Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
swagger-police
Advanced tools
Automatically validates the APIs against the published swagger specification
swagger-police is a command line tool for validating backend APIs against the published swagger specification. It can be plugged into a continuous integration system to ensure that the backend APIs confirms to the behaviour mentioned in the published swagger specification.
This library is very similar to and inspired from abao (https://github.com/cybertk/abao) which does similar validations for a RAML spec
Please Note: The library is still in development !
npm install -g swagger-police
$ swagger-police
Usage: swagger-police <swagger URL/path> [options]
Options:
-h, --help output usage information
--server [server] The API endpoint
--hook-files [hookFiles] Specify pattern to match hook files
--testcase-names [testcaseNames] Print all the testcase names (does not execute the tests)
The mock data for the requests are generated using the swagmock package. But it can be customised by either of the following ways
testcase.request
object.
See Testcase Object Format for the parameter names and values.x-example
property in the parameter
and will use that instead."post": {
"description": "Creates a new pet in the store. Duplicates are allowed",
"operationId": "addPet",
"produces": [
"application/json"
],
"parameters": [
{
"name": "pet",
"in": "body",
"description": "Pet to add to the store",
"required": true,
"schema": {
"$ref": "#/definitions/newPet"
},
"x-example": {
"id": 0,
"category": {
"id": 0,
"name": "dog"
},
"name": "doggie",
"photoUrls": [
"http://doggie.com/avatar"
],
"tags": [
{
"id": 0,
"name": "string"
}
],
"status": "available"
}
}
],
"responses": {
"200": {...
The tool supports the following test hooks to enable setup/tear-down tasks or customising
the individual tests. Hooks are simple JavaScript files which have access to a global hooks
object with methods to add the specific hooks.
BeforeAll
and AfterAll
These will be executed once before the tests start and after all the tests have been executed. Note that only one of each type can be specified, there cannot be more than one beforeAll/afterAll hooks. However, testcase specific hooks can be specified, see below.
hooks.beforeAll((testcases, done) => {
done();
});
hooks.afterAll((testcases, done) => {
done();
});
testcase
objects to be executed. This is generated from the swagger specs. Any
changes made to the testcase objects in the beforeAll
hook will be reflected in the tests.BeforeEach
and AfterEach
These will be executed before and after every test. Note that only one of each type can be specified, there cannot be more than one beforeEach/afterEach hooks. However, testcase specific before/after hooks can be specified, see below.
hooks.beforeEach((testcase, done) => {
done();
});
hooks.afterEach((testcase, done) => {
done();
});
testcase
this hook is being executed for. Any
changes made to the testcase objects in the beforeEach
hook will be reflected in the tests.before
and after
testcase specific hooks can be specified which will only be executed before and after the
specific testcase. The testcases are identified using a generated name. Run the tool with the --testcase-names
option to print out all the testcase names.
The hooks can be specified using the following method
hooks.add('GET /pet/{petId} -> 200', {
before: (testcase, done) => {
done();
},
after: (testcase, done) => {
done();
}
});
If more than one such hook is specified for a specific test, the test will be executed once for every hook specified. Custom test name can be added to identify each pass. See below
hooks.add('GET /pet/{petId} -> 200 # Pass 1', {
before: (testCase, done) => {
done();
},
after: (testCase, done) => {
done();
}
});
hooks.add('GET /pet/{petId} -> 200 # Pass 2', {
before: (testCase, done) => {
done();
},
after: (testCase, done) => {
done();
}
});
{
"name": "GET /pets -> 200",
"basePath": "/api",
"request": {
"path": "/pets/{id}",
"method": "get",
"pathParams": {
"id": 4948307189170176
},
"query": {
"tags": "EhuDzn",
"limit": -4836393545105408
},
"headers": {
"x-ample-header": "value"
},
"body": {}
},
"response": {
"statusCode": 200,
"schema": {
"type": "array",
"items": {
"type": "object",
"required": [
"id",
"name"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"name": {
"type": "string"
},
"tag": {
"type": "string"
}
}
}
}
}
}
before
hook if the request
needs to be customisedFAQs
Automatically validates the APIs against the published swagger specification
We found that swagger-police demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.