1use crate::crud_flow::{CrudFlowConfig, CrudFlowDetector};
4use crate::data_driven::{DataDistribution, DataDrivenConfig, DataDrivenGenerator, DataMapping};
5use crate::dynamic_params::{DynamicParamProcessor, DynamicPlaceholder};
6use crate::error::{BenchError, Result};
7use crate::executor::K6Executor;
8use crate::invalid_data::{InvalidDataConfig, InvalidDataGenerator, InvalidDataType};
9use crate::k6_gen::{K6Config, K6ScriptGenerator};
10use crate::mock_integration::{
11 MockIntegrationConfig, MockIntegrationGenerator, MockServerDetector,
12};
13use crate::owasp_api::{OwaspApiConfig, OwaspApiGenerator, OwaspCategory, ReportFormat};
14use crate::parallel_executor::{AggregatedResults, ParallelExecutor};
15use crate::parallel_requests::{ParallelConfig, ParallelRequestGenerator};
16use crate::param_overrides::ParameterOverrides;
17use crate::reporter::TerminalReporter;
18use crate::request_gen::RequestGenerator;
19use crate::scenarios::LoadScenario;
20use crate::security_payloads::{
21 SecurityCategory, SecurityPayload, SecurityPayloads, SecurityTestConfig, SecurityTestGenerator,
22};
23use crate::spec_dependencies::{
24 topological_sort, DependencyDetector, ExtractedValues, SpecDependencyConfig,
25};
26use crate::spec_parser::SpecParser;
27use crate::target_parser::parse_targets_file;
28use crate::wafbench::WafBenchLoader;
29use mockforge_core::openapi::multi_spec::{
30 load_specs_from_directory, load_specs_from_files, merge_specs, ConflictStrategy,
31};
32use mockforge_core::openapi::spec::OpenApiSpec;
33use std::collections::{HashMap, HashSet};
34use std::path::PathBuf;
35use std::str::FromStr;
36
37pub struct BenchCommand {
39 pub spec: Vec<PathBuf>,
41 pub spec_dir: Option<PathBuf>,
43 pub merge_conflicts: String,
45 pub spec_mode: String,
47 pub dependency_config: Option<PathBuf>,
49 pub target: String,
50 pub base_path: Option<String>,
53 pub duration: String,
54 pub vus: u32,
55 pub scenario: String,
56 pub operations: Option<String>,
57 pub exclude_operations: Option<String>,
61 pub auth: Option<String>,
62 pub headers: Option<String>,
63 pub output: PathBuf,
64 pub generate_only: bool,
65 pub script_output: Option<PathBuf>,
66 pub threshold_percentile: String,
67 pub threshold_ms: u64,
68 pub max_error_rate: f64,
69 pub verbose: bool,
70 pub skip_tls_verify: bool,
71 pub targets_file: Option<PathBuf>,
73 pub max_concurrency: Option<u32>,
75 pub results_format: String,
77 pub params_file: Option<PathBuf>,
82
83 pub crud_flow: bool,
86 pub flow_config: Option<PathBuf>,
88 pub extract_fields: Option<String>,
90
91 pub parallel_create: Option<u32>,
94
95 pub data_file: Option<PathBuf>,
98 pub data_distribution: String,
100 pub data_mappings: Option<String>,
102 pub per_uri_control: bool,
104
105 pub error_rate: Option<f64>,
108 pub error_types: Option<String>,
110
111 pub security_test: bool,
114 pub security_payloads: Option<PathBuf>,
116 pub security_categories: Option<String>,
118 pub security_target_fields: Option<String>,
120
121 pub wafbench_dir: Option<String>,
124
125 pub owasp_api_top10: bool,
128 pub owasp_categories: Option<String>,
130 pub owasp_auth_header: String,
132 pub owasp_auth_token: Option<String>,
134 pub owasp_admin_paths: Option<PathBuf>,
136 pub owasp_id_fields: Option<String>,
138 pub owasp_report: Option<PathBuf>,
140 pub owasp_report_format: String,
142}
143
144impl BenchCommand {
145 pub async fn load_and_merge_specs(&self) -> Result<OpenApiSpec> {
147 let mut all_specs: Vec<(PathBuf, OpenApiSpec)> = Vec::new();
148
149 if !self.spec.is_empty() {
151 let specs = load_specs_from_files(self.spec.clone())
152 .await
153 .map_err(|e| BenchError::Other(format!("Failed to load spec files: {}", e)))?;
154 all_specs.extend(specs);
155 }
156
157 if let Some(spec_dir) = &self.spec_dir {
159 let dir_specs = load_specs_from_directory(spec_dir).await.map_err(|e| {
160 BenchError::Other(format!("Failed to load specs from directory: {}", e))
161 })?;
162 all_specs.extend(dir_specs);
163 }
164
165 if all_specs.is_empty() {
166 return Err(BenchError::Other(
167 "No spec files provided. Use --spec or --spec-dir.".to_string(),
168 ));
169 }
170
171 if all_specs.len() == 1 {
173 return Ok(all_specs.into_iter().next().expect("checked len() == 1 above").1);
175 }
176
177 let conflict_strategy = match self.merge_conflicts.as_str() {
179 "first" => ConflictStrategy::First,
180 "last" => ConflictStrategy::Last,
181 _ => ConflictStrategy::Error,
182 };
183
184 merge_specs(all_specs, conflict_strategy)
185 .map_err(|e| BenchError::Other(format!("Failed to merge specs: {}", e)))
186 }
187
188 fn get_spec_display_name(&self) -> String {
190 if self.spec.len() == 1 {
191 self.spec[0].to_string_lossy().to_string()
192 } else if !self.spec.is_empty() {
193 format!("{} spec files", self.spec.len())
194 } else if let Some(dir) = &self.spec_dir {
195 format!("specs from {}", dir.display())
196 } else {
197 "no specs".to_string()
198 }
199 }
200
201 pub async fn execute(&self) -> Result<()> {
203 if let Some(targets_file) = &self.targets_file {
205 return self.execute_multi_target(targets_file).await;
206 }
207
208 if self.spec_mode == "sequential" && (self.spec.len() > 1 || self.spec_dir.is_some()) {
210 return self.execute_sequential_specs().await;
211 }
212
213 TerminalReporter::print_header(
216 &self.get_spec_display_name(),
217 &self.target,
218 0, &self.scenario,
220 Self::parse_duration(&self.duration)?,
221 );
222
223 if !K6Executor::is_k6_installed() {
225 TerminalReporter::print_error("k6 is not installed");
226 TerminalReporter::print_warning(
227 "Install k6 from: https://k6.io/docs/get-started/installation/",
228 );
229 return Err(BenchError::K6NotFound);
230 }
231
232 TerminalReporter::print_progress("Loading OpenAPI specification(s)...");
234 let merged_spec = self.load_and_merge_specs().await?;
235 let parser = SpecParser::from_spec(merged_spec);
236 if self.spec.len() > 1 || self.spec_dir.is_some() {
237 TerminalReporter::print_success(&format!(
238 "Loaded and merged {} specification(s)",
239 self.spec.len() + self.spec_dir.as_ref().map(|_| 1).unwrap_or(0)
240 ));
241 } else {
242 TerminalReporter::print_success("Specification loaded");
243 }
244
245 let mock_config = self.build_mock_config().await;
247 if mock_config.is_mock_server {
248 TerminalReporter::print_progress("Mock server integration enabled");
249 }
250
251 if self.crud_flow {
253 return self.execute_crud_flow(&parser).await;
254 }
255
256 if self.owasp_api_top10 {
258 return self.execute_owasp_test(&parser).await;
259 }
260
261 TerminalReporter::print_progress("Extracting API operations...");
263 let mut operations = if let Some(filter) = &self.operations {
264 parser.filter_operations(filter)?
