Merge branch 'master' into refactor/steady-state-decouple-from-standard-ga-v2

Author: francastagna

.github/workflows/ci.yml

@@ -31,7 +31,7 @@ on:
 #      - "**"
 
 env:
-  evomaster-version: 4.0.1
+  evomaster-version: 5.1.1
   # Unfortunately, to use JPackage we need JDK 17 or above :(
   # Which is really bad due to the madness of --add-opens.
   # Even if hunt down all cases of reflections in EM, there is still the problem of
@@ -42,7 +42,7 @@ env:
   build-jdk: 17
   retention-days: 5
   debug: false  # put to true if need to debug a specific test
-  debugTestName: "com.foo.base.BaseIT" # replace with test to debug
+  debugTestName: "GeneRandomizedTest" # replace with test to debug
 
 # This build is quite expensive (some hours), so we run it whole only on some JVM versions and OSs.
 # For the moment, we need to support JVM 8 and all following LTS versions (e.g, 11 and  17).
@@ -62,6 +62,11 @@ jobs:
      - name: Set skip-jobs variable
        id: set-output
        run: echo "debug=${{ env.debug }}" >> $GITHUB_OUTPUT
+     - name: Verify Docker is working fine
+       run: | 
+        timeout 30s bash -c 'until docker info; do sleep 1; done' 
+        docker version
+        docker info 
 
 
   debug:
@@ -117,9 +122,9 @@ jobs:
       # Make test report accessible from GitHub Actions (as Maven logs are long)
       - name: Publish Test Report
         if: success() || failure()
-        uses: mikepenz/action-junit-report@v5
+        uses: mikepenz/action-junit-report@v6
         env:
-          NODE_OPTIONS: "--max_old_space_size=8000"
+          NODE_OPTIONS: "--max_old_space_size=9000"
         with:
           report_paths: '**/target/*-reports/TEST-*.xml'
       # Upload coverage results

.github/workflows/release.yml

@@ -8,8 +8,8 @@ on:
       - "v*"
 
 env:
-  evomaster-version: 4.0.1
-  jdk-jar: 1.8
+  evomaster-version: 5.1.1
+  jdk-jar: 17
   jdk-jpackage: 21
   retention-days: 1
 ## Doesn't work, ie, use env in env
@@ -55,11 +55,16 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
       - name: Build and push Docker
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
+          platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 

.gitignore

@@ -105,6 +105,7 @@ Migrations/
 /core-tests/e2e-tests/spring/spring-web/target/
 /core-tests/e2e-tests/spring/spring-rest-mongo/target/
 /core-tests/e2e-tests/spring/spring-rest-opensearch/target/
+/core-tests/e2e-tests/spring/spring-rest-redis/target/
 /core-tests/client-java/target/
 /core-tests/client-java/dependencies/target/
 /core-tests/client-java/sql-dto/target/
@@ -159,3 +160,7 @@ client-java/sql-dto/target
 client-java/distance-heuristics/target
 client-java/test-old-libraries/target
 core-tests/e2e-tests/spring/spring-rest-mysql/target
+/core-tests/jdk-8/spring-rest-openapi-v2/target/
+/core-tests/jdk-8/spring-rest-openapi-v2-driver/target/
+/core-tests/jdk-8/spring-rest-openapi-v2-sut/target/
+/core-tests/jdk-8/spring-rest-openapi-v2-tests/target/

README.md

@@ -1,19 +1,25 @@
 # EvoMaster: A Tool For Automatically Generating System-Level Test Cases
 
 
-![](docs/img/carl-cerstrand-136810_compressed.jpg  "Photo by Carl Cerstrand on Unsplash")
+[//]: # (![](docs/img/carl-cerstrand-136810_compressed.jpg  "Photo by Carl Cerstrand on Unsplash"))
 
