diff --git a/.gitignore b/.gitignore index 83382dbdf2332..f774ce1c8a069 100644 --- a/.gitignore +++ b/.gitignore @@ -186,3 +186,5 @@ cypress/snapshots cypress/videos /.direnv + +/.hypothesis/ diff --git a/build/openapi-fuzzer.sh b/build/openapi-fuzzer.sh new file mode 100755 index 0000000000000..8044dabaf17d4 --- /dev/null +++ b/build/openapi-fuzzer.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash + +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later + +set -euo pipefail + +if [ "$#" -ne 2 ]; then + echo "Usage ./build/openapi-fuzzer.sh " + exit 1 +fi + +user="$1" +spec="$(readlink -f "$2")" + +python -m venv venv +source venv/bin/activate +pip install schemathesis==4.1.4 + +rm data config/config.php -rf + +./occ maintenance:install --admin-pass admin +./occ config:system:set auth.bruteforce.protection.enabled --value=false --type=boolean + +app="$(echo "$spec" | pcregrep -o1 -e "^.+\/apps[^\/]*\/([a-z_]+)\/openapi[a-z-]*\.json$" || echo "")" +if [[ "$app" != "" ]]; then + ./occ app:enable "$app" +fi + +if [[ "$user" != "admin" ]]; then + is_password_policy_available="$(./occ app:list --output json | jq -r .enabled.password_policy)" + + if [[ "$is_password_policy_available" != "null" ]]; then + ./occ app:disable password_policy + fi + + NC_PASS="$user" ./occ user:add "$user" --password-from-env + + if [[ "$is_password_policy_available" != "null" ]]; then + ./occ app:enable password_policy + fi +fi + +app_password="$(echo "$user" | ./occ user:auth-tokens:add "$user" | tail -n 1)" + +# Ensure enough workers will be available to handle all requests +NEXTCLOUD_WORKERS=100 composer serve &> /dev/null & +pid=$! +function cleanup() { + kill "$pid" +} +trap cleanup EXIT + +until curl -s -o /dev/null http://localhost:8080/status.php; do sleep 1s; done + +schemathesis run \ + "$spec" \ + --checks all \ + --exclude-checks missing_required_header,unsupported_method \ + --workers auto \ + --url http://localhost:8080 \ + -H "OCS-APIRequest: true" \ + -H "Accept: application/json" \ + -H "Authorization: Bearer $app_password"