Requests plugin

It is defined as a server plugin for API testing.

Introduction

It is defined as a server plugin for checking APIs and is also capable of making HTTP requests (GET, POST, PUT), thus allowing the alert system to be easily integrated with any API.

Type: Server plugin

Compatibility matrix

Developed in Python 3.8. The compiled binary is distributed and does not require any extra dependencies.

Prerequisites

To run the plugin, you need:

Configuration

The plugin is executed by defining the corresponding parameters:

usage: pandora_api_requests  [-h] -u URL [-m {get,post,put,patch,delete,option}] [-hd HEADERS] [-d DATA] [--ssl SSL] [-md {requests,server_plugin}] [--comparison-value COMPARISON_VALUE] [--condition {is_equal_to,is_not_equal_to,is_greater_than,is_less_than,contains,does_not_contain,matches_regex,is_null,is_not_null}]
                        [--down_codes DOWN_CODES [DOWN_CODES ...]] [-v] [--json-path JSON_PATH]

options:
  -u, --url             The URL to which the HTTP request will be made. (Example. http://127.0.0.1)
  -m, --method          {get,post,put,patch,delete,option}
                        The HTTP method to use (GET, POST, PUT, PATH, DELETE).
  -hd, --headers        headers key-values parameters in coma separate key pairs. (Example "Authorization=Bearer abc123token,Content-Type=application/json,X-Request-ID=123456")
  -d, --data            Data key-values parameters in coma separate key pairs. (Example.  "title=foo,body=bar,userId=1")
  --ssl SSL             internet security protocol
  -md, --mode           {requests,server_plugin} Return output for server plugin, if choice request, return output for request plugin
  --comparison-value    The value to compare the filtered field to in the json
  --condition    {is_equal_to,is_not_equal_to,is_greater_than,is_less_than,contains,does_not_contain,matches_regex,is_null,is_not_null}
                 If match the condition the value will be critial (0)
                Condición: is_equal_to | is_not_equal_to | is_greater_than | is_less_than | contains | does_not_contain | matches_regex | is_null | is_not_null
  --down_codes DOWN_CODES [DOWN_CODES ...]
                        Space-separated list of status codes (without quotation marks) Example : --down-codes 404 400
  -v, --verbosity       Add flag to check response raw value on terminal
  --json-path           Word to search in the json

The only mandatory field for execution is the request URL.

The requests mode is the default for execution, as is the GET method. When executing in requests mode, only the resulting JSON will be printed, whereas when using server_plugin mode, 1 will be printed if the execution was successful and 0 if it did not meet the comparison or the request failed.

There is one exception: if you try to execute the server_plugin mode action with the delete method, this is not allowed.

Manual Execution

Binary version:

./pandora_api_requests -u <url objetive> -m <method> -hd <heading of the petition> -d <data of petition> -md <mode of requests> --comparison-value <The value to compare> --condition <If match the condition the value> --down_codes <status code to compare> -v <verbosity show raw value on terminal> --json-path <Word to search in the json>

The plugin is managed depending on the requests mode to return the raw JSON response or the status code in a simple way, and the server_plugin mode designed for integration.

Requests Mode:

./pandora_api_requests -u https://jsonplaceholder.typicode.com/posts/1 -m get -md requests -v

image.png

Server_plugin Mode:

./pandora_api_requests -u https://jsonplaceholder.typicode.com/posts/1 -m get -md server_plugin --json-path "$.userId"  --condition "is_equal_to" --comparison-value "1" -v

image.png