265 } else {
266 parser.get_operations()
267 };
268
269 if let Some(exclude) = &self.exclude_operations {
271 let before_count = operations.len();
272 operations = parser.exclude_operations(operations, exclude)?;
273 let excluded_count = before_count - operations.len();
274 if excluded_count > 0 {
275 TerminalReporter::print_progress(&format!(
276 "Excluded {} operations matching '{}'",
277 excluded_count, exclude
278 ));
279 }
280 }
281
282 if operations.is_empty() {
283 return Err(BenchError::Other("No operations found in spec".to_string()));
284 }
285
286 TerminalReporter::print_success(&format!("Found {} operations", operations.len()));
287
288 let param_overrides = if let Some(params_file) = &self.params_file {
290 TerminalReporter::print_progress("Loading parameter overrides...");
291 let overrides = ParameterOverrides::from_file(params_file)?;
292 TerminalReporter::print_success(&format!(
293 "Loaded parameter overrides ({} operation-specific, {} defaults)",
294 overrides.operations.len(),
295 if overrides.defaults.is_empty() { 0 } else { 1 }
296 ));
297 Some(overrides)
298 } else {
299 None
300 };
301
302 TerminalReporter::print_progress("Generating request templates...");
304 let templates: Vec<_> = operations
305 .iter()
306 .map(|op| {
307 let op_overrides = param_overrides.as_ref().map(|po| {
308 po.get_for_operation(op.operation_id.as_deref(), &op.method, &op.path)
309 });
310 RequestGenerator::generate_template_with_overrides(op, op_overrides.as_ref())
311 })
312 .collect::<Result<Vec<_>>>()?;
313 TerminalReporter::print_success("Request templates generated");
314
315 let custom_headers = self.parse_headers()?;
317
318 let base_path = self.resolve_base_path(&parser);
320 if let Some(ref bp) = base_path {
321 TerminalReporter::print_progress(&format!("Using base path: {}", bp));
322 }
323
324 TerminalReporter::print_progress("Generating k6 load test script...");
326 let scenario =
327 LoadScenario::from_str(&self.scenario).map_err(BenchError::InvalidScenario)?;
328
329 let k6_config = K6Config {
330 target_url: self.target.clone(),
331 base_path,
332 scenario,
333 duration_secs: Self::parse_duration(&self.duration)?,
334 max_vus: self.vus,
335 threshold_percentile: self.threshold_percentile.clone(),
336 threshold_ms: self.threshold_ms,
337 max_error_rate: self.max_error_rate,
338 auth_header: self.auth.clone(),
339 custom_headers,
340 skip_tls_verify: self.skip_tls_verify,
341 };
342
343 let generator = K6ScriptGenerator::new(k6_config, templates);
344 let mut script = generator.generate()?;
345 TerminalReporter::print_success("k6 script generated");
346
347 let has_advanced_features = self.data_file.is_some()
349 || self.error_rate.is_some()
350 || self.security_test
351 || self.parallel_create.is_some();
352
353 if has_advanced_features {
355 script = self.generate_enhanced_script(&script)?;
356 }
357
358 if mock_config.is_mock_server {
360 let setup_code = MockIntegrationGenerator::generate_setup(&mock_config);
361 let teardown_code = MockIntegrationGenerator::generate_teardown(&mock_config);
362 let helper_code = MockIntegrationGenerator::generate_vu_id_helper();
363
364 if let Some(import_end) = script.find("export const options") {
366 script.insert_str(
367 import_end,
368 &format!(
369 "\n// === Mock Server Integration ===\n{}\n{}\n{}\n",
370 helper_code, setup_code, teardown_code
371 ),
372 );
373 }
374 }
375
376 TerminalReporter::print_progress("Validating k6 script...");
378 let validation_errors = K6ScriptGenerator::validate_script(&script);
379 if !validation_errors.is_empty() {
380 TerminalReporter::print_error("Script validation failed");
381 for error in &validation_errors {
382 eprintln!(" {}", error);
383 }
384 return Err(BenchError::Other(format!(
385 "Generated k6 script has {} validation error(s). Please check the output above.",
386 validation_errors.len()
387 )));
388 }
389 TerminalReporter::print_success("Script validation passed");
390
391 let script_path = if let Some(output) = &self.script_output {
393 output.clone()
394 } else {
395 self.output.join("k6-script.js")
396 };
397
398 if let Some(parent) = script_path.parent() {
399 std::fs::create_dir_all(parent)?;
400 }
401 std::fs::write(&script_path, &script)?;
402 TerminalReporter::print_success(&format!("Script written to: {}", script_path.display()));
403
404 if self.generate_only {
406 println!("\nScript generated successfully. Run it with:");
407 println!(" k6 run {}", script_path.display());
408 return Ok(());
409 }
410
411 TerminalReporter::print_progress("Executing load test...");
413 let executor = K6Executor::new()?;
414
415 std::fs::create_dir_all(&self.output)?;
416
417 let results = executor.execute(&script_path, Some(&self.output), self.verbose).await?;
418
419 let duration_secs = Self::parse_duration(&self.duration)?;
421 TerminalReporter::print_summary(&results, duration_secs);
422
423 println!("\nResults saved to: {}", self.output.display());
424
425 Ok(())
426 }
427
428 async fn execute_multi_target(&self, targets_file: &PathBuf) -> Result<()> {
430 TerminalReporter::print_progress("Parsing targets file...");
431 let targets = parse_targets_file(targets_file)?;
432 let num_targets = targets.len();
433 TerminalReporter::print_success(&format!("Loaded {} targets", num_targets));
434
435 if targets.is_empty() {
436 return Err(BenchError::Other("No targets found in file".to_string()));
437 }
438
439 let max_concurrency = self.max_concurrency.unwrap_or(10) as usize;
441 let max_concurrency = max_concurrency.min(num_targets); TerminalReporter::print_header(
445 &self.get_spec_display_name(),
446 &format!("{} targets", num_targets),
447 0,
448 &self.scenario,
449 Self::parse_duration(&self.duration)?,
450 );
451
452 let executor = ParallelExecutor::new(
454 BenchCommand {
455 spec: self.spec.clone(),
457 spec_dir: self.spec_dir.clone(),
458 merge_conflicts: self.merge_conflicts.clone(),
459 spec_mode: self.spec_mode.clone(),
460 dependency_config: self.dependency_config.clone(),
461 target: self.target.clone(), base_path: self.base_path.clone(),
463 duration: self.duration.clone(),
464 vus: self.vus,
465 scenario: self.scenario.clone(),
466 operations: self.operations.clone(),
467 exclude_operations: self.exclude_operations.clone(),
468 auth: self.auth.clone(),
469 headers: self.headers.clone(),
470 output: self.output.clone(),
471 generate_only: self.generate_only,
472 script_output: self.script_output.clone(),
473 threshold_percentile: self.threshold_percentile.clone(),
474 threshold_ms: self.threshold_ms,
475 max_error_rate: self.max_error_rate,
476 verbose: self.verbose,
477 skip_tls_verify: self.skip_tls_verify,
478 targets_file: None,
479 max_concurrency: None,
480 results_format: self.results_format.clone(),
481 params_file: self.params_file.clone(),
482 crud_flow: self.crud_flow,
483 flow_config: self.flow_config.clone(),
484 extract_fields: self.extract_fields.clone(),