 [![Maven Central](https://img.shields.io/maven-central/v/org.evomaster/evomaster-client-java.svg?label=Maven%20Central)](https://central.sonatype.com/artifact/org.evomaster/evomaster-client-java)
 [![javadoc](https://javadoc.io/badge2/org.evomaster/evomaster-client-java-controller/javadoc.svg)](https://javadoc.io/doc/org.evomaster/evomaster-client-java-controller)
 ![CI](https://github.com/WebFuzzing/EvoMaster/workflows/CI/badge.svg)
 [![codecov](https://codecov.io/gh/WebFuzzing/EvoMaster/branch/master/graph/badge.svg)](https://codecov.io/gh/WebFuzzing/EvoMaster)
-[![DOI](https://zenodo.org/badge/92385933.svg)](https://zenodo.org/badge/latestdoi/92385933)
+[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.5052036.svg)](https://doi.org/10.5281/zenodo.5052036)
 [![License: LGPL v3](https://img.shields.io/badge/License-LGPL_v3-blue.svg)](https://www.gnu.org/licenses/lgpl-3.0)
 [![Github All Releases](https://img.shields.io/github/downloads/WebFuzzing/evomaster/total.svg)](https://github.com/WebFuzzing/EvoMaster/releases)
 
 
+
 ### Summary
 
+[//]: # (<div style="float: left; margin-right: 15px; margin-bottom: 10px;">)
+<img align="left" src="docs/img/em_mascot.png" alt="AI-generated mascot, with Bing" width="100" />
+
+[//]: # (</div>)
+
 _EvoMaster_ ([www.evomaster.org](http://evomaster.org)) is the first (2016) open-source AI-driven tool
 that automatically *generates* system-level test cases
 for web/enterprise applications.
@@ -123,10 +129,9 @@ Note, since version 4.0.0, now _EvoMaster_ by default also creates an interactiv
 
 * _State-of-the-art_: an [independent study (2022)](https://arxiv.org/abs/2204.08348), comparing 10 fuzzers on 20 RESTful APIs, shows that _EvoMaster_ gives the best results. Another [independent study (2024)](https://arxiv.org/abs/2410.12547) done by a different research group confirms these results.
 
-* _Schema_: REST APIs must provide a schema in [OpenAPI/Swagger](https://swagger.io)
-  format (either _v2_ or _v3_).
+* _Schema_: REST APIs must provide a schema in [OpenAPI format](https://www.openapis.org/). We support versions _2.0_, _3.0_ and _3.1_. Unfortunately, support for version _3.2_ is currently on hold due to [swagger-parser](https://github.com/swagger-api/swagger-parser/issues/2248).
 
-* _Output_: the tool generates _JUnit_ (version 4 or 5) tests, written in either Java or Kotlin, as well as test suites in Python and JavaScript. For a complete list, see the documentation for the CLI parameter [--outputFormat](docs/options.md). 
+* _Output_: the tool generates _JUnit_ (version 4 or 5) tests, written in either _Java_ or _Kotlin_, as well as test suites in _Python_ and _JavaScript_. For a complete list, see the documentation for the CLI parameter [--outputFormat](docs/options.md). 
   Some examples are: PYTHON_UNITTEST, KOTLIN_JUNIT_5, JAVA_JUNIT_4 and JS_JEST.
   Note that the generated tests rely on third-party libraries (e.g., to make HTTP calls). 
   These will need to be setup in your projects, [see documentation](docs/library_dependencies.md).
@@ -198,7 +203,9 @@ Examples of Fortune 500 companies using _EvoMaster_ are:
 
 ![](docs/img/video-player-flaticon.png)
 
-* A [45-minute talk given at TestCon'25](https://www.youtube.com/watch?v=uKKRo3LrNiw&list=PLqYhGsQ9iSEoXaRmW9WQjjXJK_1NbLlZ6&index=15) on Fuzz Testing Web APIs gives an overview of what can be expected from this kind of fuzzers.   
+* A [45-minute talk given at TestCon'25](https://www.youtube.com/watch?v=uKKRo3LrNiw&list=PLqYhGsQ9iSEoXaRmW9WQjjXJK_1NbLlZ6&index=15) on Fuzz Testing Web APIs gives an overview of what can be expected from this kind of fuzzers. 
+ A [shorter version (16 minutes)](https://www.youtube.com/watch?v=iJdhVzGedjM) 
+  was given at Nordic APIs 2025 Platform Summit.   
 
