRequisitionController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import com.fasterxml.jackson.core.JsonProcessingException; 4 | import com.fasterxml.jackson.core.type.TypeReference; 5 | import com.fasterxml.jackson.databind.ObjectMapper; 6 | import io.restassured.RestAssured; 7 | import io.restassured.specification.RequestSpecification; 8 | import org.springframework.beans.factory.annotation.Autowired; 9 | import org.springframework.data.domain.Page; 10 | import org.springframework.data.domain.Pageable; 11 | import org.springframework.http.HttpStatus; 12 | import org.springframework.http.ResponseEntity; 13 | import org.springframework.security.core.context.SecurityContextHolder; 14 | import org.springframework.web.bind.annotation.*; 15 | import tech.noetzold.APItester.model.Result; 16 | import tech.noetzold.APItester.model.TestPostRequisition; 17 | import tech.noetzold.APItester.model.User; 18 | import tech.noetzold.APItester.service.ResultService; 19 | import tech.noetzold.APItester.service.TestPostRequisitionService; 20 | import tech.noetzold.APItester.service.UserService; 21 | import tech.noetzold.APItester.tests.*; 22 | import tech.noetzold.APItester.util.QueryStringParser; 23 | 24 | import javax.servlet.http.HttpServletRequest; 25 | import javax.servlet.http.HttpServletResponse; 26 | import java.util.ArrayList; 27 | import java.util.Calendar; 28 | import java.util.List; 29 | import java.util.Map; 30 | 31 | @RestController 32 | @RequestMapping("/post") 33 | public class TestPostRequisitionController { 34 | 35 | @Autowired 36 | TestPostRequisitionService testPostRequisitionService; 37 | 38 | @Autowired 39 | ResultService resultService; 40 | 41 | @Autowired 42 | UserService userService; 43 | 44 | @GetMapping("/getByUser/{login}") 45 | public ResponseEntity> getAllByUser(HttpServletRequest request, HttpServletResponse response, Pageable pageable, @PathVariable("login") String login) { 46 | return new ResponseEntity<>(testPostRequisitionService.findByUser(pageable, login), HttpStatus.OK); 47 | } 48 | 49 | @DeleteMapping("remove/{id}") 50 | public void remove(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") Integer id) { 51 | testPostRequisitionService.deleteGetRequisitionById(id); 52 | } 53 | 54 | @PostMapping("/test") 55 | public ResponseEntity testPostRequest(@RequestBody TestPostRequisition testPostRequisition) { 56 | ObjectMapper objectMapper = new ObjectMapper(); 57 | TypeReference> typeRef = new TypeReference<>() {}; 58 | try { 59 | Map body = objectMapper.readValue(testPostRequisition.getBody(), typeRef); 60 | Map headers = QueryStringParser.parseQueryString(testPostRequisition.getHeaders()); 61 | 62 | RequestSpecification request = RestAssured.given(); 63 | 64 | List testsResults = callTestsAndReturnResults(request, testPostRequisition.getUrl(), body, headers, testPostRequisition); 65 | 66 | User user = userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); 67 | 68 | TestPostRequisition req = testPostRequisitionService.saveService(new TestPostRequisition(body, Calendar.getInstance(), testsResults, user)); 69 | 70 | return ResponseEntity.status(HttpStatus.OK).body(req); 71 | 72 | } catch (JsonProcessingException e) { 73 | e.printStackTrace(); 74 | return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(testPostRequisition); 75 | } 76 | 77 | } 78 | 79 | private List callTestsAndReturnResults(RequestSpecification request, String url, Map body, Map headers, TestPostRequisition testPostRequisition){ 80 | List testsResults = new ArrayList<>(); 81 | 82 | SecurityTest securityTest = new SecurityTest(); 83 | testsResults.add(resultService.saveService(securityTest.testPostSecureResponse(request, url, body, headers))); 84 | 85 | SqlInjectionTest sqlInjectionTest = new SqlInjectionTest(); 86 | testsResults.add(resultService.saveService(sqlInjectionTest.testPostSqlInjection(request, url, body, headers))); 87 | 88 | CommandInjectionTest commandInjectionTest = new CommandInjectionTest(); 89 | testsResults.add(resultService.saveService(commandInjectionTest.testPostCommandInjection(request, url, body, headers))); 90 | 91 | XssTest xssTest = new XssTest(); 92 | testsResults.add(resultService.saveService(xssTest.testPostXss(request, url, body, headers))); 93 | 94 | DataValidationTest dataValidationTest = new DataValidationTest(); 95 | testsResults.add(resultService.saveService(dataValidationTest.testPostDataValidation(request, url, body, headers))); 96 | if(testPostRequisition.isOnline()) { 97 | SendToGPT3 sendToGPT3Test = new SendToGPT3(testPostRequisition); 98 | testsResults.add(resultService.saveService(sendToGPT3Test.doGptPostTest())); 99 | } 100 | PerformanceTest performanceTest = new PerformanceTest(testPostRequisition); 101 | List performanceTestResults = performanceTest.runPostTests(1, 1, body, headers); 102 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 103 | 104 | return testsResults; 105 | 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/TestPutRequisitionController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import com.fasterxml.jackson.core.JsonProcessingException; 4 | import com.fasterxml.jackson.core.type.TypeReference; 5 | import com.fasterxml.jackson.databind.ObjectMapper; 6 | import io.restassured.RestAssured; 7 | import io.restassured.specification.RequestSpecification; 8 | import org.springframework.beans.factory.annotation.Autowired; 9 | import org.springframework.data.domain.Page; 10 | import org.springframework.data.domain.Pageable; 11 | import org.springframework.http.HttpStatus; 12 | import org.springframework.http.ResponseEntity; 13 | import org.springframework.security.core.context.SecurityContextHolder; 14 | import org.springframework.web.bind.annotation.*; 15 | import tech.noetzold.APItester.model.Result; 16 | import tech.noetzold.APItester.model.TestPutRequisition; 17 | import tech.noetzold.APItester.model.User; 18 | import tech.noetzold.APItester.service.ResultService; 19 | import tech.noetzold.APItester.service.TestPutRequisitionService; 20 | import tech.noetzold.APItester.service.UserService; 21 | import tech.noetzold.APItester.tests.*; 22 | import tech.noetzold.APItester.util.QueryStringParser; 23 | 24 | import javax.servlet.http.HttpServletRequest; 25 | import javax.servlet.http.HttpServletResponse; 26 | import java.util.ArrayList; 27 | import java.util.Calendar; 28 | import java.util.List; 29 | import java.util.Map; 30 | 31 | @RestController 32 | @RequestMapping("/put") 33 | public class TestPutRequisitionController { 34 | 35 | @Autowired 36 | TestPutRequisitionService testPutRequisitionService; 37 | 38 | @Autowired 39 | ResultService resultService; 40 | 41 | @Autowired 42 | UserService userService; 43 | 44 | @GetMapping("/getByUser/{login}") 45 | public ResponseEntity> getAllByUser(HttpServletRequest request, HttpServletResponse response, Pageable pageable, @PathVariable("login") String login) { 46 | return new ResponseEntity<>(testPutRequisitionService.findByUser(pageable, login), HttpStatus.OK); 47 | } 48 | 49 | @DeleteMapping("remove/{id}") 50 | public void remove(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") Integer id) { 51 | testPutRequisitionService.deleteGetRequisitionById(id); 52 | } 53 | 54 | @PutMapping("/test") 55 | public ResponseEntity testPutRequest(@RequestBody TestPutRequisition testPutRequisition) { 56 | ObjectMapper objectMapper = new ObjectMapper(); 57 | TypeReference> typeRef = new TypeReference<>() {}; 58 | try { 59 | Map body = objectMapper.readValue(testPutRequisition.getBody(), typeRef); 60 | Map headers = QueryStringParser.parseQueryString(testPutRequisition.getHeaders()); 61 | 62 | RequestSpecification request = RestAssured.given(); 63 | 64 | List testsResults = callTestsAndReturnResults(request, testPutRequisition.getUrl(), body, headers, testPutRequisition); 65 | 66 | User user = userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); 67 | 68 | TestPutRequisition req = testPutRequisitionService.saveService(new TestPutRequisition(body, Calendar.getInstance(), testsResults, user)); 69 | 70 | return ResponseEntity.status(HttpStatus.OK).body(req); 71 | 72 | } catch (JsonProcessingException e) { 73 | e.printStackTrace(); 74 | return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(testPutRequisition); 75 | } 76 | 77 | } 78 | 79 | private List callTestsAndReturnResults(RequestSpecification request, String url, Map body, Map headers, TestPutRequisition testPutRequisition){ 80 | List testsResults = new ArrayList<>(); 81 | 82 | SecurityTest securityTest = new SecurityTest(); 83 | testsResults.add(resultService.saveService(securityTest.testPutSecureResponse(request, url, body, headers))); 84 | 85 | SqlInjectionTest sqlInjectionTest = new SqlInjectionTest(); 86 | testsResults.add(resultService.saveService(sqlInjectionTest.testPutSqlInjection(request, url, body, headers))); 87 | 88 | CommandInjectionTest commandInjectionTest = new CommandInjectionTest(); 89 | testsResults.add(resultService.saveService(commandInjectionTest.testPutCommandInjection(request, url, body, headers))); 90 | 91 | XssTest xssTest = new XssTest(); 92 | testsResults.add(resultService.saveService(xssTest.testPutXss(request, url, body, headers))); 93 | 94 | DataValidationTest dataValidationTest = new DataValidationTest(); 95 | testsResults.add(resultService.saveService(dataValidationTest.testPutDataValidation(request, url, body, headers))); 96 | if(testPutRequisition.isOnline()) { 97 | SendToGPT3 sendToGPT3Test = new SendToGPT3(testPutRequisition); 98 | testsResults.add(resultService.saveService(sendToGPT3Test.doGptPutTest())); 99 | } 100 | PerformanceTest performanceTest = new PerformanceTest(testPutRequisition); 101 | List performanceTestResults = performanceTest.runPutTests(1,1, body, headers); 102 | for (Result result: performanceTestResults) testsResults.add(resultService.saveService(result)); 103 | 104 | return testsResults; 105 | 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/controller/UserController.