485 parallel_create: self.parallel_create,
486 data_file: self.data_file.clone(),
487 data_distribution: self.data_distribution.clone(),
488 data_mappings: self.data_mappings.clone(),
489 per_uri_control: self.per_uri_control,
490 error_rate: self.error_rate,
491 error_types: self.error_types.clone(),
492 security_test: self.security_test,
493 security_payloads: self.security_payloads.clone(),
494 security_categories: self.security_categories.clone(),
495 security_target_fields: self.security_target_fields.clone(),
496 wafbench_dir: self.wafbench_dir.clone(),
497 owasp_api_top10: self.owasp_api_top10,
498 owasp_categories: self.owasp_categories.clone(),
499 owasp_auth_header: self.owasp_auth_header.clone(),
500 owasp_auth_token: self.owasp_auth_token.clone(),
501 owasp_admin_paths: self.owasp_admin_paths.clone(),
502 owasp_id_fields: self.owasp_id_fields.clone(),
503 owasp_report: self.owasp_report.clone(),
504 owasp_report_format: self.owasp_report_format.clone(),
505 },
506 targets,
507 max_concurrency,
508 );
509
510 let aggregated_results = executor.execute_all().await?;
512
513 self.report_multi_target_results(&aggregated_results)?;
515
516 Ok(())
517 }
518
519 fn report_multi_target_results(&self, results: &AggregatedResults) -> Result<()> {
521 TerminalReporter::print_multi_target_summary(results);
523
524 if self.results_format == "aggregated" || self.results_format == "both" {
526 let summary_path = self.output.join("aggregated_summary.json");
527 let summary_json = serde_json::json!({
528 "total_targets": results.total_targets,
529 "successful_targets": results.successful_targets,
530 "failed_targets": results.failed_targets,
531 "aggregated_metrics": {
532 "total_requests": results.aggregated_metrics.total_requests,
533 "total_failed_requests": results.aggregated_metrics.total_failed_requests,
534 "avg_duration_ms": results.aggregated_metrics.avg_duration_ms,
535 "p95_duration_ms": results.aggregated_metrics.p95_duration_ms,
536 "p99_duration_ms": results.aggregated_metrics.p99_duration_ms,
537 "error_rate": results.aggregated_metrics.error_rate,
538 },
539 "target_results": results.target_results.iter().map(|r| {
540 serde_json::json!({
541 "target_url": r.target_url,
542 "target_index": r.target_index,
543 "success": r.success,
544 "error": r.error,
545 "total_requests": r.results.total_requests,
546 "failed_requests": r.results.failed_requests,
547 "avg_duration_ms": r.results.avg_duration_ms,
548 "p95_duration_ms": r.results.p95_duration_ms,
549 "p99_duration_ms": r.results.p99_duration_ms,
550 "output_dir": r.output_dir.to_string_lossy(),
551 })
552 }).collect::<Vec<_>>(),
553 });
554
555 std::fs::write(&summary_path, serde_json::to_string_pretty(&summary_json)?)?;
556 TerminalReporter::print_success(&format!(
557 "Aggregated summary saved to: {}",
558 summary_path.display()
559 ));
560 }
561
562 println!("\nResults saved to: {}", self.output.display());
563 println!(" - Per-target results: {}", self.output.join("target_*").display());
564 if self.results_format == "aggregated" || self.results_format == "both" {
565 println!(
566 " - Aggregated summary: {}",
567 self.output.join("aggregated_summary.json").display()
568 );
569 }
570
571 Ok(())
572 }
573
574 pub fn parse_duration(duration: &str) -> Result<u64> {
576 let duration = duration.trim();
577
578 if let Some(secs) = duration.strip_suffix('s') {
579 secs.parse::<u64>()
580 .map_err(|_| BenchError::Other(format!("Invalid duration: {}", duration)))
581 } else if let Some(mins) = duration.strip_suffix('m') {
582 mins.parse::<u64>()
583 .map(|m| m * 60)
584 .map_err(|_| BenchError::Other(format!("Invalid duration: {}", duration)))
585 } else if let Some(hours) = duration.strip_suffix('h') {
586 hours
587 .parse::<u64>()
588 .map(|h| h * 3600)
589 .map_err(|_| BenchError::Other(format!("Invalid duration: {}", duration)))
590 } else {
591 duration
593 .parse::<u64>()
594 .map_err(|_| BenchError::Other(format!("Invalid duration: {}", duration)))
595 }
596 }
597
598 pub fn parse_headers(&self) -> Result<HashMap<String, String>> {
600 let mut headers = HashMap::new();
601
602 if let Some(header_str) = &self.headers {
603 for pair in header_str.split(',') {
604 let parts: Vec<&str> = pair.splitn(2, ':').collect();
605 if parts.len() != 2 {
606 return Err(BenchError::Other(format!(
607 "Invalid header format: '{}'. Expected 'Key:Value'",
608 pair
609 )));
610 }
611 headers.insert(parts[0].trim().to_string(), parts[1].trim().to_string());
612 }
613 }
614
615 Ok(headers)
616 }
617
618 fn resolve_base_path(&self, parser: &SpecParser) -> Option<String> {
627 if let Some(cli_base_path) = &self.base_path {
629 if cli_base_path.is_empty() {
630 return None;
632 }
633 return Some(cli_base_path.clone());
634 }
635
636 parser.get_base_path()
638 }
639
640 async fn build_mock_config(&self) -> MockIntegrationConfig {
642 if MockServerDetector::looks_like_mock_server(&self.target) {
644 if let Ok(info) = MockServerDetector::detect(&self.target).await {
646 if info.is_mockforge {
647 TerminalReporter::print_success(&format!(
648 "Detected MockForge server (version: {})",
649 info.version.as_deref().unwrap_or("unknown")
650 ));
651 return MockIntegrationConfig::mock_server();
652 }
653 }
654 }
655 MockIntegrationConfig::real_api()
656 }
657
658 fn build_crud_flow_config(&self) -> Option<CrudFlowConfig> {
660 if !self.crud_flow {
661 return None;
662 }
663
664 if let Some(config_path) = &self.flow_config {
666 match CrudFlowConfig::from_file(config_path) {
667 Ok(config) => return Some(config),
668 Err(e) => {
669 TerminalReporter::print_warning(&format!(
670 "Failed to load flow config: {}. Using auto-detection.",
671 e
672 ));
673 }
674 }
675 }
676
677 let extract_fields = self
679 .extract_fields
680 .as_ref()
681 .map(|f| f.split(',').map(|s| s.trim().to_string()).collect())
682 .unwrap_or_else(|| vec!["id".to_string(), "uuid".to_string()]);
683
684 Some(CrudFlowConfig {
685 flows: Vec::new(), default_extract_fields: extract_fields,
687 })
688 }
689
690 fn build_data_driven_config(&self) -> Option<DataDrivenConfig> {
692 let data_file = self.data_file.as_ref()?;
693
694 let distribution = DataDistribution::from_str(&self.data_distribution)
695 .unwrap_or(DataDistribution::UniquePerVu);
696
697 let mappings = self
698 .data_mappings
699 .as_ref()
700 .map(|m| DataMapping::parse_mappings(m).unwrap_or_default())
701 .unwrap_or_default();
702
703 Some(DataDrivenConfig {
704 file_path: data_file.to_string_lossy().to_string(),
705 distribution,
706 mappings,
707 csv_has_header: true,
708 per_uri_control: self.per_uri_control,
709 per_uri_columns: crate::data_driven::PerUriColumns::default(),
710 })
711 }
712
713 fn build_invalid_data_config(&self) -> Option<InvalidDataConfig> {
715 let error_rate = self.error_rate?;
716
717 let error_types = self
718 .error_types
719 .as_ref()
720 .map(|types| InvalidDataConfig::parse_error_types(types).unwrap_or_default())
721 .unwrap_or_default();
