[Openstack-security] [security] [QA] Do we have security tests suite for OpenStack components?

Jeremy Stanley fungi at yuggoth.org
Wed Jun 17 16:34:40 UTC 2015

Previous message (by thread): [Openstack-security] [security] [QA] Do we have security tests suite for OpenStack components?
Next message (by thread): [Openstack-security] [security] [QA] Do we have security tests suite for OpenStack components?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2015-06-17 15:57:44 +0000 (+0000), Charles Neill wrote:
[...]
> I've realized that using a Python client that is strictly defined
> for sending "good" data to an API isn't necessarily the best
> mechanism for truly fuzzing that API. For example, the "requests"
> lib chokes on trying to convert unicode strings to ascii in HTTP
> request headers.
[...]

There's the low-level client used in Tempest:

http://git.openstack.org/cgit/openstack/tempest-lib/tree/tempest_lib/common

Though it's using httplib2 and not just raw sockets, so still
possibly too high-level depending on whether you're also wanting to
fuzz Apache/nginx/whatever as well.
-- 
Jeremy Stanley

Previous message (by thread): [Openstack-security] [security] [QA] Do we have security tests suite for OpenStack components?
Next message (by thread): [Openstack-security] [security] [QA] Do we have security tests suite for OpenStack components?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Openstack-security mailing list