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.controller; 2 | 3 | import org.springframework.http.HttpStatus; 4 | import org.springframework.http.ResponseEntity; 5 | import org.springframework.security.core.context.SecurityContextHolder; 6 | import org.springframework.security.crypto.password.PasswordEncoder; 7 | import org.springframework.web.bind.annotation.*; 8 | import tech.noetzold.APItester.model.User; 9 | import tech.noetzold.APItester.service.UserService; 10 | 11 | import java.util.List; 12 | import java.util.Optional; 13 | 14 | @RestController 15 | @RequestMapping("/user") 16 | public class UserController { 17 | 18 | private final UserService userService; 19 | private final PasswordEncoder encoder; 20 | 21 | public UserController(UserService userService, PasswordEncoder encoder) { 22 | this.userService = userService; 23 | this.encoder = encoder; 24 | } 25 | 26 | @GetMapping("/listAll") 27 | public ResponseEntity> listarTodos() { 28 | return ResponseEntity.ok(userService.findAllUsuarios()); 29 | } 30 | 31 | @PostMapping("/save") 32 | public ResponseEntity salvar(@RequestBody User user) { 33 | user.setPassword(encoder.encode(user.getPassword())); 34 | return ResponseEntity.ok(userService.saveUsuario(user)); 35 | } 36 | @GetMapping("/getLogedUser") 37 | public ResponseEntity getLogedUser() { 38 | User user = userService.findUserByLogin(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); 39 | return ResponseEntity.ok(user); 40 | } 41 | 42 | @GetMapping("/validatePass") 43 | public ResponseEntity validarSenha(@RequestParam String login, 44 | @RequestParam String password) { 45 | 46 | Optional optUsuario = userService.validateLogin(login); 47 | if (!optUsuario.isPresent()) { 48 | return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(false); 49 | } 50 | 51 | User user = optUsuario.get(); 52 | boolean valid = encoder.matches(password, user.getPassword()); 53 | 54 | HttpStatus status = (valid) ? HttpStatus.OK : HttpStatus.UNAUTHORIZED; 55 | return ResponseEntity.status(status).body(valid); 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/data/DetalheUsuarioData.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.data; 2 | 3 | import org.springframework.security.core.GrantedAuthority; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | import tech.noetzold.APItester.model.User; 6 | 7 | import java.util.ArrayList; 8 | import java.util.Collection; 9 | import java.util.Optional; 10 | 11 | public class DetalheUsuarioData implements UserDetails { 12 | 13 | private final Optional usuario; 14 | 15 | public DetalheUsuarioData(Optional usuario) { 16 | this.usuario = usuario; 17 | } 18 | 19 | @Override 20 | public Collection getAuthorities() { 21 | return new ArrayList<>(); 22 | } 23 | 24 | @Override 25 | public String getPassword() { 26 | return usuario.orElse(new User()).getPassword(); 27 | } 28 | 29 | @Override 30 | public String getUsername() { 31 | return usuario.orElse(new User()).getLogin(); 32 | } 33 | 34 | @Override 35 | public boolean isAccountNonExpired() { 36 | return true; 37 | } 38 | 39 | @Override 40 | public boolean isAccountNonLocked() { 41 | return true; 42 | } 43 | 44 | @Override 45 | public boolean isCredentialsNonExpired() { 46 | return true; 47 | } 48 | 49 | @Override 50 | public boolean isEnabled() { 51 | return true; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/CompleteRequest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | 10 | @Data 11 | @NoArgsConstructor 12 | @AllArgsConstructor 13 | @Entity(name="complete_request") 14 | public class CompleteRequest extends DefaultRequest implements Serializable { 15 | 16 | @Id 17 | @GeneratedValue(strategy = GenerationType.IDENTITY) 18 | private Integer id; 19 | 20 | @Column(name = "parameters", nullable = true) 21 | private String parameters; 22 | 23 | @Column(name = "body", nullable = true) 24 | private String body; 25 | 26 | @Column(name = "method", nullable = true) 27 | private String method; 28 | 29 | } 30 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/DefaultRequest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | import java.util.Calendar; 10 | import java.util.List; 11 | 12 | @Data 13 | @NoArgsConstructor 14 | @AllArgsConstructor 15 | @Entity(name="default_request") 16 | public class DefaultRequest implements Serializable { 17 | private String headers; 18 | 19 | private String url; 20 | 21 | @Temporal(TemporalType.DATE) 22 | @Column(name = "date_request", nullable = false) 23 | private Calendar date_request; 24 | 25 | @ManyToOne 26 | private User user; 27 | 28 | @OneToMany(cascade=CascadeType.PERSIST) 29 | private List result; 30 | } 31 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/FullPerformanceTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | 10 | @Data 11 | @NoArgsConstructor 12 | @AllArgsConstructor 13 | @Entity(name="test_performance") 14 | public class FullPerformanceTest extends DefaultRequest implements Serializable { 15 | 16 | @Id 17 | @GeneratedValue(strategy = GenerationType.IDENTITY) 18 | private Integer id; 19 | 20 | @Column(name = "parameters", nullable = true) 21 | private String parameters; 22 | 23 | @Column(name = "body", nullable = true) 24 | private String body; 25 | 26 | @Column(name = "method", nullable = true) 27 | private String method; 28 | 29 | @Column(name = "num_req", nullable = true) 30 | private int numReq; 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/PerformanceResult.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | public class PerformanceResult { 3 | private final long responseTime; 4 | private final int maxResponseSize; 5 | private final double requestsPerSecond; 6 | 7 | public PerformanceResult(long responseTime, int maxResponseSize, double requestsPerSecond) { 8 | this.responseTime = responseTime; 9 | this.maxResponseSize = maxResponseSize; 10 | this.requestsPerSecond = requestsPerSecond; 11 | } 12 | 13 | public long getResponseTime() { 14 | return responseTime; 15 | } 16 | 17 | public int getMaxResponseSize() { 18 | return maxResponseSize; 19 | } 20 | 21 | public double getRequestsPerSecond() { 22 | return requestsPerSecond; 23 | } 24 | 25 | @Override 26 | public String toString() { 27 | return "PerformanceResult{" + 28 | "responseTime=" + responseTime + 29 | ", maxResponseSize=" + maxResponseSize + 30 | ", requestsPerSecond=" + requestsPerSecond + 31 | '}'; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/Result.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import javax.persistence.*; 9 | import javax.validation.constraints.NotNull; 10 | import java.io.Serializable; 11 | 12 | @Data 13 | @NoArgsConstructor 14 | @AllArgsConstructor 15 | @Entity(name="Result") 16 | public class Result implements Serializable { 17 | 18 | @Id 19 | @GeneratedValue(strategy = GenerationType.IDENTITY) 20 | private Integer id; 21 | 22 | @NotNull 23 | private TEST_TYPE test_type; 24 | 25 | @NotNull 26 | @Lob 27 | private String details; 28 | 29 | 30 | 31 | public Result(TEST_TYPE test_type, String message) { 32 | this.test_type = test_type; 33 | this.details = message; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/TestDeleteRequisition.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | import java.util.Calendar; 10 | import java.util.List; 11 | import java.util.Map; 12 | 13 | @Data 14 | @NoArgsConstructor 15 | @AllArgsConstructor 16 | @Entity(name="test_delete_requisition") 17 | public class TestDeleteRequisition extends DefaultRequest implements Serializable{ 18 | 19 | @Id 20 | @GeneratedValue(strategy = GenerationType.IDENTITY) 21 | private Integer id; 22 | 23 | private String parameters; 24 | 25 | @Column(name = "is_online", nullable = true) 26 | private boolean isOnline; 27 | 28 | @Column(name = "gpt_key", nullable = true) 29 | private String gptKey; 30 | 31 | public TestDeleteRequisition(Map parameters, Calendar date_request, List result, User user) { 32 | this.parameters = parameters.toString(); 33 | this.setDate_request(date_request); 34 | this.setResult(result); 35 | this.setUser(user); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/TestGetRequisition.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | import java.util.Calendar; 10 | import java.util.List; 11 | import java.util.Map; 12 | 13 | @Data 14 | @NoArgsConstructor 15 | @AllArgsConstructor 16 | @Entity(name="test_get_requisition") 17 | public class TestGetRequisition extends DefaultRequest implements Serializable { 18 | 19 | @Id 20 | @GeneratedValue(strategy = GenerationType.IDENTITY) 21 | private Integer id; 22 | 23 | private String parameters; 24 | 25 | @Column(name = "is_online", nullable = true) 26 | private boolean isOnline; 27 | 28 | @Column(name = "gpt_key", nullable = true) 29 | private String gptKey; 30 | 31 | public TestGetRequisition(Map parameters, Calendar date_request, List result, User user) { 32 | this.parameters = parameters.toString(); 33 | this.setDate_request(date_request); 34 | this.setResult(result); 35 | this.setUser(user); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/TestPostRequisition.