Skip to content

Merge web api testing development#114

Merged
andreashappe merged 89 commits intodevelopmentfrom
merge_web_api_testing_development
May 14, 2025
Merged

Merge web api testing development#114
andreashappe merged 89 commits intodevelopmentfrom
merge_web_api_testing_development

Conversation

@DianaStrauss
Copy link
Collaborator

@DianaStrauss DianaStrauss commented Apr 22, 2025

Merged Web API Testing use case in Development

Diana Strauss and others added 30 commits July 16, 2024 19:58
Uploaded changes in branch
856a402
@DianaStrauss
Merge remote-tracking branch 'refs/remotes/origin/development' into w…
1d1d777 
…eb-api-testing

# Conflicts:
#	src/hackingBuddyGPT/usecases/web_api_testing/prompt_engineer.py
#	src/hackingBuddyGPT/usecases/web_api_testing/simple_openapi_documentation.py
#	src/hackingBuddyGPT/usecases/web_api_testing/simple_web_api_testing.py
#	src/hackingBuddyGPT/usecases/web_api_testing/utils/llm_handler.py
@DianaStrauss
fixed shortening of prompt
923d6ec
@DianaStrauss
Merge remote-tracking branch 'refs/remotes/origin/development' into w…
234e6ef 
…eb-api-testing

# Conflicts:
#	src/hackingBuddyGPT/usecases/web_api_testing/documentation/report_handler.py
#	src/hackingBuddyGPT/usecases/web_api_testing/prompt_generation/information/pentesting_information.py
#	src/hackingBuddyGPT/usecases/web_api_testing/prompt_generation/prompt_engineer.py
#	src/hackingBuddyGPT/usecases/web_api_testing/prompt_generation/prompt_generation_helper.py
#	src/hackingBuddyGPT/usecases/web_api_testing/prompt_generation/prompts/task_planning/chain_of_thought_prompt.py
#	src/hackingBuddyGPT/usecases/web_api_testing/response_processing/response_analyzer_with_llm.py
#	src/hackingBuddyGPT/usecases/web_api_testing/simple_web_api_testing.py
#	src/hackingBuddyGPT/usecases/web_api_testing/utils/llm_handler.py
@DianaStrauss
Merged development into web_api_testing
629489a
@DianaStrauss
Fixed shorten prompt bug from merge
64699e3
@DianaStrauss
Updated Tree of thought so that documentation works like chain of tho…
c141954 
…ught
@DianaStrauss
Implemented in-context learning for documentation
3dc2c4b
@DianaStrauss
refined openapi generation
53e5c42
@DianaStrauss
Updated Tree of thought so that documentation works like chain of tho…
ea8795b 
…ught
@DianaStrauss
Updated Tree of thought so that documentation works like chain of tho…
4409f4b 
…ught
@DianaStrauss
Adjusted to only record valid information of rest api
8ef5f8b
@DianaStrauss
optimized prompt generation
8eb5048
@DianaStrauss
Added configs for documentation and testing
294ca7c
@DianaStrauss
Added way of retrieving spotify token
98b510f
@DianaStrauss
Refactored code to work with spotify benchmark
975ae85
@DianaStrauss
Refined test cases
c70a23b
@DianaStrauss
Added new security endpoint for testing
1fbb37b
@DianaStrauss
Added new security endpoint for testing
6fa891d
@DianaStrauss
Added more testing information for documentation testing and pentesting
86f8b06
@DianaStrauss
Added evaluations
cee0726
@DianaStrauss
Refactored code to be more understandable
e210104
@DianaStrauss
Added evaluation to documentation
e228cd8
@DianaStrauss
Refactored code
3b4b4c4
@DianaStrauss
Restructured testing
2908860
@DianaStrauss
Refactored code
b1f01dc
@DianaStrauss
Refactored code so that more endpoints are found
22e64ff
@DianaStrauss
Refactored code to be clearer
b103831
@DianaStrauss
Added owasp config file and owas openapi sepc
e4bbdfa
@DianaStrauss
Fixed some small bgs
f5ef612
DianaStrauss and others added 21 commits April 22, 2025 16:15
@DianaStrauss
Added needed dependencies to pyproject.toml
4366132
@DianaStrauss
Removed test case that breaks pipeline
9d16710
@DianaStrauss
Adjusted init for test_handler
9b78c6c
@DianaStrauss
Added needed dependencies to pyproject.toml
9ea050b
@DianaStrauss
Merge branch 'development' into merge_web_api_testing_development
424c989
@DianaStrauss
Added missing dependency
dbfef99
@DianaStrauss
Added missing dependency
696e395
@DianaStrauss
Added imports in __init__
5e3b112
@DianaStrauss
Added files
a6653ad
@DianaStrauss
Moved config files to proper locatin
ca17dd0
@DianaStrauss
Merge branch 'development' into merge_web_api_testing_development
e1b70ab
@DianaStrauss
fixed syntax error in .toml
78b681d
@DianaStrauss
Fix linting
8ae94fb
@DianaStrauss
Fix linting
9c4842f
@DianaStrauss
Fixed wrong import
4d5122f
@DianaStrauss
Fixed import in testing
600ed43
@DianaStrauss
Fixed input variables
f33c154
@DianaStrauss
Fixed input variables
e1c8cb4
@DianaStrauss
Fixed input variables
be0ff19
@DianaStrauss
Removed helper files
985d740
@DianaStrauss
Fixed typo in parsed_information.py name
19afc59
DianaStrauss
DianaStrauss commented May 14, 2025
View reviewed changes
andreashappe
andreashappe approved these changes May 14, 2025
View reviewed changes
config/best1050.txt Outdated
Copy link
Member