722
723 Some(InvalidDataConfig {
724 error_rate,
725 error_types,
726 target_fields: Vec::new(),
727 })
728 }
729
730 fn build_security_config(&self) -> Option<SecurityTestConfig> {
732 if !self.security_test {
733 return None;
734 }
735
736 let categories = self
737 .security_categories
738 .as_ref()
739 .map(|cats| SecurityTestConfig::parse_categories(cats).unwrap_or_default())
740 .unwrap_or_else(|| {
741 let mut default = std::collections::HashSet::new();
742 default.insert(SecurityCategory::SqlInjection);
743 default.insert(SecurityCategory::Xss);
744 default
745 });
746
747 let target_fields = self
748 .security_target_fields
749 .as_ref()
750 .map(|fields| fields.split(',').map(|f| f.trim().to_string()).collect())
751 .unwrap_or_default();
752
753 let custom_payloads_file =
754 self.security_payloads.as_ref().map(|p| p.to_string_lossy().to_string());
755
756 Some(SecurityTestConfig {
757 enabled: true,
758 categories,
759 target_fields,
760 custom_payloads_file,
761 include_high_risk: false,
762 })
763 }
764
765 fn build_parallel_config(&self) -> Option<ParallelConfig> {
767 let count = self.parallel_create?;
768
769 Some(ParallelConfig::new(count))
770 }
771
772 fn load_wafbench_payloads(&self) -> Vec<SecurityPayload> {
774 let Some(ref wafbench_dir) = self.wafbench_dir else {
775 return Vec::new();
776 };
777
778 let mut loader = WafBenchLoader::new();
779
780 if let Err(e) = loader.load_from_pattern(wafbench_dir) {
781 TerminalReporter::print_warning(&format!("Failed to load WAFBench tests: {}", e));
782 return Vec::new();
783 }
784
785 let stats = loader.stats();
786
787 if stats.files_processed == 0 {
788 TerminalReporter::print_warning(&format!(
789 "No WAFBench YAML files found matching '{}'",
790 wafbench_dir
791 ));
792 return Vec::new();
793 }
794
795 TerminalReporter::print_progress(&format!(
796 "Loaded {} WAFBench files, {} test cases, {} payloads",
797 stats.files_processed, stats.test_cases_loaded, stats.payloads_extracted
798 ));
799
800 for (category, count) in &stats.by_category {
802 TerminalReporter::print_progress(&format!(" - {}: {} tests", category, count));
803 }
804
805 for error in &stats.parse_errors {
807 TerminalReporter::print_warning(&format!(" Parse error: {}", error));
808 }
809
810 loader.to_security_payloads()
811 }
812
813 fn generate_enhanced_script(&self, base_script: &str) -> Result<String> {
815 let mut enhanced_script = base_script.to_string();
816 let mut additional_code = String::new();
817
818 if let Some(config) = self.build_data_driven_config() {
820 TerminalReporter::print_progress("Adding data-driven testing support...");
821 additional_code.push_str(&DataDrivenGenerator::generate_setup(&config));
822 additional_code.push('\n');
823 TerminalReporter::print_success("Data-driven testing enabled");
824 }
825
826 if let Some(config) = self.build_invalid_data_config() {
828 TerminalReporter::print_progress("Adding invalid data testing support...");
829 additional_code.push_str(&InvalidDataGenerator::generate_invalidation_logic());
830 additional_code.push('\n');
831 additional_code
832 .push_str(&InvalidDataGenerator::generate_should_invalidate(config.error_rate));
833 additional_code.push('\n');
834 additional_code
835 .push_str(&InvalidDataGenerator::generate_type_selection(&config.error_types));
836 additional_code.push('\n');
837 TerminalReporter::print_success(&format!(
838 "Invalid data testing enabled ({}% error rate)",
839 (self.error_rate.unwrap_or(0.0) * 100.0) as u32
840 ));
841 }
842
843 let security_config = self.build_security_config();
845 let wafbench_payloads = self.load_wafbench_payloads();
846
847 if security_config.is_some() || !wafbench_payloads.is_empty() {
848 TerminalReporter::print_progress("Adding security testing support...");
849
850 let mut payload_list: Vec<SecurityPayload> = Vec::new();
852
853 if let Some(ref config) = security_config {
854 payload_list.extend(SecurityPayloads::get_payloads(config));
855 }
856
857 if !wafbench_payloads.is_empty() {
859 TerminalReporter::print_progress(&format!(
860 "Loading {} WAFBench attack patterns...",
861 wafbench_payloads.len()
862 ));
863 payload_list.extend(wafbench_payloads);
864 }
865
866 let target_fields =
867 security_config.as_ref().map(|c| c.target_fields.clone()).unwrap_or_default();
868
869 additional_code
870 .push_str(&SecurityTestGenerator::generate_payload_selection(&payload_list));
871 additional_code.push('\n');
872 additional_code
873 .push_str(&SecurityTestGenerator::generate_apply_payload(&target_fields));
874 additional_code.push('\n');
875 additional_code.push_str(&SecurityTestGenerator::generate_security_checks());
876 additional_code.push('\n');
877 TerminalReporter::print_success(&format!(
878 "Security testing enabled ({} payloads)",
879 payload_list.len()
880 ));
881 }
882
883 if let Some(config) = self.build_parallel_config() {
885 TerminalReporter::print_progress("Adding parallel execution support...");
886 additional_code.push_str(&ParallelRequestGenerator::generate_batch_helper(&config));
887 additional_code.push('\n');
888 TerminalReporter::print_success(&format!(
889 "Parallel execution enabled (count: {})",
890 config.count
891 ));
892 }
893
894 if !additional_code.is_empty() {
896 if let Some(import_end) = enhanced_script.find("export const options") {
898 enhanced_script.insert_str(
899 import_end,
900 &format!("\n// === Advanced Testing Features ===\n{}\n", additional_code),
901 );
902 }
903 }
904
905 Ok(enhanced_script)
906 }
907
908 async fn execute_sequential_specs(&self) -> Result<()> {
910 TerminalReporter::print_progress("Sequential spec mode: Loading specs individually...");
911
912 let mut all_specs: Vec<(PathBuf, OpenApiSpec)> = Vec::new();
914
915 if !self.spec.is_empty() {
916 let specs = load_specs_from_files(self.spec.clone())
917 .await
918 .map_err(|e| BenchError::Other(format!("Failed to load spec files: {}", e)))?;
919 all_specs.extend(specs);
920 }
921
922 if let Some(spec_dir) = &self.spec_dir {
923 let dir_specs = load_specs_from_directory(spec_dir).await.map_err(|e| {
924 BenchError::Other(format!("Failed to load specs from directory: {}", e))
925 })?;
926 all_specs.extend(dir_specs);
927 }
928
929 if all_specs.is_empty() {
930 return Err(BenchError::Other(
931 "No spec files found for sequential execution".to_string(),
932 ));
933 }
934
935 TerminalReporter::print_success(&format!("Loaded {} spec(s)", all_specs.len()));
936
937 let execution_order = if let Some(config_path) = &self.dependency_config {
939 TerminalReporter::print_progress("Loading dependency configuration...");
940 let config = SpecDependencyConfig::from_file(config_path)?;
941
942 if !config.disable_auto_detect && config.execution_order.is_empty() {
943 self.detect_and_sort_specs(&all_specs)?
945 } else {
946 config.execution_order.iter().flat_map(|g| g.specs.clone()).collect()
948 }
949 } else {
950 self.detect_and_sort_specs(&all_specs)?
