feat: Update documentation with latest features

Author: en-milie

docs/getting-started/cats_response_codes.md

@@ -16,4 +16,8 @@ They are all in the `9XX` range. The current defined ones are as follows:
 - `957` - protocol communication exception; typically when the service might write some malformed data into the response; might indicate an issue with the service
 - `999` - when something unexpected happened which is not part of the above errors
 
-If the entire communication is successful i.e. request was fully sent and response was fully consumed the HTTP response code will be used.
+If the entire communication is successful i.e. request was fully sent and response was fully consumed the HTTP response code will be used.
+
+:::tip
+You can use `cats explain -t RESPONSE_CODE 953` to get more details about a specific response code.
+:::

docs/getting-started/filtering-reports.md

@@ -38,6 +38,13 @@ You can ignore specific response codes using the `--ignoreResponseCodes` argumen
 ## Ignore Response Lines, Words, Size, Regex
 You can ignore specific response lines, words, size or regex using the `--ignoreResponseLines`, `--ignoreResponseWords`, `--ignoreResponseSize`, `--ignoreResponseRegex` arguments. This will make CATS report these cases as `success` instead of `warn`.
 
-:::info All --ignoreXXX arguments have a corresponding --filterXXX argument
+:::info All above `--ignoreXXX` arguments have a corresponding --filterXXX argument
 All `--ignoreXXX` arguments above have a corresponding `--filterXXX` argument which is equivalent to the `--ignoreXXX` argument AND will also consider `--skipReportingForIgnore` as being true.
 :::
+
+## Ignore Error Leaks Details Checks
+
+By default, CATS will check if the error message contains sensitive information and will report an `error` if it does.
+You can make CATS ignore the error leaks details checks using the `--ignoreErrorLeaksCheck` argument.
+
+

docs/getting-started/interpreting-results.md

@@ -45,6 +45,20 @@ Understanding the `Result Reason` values:
 - `Response content type not matching the contract` - reported as `warn` if the content type received in response does not match the one defined in the contract for the received http response code
 - `Error details leak` - reported as `error` if the response body contains sensitive information
 - `Not Implemented` - reported as `warn` if response code is `501`
+- `Mass Assignment vulnerability detected` - reported as `error` if the service allows mass assignment
+- `Server error with injection payload` - reported as `error` if the service returns is vulnerable to injection attacks
+- `SSRF payload reflected in response` - reported as `error` if the service is vulnerable to SSRF attacks
+- `Cloud metadata service accessed` - reported as `error` if the service leaks cloud metadata
+- `File content exposed via SSRF` - reported as `error` if the service leaks file content via SSRF
+- `Sensitive data leak` - reported as `error` if the service leaks sensitive data
+- `Network error reveals SSRF attempt` - reported as `error` if the service is vulnerable to SSRF attacks
+- `DNS resolution error reveals SSRF attempt` - reported as `error` if the service is vulnerable to SSRF attacks
+- `HTTP client error reveals SSRF attempt` - reported as `error` if the service is vulnerable to SSRF attacks
+- `Internal target reflected in response` - reported as `error` if the service is vulnerable to SSRF attacks
+- `Missing recommended security headers` - reported as `error` if the http response does not have the recommended security headers
+- `Missing response headers` - reported as `error` if the http response does not contain all the headers defined in the contract
+- `Potential IDOR vulnerability detected` - reported as `error` if the service is vulnerable to IDOR attacks
+- `Server error with IDOR payload` - reported as `error` if the service is vulnerable to IDOR attacks
 
 This is what you get when you click on a specific test:
 

docs/getting-started/openapi-formats.md

@@ -47,4 +47,6 @@ This is explicitly mentioned in the mapping table.
 
 :::info
 Whenever you see a `camelCase` naming, CATS also checks for `snake_case` and `kebab-case`. For example, for `countryCode` CATS will also match properties ending in `country-code` and `country_code`. 
-:::
+:::
+
+CATS generators are continuously evolving so this page might not have listed all. You can see all formats supported by CATS by running `cats list --formats`.

