How to fuzz only methods that are implemented?

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.

Apache License 2.0

1.19k stars 73 forks source link

How to fuzz only methods that are implemented? #124

Closed krishna-aw closed 5 months ago

krishna-aw commented 6 months ago

How do I configure cats so that it calls the URLs with only the REST methods that are implemented? For example, I have a URL /api/v1/organizations/{orgID}/users where I implemented only the POST method for this. How do I restrict CATS to only fuzz with POST method and not other methods like GET, PUT, etc.? How do I customize the methods for each URL separately?

en-milie commented 6 months ago

Hi @krishna-aw. CATS is very customizable. You can see the full arguments by doing a cats --help. In your case, you can restrict CATS to run only for the given path and only for POST using:

cats -c api.yml -s http://yourservice --path "/api/v1/organizations/{orgID}/users" --httpMethod POST