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.util.Calendar; 9 | import java.util.List; 10 | import java.util.Map; 11 | 12 | @Data 13 | @NoArgsConstructor 14 | @AllArgsConstructor 15 | @Entity(name="test_post_requisition") 16 | public class TestPostRequisition extends DefaultRequest { 17 | @Id 18 | @GeneratedValue(strategy = GenerationType.IDENTITY) 19 | private Integer id; 20 | private String body; 21 | 22 | @Column(name = "is_online", nullable = true) 23 | private boolean isOnline; 24 | 25 | @Column(name = "gpt_key", nullable = true) 26 | private String gptKey; 27 | 28 | public TestPostRequisition(Map body, Calendar date_request, List result, User user) { 29 | this.body = body.toString(); 30 | this.setDate_request(date_request); 31 | this.setResult(result); 32 | this.setUser(user); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/TestPutRequisition.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | import lombok.AllArgsConstructor; 4 | import lombok.Data; 5 | import lombok.NoArgsConstructor; 6 | 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | import java.util.Calendar; 10 | import java.util.List; 11 | import java.util.Map; 12 | 13 | @Data 14 | @NoArgsConstructor 15 | @AllArgsConstructor 16 | @Entity(name="test_put_requisition") 17 | public class TestPutRequisition extends DefaultRequest implements Serializable { 18 | @Id 19 | @GeneratedValue(strategy = GenerationType.IDENTITY) 20 | private Integer id; 21 | private String body; 22 | 23 | @Column(name = "is_online", nullable = true) 24 | private boolean isOnline; 25 | 26 | @Column(name = "gpt_key", nullable = true) 27 | private String gptKey; 28 | 29 | public TestPutRequisition(Map body, Calendar date_request, List result, User user) { 30 | this.body = body.toString(); 31 | this.setDate_request(date_request); 32 | this.setResult(result); 33 | this.setUser(user); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/model/User.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.model; 2 | 3 | 4 | import lombok.AllArgsConstructor; 5 | import lombok.Data; 6 | import lombok.NoArgsConstructor; 7 | import javax.persistence.*; 8 | import java.io.Serializable; 9 | 10 | @Data 11 | @NoArgsConstructor 12 | @AllArgsConstructor 13 | @Entity(name="user_test") 14 | public class User implements Serializable { 15 | 16 | @Id 17 | @GeneratedValue(strategy = GenerationType.IDENTITY) 18 | private Integer id; 19 | @Column(unique = true) 20 | private String login; 21 | private String password; 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/CompleteRequestRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.CompleteRequest; 7 | import tech.noetzold.APItester.model.User; 8 | 9 | public interface CompleteRequestRepository extends JpaRepository { 10 | Page findByUser(Pageable pageable, User user); 11 | } -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/FullPerformanceTestRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.FullPerformanceTest; 7 | import tech.noetzold.APItester.model.User; 8 | 9 | public interface FullPerformanceTestRepository extends JpaRepository { 10 | Page findByUser(Pageable pageable, User user); 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/ResultRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import tech.noetzold.APItester.model.Result; 5 | 6 | public interface ResultRepository extends JpaRepository { 7 | } 8 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/TestDeleteRequisitionRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.TestDeleteRequisition; 7 | import tech.noetzold.APItester.model.User; 8 | 9 | public interface TestDeleteRequisitionRepository extends JpaRepository { 10 | 11 | Page findByUser(Pageable pageable, User user); 12 | } 13 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/TestGetRequisitionRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.TestGetRequisition; 7 | import tech.noetzold.APItester.model.User; 8 | 9 | public interface TestGetRequisitionRepository extends JpaRepository { 10 | Page findByUser(Pageable pageable, User user); 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/TestPostRequisitionRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.TestPostRequisition; 7 | 8 | public interface TestPostRequisitionRepository extends JpaRepository { 9 | Page findByUser(Pageable pageable, String login); 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/TestPutRequisitionRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.domain.Page; 4 | import org.springframework.data.domain.Pageable; 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import tech.noetzold.APItester.model.TestPutRequisition; 7 | 8 | public interface TestPutRequisitionRepository extends JpaRepository { 9 | Page findByUser(Pageable pageable, String login); 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/repository/UserRepository.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.repository; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | import tech.noetzold.APItester.model.User; 5 | 6 | import java.util.Optional; 7 | 8 | public interface UserRepository extends JpaRepository { 9 | public Optional findByLogin(String login); 10 | 11 | } -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/security/JWTAutenticarFilter.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.security; 2 | 3 | import com.auth0.jwt.JWT; 4 | import com.auth0.jwt.algorithms.Algorithm; 5 | import com.fasterxml.jackson.databind.ObjectMapper; 6 | import org.springframework.security.authentication.AuthenticationManager; 7 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 8 | import org.springframework.security.core.Authentication; 9 | import org.springframework.security.core.AuthenticationException; 10 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 11 | import tech.noetzold.APItester.data.DetalheUsuarioData; 12 | import tech.noetzold.APItester.model.User; 13 | import tech.noetzold.APItester.util.TokenApp; 14 | 15 | import javax.servlet.FilterChain; 16 | import javax.servlet.ServletException; 17 | import javax.servlet.http.HttpServletRequest; 18 | import javax.servlet.http.HttpServletResponse; 19 | import java.io.IOException; 20 | import java.util.ArrayList; 21 | import java.util.Date; 22 | 23 | public class JWTAutenticarFilter extends UsernamePasswordAuthenticationFilter { 24 | 25 | public static final int TOKEN_EXPIRACAO = 600_000; 26 | public static final String TOKEN_SENHA = TokenApp.getTokenPass(); 27 | 28 | private final AuthenticationManager authenticationManager; 29 | 30 | public JWTAutenticarFilter(AuthenticationManager authenticationManager) { 31 | this.authenticationManager = authenticationManager; 32 | } 33 | 34 | 35 | @Override 36 | public Authentication attemptAuthentication(HttpServletRequest request, 37 | HttpServletResponse response) throws AuthenticationException { 38 | try { 39 | User user = new ObjectMapper() 40 | .readValue(request.getInputStream(), User.class); 41 | 42 | return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken( 43 | user.getLogin(), 44 | user.getPassword(), 45 | new ArrayList<>() 46 | )); 47 | 48 | } catch (IOException e) { 49 | throw new RuntimeException("Falha ao autenticar usuario", e); 50 | } 51 | 52 | } 53 | 54 | @Override 55 | protected void successfulAuthentication(HttpServletRequest request, 56 | HttpServletResponse response, 57 | FilterChain chain, 58 | Authentication authResult) throws IOException, ServletException { 59 | 60 | DetalheUsuarioData usuarioData = (DetalheUsuarioData) authResult.getPrincipal(); 61 | 62 | String token = JWT.create(). 63 | withSubject(usuarioData.getUsername()) 64 | .withExpiresAt(new Date(System.currentTimeMillis() + TOKEN_EXPIRACAO)) 65 | .sign(Algorithm.HMAC512(TOKEN_SENHA)); 66 | 67 | response.getWriter().write(token); 68 | response.getWriter().flush(); 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/security/JWTConfiguracao.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.security; 2 | 3 | import org.springframework.context.annotation.Bean; 4 | import org.springframework.http.HttpMethod; 5 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 6 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 7 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 8 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 9 | import org.springframework.security.config.http.SessionCreationPolicy; 10 | import org.springframework.security.crypto.password.PasswordEncoder; 11 | import org.springframework.web.cors.CorsConfiguration; 12 | import org.springframework.web.cors.CorsConfigurationSource; 13 | import org.springframework.web.cors.UrlBasedCorsConfigurationSource; 14 | import tech.noetzold.APItester.service.DetalheUsuarioServiceImpl; 15 | 16 | 17 | @EnableWebSecurity 18 | public class JWTConfiguracao extends WebSecurityConfigurerAdapter { 19 | 20 | private final DetalheUsuarioServiceImpl usuarioService; 21 | private final PasswordEncoder passwordEncoder; 22 | 23 | public JWTConfiguracao(DetalheUsuarioServiceImpl usuarioService, PasswordEncoder passwordEncoder) { 24 | this.usuarioService = usuarioService; 25 | this.passwordEncoder = passwordEncoder; 26 | } 27 | 28 | @Override 29 | protected void configure(AuthenticationManagerBuilder auth) throws Exception { 30 | auth.userDetailsService(usuarioService).passwordEncoder(passwordEncoder); 31 | } 32 | 33 | @Override 34 | protected void configure(HttpSecurity http) throws Exception { 35 | http.csrf().disable().authorizeRequests() 36 | .antMatchers(HttpMethod.POST, "/login").permitAll() 37 | .antMatchers(HttpMethod.GET, "/swagger-ui/*").permitAll() 38 | .antMatchers("/v3/*").permitAll() 39 | .antMatchers("/v3/api-docs/swagger-config").permitAll() 40 | .antMatchers("/get/*").permitAll() 41 | .antMatchers("/post/*").permitAll() 42 | .antMatchers("/user/*").permitAll() 43 | .anyRequest().authenticated() 44 | .and() 45 | .addFilter(new JWTAutenticarFilter(authenticationManager())) 46 | .addFilter(new JWTValidarFilter(authenticationManager())) 47 | .