virtualansoftware / virtualan Goto Github PK

Virtualan is an open source-based Open API Interface driven Service virtualization tool. Virtualan - Mock service developed on top of the spring boot framework. Any Rest API can be converted as Virtual service in minutes using annotations. Annotations: @VirtualService & @ApiVirtual

Home Page: https://tutorials.virtualan.io/#/

License: Apache License 2.0

Java 38.59% CSS 0.48% HTML 52.05% JavaScript 2.49% PLSQL 0.07% Dockerfile 0.05% TypeScript 6.27%

servicevirtualisation mock stubbing stub dynamicstubbing shiftleft test-automation testing automation automation-test

virtualan's Introduction

Virtualan

virtualan-plugin: virtualization:

Virtualan is an open source-based Open API Interface driven, Kafka, AMQ and MQTT Service virtualization product. It supports #OpenAPI, #AsyncAPI test development. This supports #shiftleft testing.

Product page: https://www.linkedin.com/products/virtualan-software-virtualan/

Tutorials: https://tutorials.virtualan.io/#/Virtualan

Example: https://github.com/virtualansoftware/service-virtualization-openapi

Video: https://www.youtube.com/watch?v=otTjbPxT0W8

Docker Image: https://hub.docker.com/r/virtualan/service-virtualization

Live demo link:

OpenAPI Only:

         https://live.virtualandemo.com/virtualan-ui

OpenAPI and SOAP :

        https://sforce.virtualandemo.com/virtualan-ui

What is Virtualan :

Virtualan would be built with spring boot framework that would convert API service as Virtualized service in matter of adding couple of annotations. Simply as Virtualized service which currently supports spring-boot based Rest service(API) with Spring-RestController or CXF-Jaxrs as Virtualized service with @VirtualService and @ApiVirtual annotations.

How it could be useful: In the Agile world, We need to develop (Micro)services & Test the services in parallel. How can tester or development team can develop or test parallel to all the APIs before the real Microservices would be developed? Here Virtualized service comes into the picture.

What would be the benefits for?

Development team :

If Services needs to be connected to 1 or more microservices in the development/Testing Environment if the other dependent services would not be available at the time.
If the dependent services contract had changed then the new changes(implementation) may not be available in day-1 of the sprint.
If Need to create several use-case scenarios during the development phase even though the dependent service(s) would not be available or not developed yet..
end etc..

Testing team(Shift left approach) :

Start developing automation scripts in day-1 of the sprint in parallel with service implementation* .
Develop and test right away.
Prepare all the test scenarios and test cases and test/validate all the test scripts before the actual service is ready.
Tester can create all scenario and including error scenarios and create automated test cases before the service is ready.
Once the real service is ready, just switch the endpoint to real service and validate all the test-cases in a minutes.
And etc..

Overview: How developer to make and deploy the (newly developing) spring boot application interface with stub as Virtualized service. How this would helps team to proceed with "Shift Left" Strategy.

What is Shift left(Wikipedia): Shift left testing is an approach to software testing and system testing in which testing is performed earlier in the lifecycle (i.e., moved left on the project timeline). It is the first half of the maxim "Test early and often."

How to make my Service As Virtualized :

Developing a sprint boot(supports from 2.0.1.RELEASE) REST services using Rest Controller or CXF(JAX-RX) can be easily deployed as Virtualized service with three simple steps .

Step (1) : Add the "virtualan-plugin" dependency

• Add "virtualan-plugin" dependency in the  pom.xml  
	<dependency>
		<groupId>io.virtualan</groupId>
		<artifactId>virtualan-plugin</artifactId>
		<version>${virtualan.version}</version>
	</dependency>

Step (2) : Add @VirtualService and @ApiVirtual annotations

• @VirtualService - Annotation should be added in the class level
• @ApiVirtual - Annotation should be added in the method level that the API would you like to Virtualize.

Step (3) : Service Data base setup:

• Add the entries in the **application.properties** of the database to be used to store the test data (Example: hsql with in memory DB).
	virtualan.datasource.driver-class-name=<org.hsqldb.jdbcDriver>
	virtualan.datasource.jdbc-url=<jdbc:hsqldb:mem:dataSource>
	virtualan.datasource.username=<sa>
	virtualan.datasource.password=<>

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

virtualan's People

Contributors

Stargazers

Watchers

Forkers

theangrydev shiva9416 ivancarrascoq

virtualan's Issues

Invoking api with integer array query param throws a java.lang.ClassCastException

Description

I have a Swagger 2.0 API specification that has the following query parameter defied:

- name: "productIds"
  in: "query"
  description: "..."
  type: array
  items:
    type: integer
    format: int32
  collectionFormat: "multi"
  minItems: 0  
  maxItems: 10

Based on Virtualan docs I generated the Java classes, with the necessary annotations in place with the openapi-generator-maven-plugin:5.4.0.

