fixing failed modification

Author: omursahin

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/base/FailModificationApplication.kt

@@ -103,8 +103,8 @@ open class FailModificationApplication {
     @PostMapping(path = ["/notempty"])
     open fun createnotempty(@RequestBody body: ResourceData): ResponseEntity<ResourceData> {
         val id = dataAlreadyExists.size + 1
-        data[id] = body.copy()
-        return ResponseEntity.status(201).body(data[id])
+        dataAlreadyExists[id] = body.copy()
+        return ResponseEntity.status(201).body(dataAlreadyExists[id])
     }
 
     @GetMapping(path = ["/notempty/{id}"])

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/urlencoded/UrlencodedFailModificationApplication.kt

@@ -0,0 +1,94 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.urlencoded
+
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PatchMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
+import org.springframework.web.bind.WebDataBinder
+import org.springframework.web.bind.annotation.InitBinder
+import org.springframework.web.bind.annotation.ModelAttribute
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+import java.beans.PropertyEditorSupport
+
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+@RequestMapping(path = ["/api/resources"])
+@RestController
+open class UrlencodedFailModificationApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(UrlencodedFailModificationApplication::class.java, *args)
+        }
+
+        private val dataAlreadyExists = mutableMapOf<Int, ResourceData>()
+
+        fun reset(){
+            dataAlreadyExists.clear()
+            dataAlreadyExists[0] = ResourceData("existing", 42)
+        }
+    }
+
+    open class ResourceData(
+        var name: String = "",
+        var value: Int = 0
+    )
+
+    open class UpdateRequest(
+        var name: String = "",
+        var value: Int = 0
+    )
+
+
+    @PostMapping(path = ["/notempty"], consumes = ["application/x-www-form-urlencoded"], produces = ["application/json"])
+    open fun createnotempty(@ModelAttribute body: ResourceData): ResponseEntity<ResourceData> {
+        val id = dataAlreadyExists.size + 1
+        dataAlreadyExists[id] = ResourceData(body.name, body.value)
+        return ResponseEntity.status(201).body(dataAlreadyExists[id])
+    }
+
+    @GetMapping(path = ["/notempty/{id}"], produces = ["application/json"])
+    open fun getnotempty(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PutMapping(path = ["/notempty/{id}"], consumes = ["application/x-www-form-urlencoded"], produces = ["text/plain"])
+    open fun putnotempty(
+        @PathVariable("id") id: Int,
+        @ModelAttribute body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        resource.name = body.name
+        resource.value = body.value
+
+        // returns 400 Bad Request, but the data was already modified above
+        return ResponseEntity.status(400).body("Invalid request")
+    }
+
+    @PatchMapping(path = ["/notempty/{id}"], consumes = ["application/x-www-form-urlencoded"], produces = ["text/plain"])
+    open fun patchnotempty(
+        @PathVariable("id") id: Int,
+        @ModelAttribute body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // correct: validation first, reject without modifying
+        return ResponseEntity.status(400).body("No fields to update")
+
+        // correct: does NOT modify data, just returns 4xx
+        return ResponseEntity.status(403).body("Forbidden")
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/main/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/xml/XmlFailModificationApplication.kt