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); 48 | } 49 | 50 | @Bean 51 | CorsConfigurationSource corsConfigurationSource() { 52 | final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 53 | 54 | CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues(); 55 | source.registerCorsConfiguration("/**", corsConfiguration); 56 | return source; 57 | } 58 | 59 | } 60 | 61 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/security/JWTValidarFilter.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.security; 2 | 3 | import com.auth0.jwt.JWT; 4 | import com.auth0.jwt.algorithms.Algorithm; 5 | import org.springframework.security.authentication.AuthenticationManager; 6 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 7 | import org.springframework.security.core.context.SecurityContextHolder; 8 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 9 | 10 | import javax.servlet.FilterChain; 11 | import javax.servlet.ServletException; 12 | import javax.servlet.http.HttpServletRequest; 13 | import javax.servlet.http.HttpServletResponse; 14 | import java.io.IOException; 15 | import java.util.ArrayList; 16 | 17 | public class JWTValidarFilter extends BasicAuthenticationFilter { 18 | 19 | public static final String HEADER_ATRIBUTO = "Authorization"; 20 | public static final String ATRIBUTO_PREFIXO = "Bearer "; 21 | 22 | public JWTValidarFilter(AuthenticationManager authenticationManager) { 23 | super(authenticationManager); 24 | } 25 | 26 | @Override 27 | protected void doFilterInternal(HttpServletRequest request, 28 | HttpServletResponse response, 29 | FilterChain chain) throws IOException, ServletException { 30 | 31 | String atributo = request.getHeader(HEADER_ATRIBUTO); 32 | 33 | if (atributo == null) { 34 | chain.doFilter(request, response); 35 | return; 36 | } 37 | 38 | if (!atributo.startsWith(ATRIBUTO_PREFIXO)) { 39 | chain.doFilter(request, response); 40 | return; 41 | } 42 | 43 | String token = atributo.replace(ATRIBUTO_PREFIXO, ""); 44 | UsernamePasswordAuthenticationToken authenticationToken = getAuthenticationToken(token); 45 | 46 | SecurityContextHolder.getContext().setAuthentication(authenticationToken); 47 | chain.doFilter(request, response); 48 | } 49 | 50 | private UsernamePasswordAuthenticationToken getAuthenticationToken(String token) { 51 | 52 | String usuario = JWT.require(Algorithm.HMAC512(JWTAutenticarFilter.TOKEN_SENHA)) 53 | .build() 54 | .verify(token) 55 | .getSubject(); 56 | 57 | if (usuario == null) { 58 | return null; 59 | } 60 | 61 | return new UsernamePasswordAuthenticationToken(usuario,null, new ArrayList<>()); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/CompleteRequestService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import tech.noetzold.APItester.model.CompleteRequest; 7 | import tech.noetzold.APItester.model.User; 8 | import tech.noetzold.APItester.repository.CompleteRequestRepository; 9 | import tech.noetzold.APItester.repository.UserRepository; 10 | 11 | 12 | public class CompleteRequestService { 13 | @Autowired 14 | CompleteRequestRepository completeRequestRepository; 15 | 16 | @Autowired 17 | UserRepository userRepository; 18 | 19 | public CompleteRequest saveService(CompleteRequest completeRequest){ 20 | return completeRequestRepository.save(completeRequest); 21 | } 22 | 23 | public Page findByUser(Pageable pageable, String login){ 24 | User user = userRepository.findByLogin(login).get(); 25 | return completeRequestRepository.findByUser(pageable, user); 26 | } 27 | 28 | public Page findAll(Pageable pageable){ 29 | return completeRequestRepository.findAll(pageable); 30 | } 31 | 32 | public void deleteFullPerformanceById(Integer id) { 33 | completeRequestRepository.deleteById(id); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/DetalheUsuarioServiceImpl.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.security.core.userdetails.UserDetails; 4 | import org.springframework.security.core.userdetails.UserDetailsService; 5 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 6 | import org.springframework.stereotype.Component; 7 | import tech.noetzold.APItester.data.DetalheUsuarioData; 8 | import tech.noetzold.APItester.model.User; 9 | import tech.noetzold.APItester.repository.UserRepository; 10 | 11 | import java.util.Optional; 12 | 13 | @Component 14 | public class DetalheUsuarioServiceImpl implements UserDetailsService { 15 | 16 | private final UserRepository service; 17 | 18 | public DetalheUsuarioServiceImpl(UserRepository service) { 19 | this.service = service; 20 | } 21 | 22 | @Override 23 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 24 | Optional usuario = service.findByLogin(username); 25 | 26 | if (!usuario.isPresent()){ 27 | throw new UsernameNotFoundException("Usuario [" + username + "] não encontrado"); 28 | } 29 | 30 | return new DetalheUsuarioData(usuario); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/FullPerformanceTestService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import org.springframework.stereotype.Component; 7 | import org.springframework.stereotype.Service; 8 | import tech.noetzold.APItester.model.FullPerformanceTest; 9 | import tech.noetzold.APItester.model.User; 10 | import tech.noetzold.APItester.repository.FullPerformanceTestRepository; 11 | import tech.noetzold.APItester.repository.UserRepository; 12 | 13 | @Service 14 | public class FullPerformanceTestService { 15 | 16 | @Autowired 17 | FullPerformanceTestRepository fullPerformanceTestRepository; 18 | 19 | @Autowired 20 | UserRepository userRepository; 21 | 22 | public FullPerformanceTest saveService(FullPerformanceTest fullPerformanceTest){ 23 | return fullPerformanceTestRepository.save(fullPerformanceTest); 24 | } 25 | 26 | public Page findByUser(Pageable pageable, String login){ 27 | User user = userRepository.findByLogin(login).get(); 28 | return fullPerformanceTestRepository.findByUser(pageable, user); 29 | } 30 | 31 | public Page findAll(Pageable pageable){ 32 | return fullPerformanceTestRepository.findAll(pageable); 33 | } 34 | 35 | public void deleteFullPerformanceById(Integer id) { 36 | fullPerformanceTestRepository.deleteById(id); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/ResultService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.stereotype.Service; 5 | import tech.noetzold.APItester.model.Result; 6 | import tech.noetzold.APItester.repository.ResultRepository; 7 | 8 | @Service 9 | public class ResultService { 10 | 11 | @Autowired 12 | ResultRepository resultRepository; 13 | 14 | public Result saveService(Result result){ 15 | return resultRepository.save(result); 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/TestDeleteRequisitionService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import org.springframework.stereotype.Service; 7 | import tech.noetzold.APItester.model.TestDeleteRequisition; 8 | import tech.noetzold.APItester.model.User; 9 | import tech.noetzold.APItester.repository.TestDeleteRequisitionRepository; 10 | import tech.noetzold.APItester.repository.UserRepository; 11 | 12 | @Service 13 | public class TestDeleteRequisitionService { 14 | 15 | @Autowired 16 | TestDeleteRequisitionRepository testDeleteRequisitionRepository; 17 | 18 | @Autowired 19 | UserRepository userRepository; 20 | 21 | public TestDeleteRequisition saveService(TestDeleteRequisition testDeleteRequisition){ 22 | return testDeleteRequisitionRepository.save(testDeleteRequisition); 23 | } 24 | 25 | public Page findByUser(Pageable pageable, String login){ 26 | User user = userRepository.findByLogin(login).get(); 27 | return testDeleteRequisitionRepository.findByUser(pageable, user); 28 | } 29 | 30 | public Page findAll(Pageable pageable){ 31 | return testDeleteRequisitionRepository.findAll(pageable); 32 | } 33 | 34 | public void deleteDeleteRequisitionById(Integer id) { 35 | testDeleteRequisitionRepository.deleteById(id); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/TestGetRequisitionService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import org.springframework.stereotype.Service; 7 | import tech.noetzold.APItester.model.TestGetRequisition; 8 | import tech.noetzold.APItester.model.TestPostRequisition; 9 | import tech.noetzold.APItester.model.User; 10 | import tech.noetzold.APItester.repository.TestGetRequisitionRepository; 11 | import tech.noetzold.APItester.repository.UserRepository; 12 | 13 | @Service 14 | public class TestGetRequisitionService { 15 | 16 | @Autowired 17 | TestGetRequisitionRepository testGetRequisitionRepository; 18 | 19 | @Autowired 20 | UserRepository userRepository; 21 | 22 | public TestGetRequisition saveService(TestGetRequisition testGetRequisition){ 23 | return testGetRequisitionRepository.save(testGetRequisition); 24 | } 25 | 26 | public Page findByUser(Pageable pageable, String login){ 27 | User user = userRepository.findByLogin(login).get(); 28 | return testGetRequisitionRepository.findByUser(pageable, user); 29 | } 30 | 31 | public Page findAll(Pageable pageable){ 32 | return testGetRequisitionRepository.findAll(pageable); 33 | } 34 | 35 | public void deleteGetRequisitionById(Integer id) { 36 | testGetRequisitionRepository.deleteById(id); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/TestPostRequisitionService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import org.springframework.stereotype.Service; 7 | import tech.noetzold.APItester.model.TestPostRequisition; 8 | import tech.noetzold.APItester.repository.TestPostRequisitionRepository; 9 | 10 | @Service 11 | public