952 };
953
954 TerminalReporter::print_success(&format!(
955 "Execution order: {}",
956 execution_order
957 .iter()
958 .map(|p| p.file_name().unwrap_or_default().to_string_lossy().to_string())
959 .collect::<Vec<_>>()
960 .join(" → ")
961 ));
962
963 let mut extracted_values = ExtractedValues::new();
965 let total_specs = execution_order.len();
966
967 for (index, spec_path) in execution_order.iter().enumerate() {
968 let spec_name = spec_path.file_name().unwrap_or_default().to_string_lossy().to_string();
969
970 TerminalReporter::print_progress(&format!(
971 "[{}/{}] Executing spec: {}",
972 index + 1,
973 total_specs,
974 spec_name
975 ));
976
977 let spec = all_specs
979 .iter()
980 .find(|(p, _)| {
981 p == spec_path
982 || p.file_name() == spec_path.file_name()
983 || p.file_name() == Some(spec_path.as_os_str())
984 })
985 .map(|(_, s)| s.clone())
986 .ok_or_else(|| {
987 BenchError::Other(format!("Spec not found: {}", spec_path.display()))
988 })?;
989
990 let new_values = self.execute_single_spec(&spec, &spec_name, &extracted_values).await?;
992
993 extracted_values.merge(&new_values);
995
996 TerminalReporter::print_success(&format!(
997 "[{}/{}] Completed: {} (extracted {} values)",
998 index + 1,
999 total_specs,
1000 spec_name,
1001 new_values.values.len()
1002 ));
1003 }
1004
1005 TerminalReporter::print_success(&format!(
1006 "Sequential execution complete: {} specs executed",
1007 total_specs
1008 ));
1009
1010 Ok(())
1011 }
1012
1013 fn detect_and_sort_specs(&self, specs: &[(PathBuf, OpenApiSpec)]) -> Result<Vec<PathBuf>> {
1015 TerminalReporter::print_progress("Auto-detecting spec dependencies...");
1016
1017 let mut detector = DependencyDetector::new();
1018 let dependencies = detector.detect_dependencies(specs);
1019
1020 if dependencies.is_empty() {
1021 TerminalReporter::print_progress("No dependencies detected, using file order");
1022 return Ok(specs.iter().map(|(p, _)| p.clone()).collect());
1023 }
1024
1025 TerminalReporter::print_progress(&format!(
1026 "Detected {} cross-spec dependencies",
1027 dependencies.len()
1028 ));
1029
1030 for dep in &dependencies {
1031 TerminalReporter::print_progress(&format!(
1032 " {} → {} (via field '{}')",
1033 dep.dependency_spec.file_name().unwrap_or_default().to_string_lossy(),
1034 dep.dependent_spec.file_name().unwrap_or_default().to_string_lossy(),
1035 dep.field_name
1036 ));
1037 }
1038
1039 topological_sort(specs, &dependencies)
1040 }
1041
1042 async fn execute_single_spec(
1044 &self,
1045 spec: &OpenApiSpec,
1046 spec_name: &str,
1047 _external_values: &ExtractedValues,
1048 ) -> Result<ExtractedValues> {
1049 let parser = SpecParser::from_spec(spec.clone());
1050
1051 if self.crud_flow {
1053 self.execute_crud_flow_with_extraction(&parser, spec_name).await
1055 } else {
1056 self.execute_standard_spec(&parser, spec_name).await?;
1058 Ok(ExtractedValues::new())
1059 }
1060 }
1061
1062 async fn execute_crud_flow_with_extraction(
1064 &self,
1065 parser: &SpecParser,
1066 spec_name: &str,
1067 ) -> Result<ExtractedValues> {
1068 let operations = parser.get_operations();
1069 let flows = CrudFlowDetector::detect_flows(&operations);
1070
1071 if flows.is_empty() {
1072 TerminalReporter::print_warning(&format!("No CRUD flows detected in {}", spec_name));
1073 return Ok(ExtractedValues::new());
1074 }
1075
1076 TerminalReporter::print_progress(&format!(
1077 " {} CRUD flow(s) in {}",
1078 flows.len(),
1079 spec_name
1080 ));
1081
1082 let mut handlebars = handlebars::Handlebars::new();
1084 handlebars.register_helper(
1086 "json",
1087 Box::new(
1088 |h: &handlebars::Helper,
1089 _: &handlebars::Handlebars,
1090 _: &handlebars::Context,
1091 _: &mut handlebars::RenderContext,
1092 out: &mut dyn handlebars::Output|
1093 -> handlebars::HelperResult {
1094 let param = h.param(0).map(|v| v.value()).unwrap_or(&serde_json::Value::Null);
1095 out.write(&serde_json::to_string(param).unwrap_or_else(|_| "[]".to_string()))?;
1096 Ok(())
1097 },
1098 ),
1099 );
1100 let template = include_str!("templates/k6_crud_flow.hbs");
1101
1102 let custom_headers = self.parse_headers()?;
1103 let config = self.build_crud_flow_config().unwrap_or_default();
1104
1105 let param_overrides = if let Some(params_file) = &self.params_file {
1107 let overrides = ParameterOverrides::from_file(params_file)?;
1108 Some(overrides)
1109 } else {
1110 None
1111 };
1112
1113 let duration_secs = Self::parse_duration(&self.duration)?;
1115 let scenario =
1116 LoadScenario::from_str(&self.scenario).map_err(BenchError::InvalidScenario)?;
1117 let stages = scenario.generate_stages(duration_secs, self.vus);
1118
1119 let api_base_path = self.resolve_base_path(parser);
1121
1122 let mut all_headers = custom_headers.clone();
1124 if let Some(auth) = &self.auth {
1125 all_headers.insert("Authorization".to_string(), auth.clone());
1126 }
1127 let headers_json = serde_json::to_string(&all_headers).unwrap_or_else(|_| "{}".to_string());
1128
1129 let mut all_placeholders: HashSet<DynamicPlaceholder> = HashSet::new();
1131
1132 let flows_data: Vec<serde_json::Value> = flows.iter().map(|f| {
1133 let sanitized_name = K6ScriptGenerator::sanitize_js_identifier(&f.name);
1134 serde_json::json!({
1135 "name": sanitized_name.clone(),
1136 "display_name": f.name,
1137 "base_path": f.base_path,
1138 "steps": f.steps.iter().enumerate().map(|(idx, s)| {
1139 let parts: Vec<&str> = s.operation.splitn(2, ' ').collect();
1141 let method_raw = if !parts.is_empty() {
1142 parts[0].to_uppercase()
1143 } else {
1144 "GET".to_string()
1145 };
1146 let method = if !parts.is_empty() {
1147 let m = parts[0].to_lowercase();
1148 if m == "delete" { "del".to_string() } else { m }
1150 } else {
1151 "get".to_string()
1152 };
1153 let raw_path = if parts.len() >= 2 { parts[1] } else { "/" };
1154 let path = if let Some(ref bp) = api_base_path {
1156 format!("{}{}", bp, raw_path)
1157 } else {
1158 raw_path.to_string()
1159 };
1160 let is_get_or_head = method == "get" || method == "head";
1161 let has_body = matches!(method.as_str(), "post" | "put" | "patch");
1163
1164 let body_value = if has_body {
1166 param_overrides.as_ref()
1167 .map(|po| po.get_for_operation(None, &method_raw, &raw_path))
1168 .and_then(|oo| oo.body)
1169 .unwrap_or_else(|| serde_json::json!({}))
1170 } else {
1171 serde_json::json!({})
1172 };
1173
1174 let processed_body = DynamicParamProcessor::process_json_body(&body_value);
1176
1177 serde_json::json!({
1178 "operation": s.operation,
1179 "method": method,
1180 "path": path,
1181 "extract": s.extract,
1182 "use_values": s.use_values,
1183 "use_body": s.use_body,
1184 "description": s.description,
1185 "display_name": s.description.clone().unwrap_or_else(|| format!("Step {}", idx)),
1186 "is_get_or_head": is_get_or_head,
1187 "has_body": has_body,
1188 "body": processed_body.value,
1189 "body_is_dynamic": processed_body.is_dynamic,
1190 "_placeholders": processed_body.placeholders.iter().map(|p| format!("{:?}", p)).collect::<Vec<_>>(),
1191 })
1192 }).collect::<Vec<_>>(),
1193 })
1194 }).collect();
1195
1196 for flow_data in &flows_data {
1198 if let Some(steps) = flow_data.get("steps").and_then(|s| s.as_array()) {
1199 for step in steps {
1200 if let Some(placeholders_arr) =
1201 step.get("_placeholders").and_then(|p| p.as_array())
1202 {
1203 for p_str in placeholders_arr {
1204 if let Some(p_name) = p_str.as_str() {
1205 match p_name {
1206 "VU" => {
1207 all_placeholders.insert(DynamicPlaceholder::VU);
1208 }
1209 "Iteration" => {
1210 all_placeholders.insert(DynamicPlaceholder::Iteration);
1211 }
1212 "Timestamp" => {
1213 all_placeholders.insert(DynamicPlaceholder::Timestamp);
1214 }
1215 "UUID" => {
1216 all_placeholders.insert(DynamicPlaceholder::UUID);
1217 }
1218 "Random" => {
1219 all_placeholders.insert(DynamicPlaceholder::Random);
1220 }
1221 "Counter" => {
1222 all_placeholders.insert(DynamicPlaceholder::Counter);
1223 }
1224 "Date" => {
1225 all_placeholders.insert(DynamicPlaceholder::Date);
1226 }
1227 "VuIter" => {
1228 all_placeholders.insert(DynamicPlaceholder::VuIter);
1229 }
1230 _ => {}
1231 }
1232 }
1233 }
1234 }
1235 }
1236 }
1237 }
1238
1239 let required_imports = DynamicParamProcessor::get_required_imports(&all_placeholders);
1241 let required_globals = DynamicParamProcessor::get_required_globals(&all_placeholders);
1242
1243 let data = serde_json::json!({
1244 "base_url": self.target,
1245 "flows": flows_data,
1246 "extract_fields": config.default_extract_fields,
1247 "duration_secs": duration_secs,
1248 "max_vus": self.vus,
1249 "auth_header": self.auth,
1250 "custom_headers": custom_headers,
1251 "skip_tls_verify": self.skip_tls_verify,
1252 "stages": stages.iter().map(|s| serde_json::json!({
1254 "duration": s.duration,
1255 "target": s.target,
1256 })).collect::<Vec<_>>(),
1257 "threshold_percentile": self.threshold_percentile,
1258 "threshold_ms": self.threshold_ms,
1259 "max_error_rate": self.max_error_rate,
1260 "headers": headers_json,
1261 "dynamic_imports": required_imports,
1262 "dynamic_globals": required_globals,
1263 });
1264
1265 let script = handlebars
1266 .render_template(template, &data)
1267 .map_err(|e| BenchError::ScriptGenerationFailed(e.to_string()))?;
1268
1269 let script_path =
1271 self.output.join(format!("k6-{}-crud-flow.js", spec_name.replace('.', "_")));
1272
1273 std::fs::create_dir_all(self.output.clone())?;
1274 std::fs::write(&script_path, &script)?;
1275
1276 if !self.generate_only {
1277 let executor = K6Executor::new()?;
1278 let output_dir = self.output.join(format!("{}_results", spec_name.replace('.', "_")));
1279 std::fs::create_dir_all(&output_dir)?;
1280
1281 executor.execute(&script_path, Some(&output_dir), self.verbose).await?;
1282 }
1283
1284 Ok(ExtractedValues::new())
1287 }
1288
1289 async fn execute_standard_spec(&self, parser: &SpecParser, spec_name: &str) -> Result<()> {
1291 let mut operations = if let Some(filter) = &self.operations {
1292 parser.filter_operations(filter)?