 * A [short video](https://youtu.be/3mYxjgnhLEo) (5 minutes)
   shows the use of _EvoMaster_ on one of the
@@ -225,10 +232,11 @@ Existing open-source tools for REST API fuzzing, with at least 100 stars on GitH
 [Fuzz-lightyear](https://github.com/Yelp/fuzz-lightyear),
 [ResTest](https://github.com/isa-group/RESTest),
 [Restler](https://github.com/microsoft/restler-fuzzer),
+[Schemathesis](https://github.com/schemathesis/schemathesis)
 and
-[Schemathesis](https://github.com/schemathesis/schemathesis).
+[WuppieFuzz](https://github.com/TNO-S3/WuppieFuzz).
 
-All these tools are _black-box_, i.e., they do not analyze the source-code of the tested APIs to generate more effective test data.
+Apart from WuppieFuzz, all these tools are _black-box_, i.e., they do not analyze the source-code of the tested APIs to generate more effective test data.
 As we are the authors of EvoMaster, we are too biased to compare it properly with those other black-box tools.
 However, different independent studies (e.g., in [2022](https://arxiv.org/abs/2204.08348) and [2024](https://arxiv.org/abs/2410.12547)) shows that EvoMaster is among the best performant.
 Furthermore, if your APIs are running on the JVM (e.g., written in Java or Kotlin), then EvoMaster has clearly an advantage, as it supports _white-box_ testing. 

client-java/ci-utils/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <artifactId>evomaster-client-java</artifactId>
         <groupId>org.evomaster</groupId>
-        <version>4.0.1-SNAPSHOT</version>
+        <version>5.1.1-SNAPSHOT</version>
     </parent>
 
     <artifactId>evomaster-ci-utils</artifactId>

client-java/client-util/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.evomaster</groupId>
         <artifactId>evomaster-client-java</artifactId>
-        <version>4.0.1-SNAPSHOT</version>
+        <version>5.1.1-SNAPSHOT</version>
     </parent>
 
     <artifactId>evomaster-client-java-util</artifactId>

client-java/controller-api/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.evomaster</groupId>
         <artifactId>evomaster-client-java</artifactId>
-        <version>4.0.1-SNAPSHOT</version>
+        <version>5.1.1-SNAPSHOT</version>
     </parent>
 
     <artifactId>evomaster-client-java-controller-api</artifactId>

client-java/controller-api/src/main/java/org/evomaster/client/java/controller/api/dto/ExtraHeuristicEntryDto.java

@@ -9,9 +9,9 @@ public class ExtraHeuristicEntryDto implements Serializable {
 
     /**
      * The type of extra heuristic.
-     * Note: for the moment, we only have heuristics on SQL, MONGO and OPENSEARCH commands
+     * Note: for the moment, we only have heuristics on SQL, MONGO, OPENSEARCH and REDIS commands
      */
-    public enum Type {SQL, MONGO, OPENSEARCH}
+    public enum Type {SQL, MONGO, OPENSEARCH, REDIS}
 
     /**
      * Should we try to minimize or maximize the heuristic?

client-java/controller/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.evomaster</groupId>
         <artifactId>evomaster-client-java</artifactId>
-        <version>4.0.1-SNAPSHOT</version>
+        <version>5.1.1-SNAPSHOT</version>
     </parent>
 
     <artifactId>evomaster-client-java-controller</artifactId>

client-java/controller/src/main/java/org/evomaster/client/java/controller/AuthUtils.java

@@ -182,9 +182,11 @@ public static AuthenticationDto getForJsonToken(
         le.setExpectCookies(false);
         le.setPayloadRaw(payload);
         le.setToken(new TokenHandling());
-        le.getToken().setExtractFromField(extractFromField);
-        le.getToken().setHeaderPrefix(headerPrefix);
-        le.getToken().setHttpHeaderName("Authorization");
+        le.getToken().setExtractFrom(TokenHandling.ExtractFrom.BODY);
+        le.getToken().setExtractSelector(extractFromField);
+        le.getToken().setSendIn(TokenHandling.SendIn.HEADER);
+        le.getToken().setSendName("Authorization");
+        le.getToken().setSendTemplate(headerPrefix+"{token}");
 
         AuthenticationDto dto = new AuthenticationDto(dtoName);
         dto.setLoginEndpointAuth(le);