move enumeration case into _fuzz_string helper

Yelp / fuzz-lightyear

A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.

Other

205 stars 25 forks source link

move enumeration case into _fuzz_string helper #18

Closed acoover closed 4 years ago

acoover commented 4 years ago

This ensures we can specify fixtures for enumerated parameters

acoover commented 4 years ago

Huh. How would this handle non-string enums?

What's an example of a non-string enumeration? My understanding is that the enum field is only applicable for a parameter of type string

domanchi commented 4 years ago

I agree it's a strange case. I guess this is a question of being accurate to the schema, or supporting only common cases. I was trying to stick with accurateness, to extend the compatibility of this tool with other use cases.

https://tools.ietf.org/html/draft-fge-json-schema-validation-00#section-5.5.1, from https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md

acoover commented 4 years ago

I see, the json schema specifies the enum field as a "Validation keyword for any instance type"