search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.11k stars 75 forks source link

Fuzzing - POST endpoint with payload - Amount as Float data type #42

Closed josip1001 closed 2 years ago

josip1001 commented 2 years ago

Fuzz POST endpoint with payload - Amount as Float data type

Part of Swagger doc: "amount": { "type": "number", "format": "float", "nullable": true },

command: java -jar cats-uber.jar --contract=c:\Work\pet\pet1.json --server=https://process.example.com --fuzzers=HappyFuzzer

Result: "The type of the \"amount\" attribute must be one of \"float\" (\"string\" given).", see attachment

pet.zip

en-milie commented 2 years ago

Hi @josip1001. Thank you for raising this. I'm struggling though to reproduce it. If I run the above command using the provided OpenAPI contract, I get payloads like this:

{
  "amount": "7.50",
  "petUid": "eqnpkbeh",
  "name": "7qEow",
  "hashtag": "rdTbbpCNB"
}

Which version of CATS are you using?

josip1001 commented 2 years ago

Hi, I am using latest version(7.2.0) and I have still got same error :

{ "responseCode": 400, "httpMethod": "POST", "jsonBody": { "status": "error", "error": { "message": "The type of the \"amount\" attribute for class \"App\" must be one of \"float\" (\"string\" given).", "code": "validation_error", "context": [], "reason": "UNKNOWN" } }, "responseTimeInMs": "10373", "numberOfWordsInResponse": "16", "numberOfLinesInResponse": "1", "contentLengthInBytes": "289" }

==================== payload: { "amount": "3,48", "petUid": "67DuR9XimWncU8", "name": "PfGe5C5YTXzY", "hashtag": "2v1fspX" }

en-milie commented 2 years ago

This seems like a misalignment between the locale of the server and the locale of your machine. The server expects data in locale en_us most probably so the amount must be something like: 5.6. Notice the . instead of , like in your example. In order to pass the locale to the app just do:

> java -Duser.language=en -jar cats-uber.jar --contract=c:\Work\pet\pet1.json --server=https://process.example.com/ --fuzzers=HappyFuzzer
josip1001 commented 2 years ago

when i was using Param " -Duser.language=en" value of amount contains "." instead of "," but amount is still sending with quotation marks ("") and i have still got response:

{ "responseCode": 400, "httpMethod": "POST", "jsonBody": { "status": "error", "error": { "message": "The type of the \"amount\" attribute for class \"App\" must be one of \"float\" (\"string\" given).", "code": "validation_error", "context": [], "reason": "UNKNOWN" } }, "responseTimeInMs": "10522", "numberOfWordsInResponse": "16", "numberOfLinesInResponse": "1", "contentLengthInBytes": "289" }

======================= Payload: { "amount": "4.11", "petUid": "2UqgiSmlmbOe", "name": "LkaBFjtEgdc", "hashtag": "2r20kA3" }

en-milie commented 2 years ago

Usually frameworks in most of the languages will automatically convert string to appropriate types from the backed object. I've changed though to leave every numeric field as Number. https://github.com/Endava/cats/commit/762806745e8ff5114540ae32a0292cf41807dd92

Will be available in the next release.

en-milie commented 2 years ago

Hi @josip1001. You can try with https://github.com/Endava/cats/releases/tag/cats-7.2.1 release.

en-milie commented 2 years ago

Hi @josip1001. Is everything ok with 7.2.1?

josip1001 commented 2 years ago

thanks for fix...it's working well right now