search

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
Apache License 2.0
1.19k stars 73 forks source link

Requests pass, but values are not substituted #86

Closed s1267 closed 1 year ago

s1267 commented 1 year ago

I am trying to run fuzzing from a yml file with instructions trying to run Functional Fuzzer with the following configuration image

and Security Fuzzer image

 Requests pass, but values are not substituted
 `curl  -X POST \
  -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: cats/10.0.0" \
  -d '{}' \
  http://localhost:6500/mfm/v1/services/` - is the CURL of the request that SecurityFuzzer is sending.

  `curl  -X GET \
  -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: cats/10.0.0" \
  \
  http://localhost:6500/mfm/v1/services//` -  is the CURL of the request that FunctionalFuzzer is sending.
en-milie commented 1 year ago

Hi @s1267. Would it be possible to also attach (at least a section of) the openapi spec and exact command you are using to run CATS?

s1267 commented 1 year ago

Hi @s1267. Would it be possible to also attach (at least a section of) the openapi spec and exact command you are using to run CATS? openapi.json

java -jar cats.jar run -c openapi.json -s http://localhost:6500 sec.yml - for SecurityFuzzer java -jar cats.jar run -c openapi.json -s http://localhost:6500 func.yml - for FunctionalFuzzer

en-milie commented 1 year ago

This should be fixed in: https://github.com/Endava/cats/releases/tag/cats-10.1.0 Also, you need to change the OpenAPI version from the file from "openapi": "3.1.0" to "openapi": "3.0.0". CATS doesn't support 3,1 yet.

s1267 commented 1 year ago

Thank you so much for the fix. Everything works fine