1293 } else {
1294 parser.get_operations()
1295 };
1296
1297 if let Some(exclude) = &self.exclude_operations {
1298 operations = parser.exclude_operations(operations, exclude)?;
1299 }
1300
1301 if operations.is_empty() {
1302 TerminalReporter::print_warning(&format!("No operations found in {}", spec_name));
1303 return Ok(());
1304 }
1305
1306 TerminalReporter::print_progress(&format!(
1307 " {} operations in {}",
1308 operations.len(),
1309 spec_name
1310 ));
1311
1312 let templates: Vec<_> = operations
1314 .iter()
1315 .map(RequestGenerator::generate_template)
1316 .collect::<Result<Vec<_>>>()?;
1317
1318 let custom_headers = self.parse_headers()?;
1320
1321 let base_path = self.resolve_base_path(parser);
1323
1324 let scenario =
1326 LoadScenario::from_str(&self.scenario).map_err(BenchError::InvalidScenario)?;
1327
1328 let k6_config = K6Config {
1329 target_url: self.target.clone(),
1330 base_path,
1331 scenario,
1332 duration_secs: Self::parse_duration(&self.duration)?,
1333 max_vus: self.vus,
1334 threshold_percentile: self.threshold_percentile.clone(),
1335 threshold_ms: self.threshold_ms,
1336 max_error_rate: self.max_error_rate,
1337 auth_header: self.auth.clone(),
1338 custom_headers,
1339 skip_tls_verify: self.skip_tls_verify,
1340 };
1341
1342 let generator = K6ScriptGenerator::new(k6_config, templates);
1343 let script = generator.generate()?;
1344
1345 let script_path = self.output.join(format!("k6-{}.js", spec_name.replace('.', "_")));
1347
1348 std::fs::create_dir_all(self.output.clone())?;
1349 std::fs::write(&script_path, &script)?;
1350
1351 if !self.generate_only {
1352 let executor = K6Executor::new()?;
1353 let output_dir = self.output.join(format!("{}_results", spec_name.replace('.', "_")));
1354 std::fs::create_dir_all(&output_dir)?;
1355
1356 executor.execute(&script_path, Some(&output_dir), self.verbose).await?;
1357 }
1358
1359 Ok(())
1360 }
1361
1362 async fn execute_crud_flow(&self, parser: &SpecParser) -> Result<()> {
1364 let config = self.build_crud_flow_config().unwrap_or_default();
1366
1367 let flows = if !config.flows.is_empty() {
1369 TerminalReporter::print_progress("Using custom flow configuration...");
1370 config.flows.clone()
1371 } else {
1372 TerminalReporter::print_progress("Detecting CRUD operations...");
1373 let operations = parser.get_operations();
1374 CrudFlowDetector::detect_flows(&operations)
1375 };
1376
1377 if flows.is_empty() {
1378 return Err(BenchError::Other(
1379 "No CRUD flows detected in spec. Ensure spec has POST/GET/PUT/DELETE operations on related paths.".to_string(),
1380 ));
1381 }
1382
1383 if config.flows.is_empty() {
1384 TerminalReporter::print_success(&format!("Detected {} CRUD flow(s)", flows.len()));
1385 } else {
1386 TerminalReporter::print_success(&format!("Loaded {} custom flow(s)", flows.len()));
1387 }
1388
1389 for flow in &flows {
1390 TerminalReporter::print_progress(&format!(
1391 " - {}: {} steps",
1392 flow.name,
1393 flow.steps.len()
1394 ));
1395 }
1396
1397 let mut handlebars = handlebars::Handlebars::new();
1399 handlebars.register_helper(
1401 "json",
1402 Box::new(
1403 |h: &handlebars::Helper,
1404 _: &handlebars::Handlebars,
1405 _: &handlebars::Context,
1406 _: &mut handlebars::RenderContext,
1407 out: &mut dyn handlebars::Output|
1408 -> handlebars::HelperResult {
1409 let param = h.param(0).map(|v| v.value()).unwrap_or(&serde_json::Value::Null);
1410 out.write(&serde_json::to_string(param).unwrap_or_else(|_| "[]".to_string()))?;
1411 Ok(())
1412 },
1413 ),
1414 );
1415 let template = include_str!("templates/k6_crud_flow.hbs");
1416
1417 let custom_headers = self.parse_headers()?;
1418
1419 let param_overrides = if let Some(params_file) = &self.params_file {
1421 TerminalReporter::print_progress("Loading parameter overrides...");
1422 let overrides = ParameterOverrides::from_file(params_file)?;
1423 TerminalReporter::print_success(&format!(
1424 "Loaded parameter overrides ({} operation-specific, {} defaults)",
1425 overrides.operations.len(),
1426 if overrides.defaults.is_empty() { 0 } else { 1 }
1427 ));
1428 Some(overrides)
1429 } else {
1430 None
1431 };
1432
1433 let duration_secs = Self::parse_duration(&self.duration)?;
1435 let scenario =
1436 LoadScenario::from_str(&self.scenario).map_err(BenchError::InvalidScenario)?;
1437 let stages = scenario.generate_stages(duration_secs, self.vus);
1438
1439 let api_base_path = self.resolve_base_path(parser);
1441 if let Some(ref bp) = api_base_path {
1442 TerminalReporter::print_progress(&format!("Using base path: {}", bp));
1443 }
1444
1445 let mut all_headers = custom_headers.clone();
1447 if let Some(auth) = &self.auth {
1448 all_headers.insert("Authorization".to_string(), auth.clone());
1449 }
1450 let headers_json = serde_json::to_string(&all_headers).unwrap_or_else(|_| "{}".to_string());
1451
1452 let mut all_placeholders: HashSet<DynamicPlaceholder> = HashSet::new();
1454
1455 let flows_data: Vec<serde_json::Value> = flows.iter().map(|f| {
1456 let sanitized_name = K6ScriptGenerator::sanitize_js_identifier(&f.name);
1458 serde_json::json!({
1459 "name": sanitized_name.clone(), "display_name": f.name, "base_path": f.base_path,
1462 "steps": f.steps.iter().enumerate().map(|(idx, s)| {
1463 let parts: Vec<&str> = s.operation.splitn(2, ' ').collect();
1465 let method_raw = if !parts.is_empty() {
1466 parts[0].to_uppercase()
1467 } else {
1468 "GET".to_string()
1469 };
1470 let method = if !parts.is_empty() {
1471 let m = parts[0].to_lowercase();
1472 if m == "delete" { "del".to_string() } else { m }
1474 } else {
1475 "get".to_string()
1476 };
1477 let raw_path = if parts.len() >= 2 { parts[1] } else { "/" };
1478 let path = if let Some(ref bp) = api_base_path {
1480 format!("{}{}", bp, raw_path)
1481 } else {
1482 raw_path.to_string()
1483 };
1484 let is_get_or_head = method == "get" || method == "head";
1485 let has_body = matches!(method.as_str(), "post" | "put" | "patch");
1487
1488 let body_value = if has_body {
1490 param_overrides.as_ref()
1491 .map(|po| po.get_for_operation(None, &method_raw, raw_path))
1492 .and_then(|oo| oo.body)
1493 .unwrap_or_else(|| serde_json::json!({}))
1494 } else {
1495 serde_json::json!({})
1496 };
1497
1498 let processed_body = DynamicParamProcessor::process_json_body(&body_value);
1500 serde_json::json!({
1504 "operation": s.operation,
1505 "method": method,
1506 "path": path,
1507 "extract": s.extract,
1508 "use_values": s.use_values,
1509 "use_body": s.use_body,
1510 "description": s.description,
1511 "display_name": s.description.clone().unwrap_or_else(|| format!("Step {}", idx)),
