邮递员给出正确的响应,但放心返回错误的响应

时间:2019-01-23 07:05:57

标签: java wireshark rest-assured

几个月以来,我一直在放心工作。

从开源API获取数据时,发现通过Postman API进行GET调用时返回200,并且接收到有效/预期的数据。 enter image description here

编写以下代码(使用Rest-Assured的Java)从API获取相同的数据:

package com.type.GetFuelTypeFromAPI;

import static io.restassured.RestAssured.given;

import java.net.MalformedURLException;
import java.net.URL;
import org.testng.annotations.Test;

import io.restassured.response.Response;

public class SampleGetAPI {

@Test
public void getDetails() throws MalformedURLException {

    Response response=
    given()
        .queryParam("cmd", "getTrims")
        .queryParam("make", "Abarth")
        .queryParam("year", "1955")
        .queryParam("model", "207")
    .when()
        .get(new URL("https://carqueryapi.com/api/0.3/"));

    String responseBody = response.body().asString();
    System.out.println(responseBody);
}
}

代码输出为:

[TestNG] Running:
C:\Users\AaSomvanshi\AppData\Local\Temp\testng-eclipse-1657322415\testng-customsuite.xml

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /api/0.3/
on this server.<br />
</p>
<p>Additionally, a 403 Forbidden
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

PASSED: getDetails

===============================================
Default test
Tests run: 1, Failures: 0, Skips: 0
===============================================


===============================================
Default suite
Total tests run: 1, Failures: 0, Skips: 0
===============================================

有人可以指导我如何克服这个问题吗?

1 个答案:

答案 0 :(得分:0)

经过大量搜索后,执行以下步骤:

使用Wireshark捕获邮递员和保证安全的API调用。

Postman API调用包含以下值:


获取/api/0.3/?cmd=getTrims&make=Abarth&year=1955&model=207 HTTP / 1.1 \ r \ n

缓存控制:无缓存\ r \ n

邮递员令牌:c70faee6-f00c-47b6-9c6a-bb1c4ffe5cf4 \ r \ n

用户代理:PostmanRuntime / 7.6.0 \ r \ n

接受: / \ r \ n

cookie:__cfduid = dcce85c35c3e5eb33524b0a1a79b6bf2b1548159374 \ r \ n

接受编码:gzip,deflate \ r \ n

引荐来源:https://carqueryapi.com/api/0.3/?cmd=getTrims&make=Abarth&year=1955&model=207 \ r \ n

主持人:www.carqueryapi.com \ r \ n

连接:保持活动状态\ r \ n

\ r \ n

[完整请求URI:http://www.carqueryapi.com/api/0.3/?cmd=getTrims&make=Abarth&year=1955&model=207]

[HTTP请求1/1] [帧内响应:350]


Rest-Assured API调用包含以下值:


获取/api/0.3/?cmd=getTrims&make=Abarth&year=1955&model=207 HTTP / 1.1 \ r \ n

接受: / \ r \ n

主持人:www.carqueryapi.com \ r \ n

连接:保持活动状态\ r \ n

用户代理:Apache-HttpClient / 4.5.3(Java / 1.8.0_171)\ r \ n

接受编码:gzip,deflate \ r \ n

\ r \ n

[完整请求URI:http://www.carqueryapi.com/api/0.3/?cmd=getTrims&make=Abarth&year=1955&model=207]

[HTTP请求1/1]

[帧内响应:769]


观察:

标题 User-Agent 的值不同。该API阻止了对 Apache-HttpClient 的请求,但允许了 PostmanRuntime / 7.6.0

更新了代码,使标头 User-Agent 的值为 PostmanRuntime / 7.6.0 ,并且可以正常工作。

下面是工作代码:

package com.type.GetFuelTypeFromAPI;

import static io.restassured.RestAssured.given;

import java.net.MalformedURLException;
import java.net.URL;
import org.testng.annotations.Test;

import io.restassured.response.Response;

public class SampleGetAPI {

@Test
public void getDetails() throws MalformedURLException {

    Response response=
    given()
        .header("User-Agent", "PostmanRuntime/7.6.0")
        .queryParam("cmd", "getTrims")
        .queryParam("make", "Abarth")
        .queryParam("year", "1955")
        .queryParam("model", "207")
    .when()
        .get(new URL("https://carqueryapi.com/api/0.3/"));

    String responseBody = response.body().asString();
    System.out.println(responseBody);
}
}