A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Previously, array parameters in paths were treated as strings, leading to improper encoding. This adds support for URL encoding arrays.
Swagger supports 4 types of separators in path arrays: commas, spaces, pipes, and tabs (source). The type is specified in the collectionFormat of the parameter, and the collectionFormat is checked when formatting the URL in fuzz_lightyear/request.py.
I added a test for a simple csv case as an example of how the formatting works- adding tests for ssv, tsv, and pipes seemed superfluous due there being no additional logic surrounding those formats.
This PR addresses issue #22.
Previously, array parameters in paths were treated as strings, leading to improper encoding. This adds support for URL encoding arrays.
Swagger supports 4 types of separators in path arrays: commas, spaces, pipes, and tabs (source). The type is specified in the
collectionFormatof the parameter, and thecollectionFormatis checked when formatting the URL infuzz_lightyear/request.py.I added a test for a simple
csvcase as an example of how the formatting works- adding tests forssv,tsv, andpipesseemed superfluous due there being no additional logic surrounding those formats.