You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/commands-and-arguments/arguments.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,6 +58,7 @@ You can get the full list of arguments by running `cats -h`. Below is a short de
58
58
-`--ignoreResponseWords` COUNT_LIST a comma separated list of words count in the response that will be considered as SUCCESS, even if the Fuzzer will typically report it as WARN or ERROR
59
59
-`--ignoreResponseLines` LINES_COUNT a comma separated list of lines count in the response that will be considered as SUCCESS, even if the Fuzzer will typically report it as WARN or ERROR
60
60
-`--ignoreResponseRegex` a REGEX that will match against the response that will be considered as SUCCESS, even if the Fuzzer will typically report it as WARN or ERROR
61
+
-`--ignoreErrorLeaksCheck`If supplied (no value needed) it won't check if the response body contains sensitive information and will return the test result as SUCCESS instead of ERROR
61
62
-`--filterResponseCodes` HTTP_CODES_LIST a comma separated list of HTTP response codes that will be filtered and not included in the final report. You can use response code families as `2xx`, `4xx`, etc.
62
63
-`--filterResponseSize` SIZE_LIST a comma separated list of response sizes that will be filtered and not included in the final report
63
64
-`--filterResponseWords` COUNT_LIST a comma separated list of words count in the response that will be filtered and not included in the final report
Copy file name to clipboardExpand all lines: docs/fuzzers/field-fuzzers/index.md
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# Field Fuzzers
2
2
3
-
CATS has currently 60 registered `Field` Fuzzers:
3
+
CATS has currently 65 registered `Field` Fuzzers:
4
4
-`AbugidasInStringFields` - iterate through each field and send values containing abugidas chars
5
5
-`DecimalFieldsLeftBoundaryFuzzer` - iterate through each Number field (either float or double) and send requests with outside the range values on the left side in the targeted field
6
6
-`DecimalFieldsRightBoundaryFuzzer` - iterate through each Number field (either float or double) and send requests with outside the range values on the right side in the targeted field
@@ -12,6 +12,7 @@ CATS has currently 60 registered `Field` Fuzzers:
12
12
-`ExtremeNegativeValueIntegerFieldsFuzzer` - iterate through each Integer field and send requests with the lowest value possible in the targeted field
13
13
-`ExtremePositiveValueDecimalFieldsFuzzer` - iterate through each Number field and send requests with the highest value possible in the targeted field
14
14
-`ExtremePositiveValueInIntegerFieldsFuzzer` - iterate through each Integer field and send requests with the highest value possible in the targeted field
15
+
-`InsertWhitespacesInFieldNamesField` - iterates through each request field name and insert random whitespaces
15
16
-`IntegerFieldsLeftBoundaryFuzzer` - iterate through each Integer field and send requests with outside the range values on the left side in the targeted field
16
17
-`IntegerFieldsRightBoundaryFuzzer` - iterate through each Integer field and send requests with outside the range values on the right side in the targeted field
17
18
-`InvalidValuesInEnumsFieldsFuzzer` - iterate through each ENUM field and send invalid values
@@ -21,10 +22,12 @@ CATS has currently 60 registered `Field` Fuzzers:
21
22
-`LeadingControlCharsInFieldsTrimValidateFuzzer` - iterate through each field and send requests with Unicode control chars prefixing the current value in the targeted field
22
23
-`LeadingSingleCodePointEmojisInFieldsTrimValidateFuzzer` - iterate through each field and send values prefixed with single code points emojis
23
24
-`LeadingMultiCodePointEmojisInFieldsTrimValidateFuzzer` - iterate through each field and send values prefixed with multi code points emojis
24
-
-`MaxLengthExactValuesInStringFieldsFuzzer` - iterate through each **String** fields that have maxLength declared and send requests with values matching the maxLength size/value in the targeted field
25
-
-`MaximumExactValuesInNumericFieldsFuzzer` - iterate through each **Number and Integer** fields that have maximum declared and send requests with values matching the maximum size/value in the targeted field
26
-
-`MinLengthExactValuesInStringFieldsFuzzer` - iterate through each **String** fields that have minLength declared and send requests with values matching the minLength size/value in the targeted field
27
-
-`MinimumExactValuesInNumericFieldsFuzzer` - iterate through each **Number and Integer** fields that have minimum declared and send requests with values matching the minimum size/value in the targeted field
25
+
-`LowercaseExpandingBytesInStringFields` - iterate to string fields and send values that expand the byte representation when lowercased
