tempest

Add datasets and validators for security fuzz testing with tempest-lib

Registered by Charles Neill

This patch adds a few helper classes to be used for security fuzz tests: https://review.openstack.org/#/c/216303/
There is a separate patch that includes the datasets and validators for various fuzz types: https://review.openstack.org/#/c/237263/2

The classes here are used to package "fuzz strings" into datasets that can be used in parameterized functional test cases. Currently, it can verify that HTTP responses to requests-lib style and tempest-lib style REST clients do not include indicators of vulnerability such as 500 errors from the server, or "root:" in the response to a request attempting to read /etc/passwd.

Blueprint information

Status:
Started
Approver:
Matthew Treinish
Priority:
Undefined
Drafter:
Charles Neill
Direction:
Needs approval
Assignee:
Charles Neill
Definition:
New
Series goal:
None
Implementation:
Started
Milestone target:
None
Started by
Charles Neill

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/security-utils,n,z

Addressed by: https://review.openstack.org/274205
    bp:security-utils

Addressed by: https://review.openstack.org/#/c/216303/4
    Security utilities for fuzz tests
Addressed by: https://review.openstack.org/#/c/237263/2
    Fuzzers for security utils

Addressed by: https://review.openstack.org/216303
    Security utilities for fuzz tests

Addressed by: https://review.openstack.org/237263
    Fuzzers for security utils

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.