A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Sometimes, endpoints have the following structure to them:
/{item_type}/{item_id}
where a different item_type would indicate to the server to check a different item_id. This is "pseudo-polymorphic" because the swagger specifications would be the same; but the behavior is different depending on input.
Issue
In a single run, we'd probably want to check for the many different types of item_type, and run tests on their corresponding item_id. How can we support this? I'd imagine the difficult part of this implementation is modifying the fixture architecture such that it can know which object to generate, depending on the item_type.
Background Context
Sometimes, endpoints have the following structure to them:
where a different
item_type
would indicate to the server to check a differentitem_id
. This is "pseudo-polymorphic" because the swagger specifications would be the same; but the behavior is different depending on input.Issue
In a single run, we'd probably want to check for the many different types of
item_type
, and run tests on their correspondingitem_id
. How can we support this? I'd imagine the difficult part of this implementation is modifying the fixture architecture such that it can know which object to generate, depending on theitem_type
.