info for RPC support

WebFuzzing · Jul 31, 2023 · 201f353 · 201f353
1 parent 06895fb
commit 201f353
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -32,7 +32,7 @@ building on decades of research in the field of [Search-Based Software Testing](
 
 __Key features__:
 
-* _Web APIs_: At the moment, _EvoMaster_ can generate test cases for __REST__ and __GraphQL__ APIs. 
+* _Web APIs_: At the moment, _EvoMaster_ can generate test cases for __REST__, __GraphQL__ and __RPC__ (e.g., __gRPC__ and __Thrift__) APIs. 
 
 * _Blackbox_ testing mode: can run on any API (regardless of its programming language, e.g., Python and Go).
    However, results for blackbox testing will be worse than whitebox testing (e.g., due to lack of code analysis).
@@ -41,7 +41,7 @@ __Key features__:
   JVM (e.g., Java and Kotlin). _EvoMaster_ analyses the bytecode of the tested applications, and uses
   several heuristics such as _testability transformations_ and _taint analysis_ to be able to generate
   more effective test cases. We support JDK __8__ and the major LTS versions after that (currently JDK __17__). Might work on other JVM versions, but we provide __NO__ support for it. 
-   Note: there is initial support for other languages as well, like for example JavaScript/TypeScript, but they are not in a stable, feature-complete state yet. 
+   Note: there is initial support for other languages as well, like for example JavaScript/TypeScript and C#, but they are not in a stable, feature-complete state yet. 
 
 * _Installation_: we provide installers for the main operating systems: Windows (`.msi`), 
   OSX (`.dmg`) and Linux (`.deb`). We also provide an uber-fat JAR file.
@@ -79,6 +79,8 @@ __Known limitations__:
   We recommend to first try the search for 10 minutes, just to get an idea of what type of tests can be generated.
   But, then, you should run _EvoMaster_ for something like between 1 and 24 hours (the longer the better, but
   it is unlikely to get better results after 24 hours).
+
+* _RPC APIs_: for the moment, we do not directly support RPC schema definitions. Fuzzing RPC APIs requires to write a driver, using the client library of the API to make the calls. 
 
 * _External services_: (e.g., other RESTful APIs) currently there is no support for them (e.g., to automatically mock them).
   It is work in progress.

diff --git a/docs/write_driver.md b/docs/write_driver.md
@@ -324,6 +324,21 @@ To test a GraphQL API, in the the `getProblemInfo()`, you need to return an inst
 Here, you need to specify the endpoint of where the GraphQL API can be accessed. Default value is `/graphql`.
 Note: must be able to do an _introspective query_ on such API to fetch its schema. If this is disabled for security reasons, _EvoMaster_ will fail.  
 
+## RPC APIs
+
+To test RPC APIs, in the the `getProblemInfo()`, you need to return an instance of the
+`RPCProblem` class.
+Fuzzing RPC APIs requires a driver, and importing a JVM version of the API client library used to communicate with it.
+There is no direct support for file formats such as `.proto` and `.thrift`.
+Schema definitions are derived from the Java/Kotlin interfaces of the API client library.
+On the one hand, this means it is possible to fuzz any type of RPC API (and not just gRPC and Thrift), as long as there is a JVM client library.
+On the other hand, _black-box_ testing would require to write a driver. 
+
+Here, in `RPCProblem` there are 3 main things you need to specify:
+- the interface for the client library, defining the operations available in the API.
+- implementation for the interface, with actual client code doing the calls to the API.
+- specify the RPC type (e.g., gRPC or Thrift).
+
 ## Security
 
 The SUT might require authenticated requests (e.g., when _Spring Security_ is used).