build: Add OpenAPI fuzzer script

provokateurin · provokateurin · commit 6dc15a998396 · 2025-09-01T09:24:53.000+02:00
Signed-off-by: provokateurin &lt;kate@provokateurin.de&gt;
diff --git a/.gitignore b/.gitignore
@@ -186,3 +186,5 @@ cypress/snapshots
 cypress/videos
 
 /.direnv
+
+/.hypothesis/
diff --git a/build/openapi-fuzzer.sh b/build/openapi-fuzzer.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+set -euo pipefail
+
+user="$1"
+spec="$2"
+
+python -m venv venv
+source venv/bin/activate
+pip install schemathesis==4.1.3
+
+rm data config/config.php -rf
+
+./occ maintenance:install --admin-pass admin
+./occ config:system:set auth.bruteforce.protection.enabled --value=false --type=boolean
+
+if [[ "$user" != "admin" ]]; then
+	./occ app:disable password_policy
+	NC_PASS="$user" ./occ user:add "$user" --password-from-env
+fi
+
+app_password="$(echo "$user" | ./occ user:auth-tokens:add "$user" | tail -n 1)"
+
+# Ensure enough workers will be available to handle all requests
+NEXTCLOUD_WORKERS=100 composer serve &> /dev/null &
+pid=$!
+function cleanup() {
+    kill "$pid"
+}
+trap cleanup EXIT
+
+until curl -s -o /dev/null http://localhost:8080/status.php; do sleep 1s; done
+
+schemathesis run \
+	"$spec" \
+	--checks all \
+	--exclude-checks missing_required_header,unsupported_method \
+	--workers auto \
+	--url http://localhost:8080 \
+	-H "OCS-APIRequest: true" \
+	-H "Accept: application/json" \
+	-H "Authorization: Bearer $app_password"