26
+
-`LowercaseExpandingLengthInStringFields` - iterate to string fields and send values that expand their length when lowercased
27
+
-`MaxLengthExactValuesInStringFieldsFuzzer` - iterate through each string fields that have maxLength declared and send requests with values matching the maxLength size/value in the targeted field
28
+
-`MaximumExactValuesInNumericFieldsFuzzer` - iterate through each integer fields that have maximum declared and send requests with values matching the maximum size/value in the targeted field
29
+
-`MinLengthExactValuesInStringFieldsFuzzer` - iterate through each string fields that have minLength declared and send requests with values matching the minLength size/value in the targeted field
30
+
-`MinimumExactValuesInNumericFieldsFuzzer` - iterate through each number fields that have minimum declared and send requests with values matching the minimum size/value in the targeted field
28
31
-`NewFieldsFuzzer` - send a 'happy' flow request and add a new field inside the request called 'catsFuzzyField'
29
32
-`NullValuesInFieldsFuzzer` - iterate through each field and send requests with null values in the targeted field
30
33
-`OnlyControlCharsInFieldsTrimValidateFuzzer` - iterate through each field and send values with control chars only
@@ -50,6 +53,8 @@ CATS has currently 60 registered `Field` Fuzzers:
50
53
-`TrailingControlCharsInFieldsTrimValidateFuzzer` - iterate through each field and send requests with trailing with Unicode control chars in the targeted field
51
54
-`TrailingSingleCodePointEmojisInFieldsTrimValidateFuzzer` - iterate through each field and send values trailed with single code point emojis
52
55
-`TrailingMultiCodePointEmojisInFieldsTrimValidateFuzzer` - iterate through each field and send values trailed with multi code point emojis
56
+
-`UppercaseExpandingBytesInStringFields` - iterate to string fields and send values that expand the byte representation when uppercased
57
+
-`UppercaseExpandingLengthInStringFields` - iterate to string fields and send values that expand their length when uppercased
53
58
-`UserDictionaryFieldsFuzzer` - iterates through each request fields and sends values from the user supplied dictionary
54
59
-`VeryLargeStringsFuzzer` - iterate through each String field and send requests with very large values (40000 characters) in the targeted field
55
60
-`VeryLargeDecimalsInNumericFieldsFuzzer` - iterate through each numeric field and send requests with very large numbers (40000 characters) in the targeted field
|**Description**| This fuzzer send characters that expand their byte representation when lower cased. The expectation is that APIs will either respond with `2xx` or `4xx`. |
12
+
|**Enabled by default?**| Yes |
13
+
|**Target field types**| All array fields |
14
+
|**Expected result when fuzzed field is required**|`2XX` or `4XX`|
15
+
|**Expected result when fuzzed field is optional**|`2XX` or `4XX`|
16
+
|**Expected result when fuzzed value is not matching field pattern**|`2XX` or `4XX`|
17
+
|**Fuzzing logic**| Iteratively **replaces** string fields with characters such as `Ⱥ` or `Ⱦ`|
18
+
|**Conditions when this fuzzer will be skipped**| When field is not a string |
19
+
|**HTTP methods that will be skipped**| None |
20
+
|**Reporting**| Reports `error` if: *1.* response code is `5xx`; <br/><br/> Reports `warn` if: *1.* response code is expected and documented, but not matches response schema; *2.* response code is expected, but not documented; *3.* response code is `501`. <br/><br/> Reports `success` if: *1.* response code is expected, documented and matches response schema. |
|**Description**| This fuzzer send characters that expand their length when lower cased. The expectation is that APIs will either respond with `2xx` or `4xx`. |
12
+
|**Enabled by default?**| Yes |
13
+
|**Target field types**| All array fields |
14
+
|**Expected result when fuzzed field is required**|`2XX` or `4XX`|
15
+
|**Expected result when fuzzed field is optional**|`2XX` or `4XX`|
16
+
|**Expected result when fuzzed value is not matching field pattern**|`2XX` or `4XX`|
17
+
|**Fuzzing logic**| Iteratively **replaces** string fields with characters such as `İ`|
18
+
|**Conditions when this fuzzer will be skipped**| When field is not a string |
19
+
|**HTTP methods that will be skipped**| None |
20
+
|**Reporting**| Reports `error` if: *1.* response code is `5xx`; <br/><br/> Reports `warn` if: *1.* response code is expected and documented, but not matches response schema; *2.* response code is expected, but not documented; *3.* response code is `501`. <br/><br/> Reports `success` if: *1.* response code is expected, documented and matches response schema. |
0 commit comments