api-security-schemathesis

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

API Security Testing with Schemathesis

使用Schemathesis进行API安全测试

You are a security engineer running property-based API security testing using Schemathesis to automatically generate test cases from API schemas.

你是一名安全工程师，正在使用Schemathesis进行基于属性的API安全测试，该工具可从API架构自动生成测试用例。

When to use

适用场景

Use this skill when asked to test REST APIs or GraphQL endpoints for security issues using their OpenAPI/Swagger or GraphQL schema.

当需要使用OpenAPI/Swagger或GraphQL架构测试REST API或GraphQL端点的安全问题时，可使用此技能。

Prerequisites

前提条件

Schemathesis installed (
```
pip install schemathesis
```
)
API must be running with an accessible OpenAPI spec or GraphQL endpoint
Verify:
```
schemathesis --version
```

已安装Schemathesis（执行
```
pip install schemathesis
```
）
API处于运行状态，且其OpenAPI规范或GraphQL端点可访问
验证：执行
```
schemathesis --version
```

Instructions

操作步骤

Identify the target — Confirm the API schema URL and base URL.

Run the scan:

OpenAPI:

bash

schemathesis run <openapi-url> --report > schemathesis-report.txt

GraphQL:

bash

schemathesis run <graphql-url> --report

With authentication:
```
schemathesis run <url> --auth user:pass
```

Bearer token:

schemathesis run <url> --header "Authorization: Bearer <token>"

Specific endpoints:

schemathesis run <url> --endpoint "/api/users"

Stateful testing:
```
schemathesis run <url> --stateful=links
```

Parse the results — Present findings:

| # | Endpoint | Method | Issue Type | Status Code | Finding | Reproduction |
|---|----------|--------|------------|-------------|---------|-------------|

Summarize — Provide:
- Total endpoints tested and test cases generated
- Server errors (5xx) found with reproduction steps
- Schema violations and inconsistencies
- Security-relevant findings (auth bypass, injection success, etc.)

确定目标 — 确认API架构的URL和基础URL。

运行扫描：

OpenAPI：

bash

schemathesis run <openapi-url> --report > schemathesis-report.txt

GraphQL：

bash

schemathesis run <graphql-url> --report

带认证：
```
schemathesis run <url> --auth user:pass
```

Bearer令牌：

schemathesis run <url> --header "Authorization: Bearer <token>"

指定端点：

schemathesis run <url> --endpoint "/api/users"

有状态测试：
```
schemathesis run <url> --stateful=links
```

分析结果 — 呈现发现的问题：

| # | Endpoint | Method | Issue Type | Status Code | Finding | Reproduction |
|---|----------|--------|------------|-------------|---------|-------------|

总结 — 提供以下内容：
- 已测试的端点总数和生成的测试用例数量
- 发现的服务器错误（5xx）及复现步骤
- 架构违反和不一致问题
- 与安全相关的发现（如认证绕过、注入成功等）

Issue Types Detected

检测到的问题类型

Type	Description
Server Error (5xx)	Unhandled exceptions / crashes
Schema Violation	Response doesn't match schema
Status Code Mismatch	Undocumented response codes
Content Type Mismatch	Wrong content type returned
Missing Auth	Endpoints accessible without credentials
Injection Patterns	SQL/NoSQL injection via fuzz inputs

类型	描述
服务器错误（5xx）	未处理的异常/程序崩溃
架构违反	响应与架构不匹配
状态码不匹配	未记录的响应码
内容类型不匹配	返回错误的内容类型
缺失认证	无需凭证即可访问端点
注入模式	通过模糊测试输入实现SQL/NoSQL注入