class TestPostRequisitionService { 12 | 13 | @Autowired 14 | TestPostRequisitionRepository testPostRequisitionRepository; 15 | 16 | public TestPostRequisition saveService(TestPostRequisition testPostRequisition){ 17 | return testPostRequisitionRepository.save(testPostRequisition); 18 | } 19 | 20 | public Page findAll(Pageable pageable){ 21 | return testPostRequisitionRepository.findAll(pageable); 22 | } 23 | 24 | public Page findByUser(Pageable pageable, String login){ 25 | return testPostRequisitionRepository.findByUser(pageable, login); 26 | } 27 | 28 | public void deleteGetRequisitionById(Integer id) { 29 | testPostRequisitionRepository.deleteById(id); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/TestPutRequisitionService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.data.domain.Page; 5 | import org.springframework.data.domain.Pageable; 6 | import org.springframework.stereotype.Service; 7 | import tech.noetzold.APItester.model.TestPutRequisition; 8 | import tech.noetzold.APItester.repository.TestPutRequisitionRepository; 9 | 10 | @Service 11 | public class TestPutRequisitionService { 12 | 13 | @Autowired 14 | TestPutRequisitionRepository testPutRequisitionRepository; 15 | 16 | @Autowired 17 | UserService userService; 18 | 19 | public TestPutRequisition saveService(TestPutRequisition testPutRequisition){ 20 | return testPutRequisitionRepository.save(testPutRequisition); 21 | } 22 | 23 | public Page findAll(Pageable pageable){ 24 | return testPutRequisitionRepository.findAll(pageable); 25 | } 26 | 27 | public Page findByUser(Pageable pageable, String login){ 28 | return testPutRequisitionRepository.findByUser(pageable, login); 29 | } 30 | 31 | public void deleteGetRequisitionById(Integer id) { 32 | testPutRequisitionRepository.deleteById(id); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/service/UserService.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.service; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.stereotype.Service; 5 | import tech.noetzold.APItester.model.User; 6 | import tech.noetzold.APItester.repository.UserRepository; 7 | 8 | import java.util.List; 9 | import java.util.Optional; 10 | 11 | @Service 12 | public class UserService { 13 | 14 | @Autowired 15 | UserRepository userRepository; 16 | 17 | public List findAllUsuarios(){ 18 | return userRepository.findAll(); 19 | } 20 | 21 | public User findUserByLogin(String login){ 22 | return userRepository.findByLogin(login).get(); 23 | } 24 | 25 | public User saveUsuario(User user){ 26 | return userRepository.save(user); 27 | } 28 | 29 | public Optional validateLogin(String login){ 30 | return userRepository.findByLogin(login); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/BaseTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import tech.noetzold.APItester.model.Result; 4 | import tech.noetzold.APItester.util.TEST_TYPE; 5 | public class BaseTest { 6 | 7 | public Result fail(TEST_TYPE test_type, String message){ 8 | return new Result(test_type, message); 9 | } 10 | 11 | public Result success(TEST_TYPE test_type){ 12 | return new Result(test_type, "Success"); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/CommandInjectionTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.response.Response; 4 | import io.restassured.specification.RequestSpecification; 5 | import tech.noetzold.APItester.model.Result; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import java.util.Map; 9 | 10 | public class CommandInjectionTest extends BaseTest{ 11 | 12 | public Result testGetCommandInjection(String url, RequestSpecification request, Map params) { 13 | if(params == null) return null; 14 | String payload = "||ls"; 15 | for (Map.Entry pair : params.entrySet()) 16 | pair.setValue(payload); 17 | Response response = request 18 | .params(params) 19 | .when() 20 | .get(url) 21 | .then() 22 | .extract() 23 | .response(); 24 | 25 | String responseBody = response.getBody().asString(); 26 | int statusCode = response.getStatusCode(); 27 | if (responseBody.contains(payload)) { 28 | return fail(TEST_TYPE.COMMAND_INJECTION, "Command injection vulnerability found in parameter " + params.toString() + " with payload " + payload); 29 | } 30 | if (statusCode >= 500) { 31 | return fail(TEST_TYPE.COMMAND_INJECTION, "Server error: " + statusCode); 32 | } 33 | 34 | return success(TEST_TYPE.COMMAND_INJECTION); 35 | } 36 | 37 | public Result testPostCommandInjection(RequestSpecification request, String url, Map body, Map headers) { 38 | if (body == null) return null; 39 | String payload = "||ls"; 40 | 41 | for (Map.Entry pair : body.entrySet()){ 42 | pair.setValue(payload); 43 | Response response = request 44 | .when() 45 | .body(body) 46 | .headers(headers) 47 | .post(url) 48 | .then() 49 | .extract() 50 | .response(); 51 | 52 | String responseBody = response.getBody().asString(); 53 | int statusCode = response.getStatusCode(); 54 | if (responseBody.contains(payload)) { 55 | return fail(TEST_TYPE.COMMAND_INJECTION, "Command injection vulnerability found in parameter " + body.toString() + " with payload " + payload); 56 | } 57 | if (statusCode >= 500) { 58 | return fail(TEST_TYPE.COMMAND_INJECTION, "Server error: " + statusCode); 59 | } 60 | } 61 | 62 | return success(TEST_TYPE.COMMAND_INJECTION); 63 | } 64 | 65 | public Result testPutCommandInjection(RequestSpecification request, String url, Map body, Map headers) { 66 | if (body == null) return null; 67 | String payload = "||ls"; 68 | 69 | for (Map.Entry pair : body.entrySet()){ 70 | pair.setValue(payload); 71 | Response response = request 72 | .when() 73 | .body(body) 74 | .headers(headers) 75 | .put(url) 76 | .then() 77 | .extract() 78 | .response(); 79 | 80 | String responseBody = response.getBody().asString(); 81 | int statusCode = response.getStatusCode(); 82 | if (responseBody.contains(payload)) { 83 | return fail(TEST_TYPE.COMMAND_INJECTION, "Command injection vulnerability found in parameter " + body.toString() + " with payload " + payload); 84 | } 85 | if (statusCode >= 500) { 86 | return fail(TEST_TYPE.COMMAND_INJECTION, "Server error: " + statusCode); 87 | } 88 | } 89 | 90 | return success(TEST_TYPE.COMMAND_INJECTION); 91 | } 92 | 93 | public Result testDeleteCommandInjection(String url, RequestSpecification request, Map params) { 94 | if(params == null) return null; 95 | String payload = "||ls"; 96 | for (Map.Entry pair : params.entrySet()) 97 | pair.setValue(payload); 98 | Response response = request 99 | .params(params) 100 | .when() 101 | .delete(url) 102 | .then() 103 | .extract() 104 | .response(); 105 | 106 | String responseBody = response.getBody().asString(); 107 | int statusCode = response.getStatusCode(); 108 | if (responseBody.contains(payload)) { 109 | return fail(TEST_TYPE.COMMAND_INJECTION, "Command injection vulnerability found in parameter " + params.toString() + " with payload " + payload); 110 | } 111 | if (statusCode >= 500) { 112 | return fail(TEST_TYPE.COMMAND_INJECTION, "Server error: " + statusCode); 113 | } 114 | 115 | return success(TEST_TYPE.COMMAND_INJECTION); 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/DataValidationTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.response.Response; 4 | import io.restassured.specification.RequestSpecification; 5 | import tech.noetzold.APItester.model.Result; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import java.util.Map; 9 | 10 | public class DataValidationTest extends BaseTest { 11 | 12 | public Result testGetDataValidation(String url, RequestSpecification request, Map params) { 13 | if(params == null) return null; 14 | String payload = "foo"; 15 | for (Map.Entry pair : params.entrySet()) 16 | pair.setValue(payload); 17 | 18 | Response response = request 19 | .params(params) 20 | .when() 21 | .get(url) 22 | .then() 23 | .extract() 24 | .response(); 25 | 26 | String responseBody = response.getBody().asString(); 27 | int statusCode = response.getStatusCode(); 28 | if (!responseBody.contains(payload)) { 29 | return fail(TEST_TYPE.DATA_VALIDATION, "Data validation failed in parameter " + params.toString() + " with payload " + payload); 30 | } 31 | if (statusCode >= 500) { 32 | return fail(TEST_TYPE.DATA_VALIDATION,"Server error: " + statusCode); 33 | } 34 | return success(TEST_TYPE.DATA_VALIDATION); 35 | } 36 | 37 | public Result testPostDataValidation(RequestSpecification request, String url, Map body, Map headers) { 38 | if(body == null) return null; 39 | String payload = "foo"; 40 | 41 | for (Map.Entry pair : body.entrySet()) { 42 | pair.setValue(payload); 43 | 44 | Response response = request 45 | .when() 46 | .body(body) 47 | .headers(headers) 48 | .post(url) 49 | .then() 50 | .extract() 51 | .response(); 52 | 53 | String responseBody = response.getBody().asString(); 54 | int statusCode = response.getStatusCode(); 55 | if (!responseBody.contains(payload)) { 56 | return fail(TEST_TYPE.DATA_VALIDATION, "Data validation failed in parameter " + body.toString() + " with payload " + payload); 57 | } 58 | if (statusCode >= 500) { 59 | return fail(TEST_TYPE.DATA_VALIDATION, "Server error: " + statusCode); 60 | } 61 | } 62 | return success(TEST_TYPE.DATA_VALIDATION); 63 | } 64 | 65 | public Result testPutDataValidation(RequestSpecification request, String url, Map body, Map headers) { 66 | if(body == null) return null; 67 | String payload = "foo"; 68 | 69 | for (Map.Entry pair : body.entrySet()) { 70 | pair.setValue(payload); 71 | 72 | Response response = request 73 | .when() 74 | .body(body) 75 | .headers(headers) 76 | .put(url) 77 | .then() 78 | .extract() 79 | .response(); 80 | 81 | String responseBody = response.getBody().asString(); 82 | int statusCode = response.getStatusCode(); 83 | if (!responseBody.contains(payload)) { 84 | return fail(TEST_TYPE.DATA_VALIDATION, "Data validation failed in parameter " + body.toString() + " with payload " + payload); 85 | } 86 | if (statusCode >= 500) { 87 | return fail(TEST_TYPE.DATA_VALIDATION, "Server error: " + statusCode); 88 | } 89 | } 90 | return success(TEST_TYPE.DATA_VALIDATION); 91 | } 92 | 93 | public Result testDeleteDataValidation(String url, RequestSpecification request, Map params) { 94 | if(params == null) return null; 95 | String payload = "foo"; 96 | for (Map.Entry pair : params.entrySet()) 97 | pair.setValue(payload); 98 | 99 | Response response = request 100 | .params(params) 101 | .when() 102 | .delete(url) 103 | .then() 104 | .extract() 105 | .response(); 106 | 107 | String responseBody = response.getBody().asString(); 108 | int statusCode = response.getStatusCode(); 109 | if (!responseBody.contains(payload)) { 110 | return fail(TEST_TYPE.DATA_VALIDATION, "Data validation failed in parameter " + params.toString() + " with payload " + payload); 111 | } 112 | if (statusCode >= 500) { 113 | return fail(TEST_TYPE.DATA_VALIDATION,"Server error: " + statusCode); 114 | } 115 | return success(TEST_TYPE.DATA_VALIDATION); 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/PerformanceTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | import io.restassured.RestAssured; 3 | import io.restassured.response.Response; 4 | import tech.noetzold.APItester.model.*; 5 | import tech.noetzold.APItester.util.TEST_TYPE; 6 | 7 | import java.util.ArrayList; 8 | import java.util.List; 9 | import java.util.Map; 10 | 11 | public class PerformanceTest { 12 | private TestPostRequisition testPostRequisition; 13 | private TestGetRequisition testGetRequisition; 14 | 15 | private TestPutRequisition testPutRequisition; 16 | 17 | private TestDeleteRequisition testDeleteRequisition; 18 | 19 | public PerformanceTest(TestPostRequisition testPostRequisition) { 20 | this.testPostRequisition = testPostRequisition; 21 | } 22 | 23 | public PerformanceTest(TestGetRequisition testGetRequisition) { 24 | this.testGetRequisition = testGetRequisition; 25 | } 26 | 27 | public PerformanceTest(TestPutRequisition testPutRequisition) { 28 | this.testPutRequisition = testPutRequisition; 29 | } 30 | 31 | public PerformanceTest(TestDeleteRequisition testDeleteRequisition) { 32 | this.testDeleteRequisition = testDeleteRequisition; 33 | } 34 | 35 | 36 | public List runPostTests(int numTests, int numRequestsPerTest, Map body, Map headers) { 37 | List results = new ArrayList<>(); 38 | 39 | for (int i = 0; i < numTests; i++) { 40 | Result result = runPostTest(numRequestsPerTest, body, headers); 41 | results.add(result); 42 | } 43 | 44 | return results; 45 | } 46 | 47 | private Result runPostTest(int numRequests, Map body, Map headers) { 48 | 49 | Response response = RestAssured.given() 50 | .headers(headers) 51 | .body(body) 52 | .when() 53 | .post(testPostRequisition.getUrl()); 54 | 55 | if (response.getStatusCode() < 200 || response.getStatusCode() >= 300) { 56 | return new Result(TEST_TYPE.PERFORMANCE, "Error " + response.getStatusCode() + " by header " + response.getHeaders() + " by body " + response.getBody()); 57 | } 58 | 59 | long responseTime = response.getTime(); 60 | 61 | int maxResponseSize = response.getBody().asByteArray().length; 62 | 63 | long start = System.currentTimeMillis(); 64 | for (int i = 0; i < numRequests; i++) { 65 | RestAssured.given().headers(headers).body(body).when().post(testPostRequisition.getUrl()); 66 | } 67 | long end = System.currentTimeMillis(); 68 | double requestsPerSecond = numRequests / ((end - start) / 1000.0); 69 | 70 | return new Result(TEST_TYPE.PERFORMANCE, new PerformanceResult(responseTime, maxResponseSize, requestsPerSecond).toString()); 71 | } 72 | 73 | public List runGetTests(int numTests, int numRequestsPerTest, Map params, Map headers) { 74 | List results = new ArrayList<>(); 75 | 76 | for (int i = 0; i < numTests; i++) { 77 | Result result = runGetTest(numRequestsPerTest, params, headers); 78 | results.add(result); 79 | } 80 | 81 | return results; 82 | } 83 | 84 | private Result runGetTest(int numRequests, Map params, Map headers) { 85 | 86 | Response response = RestAssured.given() 87 | .headers(headers) 88 | .params(params) 89 | .when() 90 | .post(testGetRequisition.getUrl()); 91 | 92 | if (response.getStatusCode() < 200 || response.getStatusCode() >= 300) { 93 | return new Result(TEST_TYPE.PERFORMANCE, "Error " + response.getStatusCode() + " by header " + response.getHeaders() + " by body " + response.getBody()); 94 | } 95 | 96 | long responseTime = response.getTime(); 97 | 98 | int maxResponseSize = response.getBody().asByteArray().length; 99 | 100 | long start = System.currentTimeMillis(); 101 | for (int i = 0; i < numRequests; i++) { 102 | RestAssured.given().headers(headers).params(params).when().post(testGetRequisition.getUrl()); 103 | } 104 | long end = System.currentTimeMillis(); 105 | double requestsPerSecond = numRequests / ((end - start) / 1000.0); 106 | 107 | return new Result(TEST_TYPE.PERFORMANCE, new PerformanceResult(responseTime, maxResponseSize, requestsPerSecond).toString()); 108 | } 109 | 110 | public List runPutTests(int numTests, int numRequestsPerTest, Map body, Map headers) { 111 | List results = new ArrayList<>(); 112 | 113 | for (int i = 0; i < numTests; i++) { 114 | Result result = runPutTest(numRequestsPerTest, body, headers); 115 | results.add(result); 116 | } 117 | 118 | return results; 119 | } 120 | 121 | public Result runPutTest(int numRequests, Map body, Map headers) { 122 | Response response = RestAssured.given() 123 | .headers(headers) 124 | .body(body) 125 | .when() 126 | .put(testPutRequisition.getUrl()); 127 | 128 | if (response.getStatusCode() < 200 || response.getStatusCode() >= 300) { 129 | return new Result(TEST_TYPE.PERFORMANCE, "Error " + response.getStatusCode() + " by header " + response.getHeaders() + " by body " + response.getBody()); 130 | } 131 | 132 | long responseTime = response.getTime(); 133 | 134 | int maxResponseSize = response.getBody().asByteArray().length; 135 | 136 | long start = System.currentTimeMillis(); 137 | for (int i = 0; i < numRequests; i++) { 138 | RestAssured.given().headers(headers).body(body).when().post(testPutRequisition.getUrl()); 139 | } 140 | long end = System.currentTimeMillis(); 141 | double requestsPerSecond = numRequests / ((end - start) / 1000.0); 142 | 143 | return new Result(TEST_TYPE.PERFORMANCE, new PerformanceResult(responseTime, maxResponseSize, requestsPerSecond).toString()); 144 | } 145 | 146 | public List runDeleteTests(int numTests, int numRequestsPerTest, Map params, Map headers) { 147 | List results = new ArrayList<>(); 148 | 149 | for (int i = 0; i < numTests; i++) { 150 | Result result = runDeleteTest(numRequestsPerTest, params, headers); 151 | results.add(result); 152 | } 153 | 154 | return results; 155 | } 156 | 157 | private Result runDeleteTest(int numRequestsPerTest, Map params, Map headers) { 158 | Response response = RestAssured.given() 159 | .headers(headers) 160 | .params(params) 161 | .when() 162 | .delete(testDeleteRequisition.getUrl()); 163 | 164 | if (response.getStatusCode() < 200 || response.getStatusCode() >= 300) { 165 | return new Result(TEST_TYPE.PERFORMANCE, "Error " + response.getStatusCode() + " by header " + response.getHeaders() + " by body " + response.getBody()); 166 | } 167 | 168 | long responseTime = response.getTime(); 169 | 170 | int maxResponseSize = response.getBody().asByteArray().length; 171 | 172 | long start = System.currentTimeMillis(); 173 | for (int i = 0; i < numRequestsPerTest; i++) { 174 | RestAssured.given().headers(headers).params(params).when().post(testDeleteRequisition.getUrl()); 175 | } 176 | long end = System.currentTimeMillis(); 177 | double requestsPerSecond = numRequestsPerTest / ((end - start) / 1000.0); 178 | 179 | return new Result(TEST_TYPE.PERFORMANCE, new PerformanceResult(responseTime, maxResponseSize, requestsPerSecond).toString()); 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/SecurityTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.response.Response; 4 | import io.restassured.specification.RequestSpecification; 5 | import tech.noetzold.APItester.model.Result; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import java.util.Arrays; 9 | import java.util.Base64; 10 | 11 | import java.util.List; 12 | import java.util.Map; 13 | 14 | public class SecurityTest extends BaseTest{ 15 | 16 | private String username; 17 | List weakPasswords; 18 | 19 | public SecurityTest() { 20 | createUserAttributes();; 21 | } 22 | 23 | public Result testGetSecureResponse(RequestSpecification request, String url) { 24 | 25 | for(String weakPassword: this.weakPasswords) { 26 | String token = Base64.getEncoder().encodeToString((this.username + ":" + weakPassword).getBytes()); 27 | Response responseBasic = request.header("Authorization", "Basic " + token) 28 | .when() 29 | .get(url); 30 | 31 | Result resultBasicTests = testStatusCode(responseBasic.getStatusCode()); 32 | 33 | if(!("Success".equals(resultBasicTests.getDetails()))){ 34 | return resultBasicTests; 35 | } 36 | 37 | Response responseBearer = request.header("Authorization", "Bearer " + token) 38 | .when() 39 | .get(url); 40 | 41 | return testStatusCode(responseBearer.getStatusCode()); 42 | 43 | } 44 | 45 | return new Result(TEST_TYPE.SECURITY, "Success"); 46 | } 47 | 48 | public Result testPostSecureResponse(RequestSpecification request, String url, Map body, Map headers) { 49 | 50 | for(String weakPassword: this.weakPasswords) { 51 | String token = Base64.getEncoder().encodeToString((this.username + ":" + weakPassword).getBytes()); 52 | Response responseBasic = request.header("Authorization", "Basic " + token) 53 | .when() 54 | .post(url); 55 | 56 | Result resultBasicTests = testStatusCode(responseBasic.getStatusCode()); 57 | 58 | if(!