search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.17k stars 74 forks source link

String values are sent as integer values #74

Closed VytautasKz closed 1 year ago

VytautasKz commented 1 year ago

Hello,

With CATS version 9.0.0, I've observed that when the API spec has a value defined as a string with an example set to a numerical character, and the Security fuzzer file has the value set to a value of 1 enclosed in quotation marks, the fuzzer, rather than sending a string value enclosed in quotation marks, sends an integer value with no quotation marks.

Offending API specification snippet:

       requestBody:
         content:
           application/json:
             schema:
               type: object
               properties:
                 data:
                   type: object
                   properties:
                     enabled:
                       type: string
                       example: "1"

Security fuzzer:

/example/endpoint:
   test_1:
     description: Fuzz endpoint
     data#enabled: "1"
     expectedResponseCode: 422
     httpMethod: all
     targetFieldTypes:
       - string
     stringsFile: file_2.txt

As a comparison between two versions of CATS, below are values being sent with the same API specification and Security fuzzer files: Version 9.0.0 image

Version 8.4.0 image

Has parsing changed in v9.0.0, or is this a new bug?

Thank you!

en-milie commented 1 year ago

Thank you for reporting this. I'll check to see what happened.

en-milie commented 1 year ago

This is fixed in: https://github.com/Endava/cats/releases/tag/cats-9.0.1

VytautasKz commented 1 year ago

I've tested version 9.0.1 and can confirm that the bug no longer exists, thank you for the fix. Closing issue.