en-milie
commented
2 years ago Hi @dglee0307. Is the apiKey query param part of the Swagger specs?
Closed dglee0307 closed 2 years ago
en-milie
commented
2 years ago Hi @dglee0307. Is the apiKey query param part of the Swagger specs?
dglee0307
commented
2 years ago Thanks to reply @en-milie. The parameter does not have an apiKey and requires an apiKey value to use the REST API, but the apiKey should be added after that path, not in the header.
en-milie
commented
2 years ago Currently you can only append query parameters which are part of the contract. I'll consider adding new parameters in a future release. Target for the release this week.
dglee0307
commented
2 years ago okay I see. Thank you Have a Nice day~!
en-milie
commented
2 years ago I've added a --queryParams argument which is accepting a file similar to the --headers one where you can supply key: value for selected paths.
This is now available in https://github.com/Endava/cats/releases/tag/cats-7.3.1
dglee0307
commented
2 years ago I saw currently supported class by the Limitations section in README.md, org.glassfish.jersey.message.internal.ReaderInterceptorExecutor class is not supported? how can i solve this problem? have a nice day!
en-milie
commented
2 years ago This means that your service is not behaving correctly i.e. CATS discovered a bug on how your service parses weird characters in the np_period field. Instead of failing gracefully with a proper validation error, it just crashes internally.
dglee0307
commented
2 years ago then, how can i see this test report error message? In the example, I saw the error message (OPEN API petstore case)
en-milie
commented
2 years ago you should search in your application or server logs and see the stacktrace of the failure. CATS only reports what comes back from the service. (CATS reports are written in the cats-report folder. just open the index.html)
dglee0307
commented
2 years ago Thank you :)
Hello, I got a question while working on this project. I'm performing REST API fuzzing with this project, and the apiKey value should be added after the paths, do you know how to solve this?
I'll show you an example.
I used this command on linux(kali-linux-2021.4-installer-amd64.iso / VirtualBox) cats --contract=swagger.json --server=https://[Server IP:Port]/mc2/rest --paths=/logs --headers=headers.yml --refData=refData.yml
This is the result I want [Full Request Path] https://[Server IP:Port]/mc2/rest/logs?apiKey={apiKey} ...
but that command running, results in this. [Full Request Path] https://[Server IP:Port]/mc2/rest/logs?qsearch=my6cCmm&logfilterid=h7vYiDGvbU4sdtS&pageSize=-9223372036854775808&description=e3RFzlUje4KNA&sensorname=0dWQSwwXK3Ym&auditlogTypes=node%2Cnode&startdate=gansB1kZyUD&radiuspolicy=vzItvvzItvvvz&userid=ycTo3opZ&ssid=Z3DDL&mac=oOCVg&extrainfo=dD0aAmFjdT2fj&nasporttype=zxRbJeIKlWnL&nasport=xNplD0X3&logschema=auditlog&ip=10.10.10.20&sort=ihMdoII&nasmac=slC1yFsn&deptname=hLVhCXLHp&periodType=custom&enddate=sw0Ci14IWkE&loglevel=v336r2pRsee&logid=Ur0ILlieO&page=1&nasip=10.10.10.20&username=oc7YxAy2Pz