@@ -0,0 +1,155 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.xml
+
+import org.springframework.boot.SpringApplication
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PatchMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.PutMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+import javax.xml.bind.annotation.XmlAccessType
+import javax.xml.bind.annotation.XmlAccessorType
+import javax.xml.bind.annotation.XmlRootElement
+
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
+@RequestMapping(path = ["/api/resources"])
+@RestController
+open class XmlFailModificationApplication {
+
+    companion object {
+        @JvmStatic
+        fun main(args: Array<String>) {
+            SpringApplication.run(XmlFailModificationApplication::class.java, *args)
+        }
+
+        private val data = mutableMapOf<Int, ResourceData>()
+        private val dataAlreadyExists = mutableMapOf<Int, ResourceData>()
+
+        fun reset(){
+            data.clear()
+            dataAlreadyExists.clear()
+            dataAlreadyExists[0] = ResourceData("existing", 42)
+        }
+    }
+
+    @XmlRootElement(name = "resourceData")
+    @XmlAccessorType(XmlAccessType.FIELD)
+    open class ResourceData(
+        var name: String = "",
+        var value: Int = 0
+    )
+
+    @XmlRootElement(name = "updateRequest")
+    @XmlAccessorType(XmlAccessType.FIELD)
+    open class UpdateRequest(
+        var name: String = "",
+        var value: Int = 0
+    )
+
+
+    @PostMapping(path = ["/empty"], consumes = ["application/xml"], produces = ["application/xml"])
+    open fun create(@RequestBody body: ResourceData): ResponseEntity<ResourceData> {
+        val id = data.size + 1
+        data[id] = ResourceData(body.name, body.value)
+        return ResponseEntity.status(201).body(data[id])
+    }
+
+    @GetMapping(path = ["/empty/{id}"], produces = ["application/xml"])
+    open fun get(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PutMapping(path = ["/empty/{id}"], consumes = ["application/xml"], produces = ["text/plain"])
+    open fun put(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // bug: modifies data even though it will return 4xx
+        if(body.name != null) {
+            resource.name = body.name
+        }
+        if(body.value != null) {
+            resource.value = body.value
+        }
+
+        // returns 400 Bad Request, but the data was already modified above
+        return ResponseEntity.status(400).body("Invalid request")
+    }
+
+    @PatchMapping(path = ["/empty/{id}"], consumes = ["application/xml"], produces = ["text/plain"])
+    open fun patch(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = data[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // correct: validation first, reject without modifying
+        if(body.name == null && body.value == null) {
+            return ResponseEntity.status(400).body("No fields to update")
+        }
+
+        // correct: does NOT modify data, just returns 4xx
+        return ResponseEntity.status(403).body("Forbidden")
+    }
+
+    // pre-populated resource to test that it is not modified by failed PUT
+
+    @PostMapping(path = ["/notempty"], consumes = ["application/xml"], produces = ["application/xml"])
+    open fun createnotempty(@RequestBody body: ResourceData): ResponseEntity<ResourceData> {
+        val id = dataAlreadyExists.size + 1
+        dataAlreadyExists[id] = ResourceData(body.name, body.value)
+        return ResponseEntity.status(201).body(dataAlreadyExists[id])
+    }
+
+    @GetMapping(path = ["/notempty/{id}"], produces = ["application/xml"])
+    open fun getnotempty(@PathVariable("id") id: Int): ResponseEntity<ResourceData> {
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+        return ResponseEntity.status(200).body(resource)
+    }
+
+    @PutMapping(path = ["/notempty/{id}"], consumes = ["application/xml"], produces = ["text/plain"])
+    open fun putnotempty(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        resource.name = body.name
+        resource.value = body.value
+
+        // returns 400 Bad Request, but the data was already modified above
+        return ResponseEntity.status(400).body("Invalid request")
+    }
+
+    @PatchMapping(path = ["/notempty/{id}"], consumes = ["application/xml"], produces = ["text/plain"])
+    open fun patchnotempty(
+        @PathVariable("id") id: Int,
+        @RequestBody body: UpdateRequest
+    ): ResponseEntity<Any> {
+
+        val resource = dataAlreadyExists[id]
+            ?: return ResponseEntity.status(404).build()
+
+        // correct: validation first, reject without modifying
+        return ResponseEntity.status(400).body("No fields to update")
+
+        // correct: does NOT modify data, just returns 4xx
+        return ResponseEntity.status(403).body("Forbidden")
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/FailModificationURLEncodedController.kt

