Add datasets and validators for security fuzz testing with tempest-lib
This patch adds a few helper classes to be used for security fuzz tests: https:/
There is a separate patch that includes the datasets and validators for various fuzz types: https:/
The classes here are used to package "fuzz strings" into datasets that can be used in parameterized functional test cases. Currently, it can verify that HTTP responses to requests-lib style and tempest-lib style REST clients do not include indicators of vulnerability such as 500 errors from the server, or "root:" in the response to a request attempting to read /etc/passwd.
Blueprint information
- Status:
- Started
- Approver:
- Matthew Treinish
- Priority:
- Undefined
- Drafter:
- Charles Neill
- Direction:
- Needs approval
- Assignee:
- Charles Neill
- Definition:
- New
- Series goal:
- None
- Implementation:
- Started
- Milestone target:
- None
- Started by
- Charles Neill
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
bp:
Addressed by: https:/
Security utilities for fuzz tests
Addressed by: https:/
Fuzzers for security utils
Addressed by: https:/
Security utilities for fuzz tests
Addressed by: https:/
Fuzzers for security utils