moving files from EM

Author: arcuri82

.gitignore

@@ -22,3 +22,4 @@
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 replay_pid*
+/.idea/

README.md

@@ -1,2 +1,5 @@
 # Commons
-Web Fuzzing Commons (WFC). A set of standards and library support for facilitating fuzzing Web APIs 
+Web Fuzzing Commons (WFC): A set of standards and library support for facilitating fuzzing Web APIs.
+
+## THIS REPOSITORY IS CURRENTLY IN EARLY STAGE
+

pom.xml

@@ -0,0 +1,102 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.webfuzzing</groupId>
+    <artifactId>commons</artifactId>
+
+    <version>0.0.1-SNAPSHOT</version>
+
+    <inceptionYear>2024</inceptionYear>
+    <name>WFC</name>
+    <description>Web Fuzzing Commons: A Set of Utilities for Fuzzing Web Applications</description>
+    <url>webfuzzing.com</url>
+    <packaging>jar</packaging>
+
+    <properties>
+        <java.version>1.8</java.version>
+        <junit.jupiter.version>5.7.2</junit.jupiter.version>
+        <junit.platform.version>1.7.2</junit.platform.version>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.5.4</version>
+        </dependency>
+
+
+        <!-- test dependencies -->
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>${junit.jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>${junit.jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.platform</groupId>
+            <artifactId>junit-platform-launcher</artifactId>
+            <version>${junit.platform.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>${junit.jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <version>${junit.jupiter.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.jsonschema2pojo</groupId>
+                <artifactId>jsonschema2pojo-maven-plugin</artifactId>
+                <version>1.2.2</version>
+                <configuration>
+                    <sourceType>yamlschema</sourceType>
+                    <useJodaDates>false</useJodaDates>
+                    <formatDateTimes>true</formatDateTimes>
+                    <formatDates>true</formatDates>
+                    <formatTimes>true</formatTimes>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>report.yaml</id>
+                        <goals>
+                            <goal>generate</goal>
+                        </goals>
+                        <configuration>
+                            <sourceDirectory>${basedir}/src/main/resources/schemas/report.yaml</sourceDirectory>
+                            <targetPackage>com.webfuzzing.commons.report</targetPackage>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.5.1</version>
+                <configuration>
+                    <source>${java.version}</source>
+                    <target>${java.version}</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/main/resources/schemas/report.yaml

