Merge branch 'master' into ssrf-url-name-test

seran · web-flow · commit 8764396cdfb9 · 2025-11-26T13:21:11.000+01:00
diff --git a/core/src/main/kotlin/org/evomaster/core/output/service/HttpWsTestCaseWriter.kt b/core/src/main/kotlin/org/evomaster/core/output/service/HttpWsTestCaseWriter.kt
@@ -827,7 +827,7 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
             lines.indented {
                 lines.add("get(\"${verifier.stub}\")")
                 lines.indented {
-                    lines.add(".withMetadata(Metadata.metadata().attr(\"ssrf\", \"${action.getName()}\"))")
+                    lines.add(".withMetadata(Metadata.metadata().attr(SSRF_METADATA_TAG, \"${action.getName()}\"))")
                     lines.add(".atPriority(1)")
                     lines.add(".willReturn(")
                     lines.indented {
@@ -857,21 +857,14 @@ abstract class HttpWsTestCaseWriter : ApiTestCaseWriter() {
     }
 
     private fun handleCallbackVerifierRequests(lines: Lines, action: Action, verifier: ActionStubMapping, assertTrue: Boolean) {
+        val verifierHasReceivedRequestsCheck = "verifierHasReceivedRequests(${verifier.getVerifierName()}, \"${action.getName()}\")"
         if (assertTrue) {
             lines.addSingleCommentLine("Verifying that the request is successfully made to HttpCallbackVerifier after test execution.")
-            lines.add("assertTrue(${verifier.getVerifierName()}")
+            lines.addStatement("assertTrue($verifierHasReceivedRequestsCheck)")
         } else {
             lines.addSingleCommentLine("Verifying that there are no requests made to HttpCallbackVerifier before test execution.")
-            lines.add("assertFalse(${verifier.getVerifierName()}")
+            lines.addStatement("assertFalse($verifierHasReceivedRequestsCheck)")
         }
-        lines.indented {
-            if (format.isKotlin()) {
-                lines.add(".allServeEvents")
-                lines.add(".filter { it.wasMatched && it.stubMapping.metadata != null }")
-                lines.add(".any { it.stubMapping.metadata.getString(\"ssrf\") == \"${action.getName()}\" }")
-            }
-        }
-        lines.add(")")
     }
 
 }
diff --git a/core/src/main/kotlin/org/evomaster/core/output/service/TestSuiteWriter.kt b/core/src/main/kotlin/org/evomaster/core/output/service/TestSuiteWriter.kt
@@ -643,6 +643,7 @@ class TestSuiteWriter {
             if (config.ssrf && solution.hasSsrfFaults()) {
                 httpCallbackVerifier.getActionVerifierMappings().forEach { v ->
                     addStatement("private static WireMockServer ${v.getVerifierName()}", lines)
+                    addStatement("private static final String SSRF_METADATA_TAG = \"SSRF\"", lines)
                 }
             }
 
@@ -674,7 +675,9 @@ class TestSuiteWriter {
             if (config.ssrf && solution.hasSsrfFaults()) {
                 httpCallbackVerifier.getActionVerifierMappings().forEach { v ->
                     addStatement("private lateinit var ${v.getVerifierName()}: WireMockServer", lines)
+                    addStatement("private const val SSRF_METADATA_TAG: String = \"SSRF\" ", lines)
                 }
+                assertionUtilFunctionForSSRF(lines, config.outputFormat)
             }
 
             if(config.problemType == EMConfig.ProblemType.WEBFRONTEND){
@@ -1036,6 +1039,10 @@ class TestSuiteWriter {
 
         initTestMethod(solution, lines, testSuiteFileName)
         lines.addEmpty(2)
+
+        if (config.ssrf && solution.hasSsrfFaults() && config.outputFormat.isJavaOrKotlin()) {
+            assertionUtilFunctionForSSRF(lines, config.outputFormat)
+        }
     }
 
 
@@ -1144,4 +1151,37 @@ class TestSuiteWriter {
             .toList()
     }
 
+    private fun assertionUtilFunctionForSSRF(lines: Lines, format: OutputFormat) {
+        lines.addEmpty(1)
+
+        val methodComment = "Method to verify whether the HttpCallbackVerifier has received any requests."
+        when {
+            format.isKotlin() -> {
+                lines.addSingleCommentLine(methodComment)
+                lines.add("fun verifierHasReceivedRequests(verifier: WireMockServer, actionName: String) : Boolean")
+            }
+            format.isJava() -> {
+                lines.startCommentBlock()
+                lines.addBlockCommentLine(methodComment)
+                lines.endCommentBlock()
+                lines.add("public static boolean verifierHasReceivedRequests(WireMockServer verifier, String actionName)")
+            }
+        }
+        lines.block {
+            lines.add("return verifier")
+            lines.indented {
+                if (format.isKotlin()) {
+                    lines.add(".allServeEvents")
+                    lines.add(".filter { it.wasMatched && it.stubMapping.metadata != null }")
+                    lines.add(".any { it.stubMapping.metadata.getString(SSRF_METADATA_TAG) == actionName }")
+                }
+                if (format.isJava()) {
+                    lines.add(".getAllServeEvents()")
+                    lines.add(".stream().filter( r -> r.getWasMatched() && r.getStubMapping().getMetadata() != null)")
+                    lines.add(".anyMatch( r -> r.getStubMapping().getMetadata().getString(SSRF_METADATA_TAG).equals(actionName));")
+                }
+            }
+        }
+    }
+
 }
diff --git a/docs/publications.md b/docs/publications.md
@@ -23,6 +23,13 @@ Also, some of these papers provides full replication packages, which are linked
 
 ## Peer-Reviewed Publications
 
+### 2026
+
+* S. Seran, G. Bhandari, A. Arcuri. 
+  *Detecting Server-Side Request Forgery (SSRF) Vulnerabilities In REST API Fuzz Testing*.
+  IEEE International Workshop on Search-Based and Fuzz Testing (SBFT).
+  (To appear)
+
 ### 2025
 
 * A. Golmohammadi, M. Zhang, A. Arcuri. 
