A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Other
205
stars
25
forks
source link
Allow developers to whitelist tags for fuzzing #28
This is useful for when certain parts of the Swagger spec are ready for fuzzing, but others aren't.
Explanation of code
The approach is basically identical to #9, except this handles Swagger tags instead of operations (and is therefore much simpler).
Question
I feel like includelist and denylist are better name than inclusions and exclusions. What do you two think? Should I change it? This would make the decorators look like:
Justification
This is useful for when certain parts of the Swagger spec are ready for fuzzing, but others aren't.
Explanation of code
The approach is basically identical to #9, except this handles Swagger tags instead of operations (and is therefore much simpler).
Question
I feel like
includelist
anddenylist
are better name thaninclusions
andexclusions
. What do you two think? Should I change it? This would make the decorators look like:instead of
Bonus
Add a travis badge to the README cause it looks "good" for some definition of good (pics: https://github.com/Yelp/fuzz-lightyear/blob/fuzz_only_input_tags/README.md)