@andreashappe andreashappe Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could those be moved into the test-directory or downloaded on startup? not sure if I want to include these in the github repo...

config/credentials.csv Outdated
Copy link
Member

@andreashappe andreashappe Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could those be moved into the test-directory or downloaded on startup? not sure if I want to include these in the github repo...

src/hackingBuddyGPT/capabilities/pased_information.py
Copy link
Member

@andreashappe andreashappe Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't this be parsed_information and please add a description (docstring) to the class what it is used for

src/hackingBuddyGPT/capabilities/http_request.py
if self.host[-1] != "/":
if self.host[-1] != "/" and not path.startswith("/"):
path = "/" + path
resp = self._client.request(
Copy link
Member

@andreashappe andreashappe Apr 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am confused looking at the diff.. now we're not doing this outgoing call anymore? Was it superficial before?

@andreashappe andreashappe self-assigned this May 14, 2025
@andreashappe andreashappe requested a review from Copilot May 14, 2025 14:51
Copilot AI reviewed May 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges the web API testing use case from development into the main branch, updating response processing, prompt generation, documentation reporting, OpenAPI parsing/conversion, and testing capabilities. Key changes include modifying function signatures and parameters in response analyzers, expanding the prompt engineering logic (chain-of-thought, tree-of-thought, in-context learning), and adding/enhancing modules for OpenAPI parsing, pattern matching, and report generation.

Reviewed Changes

Copilot reviewed 49 out of 49 changed files in this pull request and generated 2 comments.

File Description
src/hackingBuddyGPT/usecases/web_api_testing/response_processing/response_analyzer_with_llm.py Updated init and analyze_response signature; added new parameters and recursive processing logic.
src/hackingBuddyGPT/usecases/web_api_testing/documentation/parsing/openapi_converter.py Added new extract_openapi_info method and updated filename conversion logic.
Multiple prompt_generation files Extensive refactoring to support additional prompt strategies and enriched documentation/pentesting steps.
Others (report_handler, pattern_matcher, etc.) Enhancements to PDF report generation, OpenAPI spec handling, and unit test case capabilities.

src/hackingBuddyGPT/usecases/web_api_testing/response_processing/response_analyzer_with_llm.py
if step != steps[0]:

current_step = step.get("step")
prompt_history, raw_response = self.process_step(current_step, prompt_history, "http_request")
Copy link

Copilot AI May 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The recursive call to analyse_response within the analyze_response method may lead to infinite recursion if a proper termination condition is not met. Consider refactoring or adding explicit base-case checks to prevent potential stack overflows.

Suggested change
prompt_history, raw_response = self.process_step(current_step, prompt_history, "http_request")
prompt_history, raw_response = self.process_step(current_step, prompt_history, "http_request")
# Ensure termination condition to prevent infinite recursion
if not step.get("step") or step == steps[-1]: # Check if it's the last step
break

Copilot uses AI. Check for mistakes.
@DianaStrauss
Update src/hackingBuddyGPT/usecases/web_api_testing/documentation/par…
f748d5f 
…sing/openapi_converter.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@andreashappe andreashappe merged commit 8d8a72c into development May 14, 2025
5 checks passed
@andreashappe andreashappe deleted the merge_web_api_testing_development branch May 14, 2025 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@andreashappe andreashappe andreashappe approved these changes

@citostyle citostyle Awaiting requested review from citostyle citostyle is a code owner

Assignees

@andreashappe andreashappe

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DianaStrauss @andreashappe @Fupeople