1512 "is_get_or_head": is_get_or_head,
1513 "has_body": has_body,
1514 "body": processed_body.value,
1515 "body_is_dynamic": processed_body.is_dynamic,
1516 "_placeholders": processed_body.placeholders.iter().map(|p| format!("{:?}", p)).collect::<Vec<_>>(),
1517 })
1518 }).collect::<Vec<_>>(),
1519 })
1520 }).collect();
1521
1522 for flow_data in &flows_data {
1524 if let Some(steps) = flow_data.get("steps").and_then(|s| s.as_array()) {
1525 for step in steps {
1526 if let Some(placeholders_arr) =
1527 step.get("_placeholders").and_then(|p| p.as_array())
1528 {
1529 for p_str in placeholders_arr {
1530 if let Some(p_name) = p_str.as_str() {
1531 match p_name {
1533 "VU" => {
1534 all_placeholders.insert(DynamicPlaceholder::VU);
1535 }
1536 "Iteration" => {
1537 all_placeholders.insert(DynamicPlaceholder::Iteration);
1538 }
1539 "Timestamp" => {
1540 all_placeholders.insert(DynamicPlaceholder::Timestamp);
1541 }
1542 "UUID" => {
1543 all_placeholders.insert(DynamicPlaceholder::UUID);
1544 }
1545 "Random" => {
1546 all_placeholders.insert(DynamicPlaceholder::Random);
1547 }
1548 "Counter" => {
1549 all_placeholders.insert(DynamicPlaceholder::Counter);
1550 }
1551 "Date" => {
1552 all_placeholders.insert(DynamicPlaceholder::Date);
1553 }
1554 "VuIter" => {
1555 all_placeholders.insert(DynamicPlaceholder::VuIter);
1556 }
1557 _ => {}
1558 }
1559 }
1560 }
1561 }
1562 }
1563 }
1564 }
1565
1566 let required_imports = DynamicParamProcessor::get_required_imports(&all_placeholders);
1568 let required_globals = DynamicParamProcessor::get_required_globals(&all_placeholders);
1569
1570 let data = serde_json::json!({
1571 "base_url": self.target,
1572 "flows": flows_data,
1573 "extract_fields": config.default_extract_fields,
1574 "duration_secs": duration_secs,
1575 "max_vus": self.vus,
1576 "auth_header": self.auth,
1577 "custom_headers": custom_headers,
1578 "skip_tls_verify": self.skip_tls_verify,
1579 "stages": stages.iter().map(|s| serde_json::json!({
1581 "duration": s.duration,
1582 "target": s.target,
1583 })).collect::<Vec<_>>(),
1584 "threshold_percentile": self.threshold_percentile,
1585 "threshold_ms": self.threshold_ms,
1586 "max_error_rate": self.max_error_rate,
1587 "headers": headers_json,
1588 "dynamic_imports": required_imports,
1589 "dynamic_globals": required_globals,
1590 });
1591
1592 let script = handlebars
1593 .render_template(template, &data)
1594 .map_err(|e| BenchError::ScriptGenerationFailed(e.to_string()))?;
1595
1596 TerminalReporter::print_progress("Validating CRUD flow script...");
1598 let validation_errors = K6ScriptGenerator::validate_script(&script);
1599 if !validation_errors.is_empty() {
1600 TerminalReporter::print_error("CRUD flow script validation failed");
1601 for error in &validation_errors {
1602 eprintln!(" {}", error);
1603 }
1604 return Err(BenchError::Other(format!(
1605 "CRUD flow script validation failed with {} error(s)",
1606 validation_errors.len()
1607 )));
1608 }
1609
1610 TerminalReporter::print_success("CRUD flow script generated");
1611
1612 let script_path = if let Some(output) = &self.script_output {
1614 output.clone()
1615 } else {
1616 self.output.join("k6-crud-flow-script.js")
1617 };
1618
1619 if let Some(parent) = script_path.parent() {
1620 std::fs::create_dir_all(parent)?;
1621 }
1622 std::fs::write(&script_path, &script)?;
1623 TerminalReporter::print_success(&format!("Script written to: {}", script_path.display()));
1624
1625 if self.generate_only {
1626 println!("\nScript generated successfully. Run it with:");
1627 println!(" k6 run {}", script_path.display());
1628 return Ok(());
1629 }
1630
1631 TerminalReporter::print_progress("Executing CRUD flow test...");
1633 let executor = K6Executor::new()?;
1634 std::fs::create_dir_all(&self.output)?;
1635
1636 let results = executor.execute(&script_path, Some(&self.output), self.verbose).await?;
1637
1638 let duration_secs = Self::parse_duration(&self.duration)?;
1639 TerminalReporter::print_summary(&results, duration_secs);
1640
1641 Ok(())
1642 }
1643
1644 async fn execute_owasp_test(&self, parser: &SpecParser) -> Result<()> {
1646 TerminalReporter::print_progress("OWASP API Security Top 10 Testing Mode");
1647
1648 let mut config = OwaspApiConfig::new()
1650 .with_auth_header(&self.owasp_auth_header)
1651 .with_verbose(self.verbose);
1652
1653 if let Some(ref token) = self.owasp_auth_token {
1655 config = config.with_valid_auth_token(token);
1656 }
1657
1658 if let Some(ref cats_str) = self.owasp_categories {
1660 let categories: Vec<OwaspCategory> = cats_str
1661 .split(',')
1662 .filter_map(|s| {
1663 let trimmed = s.trim();
1664 match trimmed.parse::<OwaspCategory>() {
1665 Ok(cat) => Some(cat),
1666 Err(e) => {
1667 TerminalReporter::print_warning(&e);
1668 None
1669 }
1670 }
1671 })
1672 .collect();
1673
1674 if !categories.is_empty() {
1675 config = config.with_categories(categories);
1676 }
1677 }
1678
1679 if let Some(ref admin_paths_file) = self.owasp_admin_paths {
1681 config.admin_paths_file = Some(admin_paths_file.clone());
1682 if let Err(e) = config.load_admin_paths() {
1683 TerminalReporter::print_warning(&format!("Failed to load admin paths file: {}", e));
1684 }
1685 }
1686
1687 if let Some(ref id_fields_str) = self.owasp_id_fields {
1689 let id_fields: Vec<String> = id_fields_str
1690 .split(',')
1691 .map(|s| s.trim().to_string())
1692 .filter(|s| !s.is_empty())
1693 .collect();
1694 if !id_fields.is_empty() {
1695 config = config.with_id_fields(id_fields);
1696 }
1697 }
1698
1699 if let Some(ref report_path) = self.owasp_report {
1701 config = config.with_report_path(report_path);
1702 }
1703 if let Ok(format) = self.owasp_report_format.parse::<ReportFormat>() {
1704 config = config.with_report_format(format);
1705 }
1706
1707 let categories = config.categories_to_test();
1709 TerminalReporter::print_success(&format!(
1710 "Testing {} OWASP categories: {}",
1711 categories.len(),
1712 categories.iter().map(|c| c.cli_name()).collect::<Vec<_>>().join(", ")
1713 ));
1714
1715 if config.valid_auth_token.is_some() {
1716 TerminalReporter::print_progress("Using provided auth token for baseline requests");
1717 }
1718
1719 TerminalReporter::print_progress("Generating OWASP security test script...");
1721 let generator = OwaspApiGenerator::new(config, self.target.clone(), parser);
1722
1723 let script = generator.generate()?;
1725 TerminalReporter::print_success("OWASP security test script generated");
1726
1727 let script_path = if let Some(output) = &self.script_output {
1729 output.clone()
1730 } else {
1731 self.output.join("k6-owasp-security-test.js")
1732 };