@@ -0,0 +1,202 @@
+$schema: "https://json-schema.org/draft/2020-12/schema"
+#https://www.learnjsonschema.com/2020-12/core/id/
+$id: "TODO"
+title: "Web Fuzzing Report"
+description: "Schema Definition for Web Fuzzing Commons Reports"
+type: object
+properties:
+  # REQUIRED
+  schema_version:
+    type: string
+    description: "The schema version of WFC needed to use to validate and process this document."
+  tool_name:
+    type: string
+    description: "The name of the tool used to create the test cases reported in this document."
+  tool_version:
+    type: string
+    description: "The version number of the used tool, e.g., 1.0.0."
+  creation_time:
+    type: string
+    format: date-time
+    description: "The timestamp of when this report file was created."
+  faults:
+    $ref: "#/$def/Faults"
+#### Unfortunately, there is no support for oneOf in jsonschema2pojo
+#  problem_details:
+#    type: object
+#    oneOf:
+#      - $ref: "#/$def/RESTReport"
+#      # TODO GraphQL, RPC and Web
+  problem_details:
+    type: object
+    properties:
+      rest:
+        $ref: "#/$def/RESTReport"
+      # TODO GraphQL, RPC and Web
+      # expressing that only 1 should be present is possible, but super-verbose and convoluted
+  total_tests:
+    type: integer
+    minimum: 0
+    description: "The total number of test cases generated by the tool."
+  test_file_paths:
+    type: array
+    items:
+      $ref: "#/$def/TestFilePath"
+    uniqueItems: true
+    description: "The list of relative paths (compared to this document) of all the generated test suite files."
+  test_cases:
+    description: "Information on each generated test case."
+    type: array
+    items:
+      $ref: "#/$def/TestCase"
+  #OPTIONAL
+  extra:
+    description: "Extra, optional coverage information, collected by different tools."
+    type: array
+    items:
+      $ref: "#/$def/Coverage"
+
+required: ["schema_version","tool_name","tool_version","creation_time","faults","problem_details","total_tests","test_file_paths","test_cases"]
+
+$def:
+  OperationId:
+    description: "A unique identifier for an operation. For example, in REST, it would be a HTTP endpoint, including 
+                  verb, e.g., 'GET:/users/{id}'."
+    type: string
+  TestCaseId:
+    description: "A unique identifier for a test case. It could include its name and file location."
+    type: string
+  FaultCategoryId:
+    description: "A unique identifier for a fault type."
+    type: object
+    properties:
+      code:
+        description: "Identifying fault 'code', based on WFC classification."
+        type: integer
+      context:
+        description: "An optional context for the fault. The same fault type could be manifested in different ways, and we
+        use this property to differentiate among them."
+        type: string
+    required: ["code"]
+  TestFilePath:
+    description: "A relative path used to unique locate a test suite file."
+    type: string
+  CoveredEndpoint:
+    description: "Data-structure to represent which HTTP status code where covered on an endpoint by any of the generated tests."
+    type: object
+    properties:
+      endpoint_id:
+        $ref: "#/$def/OperationId"
+      test_case_id:
+        $ref: "#/$def/TestCaseId"
+      http_status:
+        description: "As in a test case the same endpoint could be called more than once, here we report all of the 
+        obtained HTTP status codes"
+        type: array
+        items:
+          $ref: "#/$def/HttpStatus"
+        minItems: 1
+        uniqueItems: true
+    required: ["endpoint_id","test_case_id","http_status"]
+  HttpStatus:
+    type: integer
+    minimum: 0
+    maximum: 599
+  FoundFault:
+    description: "Data-structure to represent found faults, based on operations (e.g., HTTP endpoints in REST, and methods
+                  in GraphQL and RPC) and which tests find faults in them."
+    type: object
+    properties:
+      operation_id:
+        $ref: "#/$def/OperationId"
+      test_case_id:
+        $ref: "#/$def/TestCaseId"
+      fault_categories:
+        type: array
+        items:
+          $ref: "#/$def/FaultCategoryId"
+        minItems: 1
+        uniqueItems: true
+    required: ["endpoint_id","test_case_id","fault_categories"]
+
+  RESTReport:
+    type: object
+    properties:
+      total_http_calls:
+        description: "Total number of HTTP calls made in all the test cases. A test case could contain several HTTP calls,
+        e.g., a POST followed by a GET and then a DELETE."
+        type: integer
+        minimum: 0
+      endpoint_ids:
+        description: "Unique ids of all the endpoints in the tested API."
+        type: array
+        items:
+          $ref: "#/$def/OperationId"
+        uniqueItems: true
+      covered_http_status:
+        description: "List of which HTTP status codes were covered, based on endpoints."
+        type: array
+        items:
+          $ref: "#/$def/CoveredEndpoint"
+    required: ["total_http_calls","endpoint_ids","covered_http_status"]
+
+  TestCase:
+    type: object
+    properties:
+      id:
+        $ref: "#/$def/TestCaseId"
+      file_path:
+        $ref: "#/$def/TestFilePath"
+      name:
+        description: "The name of the test case, as it appears in the generated test file."
+        type: string
+      start_line:
+        description: "The line number in the generated test suite file where the code of this test case starts."
+        type: integer
+        minimum: 0
+      end_line:
+        description: "The line number in the generated test suite file where the code of this test case ends."
+        type: integer
+        minimum: 0
+
+  Faults:
+    type: object
+    properties:
+      total_number:
+        description: "The total number of potential faults identified in the generated test suites."
+        type: integer
+        minimum: 0
+      found_faults:
+        description: "Information on all the identified potential faults."
+        type: array
+        items:
+          $ref: "#/$def/FoundFault"
+    required: ["total_number","found_faults"]
+
+  Coverage:
+    type: object
+    properties:
+      tool_name:
+        description: "The name of the tool used to collect and compute the coverage criteria."
+        type: string
+      criteria:
+        type: array
+        items:
+          $ref: "#/$def/CoverageCriterion"
+    required: ["tool_name","criteria"]
+
+  CoverageCriterion:
+    type: object
+    properties:
+      name:
+        description: "The name of this coverage criterion."
+        type: string
+      covered:
+        description: "The number of testing targets for this criterion that were covered."
+        type: integer
+        minimum: 0
+      total:
+        description: "Optional number of all testing targets for this criterion. For some criteria, this number can be unknown."
+        type: integer
+        minimum: 0
+    required: ["name","covered"]