@@ -0,0 +1,12 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification
+
+import com.foo.rest.examples.spring.openapi.v3.SpringController
+import com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.urlencoded.UrlencodedFailModificationApplication
+import com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.xml.XmlFailModificationApplication
+
+
+class FailModificationURLEncodedController: SpringController(UrlencodedFailModificationApplication::class.java){
+    override fun resetStateOfSUT() {
+        UrlencodedFailModificationApplication.reset()
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/com/foo/rest/examples/spring/openapi/v3/httporacle/failmodification/FailModificationXMLController.kt

@@ -0,0 +1,11 @@
+package com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification
+
+import com.foo.rest.examples.spring.openapi.v3.SpringController
+import com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.xml.XmlFailModificationApplication
+
+
+class FailModificationXMLController: SpringController(XmlFailModificationApplication::class.java){
+    override fun resetStateOfSUT() {
+        XmlFailModificationApplication.reset()
+    }
+}

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/org/evomaster/e2etests/spring/openapi/v3/httporacle/failmodification/FailModificationEMTest.kt

@@ -26,7 +26,7 @@ class FailModificationEMTest : SpringTestBase(){
 
         runTestHandlingFlakyAndCompilation(
                 "FailedModificationEM",
-                2000
+                1000
         ) { args: MutableList<String> ->
 
             setOption(args, "schemaOracles", "false")

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/org/evomaster/e2etests/spring/openapi/v3/httporacle/failmodification/FailModificationForbiddenEMTest.kt

@@ -25,7 +25,7 @@ class FailModificationForbiddenEMTest : SpringTestBase(){
 
         runTestHandlingFlakyAndCompilation(
                 "FailedModificationForbiddenEM",
-                3000
+                2500
         ) { args: MutableList<String> ->
 
             setOption(args, "security", "true")

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/org/evomaster/e2etests/spring/openapi/v3/httporacle/failmodification/FailModificationNotFoundEMTest.kt

@@ -26,7 +26,7 @@ class FailModificationNotFoundEMTest : SpringTestBase(){
 
         runTestHandlingFlakyAndCompilation(
                 "FailedModificationNotFoundEM",
-                2000
+                50
         ) { args: MutableList<String> ->
 
             setOption(args, "schemaOracles", "false")

core-tests/e2e-tests/spring/spring-rest-openapi-v3/src/test/kotlin/org/evomaster/e2etests/spring/openapi/v3/httporacle/failmodification/URLEncodedFailModificationEMTest.kt

@@ -0,0 +1,45 @@
+package org.evomaster.e2etests.spring.openapi.v3.httporacle.failmodification
+
+import com.foo.rest.examples.spring.openapi.v3.httporacle.failmodification.FailModificationURLEncodedController
+import org.evomaster.core.problem.enterprise.DetectedFaultUtils
+import org.evomaster.core.problem.enterprise.ExperimentalFaultCategory
+import org.evomaster.e2etests.spring.openapi.v3.SpringTestBase
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.BeforeAll
+import org.junit.jupiter.api.Test
+
+class URLEncodedFailModificationEMTest : SpringTestBase(){
+
+    companion object {
+        @BeforeAll
+        @JvmStatic
+        fun init() {
+            initClass(FailModificationURLEncodedController())
+        }
+    }
+
+
+    @Test
+    fun testRunEM() {
+
+        runTestHandlingFlakyAndCompilation(
+                "URLEncodedFailedModificationEM",
+                100
+        ) { args: MutableList<String> ->
+
+            setOption(args, "schemaOracles", "false")
+            setOption(args, "httpOracles", "true")
+            setOption(args, "useExperimentalOracles", "true")
+
+            val solution = initAndRun(args)
+
+            assertTrue(solution.individuals.size >= 1)
+
+            val faults = DetectedFaultUtils.getDetectedFaults(solution)
+
+            assertEquals(1, faults.size)
+            assertEquals(ExperimentalFaultCategory.HTTP_SIDE_EFFECTS_FAILED_MODIFICATION, faults.first().category)
+        }
+    }
+}