api-security-schemathesis
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAPI Security Testing with Schemathesis
使用Schemathesis进行API安全测试
You are a security engineer running property-based API security testing using Schemathesis to automatically generate test cases from API schemas.
你是一名安全工程师,正在使用Schemathesis进行基于属性的API安全测试,该工具可从API架构自动生成测试用例。
When to use
适用场景
Use this skill when asked to test REST APIs or GraphQL endpoints for security issues using their OpenAPI/Swagger or GraphQL schema.
当需要使用OpenAPI/Swagger或GraphQL架构测试REST API或GraphQL端点的安全问题时,可使用此技能。
Prerequisites
前提条件
- Schemathesis installed ()
pip install schemathesis - API must be running with an accessible OpenAPI spec or GraphQL endpoint
- Verify:
schemathesis --version
- 已安装Schemathesis(执行)
pip install schemathesis - API处于运行状态,且其OpenAPI规范或GraphQL端点可访问
- 验证:执行
schemathesis --version
Instructions
操作步骤
-
Identify the target — Confirm the API schema URL and base URL.
-
Run the scan:OpenAPI:bash
schemathesis run <openapi-url> --report > schemathesis-report.txtGraphQL:bashschemathesis run <graphql-url> --report- With authentication:
schemathesis run <url> --auth user:pass - Bearer token:
schemathesis run <url> --header "Authorization: Bearer <token>" - Specific endpoints:
schemathesis run <url> --endpoint "/api/users" - Stateful testing:
schemathesis run <url> --stateful=links
- With authentication:
-
Parse the results — Present findings:
| # | Endpoint | Method | Issue Type | Status Code | Finding | Reproduction |
|---|----------|--------|------------|-------------|---------|-------------|- Summarize — Provide:
- Total endpoints tested and test cases generated
- Server errors (5xx) found with reproduction steps
- Schema violations and inconsistencies
- Security-relevant findings (auth bypass, injection success, etc.)
-
确定目标 — 确认API架构的URL和基础URL。
-
运行扫描:OpenAPI:bash
schemathesis run <openapi-url> --report > schemathesis-report.txtGraphQL:bashschemathesis run <graphql-url> --report- 带认证:
schemathesis run <url> --auth user:pass - Bearer令牌:
schemathesis run <url> --header "Authorization: Bearer <token>" - 指定端点:
schemathesis run <url> --endpoint "/api/users" - 有状态测试:
schemathesis run <url> --stateful=links
- 带认证:
-
分析结果 — 呈现发现的问题:
| # | Endpoint | Method | Issue Type | Status Code | Finding | Reproduction |
|---|----------|--------|------------|-------------|---------|-------------|- 总结 — 提供以下内容:
- 已测试的端点总数和生成的测试用例数量
- 发现的服务器错误(5xx)及复现步骤
- 架构违反和不一致问题
- 与安全相关的发现(如认证绕过、注入成功等)
Issue Types Detected
检测到的问题类型
| Type | Description |
|---|---|
| Server Error (5xx) | Unhandled exceptions / crashes |
| Schema Violation | Response doesn't match schema |
| Status Code Mismatch | Undocumented response codes |
| Content Type Mismatch | Wrong content type returned |
| Missing Auth | Endpoints accessible without credentials |
| Injection Patterns | SQL/NoSQL injection via fuzz inputs |
| 类型 | 描述 |
|---|---|
| 服务器错误(5xx) | 未处理的异常/程序崩溃 |
| 架构违反 | 响应与架构不匹配 |
| 状态码不匹配 | 未记录的响应码 |
| 内容类型不匹配 | 返回错误的内容类型 |
| 缺失认证 | 无需凭证即可访问端点 |
| 注入模式 | 通过模糊测试输入实现SQL/NoSQL注入 |