("Success".equals(resultBasicTests.getDetails()))){ 59 | return resultBasicTests; 60 | } 61 | 62 | Response responseBearer = request.header("Authorization", "Bearer " + token) 63 | .when() 64 | .post(url); 65 | 66 | return testStatusCode(responseBearer.getStatusCode()); 67 | 68 | } 69 | 70 | return new Result(TEST_TYPE.SECURITY, "Success"); 71 | } 72 | 73 | private Result testStatusCode(int statusCode){ 74 | if (statusCode <= 300) { 75 | return fail(TEST_TYPE.SECURITY, "Security failed in token by weak password"); 76 | } else if (statusCode >= 500) { 77 | return fail(TEST_TYPE.SECURITY, "Server error: " + statusCode); 78 | } 79 | return success(TEST_TYPE.SECURITY); 80 | } 81 | 82 | private void createUserAttributes(){ 83 | this.username = "user"; 84 | this.weakPasswords = Arrays.asList("123456", "password", "12345678", "qwerty", "12345", "123456789", "letmein", "1234567", "football", "iloveyou", "admin", "welcome", "monkey", "login", "abc123", "starwars", "123123", "dragon", "passw0rd", "master", "hello", "freedom", "whatever", "qazwsx", "trustno1", "654321", "jordan23", "harley", "password1", "1234"); 85 | } 86 | 87 | public Result testPutSecureResponse(RequestSpecification request, String url, Map body, Map headers) { 88 | for(String weakPassword: this.weakPasswords) { 89 | String token = Base64.getEncoder().encodeToString((this.username + ":" + weakPassword).getBytes()); 90 | Response responseBasic = request.header("Authorization", "Basic " + token) 91 | .when() 92 | .put(url); 93 | 94 | Result resultBasicTests = testStatusCode(responseBasic.getStatusCode()); 95 | 96 | if(!("Success".equals(resultBasicTests.getDetails()))){ 97 | return resultBasicTests; 98 | } 99 | 100 | Response responseBearer = request.header("Authorization", "Bearer " + token) 101 | .when() 102 | .post(url); 103 | 104 | return testStatusCode(responseBearer.getStatusCode()); 105 | 106 | } 107 | 108 | return new Result(TEST_TYPE.SECURITY, "Success"); 109 | } 110 | 111 | public Result testDeleteSecureResponse(RequestSpecification request, String url) { 112 | for(String weakPassword: this.weakPasswords) { 113 | String token = Base64.getEncoder().encodeToString((this.username + ":" + weakPassword).getBytes()); 114 | Response responseBasic = request.header("Authorization", "Basic " + token) 115 | .when() 116 | .delete(url); 117 | 118 | Result resultBasicTests = testStatusCode(responseBasic.getStatusCode()); 119 | 120 | if(!("Success".equals(resultBasicTests.getDetails()))){ 121 | return resultBasicTests; 122 | } 123 | 124 | Response responseBearer = request.header("Authorization", "Bearer " + token) 125 | .when() 126 | .get(url); 127 | 128 | return testStatusCode(responseBearer.getStatusCode()); 129 | 130 | } 131 | 132 | return new Result(TEST_TYPE.SECURITY, "Success"); 133 | } 134 | } 135 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/SendToGPT3.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.RestAssured; 4 | import io.restassured.response.Response; 5 | import tech.noetzold.APItester.model.*; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import java.util.HashMap; 9 | import java.util.Map; 10 | 11 | 12 | public class SendToGPT3 { 13 | 14 | private TestPostRequisition testPostRequisition; 15 | 16 | private TestGetRequisition testGetRequisition; 17 | 18 | private TestPutRequisition testPutRequisition; 19 | 20 | private TestDeleteRequisition testDeleteRequisition; 21 | 22 | public SendToGPT3(TestPostRequisition testPostRequisition) { 23 | this.testPostRequisition = testPostRequisition; 24 | } 25 | 26 | public SendToGPT3(TestGetRequisition testGetRequisition) { 27 | this.testGetRequisition = testGetRequisition; 28 | } 29 | 30 | public SendToGPT3(TestPutRequisition testPutRequisition) { 31 | this.testPutRequisition = testPutRequisition; 32 | } 33 | 34 | public SendToGPT3(TestDeleteRequisition testDeleteRequisition) { 35 | this.testDeleteRequisition = testDeleteRequisition; 36 | } 37 | 38 | 39 | public Result doGptGetTest(){ 40 | Map bodyToSendRequest = new HashMap<>(); 41 | 42 | bodyToSendRequest.put("url", this.testGetRequisition.getUrl()); 43 | bodyToSendRequest.put("typeReq", "GET"); 44 | bodyToSendRequest.put("params", this.testGetRequisition.getParameters()); 45 | bodyToSendRequest.put("headers", this.testGetRequisition.getHeaders()); 46 | bodyToSendRequest.put("apyKey", this.testGetRequisition.getGptKey()); 47 | 48 | 49 | 50 | Response responseTestGetGPT = RestAssured.given().body(bodyToSendRequest).post("http://localhost:5000/gptTest").then() 51 | .extract() 52 | .response(); 53 | 54 | return new Result(TEST_TYPE.GPT3, responseTestGetGPT.getBody().toString()); 55 | } 56 | 57 | public Result doGptPostTest(){ 58 | Map bodyToSendRequest = new HashMap<>(); 59 | 60 | bodyToSendRequest.put("url", this.testPostRequisition.getUrl()); 61 | bodyToSendRequest.put("typeReq", "POST"); 62 | bodyToSendRequest.put("headers", this.testPostRequisition.getHeaders()); 63 | bodyToSendRequest.put("body", this.testPostRequisition.getBody()); 64 | bodyToSendRequest.put("apyKey", this.testPostRequisition.getGptKey()); 65 | 66 | 67 | 68 | Response responseTestGetGPT = RestAssured.given().body(bodyToSendRequest).post("http://localhost:5000/gptTest").then() 69 | .extract() 70 | .response(); 71 | 72 | return new Result(TEST_TYPE.GPT3, responseTestGetGPT.getBody().toString()); 73 | } 74 | 75 | public Result doGptPutTest() { 76 | Map bodyToSendRequest = new HashMap<>(); 77 | 78 | bodyToSendRequest.put("url", this.testPostRequisition.getUrl()); 79 | bodyToSendRequest.put("typeReq", "PUT"); 80 | bodyToSendRequest.put("headers", this.testPostRequisition.getHeaders()); 81 | bodyToSendRequest.put("body", this.testPostRequisition.getBody()); 82 | bodyToSendRequest.put("apyKey", this.testPostRequisition.getGptKey()); 83 | 84 | 85 | 86 | Response responseTestGetGPT = RestAssured.given().body(bodyToSendRequest).post("http://localhost:5000/gptTest").then() 87 | .extract() 88 | .response(); 89 | 90 | return new Result(TEST_TYPE.GPT3, responseTestGetGPT.getBody().toString()); 91 | } 92 | 93 | public Result doGptDeleteTest() { 94 | Map bodyToSendRequest = new HashMap<>(); 95 | 96 | bodyToSendRequest.put("url", this.testPostRequisition.getUrl()); 97 | bodyToSendRequest.put("typeReq", "DELETE"); 98 | bodyToSendRequest.put("headers", this.testPostRequisition.getHeaders()); 99 | bodyToSendRequest.put("body", this.testPostRequisition.getBody()); 100 | bodyToSendRequest.put("apyKey", this.testPostRequisition.getGptKey()); 101 | 102 | 103 | 104 | Response responseTestGetGPT = RestAssured.given().body(bodyToSendRequest).post("http://localhost:5000/gptTest").then() 105 | .extract() 106 | .response(); 107 | 108 | return new Result(TEST_TYPE.GPT3, responseTestGetGPT.getBody().toString()); 109 | } 110 | } 111 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/SqlInjectionTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.http.ContentType; 4 | import io.restassured.response.Response; 5 | import io.restassured.specification.RequestSpecification; 6 | import org.springframework.web.util.UriComponentsBuilder; 7 | import tech.noetzold.APItester.model.Result; 8 | import tech.noetzold.APItester.util.TEST_TYPE; 9 | 10 | import java.io.UnsupportedEncodingException; 11 | import java.net.URLEncoder; 12 | import java.nio.charset.StandardCharsets; 13 | import java.util.Map; 14 | 15 | public class SqlInjectionTest extends BaseTest { 16 | 17 | public Result testGetSqlInjection(String url, RequestSpecification request, Map params) { 18 | if (params == null) return null; 19 | String payload = "' or 1=1 --"; 20 | try { 21 | payload = URLEncoder.encode(payload, "UTF-8"); 22 | } catch (UnsupportedEncodingException e) { 23 | throw new RuntimeException(e); 24 | } 25 | 26 | UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl(url); 27 | for (Map.Entry pair : params.entrySet()) { 28 | uriBuilder.queryParam(pair.getKey(), payload); 29 | } 30 | 31 | Response response = request 32 | .get(uriBuilder.toUriString()) 33 | .then() 34 | .extract() 35 | .response(); 36 | 37 | String responseBody = response.getBody().asString(); 38 | int statusCode = response.getStatusCode(); 39 | if (responseBody.contains(payload)) { 40 | return fail(TEST_TYPE.SQL_INJECTION, "SQL injection vulnerability found in parameter " + params.toString() + " with payload " + payload); 41 | } 42 | if (statusCode >= 500) { 43 | return fail(TEST_TYPE.SQL_INJECTION, "Server error: " + statusCode); 44 | } 45 | 46 | return success(TEST_TYPE.SQL_INJECTION); 47 | } 48 | 49 | public Result testPostSqlInjection(RequestSpecification request, String url, Map body, Map headers) { 50 | if (body == null) return null; 51 | String payload = "' or 1=1 --"; 52 | 53 | UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl(url); 54 | 55 | for (Map.Entry pair : body.entrySet()) { 56 | if (pair.getValue() instanceof String) { 57 | String encodedValue = URLEncoder.encode(pair.getValue().toString(), StandardCharsets.UTF_8); 58 | uriBuilder.queryParam(pair.getKey(), encodedValue); 59 | } 60 | } 61 | 62 | String requestBody = uriBuilder.build().getQuery(); 63 | 64 | Response response = request.body(requestBody) 65 | .contentType(ContentType.URLENC) 66 | .headers(headers) 67 | .when() 68 | .post(url) 69 | .then() 70 | .extract() 71 | .response(); 72 | 73 | String responseBody = response.getBody().asString(); 74 | int statusCode = response.getStatusCode(); 75 | if (responseBody.contains(payload)) { 76 | return fail(TEST_TYPE.SQL_INJECTION, "SQL injection vulnerability found in parameter " + body.toString() + " with payload " + payload); 77 | } 78 | if (statusCode >= 500) { 79 | return fail(TEST_TYPE.SQL_INJECTION, "Server error: " + statusCode); 80 | } 81 | 82 | return success(TEST_TYPE.SQL_INJECTION); 83 | } 84 | 85 | 86 | public Result testPutSqlInjection(RequestSpecification request, String url, Map body, Map headers) { 87 | if (body == null) return null; 88 | String payload = "' or 1=1 --"; 89 | 90 | UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl(url); 91 | 92 | for (Map.Entry pair : body.entrySet()) { 93 | if (pair.getValue() instanceof String) { 94 | String encodedValue = URLEncoder.encode(pair.getValue().toString(), StandardCharsets.UTF_8); 95 | uriBuilder.queryParam(pair.getKey(), encodedValue); 96 | } 97 | } 98 | 99 | String requestBody = uriBuilder.build().getQuery(); 100 | 101 | Response response = request.body(requestBody) 102 | .contentType(ContentType.URLENC) 103 | .headers(headers) 104 | .when() 105 | .put(url) 106 | .then() 107 | .extract() 108 | .response(); 109 | 110 | String responseBody = response.getBody().asString(); 111 | int statusCode = response.getStatusCode(); 112 | if (responseBody.contains(payload)) { 113 | return fail(TEST_TYPE.SQL_INJECTION, "SQL injection vulnerability found in parameter " + body.toString() + " with payload " + payload); 114 | } 115 | if (statusCode >= 500) { 116 | return fail(TEST_TYPE.SQL_INJECTION, "Server error: " + statusCode); 117 | } 118 | 119 | return success(TEST_TYPE.SQL_INJECTION); 120 | } 121 | 122 | public Result testDeleteSqlInjection(String url, RequestSpecification request, Map params) { 123 | if (params == null) return null; 124 | String payload = "' or 1=1 --"; 125 | try { 126 | payload = URLEncoder.encode(payload, "UTF-8"); 127 | } catch (UnsupportedEncodingException e) { 128 | throw new RuntimeException(e); 129 | } 130 | 131 | UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromHttpUrl(url); 132 | for (Map.Entry pair : params.entrySet()) { 133 | uriBuilder.queryParam(pair.getKey(), payload); 134 | } 135 | 136 | Response response = request 137 | .delete(uriBuilder.toUriString()) 138 | .then() 139 | .extract() 140 | .response(); 141 | 142 | String responseBody = response.getBody().asString(); 143 | int statusCode = response.getStatusCode(); 144 | if (responseBody.contains(payload)) { 145 | return fail(TEST_TYPE.SQL_INJECTION, "SQL injection vulnerability found in parameter " + params.toString() + " with payload " + payload); 146 | } 147 | if (statusCode >= 500) { 148 | return fail(TEST_TYPE.SQL_INJECTION, "Server error: " + statusCode); 149 | } 150 | 151 | return success(TEST_TYPE.SQL_INJECTION); 152 | } 153 | } 154 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/tests/XssTest.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.tests; 2 | 3 | import io.restassured.response.Response; 4 | import io.restassured.specification.RequestSpecification; 5 | import tech.noetzold.APItester.model.Result; 6 | import tech.noetzold.APItester.util.TEST_TYPE; 7 | 8 | import java.util.HashMap; 9 | import java.util.Map; 10 | 11 | public class XssTest extends BaseTest { 12 | 13 | public Result testGetXss(String url, RequestSpecification request, Map params) { 14 | if(params == null) return null; 15 | String payload = ""; 16 | for (Map.Entry pair : params.entrySet()) 17 | pair.setValue(payload); 18 | Response response = request 19 | .params(params) 20 | .when() 21 | .get(url) 22 | .then() 23 | .extract() 24 | .response(); 25 | 26 | String responseBody = response.getBody().asString(); 27 | int statusCode = response.getStatusCode(); 28 | if (responseBody.contains(payload)) { 29 | return fail(TEST_TYPE.XSS_INJECTION,"XSS vulnerability found in parameter " + params.toString() + " with payload " + payload); 30 | } 31 | if (statusCode >= 500) { 32 | return fail(TEST_TYPE.XSS_INJECTION,"Server error: " + statusCode); 33 | } 34 | 35 | return success(TEST_TYPE.XSS_INJECTION); 36 | } 37 | 38 | public Result testPostXss(RequestSpecification request, String url, Map body, Map headers) { 39 | if(body == null) return null; 40 | String payload = ""; 41 | 42 | for (String key : body.keySet()) { 43 | Map modifiedBody = new HashMap<>(body); 44 | modifiedBody.put(key, payload); 45 | 46 | Response response = request 47 | .when() 48 | .headers(headers) 49 | .body(modifiedBody) 50 | .post(url) 51 | .then() 52 | .extract() 53 | .response(); 54 | 55 | String responseBody = response.getBody().asString(); 56 | int statusCode = response.getStatusCode(); 57 | if (responseBody.contains(payload)) { 58 | return fail(TEST_TYPE.XSS_INJECTION,"XSS vulnerability found in parameter " + key + " with payload " + payload); 59 | } 60 | if (statusCode >= 500) { 61 | return fail(TEST_TYPE.XSS_INJECTION,"Server error: " + statusCode); 62 | } 63 | } 64 | 65 | return success(TEST_TYPE.XSS_INJECTION); 66 | } 67 | 68 | public Result testPutXss(RequestSpecification request, String url, Map body, Map headers) { 69 | if(body == null) return null; 70 | String payload = ""; 71 | 72 | for (String key : body.keySet()) { 73 | Map modifiedBody = new HashMap<>(body); 74 | modifiedBody.put(key, payload); 75 | 76 | Response response = request 77 | .when() 78 | .headers(headers) 79 | .body(modifiedBody) 80 | .put(url) 81 | .then() 82 | .extract() 83 | .response(); 84 | 85 | String responseBody = response.getBody().asString(); 86 | int statusCode = response.getStatusCode(); 87 | if (responseBody.contains(payload)) { 88 | return fail(TEST_TYPE.XSS_INJECTION,"XSS vulnerability found in parameter " + key + " with payload " + payload); 89 | } 90 | if (statusCode >= 500) { 91 | return fail(TEST_TYPE.XSS_INJECTION,"Server error: " + statusCode); 92 | } 93 | } 94 | 95 | return success(TEST_TYPE.XSS_INJECTION); 96 | } 97 | 98 | public Result testDeleteXss(String url, RequestSpecification request, Map params) { 99 | if(params == null) return null; 100 | String payload = ""; 101 | for (Map.Entry pair : params.entrySet()) 102 | pair.setValue(payload); 103 | Response response = request 104 | .params(params) 105 | .when() 106 | .delete(url) 107 | .then() 108 | .extract() 109 | .response(); 110 | 111 | String responseBody = response.getBody().asString(); 112 | int statusCode = response.getStatusCode(); 113 | if (responseBody.contains(payload)) { 114 | return fail(TEST_TYPE.XSS_INJECTION,"XSS vulnerability found in parameter " + params.toString() + " with payload " + payload); 115 | } 116 | if (statusCode >= 500) { 117 | return fail(TEST_TYPE.XSS_INJECTION,"Server error: " + statusCode); 118 | } 119 | 120 | return success(TEST_TYPE.XSS_INJECTION); 121 | } 122 | } 123 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/util/QueryStringParser.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.util; 2 | import java.net.URLDecoder; 3 | import java.util.HashMap; 4 | import java.util.Map; 5 | 6 | public class QueryStringParser { 7 | public static Map parseQueryString(String queryString) { 8 | Map parameters = new HashMap<>(); 9 | 10 | if (queryString != null && !queryString.isEmpty()) { 11 | String[] pairs = queryString.split("&"); 12 | for (String pair : pairs) { 13 | int idx = pair.indexOf("="); 14 | try { 15 | String key = URLDecoder.decode(pair.substring(0, idx), "UTF-8"); 16 | String value = URLDecoder.decode(pair.substring(idx + 1), "UTF-8"); 17 | parameters.put(key, value); 18 | } catch (Exception e) { 19 | e.printStackTrace(); 20 | // Handle exception 21 | } 22 | } 23 | } 24 | 25 | return parameters; 26 | } 27 | } -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/util/TEST_TYPE.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.util; 2 | 3 | public enum TEST_TYPE { 4 | COMMAND_INJECTION, DATA_VALIDATION, SQL_INJECTION, XSS_INJECTION, SECURITY, GPT3, PERFORMANCE 5 | 6 | } 7 | -------------------------------------------------------------------------------- /src/main/java/tech/noetzold/APItester/util/TokenApp.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester.util; 2 | 3 | import java.io.FileInputStream; 4 | import java.io.FileNotFoundException; 5 | import java.io.IOException; 6 | import java.util.Properties; 7 | 8 | public class TokenApp { 9 | 10 | public static String getTokenPass() { 11 | Properties props = new Properties(); 12 | FileInputStream file = null; 13 | try { 14 | file = new FileInputStream( 15 | "./src/main/resources/application.properties"); 16 | props.load(file); 17 | } catch (IOException e) { 18 | throw new RuntimeException(e); 19 | } 20 | 21 | return props.getProperty("app.token"); 22 | 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true 2 | 3 | spring.datasource.url=jdbc:postgresql://localhost:5432/api-testes 4 | spring.datasource.username=postgres 5 | spring.datasource.password=postgres 6 | spring.jpa.hibernate.ddl-auto=update 7 | spring.jpa.show-sql=true 8 | spring.jpa.generate-ddl=true 9 | 10 | server.port = 8092 11 | app.token=06315036-6214-43e8-a173-b766de200c24 -------------------------------------------------------------------------------- /src/test/java/tech/noetzold/APItester/ApiTesterApplicationTests.java: -------------------------------------------------------------------------------- 1 | package tech.noetzold.APItester; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class ApiTesterApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | --------------------------------------------------------------------------------