1733
1734 if let Some(parent) = script_path.parent() {
1735 std::fs::create_dir_all(parent)?;
1736 }
1737 std::fs::write(&script_path, &script)?;
1738 TerminalReporter::print_success(&format!("Script written to: {}", script_path.display()));
1739
1740 if self.generate_only {
1742 println!("\nOWASP security test script generated. Run it with:");
1743 println!(" k6 run {}", script_path.display());
1744 return Ok(());
1745 }
1746
1747 TerminalReporter::print_progress("Executing OWASP security tests...");
1749 let executor = K6Executor::new()?;
1750 std::fs::create_dir_all(&self.output)?;
1751
1752 let results = executor.execute(&script_path, Some(&self.output), self.verbose).await?;
1753
1754 let duration_secs = Self::parse_duration(&self.duration)?;
1755 TerminalReporter::print_summary(&results, duration_secs);
1756
1757 println!("\nOWASP security test results saved to: {}", self.output.display());
1758
1759 Ok(())
1760 }
1761}
1762
1763#[cfg(test)]
1764mod tests {
1765 use super::*;
1766
1767 #[test]
1768 fn test_parse_duration() {
1769 assert_eq!(BenchCommand::parse_duration("30s").unwrap(), 30);
1770 assert_eq!(BenchCommand::parse_duration("5m").unwrap(), 300);
1771 assert_eq!(BenchCommand::parse_duration("1h").unwrap(), 3600);
1772 assert_eq!(BenchCommand::parse_duration("60").unwrap(), 60);
1773 }
1774
1775 #[test]
1776 fn test_parse_duration_invalid() {
1777 assert!(BenchCommand::parse_duration("invalid").is_err());
1778 assert!(BenchCommand::parse_duration("30x").is_err());
1779 }
1780
1781 #[test]
1782 fn test_parse_headers() {
1783 let cmd = BenchCommand {
1784 spec: vec![PathBuf::from("test.yaml")],
1785 spec_dir: None,
1786 merge_conflicts: "error".to_string(),
1787 spec_mode: "merge".to_string(),
1788 dependency_config: None,
1789 target: "http://localhost".to_string(),
1790 base_path: None,
1791 duration: "1m".to_string(),
1792 vus: 10,
1793 scenario: "ramp-up".to_string(),
1794 operations: None,
1795 exclude_operations: None,
1796 auth: None,
1797 headers: Some("X-API-Key:test123,X-Client-ID:client456".to_string()),
1798 output: PathBuf::from("output"),
1799 generate_only: false,
1800 script_output: None,
1801 threshold_percentile: "p(95)".to_string(),
1802 threshold_ms: 500,
1803 max_error_rate: 0.05,
1804 verbose: false,
1805 skip_tls_verify: false,
1806 targets_file: None,
1807 max_concurrency: None,
1808 results_format: "both".to_string(),
1809 params_file: None,
1810 crud_flow: false,
1811 flow_config: None,
1812 extract_fields: None,
1813 parallel_create: None,
1814 data_file: None,
1815 data_distribution: "unique-per-vu".to_string(),
1816 data_mappings: None,
1817 per_uri_control: false,
1818 error_rate: None,
1819 error_types: None,
1820 security_test: false,
1821 security_payloads: None,
1822 security_categories: None,
1823 security_target_fields: None,
1824 wafbench_dir: None,
1825 owasp_api_top10: false,
1826 owasp_categories: None,
1827 owasp_auth_header: "Authorization".to_string(),
1828 owasp_auth_token: None,
1829 owasp_admin_paths: None,
1830 owasp_id_fields: None,
1831 owasp_report: None,
1832 owasp_report_format: "json".to_string(),
1833 };
1834
1835 let headers = cmd.parse_headers().unwrap();
1836 assert_eq!(headers.get("X-API-Key"), Some(&"test123".to_string()));
1837 assert_eq!(headers.get("X-Client-ID"), Some(&"client456".to_string()));
1838 }
1839
1840 #[test]
1841 fn test_get_spec_display_name() {
1842 let cmd = BenchCommand {
1843 spec: vec![PathBuf::from("test.yaml")],
1844 spec_dir: None,
1845 merge_conflicts: "error".to_string(),
1846 spec_mode: "merge".to_string(),
1847 dependency_config: None,
1848 target: "http://localhost".to_string(),
1849 base_path: None,
1850 duration: "1m".to_string(),
1851 vus: 10,
1852 scenario: "ramp-up".to_string(),
1853 operations: None,
1854 exclude_operations: None,
1855 auth: None,
1856 headers: None,
1857 output: PathBuf::from("output"),
1858 generate_only: false,
1859 script_output: None,
1860 threshold_percentile: "p(95)".to_string(),
1861 threshold_ms: 500,
1862 max_error_rate: 0.05,
1863 verbose: false,
1864 skip_tls_verify: false,
1865 targets_file: None,
1866 max_concurrency: None,
1867 results_format: "both".to_string(),
1868 params_file: None,
1869 crud_flow: false,
1870 flow_config: None,
1871 extract_fields: None,
1872 parallel_create: None,
1873 data_file: None,
1874 data_distribution: "unique-per-vu".to_string(),
1875 data_mappings: None,
1876 per_uri_control: false,
1877 error_rate: None,
1878 error_types: None,
1879 security_test: false,
1880 security_payloads: None,
1881 security_categories: None,
1882 security_target_fields: None,
1883 wafbench_dir: None,
1884 owasp_api_top10: false,
1885 owasp_categories: None,
1886 owasp_auth_header: "Authorization".to_string(),
1887 owasp_auth_token: None,
1888 owasp_admin_paths: None,
1889 owasp_id_fields: None,
1890 owasp_report: None,
1891 owasp_report_format: "json".to_string(),
1892 };
1893
1894 assert_eq!(cmd.get_spec_display_name(), "test.yaml");
1895
1896 let cmd_multi = BenchCommand {
1898 spec: vec![PathBuf::from("a.yaml"), PathBuf::from("b.yaml")],
1899 spec_dir: None,
1900 merge_conflicts: "error".to_string(),
1901 spec_mode: "merge".to_string(),
1902 dependency_config: None,
1903 target: "http://localhost".to_string(),
1904 base_path: None,
1905 duration: "1m".to_string(),
1906 vus: 10,
1907 scenario: "ramp-up".to_string(),
1908 operations: None,
1909 exclude_operations: None,
1910 auth: None,
1911 headers: None,
1912 output: PathBuf::from("output"),
1913 generate_only: false,
1914 script_output: None,
1915 threshold_percentile: "p(95)".to_string(),
1916 threshold_ms: 500,
1917 max_error_rate: 0.05,
1918 verbose: false,
1919 skip_tls_verify: false,
1920 targets_file: None,
1921 max_concurrency: None,
1922 results_format: "both".to_string(),
1923 params_file: None,
1924 crud_flow: false,
1925 flow_config: None,
1926 extract_fields: None,
1927 parallel_create: None,
1928 data_file: None,
1929 data_distribution: "unique-per-vu".to_string(),
1930 data_mappings: None,
1931 per_uri_control: false,
1932 error_rate: None,
1933 error_types: None,
1934 security_test: false,
1935 security_payloads: None,
1936 security_categories: None,
1937 security_target_fields: None,
1938 wafbench_dir: None,
1939 owasp_api_top10: false,
1940 owasp_categories: None,
1941 owasp_auth_header: "Authorization".to_string(),
1942 owasp_auth_token: None,
1943 owasp_admin_paths: None,
1944 owasp_id_fields: None,
1945 owasp_report: None,
1946 owasp_report_format: "json".to_string(),
1947 };
1948
1949 assert_eq!(cmd_multi.get_spec_display_name(), "2 spec files");
1950 }
1951}