search

Yelp / fuzz-lightyear

A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
Other
205 stars 25 forks source link

adding --ignore-non-vulnerable flag #53

Closed domanchi closed 4 years ago

domanchi commented 4 years ago

Summary

There's a nuanced difference between fuzz_lightyear.exclude.operations and fuzz_lightyear.exclude.non_vulnerable_operations: the former skips over the endpoint completely, and the latter tests the endpoint, but ignores the IDORPlugin result.

This nuance makes an important difference when generating sequences of length n>1, or when the Swagger schema is incorrect. If the endpoint is completely excluded, the test run will be faster, since there are less total sequences to create. Furthermore, invalid Swagger schemas will be ignored as well.

For the times we want this trade-off, this PR introduces the new flag --ignore-non-vulnerable, which will treat excluded non_vulnerable_operations as completely excluded operations.

domanchi commented 4 years ago

Naw, the two functions are inherently different. If they are the same by default, then users won't necessarily use the different functions properly.