search

Yelp / fuzz-lightyear

A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Other
205 stars 25 forks source link

add whitelisting functionality #3

Closed domanchi closed 5 years ago

domanchi commented 5 years ago

Summary

We need to handle expected direct object reference gracefully, and provide developers the tools to able to whitelist such endpoints.

Action Steps

We should expose this functionality through a similar declarative style like fuzz_lightyear.register_factory. Maybe something like:

import fuzz_lightyear

@fuzz_lightyear.register_excluded_endpoints
def whitelist():
    return [
        'store.getOrderById',
    ]