My setting are:

<execution>
	<id>Api</id>
	<goals>
		<goal>generate</goal>
	</goals>
	<configuration>
		<inputSpec>${project.basedir}/src/main/resources/openapi/virtual/api.yaml
		</inputSpec>
		<generatorName>spring</generatorName>
		<output>${project.basedir}</output>
		<modelPackage>com.xxx.yyy.model</modelPackage>
		<apiPackage>com.xxx.yyy.api</apiPackage>
		<invokerPackage>com.xxx.yyy.swagger</invokerPackage>
		<skipValidateSpec>false</skipValidateSpec>
		<strictSpec>true</strictSpec>
		<generateApiDocumentation>false</generateApiDocumentation>
		<generateModelDocumentation>true</generateModelDocumentation>
		<configOptions>
			<virtualService>true</virtualService>
			<sourceFolder>target/generated-sources/openapi/src/main/java</sourceFolder>
			<configPackage>com.xxx.yyy.swagger</configPackage>
		</configOptions>
		<skipOverwrite>true</skipOverwrite>
	</configuration>
</execution>

The generation is successful, Classes are annotated with @VirtualService on class level and @ApiVirtual on method level as expected.

Reproduce issue

I start the spring-boot application and I

Navigate to virtualan-ui
Add mock data (successful)
Try invoke virtualized endpoint with parameters I given upon mock definition

As above mentioned one of the query parameters are as follows,

productIds
array[integer]
(query)

when I provide the defined query parameters here, the invocation will result the following exception:

java.lang.ClassCastException: class java.lang.Integer cannot be cast to class java.lang.CharSequence (java.lang.Integer and java.lang.CharSequence are in module java.base of loader 'bootstrap')
    at java.base/java.lang.String.join(Unknown Source)
    at io.virtualan.aop.ApiVirtualAspect.addQueryParamValue(ApiVirtualAspect.java:84)
    at io.virtualan.aop.ApiVirtualAspect$GetParams.invoke(ApiVirtualAspect.java:271)
    at io.virtualan.aop.ApiVirtualAspect.readInputParam(ApiVirtualAspect.java:171)
    at io.virtualan.aop.ApiVirtualAspect.aroundAddAdvice(ApiVirtualAspect.java:113)
    at jdk.internal.reflect.GeneratedMethodAccessor371.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.base/java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
    at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
    at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
...

For me, it seems the method in question:

public String addQueryParamValue(Object value) {
        return String.join(",", (java.util.List) value);
    }

tries to apply a String join on an integer, which results the above described exception,
while join would be applicable to

public static String join(@NotNull CharSequence delimiter,
                          @NotNull Iterable<? extends CharSequence> elements)

RCE vulnerability in angular 1.5.5 (virtualan-plugin)

Security analysis of the current virtualan-plugin detects a vulnerability in the third party js library angular 1.5.5.
Nexus IQ identifies the threat with high-severity.

Issue
sonatype-2016-0064
Severity
Sonatype CVSS 38.5
CVE CVSS 2.00.0
Weakness
Sonatype CWE79

Explanation
The AngularJS framework is vulnerable to Remote Code Execution (RCE) and Cross-Site Scripting (XSS). The ensureSafeAssignContext() function in parse.js processes malicious expressions that access the constructors. A remote attacker can exploit this vulnerability by crafting malicious expressions that, when processed, result in execution of arbitrary code.

@elans3
Could you please review this? Thanks

Feature request: Switch to get sample data instead of error for undefined request parameter.

I think it would be useful if you did not have to define all test data.
It would be nice, if you would have a configuration parameter, with which you can decide, that Virtualan
gives the sample data from an OAS3 specification as default response instead of an error message for undefined requests.

Issue

Bug Virtualan does not get correct dataset

I posted a dataset, but cannot retrieve it.

curl --location --request GET 'https://live.virtualandemo.com/api/persons/hfrüh'

Instead it gives me the data for "bgates".

Unescaped control character error

Description

I have mock responses defined with virtualan-plugin. These mock responses are created with virtualan UI on the Add Mock screen, for OpenAPI specification that was used to generate virtual APIs in my application.

Mock responses are added successfully, mock responses can be retrieves successfully in the Overall Catalog, with virtual-service-controller and the [GET] /virtualservices - listAllMockLoadRequests.

Example:

As you can see the mock response stored formatted with e.g. \n white space characters.
The issue is that when a client calls this endpoint the mock response will return 'as is' and for example in Jackson parser this will trigger an unescaped control character error.

Would it be possible to remove these special characters when you store it and only perform formatting on the UI when you display the JSON content?

virtualansoftware / virtualan Goto Github PK

virtualan's Introduction

Virtualan

OpenAPI Only:

OpenAPI and SOAP :

What is Virtualan :

What would be the benefits for?

Development team :

Testing team(Shift left approach) :

How to make my Service As Virtualized :

Step (1) : Add the "virtualan-plugin" dependency

Step (2) : Add @VirtualService and @ApiVirtual annotations

Step (3) : Service Data base setup:

virtualan's People

Contributors

Stargazers

Watchers

Forkers

virtualan's Issues

Description

Reproduce issue

Description

Recommend Projects

Recommend Topics

Recommend Org