This post documents how I used Docker to get RESTler running on MacOS, which is not currently supported, using Docker.
From https://github.com/microsoft/restler-fuzzer:
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API.
It appears to have a simple Dockerfile included in the repo, but I couldn’t make it work. This method creates a Docker image that, when run, allows all 4 modes of RESTler (compile, test, fuzz-lean and fuzz) to be run.
git clone git@github.com:microsoft/restler-fuzzer.git
Dockerfile in the root directory:FROM mcr.microsoft.com/dotnet/sdk:5.0-focal
RUN apt update && apt install python3 -y
RUN mkdir -p /restler/bin && \
mkdir -p /restler/config && \
mkdir -p /restler/src/src/compiler/Restler.Compiler && \
mkdir -p /restler/src/src/compiler/Restler.Compiler.Test && \
mkdir -p /restler/src/src/compiler/Restler.CompilerExe && \
mkdir -p /restler/src/src/driver && \
mkdir -p /restler/src/ResultsAnalyzer
WORKDIR /restler/src/src
COPY ./src/Restler.sln ./
COPY ./src/compiler/Restler.Compiler/Restler.Compiler.fsproj ./compiler/Restler.Compiler/
COPY ./src/compiler/Restler.Compiler.Test/Restler.Compiler.Test.fsproj ./compiler/Restler.Compiler.Test/
COPY ./src/compiler/Restler.CompilerExe/Restler.CompilerExe.fsproj ./compiler/Restler.CompilerExe/
COPY ./src/driver/Restler.Driver.fsproj ./driver/
COPY ./src/ResultsAnalyzer/ResultsAnalyzer.fsproj ./ResultsAnalyzer/
RUN dotnet restore ./Restler.sln
WORKDIR /restler/src
COPY . .
RUN dotnet restore ./src/Restler.sln
RUN ln -s /usr/bin/python3 /usr/bin/python
RUN python ./build-restler.py --dest_dir /restler/bin
WORKDIR /restler/config
mkdir config
Copy the OpenAPI specification into config/openapi.yaml. (I also successfully tested specifications in JSON format).
Create a config/dict.json file. The example below includes custom payloads for setting parameter values, and custom headers:
{
"restler_fuzzable_string": [
"fuzzstring"
],
"restler_fuzzable_string_unquoted": [],
"restler_fuzzable_datetime": [
"2019-06-26T20:20:39+00:00"
],
"restler_fuzzable_datetime_unquoted": [],
"restler_fuzzable_uuid4": [
"566048da-ed19-4cd3-8e0a-b7e0e1ec4d72"
],
"restler_fuzzable_uuid4_unquoted": [],
"restler_fuzzable_int": [
"1",
"0"
],
"restler_fuzzable_number": [
"1.23"
],
"restler_fuzzable_bool": [
"true"
],
"restler_fuzzable_object": [
"{ \"fuzz\": false }"
],
"restler_custom_payload": {
"foo": [
"bar"
],
"baz": [
"bat"
],
},
"restler_custom_payload_header": {
"X-CUSTOM-HEADER": [
"foo"
]
},
"restler_custom_payload_unquoted": {},
"restler_custom_payload_uuid4_suffix": {}
}
config/compile-config.json file:{
"SwaggerSpecFilePath": [
"openapi.yaml"
],
"CustomDictionaryFilePath": "dict.json"
}
config/run. This example can be tweaked to only run the modes that you need, and the time budget parameter can be adjusted to the number of hours you want to run the main fuzzing mode for:#!/bin/bash
rm -r Compile
dotnet /restler/bin/restler/Restler.dll compile compile-config.json
dotnet /restler/bin/restler/Restler.dll test --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json
dotnet /restler/bin/restler/Restler.dll fuzz-lean --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json
dotnet /restler/bin/restler/Restler.dll fuzz --grammar_file Compile/grammar.py --dictionary_file Compile/dict.json --time_budget 1
config directory mounted in it:docker build . --tag restler:latest
docker run -it -v /host/path/to/restler-fuzzer/config:/restler/config restler:latest
run script. Some directories will be created in the config directory showing results and logs.The configuration files can be tweaked and the tool re-run quickly using the run script, to iterate the setup.