search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.17k stars 74 forks source link

Fuzzing path with method DELETE containing request body #38

Closed Mato816 closed 2 years ago

Mato816 commented 2 years ago

OS: Windows Action: Fuzzing path with method DELETE containing request body Swagger: 2.0 CATS version: 7.0.6 API doc: petstore.zip

Hi,

we tried to launch test for fuzzing endpoint with DELETE method containing request body. We used "swagger":"2.0" and after run command below fuzz test was successfully launched. When we checked cats-report we expected that request body will be fuzzed with all field fuzzers but in report there is only payload "catsFuzzyField": "catsFuzzyField". When we run same command for POST method more than one field fuzzer was launched for request body.

Command: java -jar cats-uber.jar --contract=petstore.yaml --server=https://petstore.swagger.io --paths=/pet/{petId} --urlParams=petId:PET-123 --checkFields --httpMethods=DELETE

Cats-report: cats-report

en-milie commented 2 years ago

Hi @Mato816. It was a deliberate choice to ignore bodies for DELETE requests and only focusing on fuzzing path and query parameters. So currently it's not possible to fuzz bodies of DELETE endpoints.

Mato816 commented 2 years ago

Hi @en-milie, thank you for your explanation. I have a question: Do you have some plan to include fuzzing DELETE endpoints in CATS or not?

en-milie commented 2 years ago

Hi @Mato816. There is no plan to support fuzzing request bodies for DELETE. Just the current functionality that allows fuzzing path and query params and HTTP headers.

Mato816 commented 2 years ago

hi @en-milie,

thank you for your explanation. I'm closing this issue now.