A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Previously, array parameters in paths were treated as strings, leading to improper encoding. This adds support for URL encoding arrays.
Swagger supports 4 types of separators in path arrays: commas, spaces, pipes, and tabs (source). The type is specified in the collectionFormat of the parameter, and the collectionFormat is checked when formatting the URL in fuzz_lightyear/request.py.
I added a test for a simple csv case as an example of how the formatting works- adding tests for ssv, tsv, and pipes seemed superfluous due there being no additional logic surrounding those formats.
This PR addresses issue #22.
Previously, array parameters in paths were treated as strings, leading to improper encoding. This adds support for URL encoding arrays.
Swagger supports 4 types of separators in path arrays: commas, spaces, pipes, and tabs (source). The type is specified in the
collectionFormat
of the parameter, and thecollectionFormat
is checked when formatting the URL infuzz_lightyear/request.py
.I added a test for a simple
csv
case as an example of how the formatting works- adding tests forssv
,tsv
, andpipes
seemed superfluous due there being no additional logic surrounding those formats.