docs/getting-started/replaying-tests.md

@@ -36,3 +36,15 @@ This is achieved using the `--server` argument.
 :::note
 Please note that you only need to provide the base URL of the service in the `--server` argument.
 :::
+
+# Replaying Errors
+
+You can replay failed tests using the `--errors` argument. This will replay all failed tests that were flagged as `error` from the last run. 
+You can supply the path to the reporting folder using the `--reportFolder` argument.
+
+# Replaying Warnings
+
+You can replay tests that were flagged as `warn` using the `--warnings` argument. This will replay all tests that were flagged as `warn` from the last run. 
+You can supply the path to the reporting folder using the `--reportFolder` argument.
+
+

docs/getting-started/running-cats.md

@@ -13,6 +13,12 @@ Blackbox mode means that CATS doesn't need any specific context. You just need t
 cats --contract=openapi.yaml --server=http://localhost:8080 --headers=headers.yml --blackbox
 ```
 
+Shorter version:
+
+```bash
+cats -c openapi.yaml -s http://localhost:8080 -H header=value -b
+```
+
 In blackbox mode CATS will only report `errors` if the received HTTP response code is a `5XX` (except `501`).
 Any other mismatch between what the Fuzzer expects vs what the service returns (for example service returns `400` and CATS expects `200`) will be reported as `success`.
 

docs/getting-started/slicing-strategies.md

@@ -28,6 +28,9 @@ You can use various arguments like `--fuzzers=Fuzzer1,Fuzzer2` or `-skipFuzzers=
 For example, you can run all Fuzzers except for the `Boundary` Fuzzers like this: `--skipFuzzers=Boundary`. This will skip all Fuzzers containing `Boundary` in their name.
 After, you can create an additional run only with these Fuzzers using`--fuzzers=Boundary`.
 
+## Slide by Tags
+You can use the `--tag=TAG` argument to run CATS sequentially for each tag. You can also supply a comma separated list of tags to run CATS for multiple tags like this: `--tags=tag1,tag2`.
+
 These are just some recommendations. Depending on how complex your API is, you might go with a combination of the above or with even more granular splits.
 
 :::note

docs/limitations/index.md

@@ -22,7 +22,7 @@ The Fuzzers have the following support for media types and HTTP methods:
 - HTTP methods: `POST`, `PUT`, `PATCH`, `GET` and `DELETE`
 
 ## Additional Parameters
-If a response contains a free Map specified using the `additionalParameters` tag CATS will issue a `warn` log message as it won't be able to validate that the response matches the schema.
+If a response contains a free Map specified using the `additionalParameters` tag CATS will flag results as `warn` as it won't be able to validate that the response matches the schema.
 
 ## Regexes within 'pattern'
-CATS uses a mix of regex and data/format driven generators in order to generate Strings based on regexes. This has certain limitations mostly with complex patterns.
+CATS uses a mix of regex and data/format driven generators in order to generate Strings based on `patern` and `format`. This has certain limitations mostly with complex patterns.

docs/troubleshooting/index.md

@@ -8,7 +8,7 @@ These are some of the common reasons why CATS might appear to be stuck:
 - **Server issues**: The server might be slow or unresponsive. Check the server logs and the server status.
 - **Many fields inside the request(s)**: If the request has many fields, CATS might take longer to generate the tests, as many fuzzers are running for each field. You can limit the number of fields to be fuzzed using `--limitFuzzedFields` argument.
 - **Usage of anyOf/oneOf in request schemas**: If the request schema contains `anyOf` or `oneOf`, CATS will generate tests for all possible combinations. This can lead to a large number of tests being generated. 
-You can limit the number of combinations by using the `--limitXxxCombinations` argument. For example, `--limitOneOfCombinations=10` will limit the number of combinations for all `oneOf/anyOf` to 10.
+You can limit the number of combinations by using the `--limitXxxCombinations` argument. For example, `--limitXxxOfCombinations=10` will limit the number of combinations for all `oneOf/anyOf` to 10.
 - **Self-reference in the request schema**: If the request schema contains self-references, when CATS generates the request sample it might enter an infinite loop. You can limit the depth of the schema by using the `--selfReferenceDepth` argument. For example, `--selfReferenceDepth=3` will limit the self-reference depth of the schema to 3.
 
 When running in default mode, CATS will print progress as it processes paths and displays the current fuzzer that is being run. If you see that the same fuzzer is being run for a long time, it might be stuck. You can stop CATS by pressing `Ctrl+C` and run again with `--verbosity=DETAILED --debug` to see more details.
@@ -60,6 +60,10 @@ If you think some of the test cases generated are not valid in your scenario you
 
 If you think there might be a bug in CATS, please open an issue on the [GitHub repository](https://github.com/Endava/cats/issues/new/choose).
 
+## Change expected response code for specific fuzzers
+
+You can check expected response codes for each fuzzer using [Customize the Default Response Code](https://endava.github.io/cats/docs/advanced-topics/fuzzers-config/).
+
 ## CATS generates requests that are not valid
 
 In very rare cases CATS might generate requests that are not valid.